Extreme AirDefense User Guide 9037079-00 May 2021
Copyright © 2021 Extreme Networks, Inc. All rights reserved. Legal Notice Extreme Networks, Inc. reserves the right to make changes in specifications and other information contained in this document and its website without prior notice. The reader should in all cases consult representatives of Extreme Networks to determine whether any such changes have been made. The hardware, firmware, software or any specifications described or referred to in this document are subject to change without notice.
Table of Contents Preface................................................................................................................................. 16 Conventions...................................................................................................................................................................16 Text Conventions................................................................................................................................................ 16 Terminology..
Table of Contents Device Type Details..........................................................................................................................................62 Alarm View......................................................................................................................... 98 Alarms Summary....................................................................................................................................................... 98 Network Tree View...........
Table of Contents Overriding Configuration Settings..........................................................................................................170 View Communication Profiles .................................................................................................................. 170 Add a Communication Profile.....................................................................................................................171 Edit the Communication Profile.........................
Table of Contents Download Logs........................................................................................................................................................ 289 Forensic and Log Backup............................................................................................................................291 Redundant Appliance Synchronization........................................................................................................293 How Synchronization Works....
Table of Contents System Configuration........................................................................................................................................... 347 Selecting and Deploying APs and Sensors................................................................................................ 348 Supported WiNG APs.................................................................................................................................. 348 Supported Extreme Wireless APs......
Table of Contents Configuring Report Components...........................................................................................................384 Configuring Report Filters......................................................................................................................... 384 Deleting a Report........................................................................................................................................... 386 Importing a Report......................
Table of Contents Dashboard Components..................................................................................................................................... 429 Network Tab..................................................................................................................... 433 Capabilities with a Central Management License................................................................................... 434 Select-Network View................................................
Table of Contents Capabilities with a Central Management License...................................................................................480 Alarm Table................................................................................................................................................................. 481 Alarm Filters...............................................................................................................................................................
Table of Contents Client Types...................................................................................................................................................... 630 Device Action Manager................................................................................................................................ 631 Device Age Out...............................................................................................................................................642 Job Status.
Table of Contents Sensor Monitoring....................................................................................................................................................851 Vulnerability Assessment.................................................................................................................................... 852 On-Demand Vulnerability Assessment................................................................................................
Table of Contents PANIC Configuration.....................................................................................................................................882 UIPORT Configuration................................................................................................................................. 882 Troubleshooting...............................................................................................................883 AP Testing..........................................
Table of Contents Scheduled AP Tests.......................................................................................................................................942 Scheduled Vulnerability Assessment................................................................................................... 945 Scheduled Events...........................................................................................................................................947 Add Devices............................
Table of Contents Infrastructure Management.......................................................................................................................1391 Operational Management......................................................................................................................... 1397 Appliance Platform...................................................................................................................................... 1398 Central Management Console...........
Preface This section describes the text conventions used in this document, where you can find additional information, and how you can provide feedback to us. Conventions This section discusses the conventions used in this guide. Text Conventions Unless otherwise noted, information in this document applies to all supported environments for the products in question. Exceptions, like command keywords associated with a specific software version, are identified in the text.
Preface Text Conventions Table 1: Notes and warnings (continued) Icon Notice type Alerts you to... Caution Risk of personal injury, system damage, or loss of data. Warning Risk of severe personal injury. Table 2: Text Convention Description screen displays This typeface indicates command syntax, or represents information as it appears on the screen. The words enter and type When you see the word enter in this guide, you must type something, and then press the Return or Enter key.
Preface Terminology Terminology When features, functionality, or operation is specific to a switch family, such as ExtremeSwitching, the family name is used. Explanations about features and operations that are the same across all product families simply refer to the product as the switch. Providing Feedback The Information Development team at Extreme Networks has made every effort to ensure the accuracy and completeness of this document.
Subscribe to Service Notifications Preface • The device history (for example, if you have returned the device before, or if this is a recurring problem) • Any related RMA (Return Material Authorization) numbers Subscribe to Service Notifications You can subscribe to email notifications for product and software release announcements, Vulnerability Notices, and Service Notifications. 1. Go to www.extremenetworks.com/support/service-notification-form. 2. Complete the form (all fields are required). 3.
Introduction Scope of Documentation on page 20 This guide is designed to help you use the Extreme AirDefense® (AirDefense) version 10.5. AirDefense is designed to protect your network from wireless threats and attacks, maximize your wireless network performance and enforce policy compliance. As a standalone platform, AirDefense is part of a system that includes the AirDefense appliance. The AirDefense appliance comes ready with the application and all supporting software preloaded.
Introduction Scope of Documentation This guide does not cover initial hardware installation or the basic device configuration you need to perform to get the appliance up and running. For hardware installation instructions, see the Extreme AirDefense 10.4 Appliance Installation Guide available at the following URL: Extreme Networks Documentation Site Extreme AirDefense User Guide for version 10.5.
Extreme AirDefense New User Experience Login to ADSP on page 23 Download ADSP Toolkit on page 25 Launch the Old User Interface on page 27 Extreme AirDefense's upgraded user interface provides a desktop oriented workflow for managing your AirDefense monitored network . This new user interface, with its fully customizable dashboard, alarms and network views, is now enhanced with a set of configuration screens that enable you to configure your AirDefense monitored network.
Login to ADSP Extreme AirDefense New User Experience The Configurations view displays the various AirDefense parameters that can be set using this user interface. The following top level configuration settings can be managed: • Rules / Profile Settings - You can configure Auto Placement, Discovery/Polling, and Communication Profile from this configuration settings menu item. • Operational Settings - You can configure Sensor and its other settings from this configuration menu item.
Logout of AirDefense Extreme AirDefense New User Experience 3. Click the Login button. On providing the correct credentials for your account, the default Dashboard for your account is displayed. Logout of AirDefense To logout of the new user interface: 1. Select the icon located to the top right of the user interface. A drop-down menu displays. 2. Select the Logout menu item. A confirmation dialog displays. 24 Extreme AirDefense User Guide for version 10.5.
Download ADSP Toolkit Extreme AirDefense New User Experience 3. Select Yes to exit out of the AirDefense user interface. You are immediately logged out of the user interface and the AirDefense login screen displays. Select No to remain within the user interface and not logout of it. Download ADSP Toolkit AirDefense Toolkit is a set of utilities for managing an AirDefense instance.
Download Toolkit from New User Interface Extreme AirDefense New User Experience 2. From the Download Toolkit dialog, select the appropriate download file for your operating system. 3. Once you have downloaded the toolkit and other tools from the dialog box, select the OK button to close the dialog. Download Toolkit from New User Interface To download the AirDefense Toolkit from within the new user interface: 1. Select the icon located to the top right of the user interface. A drop-down list displays.
Extreme AirDefense New User Experience Launch the Old User Interface 4. Once you have downloaded the toolkit and other tools from the dialog box, select the CLOSE button to close the window. Launch the Old User Interface AirDefense has retained the old user interface for those users who would prefer using it. This user interface is launched from within the new user interface. When launched, the old user interface displays in a new browser tab. This tab is independent of the new interface.
Launch the Old User Interface Extreme AirDefense New User Experience 2. Select the Legacy UI from the menu. A new browser tab opens and the AirDefense default Dashboard displays. 28 Extreme AirDefense User Guide for version 10.5.
Dashboard View Dashboard on page 29 Create a Dashboard on page 32 Manage Your Dashboard on page 36 Delete the Dashboard on page 38 Dashboard Widgets on page 39 Use the fully customizable Extreme AirDefense (AirDefense) Dashboard to view various data and statistics for the sites managed through your AirDefense instance. Use the large number of built-in widgets to create customized desktops to view data and statistics. You can create any number of custom dashboards to meet your requirements.
Dashboard View Dashboard Figure 2: The Default Dashboard To select a different dashboard, use the Dashboard drop-down list and select the dashboard that you want to view. The selected dashboard loads and the screen refreshes to display the latest data using the widgets placed on the dashboard. To manually refresh the data on the screen, select the button from bar. Use this button periodically to refresh the data on the dashboard. tool Note Widgets placed on the Dashboard do not refresh automatically.
Set a Favorite Dashboard Dashboard Figure 3: Location Drop-Down List Use the Date Range drop-down list to select a time duration to display data for. The drop-down provides a set of pre-configured durations for filtering data. The available pre-configured durations are: • • Today - Displays the data for the current date. Excludes data for all other dates. • Last 5 Days - Displays the data for the last 5 days prior to the current date. Includes data for the current date.
Dashboard Create a Dashboard A favourite dashboard is indicated with the the icon on the symbol next to its name in the dashboard list and by toolbar. For a normal dashboard, the same icon is displayed as . 1. Select the Dashboard drop-down list to display a list of available dashboards. A default dashboard is indicated by the icon next to its name. Figure 4: Default Dashboard 2. Select the dashboard that you want to mark as favourite. The selected dashboard loads. 3.
Create a Dashboard Dashboard Figure 5: The Dashboard Screen 2. Select the button from tool bar. The button expands to display a drop-down list. Figure 6: Manage Dashboard Options Extreme AirDefense User Guide for version 10.5.
Create a Dashboard Dashboard 3. Select the Create menu item from the drop-down list. The following screen appears. Figure 7: New Dashboard Screen 4. Select one category from the available categories. These categories classify the widgets available for use within your dashboard. Dashboard widgets are classified into: • • • WIPS - Use the widgets in this category to display WIPS information and statistics. Stats - Use the widgets in this category to display general statistics.
Dashboard Create a Dashboard 5. Click the widget to select it. At a time, you can select multiple widgets to add to the dashboard. A green check mark appears on the top right of the selected widget. Figure 9: A Selected and an Unselected Widget The screen also indicates the number of widgets added to this new dashboard. Note To add a widget from a different widget category, select that category from the available options and continue adding widgets.
Dashboard Manage Your Dashboard Note When a widget is added to the dashboard, it will display its data even when its dashboard is being created or edited. This is by design. 7. Use the button, located to the top right of each widget, to rearrange the selected widget on the dashboard. Hover over the widget's title. The arrow changes to . Then click and hold the primary mouse button, and drag the widget to the desired location on the dashboard.
Manage Your Dashboard Dashboard To edit an existing dashboard: 1. From the main menu on the left, select the icon to load the Dashboard screen. The dashboard marked as default automatically loads. Figure 11: The Dashboard Screen 2. Select the Dashboard drop-down list to expand and display the list of available dashboards for this AirDefense account. 3. From the list of available dashboards, select a dashboard. Figure 12: Dashboard List The selected dashboard loads. 4.
Dashboard Delete the Dashboard Figure 13: Manage Dashboard Options 5. Select Edit option from the drop-down list. The selected dashboard is loaded in the edit mode. Use the available options to edit your dashboard. 6. After editing the dashboard, select the Done button to the top right of the dashboard to save the changes made to this dashboard. Delete the Dashboard 1. From the main menu on the left, select the icon to load the Dashboard screen. The dashboard marked as default automatically loads.
Dashboard Widgets Dashboard 3. From the list of available dashboards, select a dashboard. Figure 15: Dashboard List The selected dashboard loads. 4. Select the button from tool bar. The button expands to display a drop-down list. Figure 16: Manage Dashboard Options 5. Select Delete from the drop-down list. A confirmation dialog appears. Figure 17: Delete Confirmation Dialog 6. Select Delete to delete the dashboard. Select Cancel to exit this screen without deleting the selected dashboard.
Dashboard WIPS Widgets Widgets on the Dashboard screen are classified into: • • • WIPS - Use the widgets in this category to display WIPS information and statistics. Stats - Use the widgets in this category to display general statistics. Compliance - Use the widgets in this category to display PCI compliance statistics. Figure 18: The Widget Categories Use the Search text box to drill down to the widget or widgets of interest.
WIPS Widgets Dashboard Use the icon to expand the widget to fill the current view window. Hover on any of the widget's data points to view specific information on the selected data point. When hovering on a part of the Pie chart, the section of the chart under the mouse pointer is exploded out. Use the icon to download this widget as a image file. You can then save the downloaded image to any location on your PC.
Dashboard WIPS Widgets Use the icon to expand the widget to fill the current view window. Hover on any of the widget's data points to view specific information on the selected data point. When hovering on a part of the Pie chart, the section of the chart under the mouse pointer is exploded out. Use the icon to download this widget as a image file. You can then save the downloaded image to any location on your PC.
WIPS Widgets Dashboard Click on a label to include or exclude its data in the widget. When the data for the label is excluded, the label is displayed in a lighter color. Use the icon to expand the widget to fill the current view window. Hover on any of the widget's data points to view specific information on the selected data point. When hovering on a part of the Pie chart, the section of the chart under the mouse pointer is exploded out. Use the icon to download this widget as a image file.
Dashboard WIPS Widgets Use the icon to expand the widget to fill the current view window. Use the icon to download this widget as a image file. You can then save the downloaded image to any location on your PC. Widget - Rogue Access Points This widget displays a list of all rogue access points seen by AirDefense and the location where the rogue device is found. The widget displays a table with the rogue access point's location and its MAC address.
WIPS Widgets Dashboard The widget displays a table with the action taken on the rogue device and the device's MAC address. Use the icon to expand the widget to fill the current view window. Widget - Anomalies This widget displays the various anomalies identified in the AirDefense system. Some of these exploits are Impersonation, DoS and Active Attacks. Click on a label to include or exclude its data in the widget. When the data for the label is excluded, the label is displayed in a lighter color.
Dashboard WIPS Widgets Hover on any of the widget's data points to view specific information on the selected data point. When hovering on a part of the Pie chart, the section of the chart under the mouse pointer is exploded out. Use the icon to download this widget as a image file. You can then save the downloaded image to any location on your PC.
STATs Widgets Dashboard Use the icon to download this widget as a image file. You can then save the downloaded image to any location on your PC. STATs Widgets Use the STATS (statistics) widgets to view AirDefense statistics.
Dashboard STATs Widgets Click on a label to include or exclude its data in the widget. When the data for the label is excluded, the label is displayed in a lighter color. Use the icon to expand the widget to fill the current view window. Hover on any of the widget's data points to view specific information on the selected data point. When hovering on a part of the Pie chart, the section of the chart under the mouse pointer is exploded out. Use the icon to download this widget as a image file.
STATs Widgets Dashboard Click on a label to include or exclude its data in the widget. When the data for the label is excluded, the label is displayed in a lighter color. Use the icon to expand the widget to fill the current view window. Hover on any of the widget's data points to view specific information on the selected data point. When hovering on a part of the Pie chart, the section of the chart under the mouse pointer is exploded out. Use the icon to download this widget as a image file.
Dashboard STATs Widgets total number of devices with activity seen for that day, and the percentage it represents of the total number of devices seen. Use the icon to expand the widget to fill the current view window. icon to download this widget as a image file. You can then save the downloaded image to Use the any location on your PC. Widget - BT By Configuration This widget displays the counts of Bluetooth clients seen by Extreme AirDefense in the network by classification type.
COMPLIANCE Widgets Dashboard Click on a label to include or exclude its data in the widget. When the data for the label is excluded, the label is displayed in a lighter color. Use the icon to expand the widget to fill the current view window. Hover on any of the widget's data points to view specific information on the selected data point. When hovering on a part of the Pie chart, the section of the chart under the mouse pointer is exploded out. Use the icon to download this widget as a image file.
Dashboard COMPLIANCE Widgets Use the icon to expand the widget to fill the current view window. icon to download this widget as a image file. You can then save the downloaded image to Use the any location on your PC. Widget - PCI Status This widget displays the counts of PCI Status alarms seen by AirDefense in the network. Click on a label to include or exclude its data in the widget. When the data for the label is excluded, the label is displayed in a lighter color.
Network View Network View - Network Snapshot on page 57 Network Pane - Details View on page 59 The Network View is your main window into the Extreme AirDefense monitored network. This view provides various tools to drill down to the site/location of interest and view the state and statistics of the selected site/location in the screen's Details Pane. The Network View screen can be divided into: • • Network Snapshot section - Use this section to have a quick insight into the state of your network.
Details View Network View Use the icon before each tree node to expand it and view its nodes. Similarly, use the collapse an expanded node. icon to Select the node for which you want to view the details. On selecting the node, the Details View pane immediately starts loading with the appropriate information. Depending on the size of the data to display, the number of devices to load and your network connection, it might take sometime for the data to be displayed.
Network View Details View The following information is displayed: Field Description Scope Identifies the scope of the data being displayed (location/site/ floor). The scope depends on the selection made in the My Network Tree View. Click the site/location name to view detailed statistics for it. This link is only active if there is at least 1 alarm or notification for the site/location. The Scope field displays the number of Alarms and Notifications generated for a site/location.
Network View Device Details Screen Field Description Hover on or near the icon to view a pop up window that displays a breakup of the various device types for the Polled and Sensed categories. Severity Occasionally, use the Displays a graphical representation of the site/location's health along with the current Severity value. icon to refresh the data displayed in this screen. Use the field to change the scope of the data displayed on this screen.
Network View - Network Snapshot Network View Network View - Network Snapshot The Network Snapshot panel consists of four (4) widgets that provide a comprehensive insight into your network's state. These widgets are: • • • • Top 5 Security Threats Alarms and Actions Polled Devices Sensed Devices Note This panel cannot be customized. You cannot modify the widgets in this panel. Use the icon to collapse this panel to occupy less screen space. The same information is displayed in the collapsed panel.
Alarms and Actions Network View Use the drop-down list, located to the top right of this widget, to change the duration of the data that is displayed. By default, data for the last 1 Hour is displayed in the widget. Hover on any of the widget's data points to view specific information on the selected data point. When hovering on a part of the Pie chart, the section of the chart under the mouse pointer is exploded out.
Sensed Devices Network View Hover on any of the widget's data points to view specific information on the selected data point. When hovering on a part of the Pie chart, the section of the chart under the mouse pointer is exploded out. Sensed Devices The Sensed Devices widget displays the number of BSS, Wireless Clients, Unknown, and BT/BLE devices identified by AirDefense in your network.
Network Pane - Device Details Network View • Widgets - This section displays three (3) widgets that provide an overview about the devices in the network. • Device Details - This section displays comprehensive data about the devices identified by AirDefense in the selected site/location. For more information, see Network Pane - Device Details on page 60. Network Pane - Device Details The Device Details pane displays comprehensive details about the devices found in the AirDefense monitored network.
Network View Device Details - Toolbar The Device Details pane can be divided into these panes: Pane Description Toolbar The Toolbar contains a number of tools that enable you to perform several tasks on the data being displayed in the pane. The Toolbar displays a drop-down list that displays the hierarchy of the AirDefense system. Use this list to select the scope of the data to be displayed in this screen.
Network View Device Type Details Tool Description Select this icon periodically to refresh the data displayed on this screen. Select this icon to view a context sensitive menu for the current screen. This actions available in this menu is different for each device type selected using the Device Type tabs. For example, the following image displays the menu for the Polled device type.
Device Type Details Network View For more information on the BSS tab, see BSS Tab on page 71. Wireless Clients The Wireless Clients tab displays a list of all wireless clients, sanctioned or otherwise, identified by AirDefense in your network. For more information on the Wireless Clients tab, see Wireless Clients on page 78. Unknown Devices AirDefense classifies devices as Unknown based on the MAC address of the source or final destination of packets seen in the network.
Device Type Details • Network View Radio Status—Radio Bands on WLAN The Devices table displays the following information for each Polled device: Field Flag Description Select the icon to indicate that this device is considered to be of interest. The flag changes to Device This column displays the device type icon and its name. Hover on the name to display more details about the device in a pop-up. The following image is a pop up that displays on hover.
Device Type Details Network View Field Description Status This column indicates the online/offline status of the device. If the device reports up-time, then this up-time value is displayed. Sensor Status This column indicates the online/offline status of a sensor device. If an access point is also a sensor, the status of the access point's sensor is indicated in this column. Select this icon to display a context sensitive menu of actions that can be performed for this particular device.
Device Type Details Network View Select the Columns item to view a list of columns that can be added to the table. The following table lists the additional columns that can be added to the table. 66 Field Description Name This column displays the name of the device if configured. Polled Name This column displays then polled name of the device if available. MAC This column displays the MAC address of the device.
Network View Device Type Details Device Actions The following actions can be performed on a each device listed in the table. Select the icon to display the list of actions that can be performed. The actions that can be performed are different for the different device types. Action Description Alarms Displays the Alarms for the device. When selected, the alarms for this device are displayed in the Alarms screen Properties Displays the properties of the device.
Device Type Details 68 Network View Action Description Remove Select this menu item to remove the device. A small confirmation window displays. Select Yes to remove the device. Select No to exit without removing the device. Readiness Test Select the Readiness Test menu item to check the connections and the communication settings between Extreme AirDefense and the device. A series of test are run and the results are displayed in another window.
Device Type Details Network View Action Description Direct Connect Select the Direct Connect menu item to directly connect to the device. A new browser window or a browser tab is created for the login screen of the device. Copy MAC The Copy MAC menu item is an ease of use feature and enables you to copy the MAC address of the device in hexadecimal or colon hexadecimal notation. Click this menu item to expand it and view MAC formats that can be copied.
Device Type Details Network View Widget - Polled Device Tab - Infrastructure Overview This widget displays a horizontal bar chart which displays the top 5 infrastructure devices in your AirDefense monitored network. Click on a label to include or exclude its data in the widget. When the data for the label is excluded, the label is displayed in a lighter color.
Device Type Details Network View Hover on each of these radio bands to view a pop-up that displays the number of radios that are offline and online. BSS Tab The BSS tab displays a list of all Basic Service Sets (BSSs), sanctioned or otherwise, that were discovered by Extreme AirDefense in your network during regular scans. The BSS tab displays a set of widgets on the top of the display area.
Device Type Details Network View The BSS table displays the following information: Field Flag Description Select the icon to indicate that this device is considered to be of interest. The flag changes to Device . This column displays the device type icon and its name. Hover on the name to display more details about the device in a pop-up. The following image is a pop up that displays on hover. Select the MAC address of the device to view its details in a separate window.
Device Type Details Network View Select a device in the table to display a right-panel details window that includes the following columns: Table 4: Parameter Value Device Name Displays the name of the device. Description Displays a description of the device. Annotations MAC Displays the MAC Address for the device. Random MAC Indicates whether the device is using Random MAC (yes) or not (no). Observed First Seen Displays date device was first seen on the network.
Device Type Details Network View Select the Filter item to filter your data. This option might not be available for all screens. When this option is available, use the available filter criteria to filter the data displayed in the screen. Select the Columns item to view a list of columns that can be added to the table. The following table lists the additional columns that can be added to the table. Field Description Name This column displays the name of the device if configured.
Network View Device Type Details Field Description Device Actions This column indicates if any of the following actions have taken place: • AP Test • Wireless Vulnerability Assessment • Termination • Dedicated Spectrum Analysis • Inline Spectrum Analysis Associated Clients This column displays the number of clients that are associated with the device. Access Points This column displays the name of the access point that sees this device.
Device Type Details Network View Action Description Remove Select this menu item to remove the device. A small confirmation window displays. Select Yes to remove the device. Select No to exit without removing the device. Classification Use this menu item to classify the device into one of Sanctioned (Inherit profiles), Unsanctioned, Neighboring, and Sanctioned (Assigned Profiles).
Device Type Details Network View Action Description Live View The Live View menu item displays the Live View window for the device where you can view the device's live status and other parameters. Port Lookup (Find this Device) Use the Port Lookup menu item to scan for and locate this device, in your network, using its MAC address. Terminate Use the Terminate menu item to open the Termination options window from where you can terminate this device.
Device Type Details Network View This widget displays the total number of devices, identified and classified by AirDefense. This widget shows the total count of the devices and rogues in the network. It also displays a graph of the total device segregated as Sanctioned, Unsanctioned, and Neighboring. Hover on each of these device types to view more details. Widget - BSS Tab - Sanctioned Devices Seen in Last 5 Days This widget displays the total number of sanctioned devices seen in the last 5 days.
Network View Device Type Details The Wireless Clients tab displays a set of widgets on top of the display area. These widgets are: • • • Device Classification Sanctioned Devices Seen in Last 5 Days Trend—Device Seen Comparison (For Last 3 Days) The Wireless Clients table displays the following information: Field Flag Description Select the icon to indicate that this device is considered to be of interest. The flag changes to Device . This column displays the device type icon and its name.
Device Type Details Network View Field Description Severity This column displays the device's threat level to your network. Hover on this value to display a threat score for this device. • indicates a severity level of Severe which is higher than the level Critical. • indicates a severity level of Critical. • indicates a severity level of Major. • indicates a severity level of Minor. • indicates the site/location is Safe.
Device Type Details Network View Select a device in the table to display a right-panel details window that includes the following columns: Table 5: Parameter Value Device Name Displays the name of the device. Description Displays a description of the device. Annotations MAC Displays the MAC Address for the device. Random MAC Indicates whether the device is using random MAC (yes) or not (no).
Device Type Details Network View Select the Filter item to filter your data. This option might not be available for all screens. When this option is available, use the available filter criteria to filter the data displayed in the screen. Select the Columns item to view a list of columns that can be added to the table. The following table lists the additional columns that can be added to the table. Field Description Name This column displays the name of the device if configured.
Network View Device Type Details Field Description Device Actions This column indicates if any of the following actions have taken place: • AP Test • Wireless Vulnerability Assessment • Termination • Dedicated Spectrum Analysis • Inline Spectrum Analysis Access Points This column displays the name of the access point that sees this device. Sensor This column displays the name of the sensor that sees this device.
Device Type Details Network View Action Description Remove Select this menu item to remove the device. A small confirmation window displays. Select Yes to remove the device. Select No to exit without removing the device. Classification Use this menu item to classify the device into one of Sanctioned (Inherit profiles), Unsanctioned, Neighboring, and Sanctioned (Assigned Profiles).
Device Type Details Network View Action Description Forensic Analysis Use the Forensic Analysis menu item to analyze the device and provide detailed information on the device. Forensic Analysis returns the threat level of the device, device alarms, and device association details about the device. Locate Use the Locate menu item to locate this device on your network. This opens the Location Tracking window from where you can track the device.
Device Type Details Network View Widget - Wireless Client Tab - Device Classification This widget displays the total number of devices, identified and then classified by AirDefense. This widget shows the count of all the devices and rogues in the network. It also displays a graph of the devices segregated as Sanctioned, Unsanctioned, and Neighboring. Hover on each of these device types to view more details.
Network View Device Type Details The Unknown Devices tab displays a set of widgets on the top of the display area. The widgets are: • • • Device Classification Rogue Devices - Devices which turned to be rogue Trend - Rogue Devices - Device turned to be rogue The Unknown Devices table displays the following information: Field Flag Description Select the icon to indicate that this device is considered to be of interest. The flag changes to Device .
Network View Device Type Details Field Description Severity This column displays the device's threat level to your network. Hover on this value to display a threat score for this device. • indicates a severity level of Severe which is higher than the level Critical. • indicates a severity level of Critical. • indicates a severity level of Major. • indicates a severity level of Minor. • indicates the site/location is Safe.
Network View Device Type Details Select the Filter item to filter your data. This option might not be available for all screens. When this option is available, use the available filter criteria to filter the data displayed in the screen. Select the Columns item to view a list of columns that can be added to the table. The following table lists the additional columns that can be added to the table. Field Description Name This column displays the name of the device if configured.
Device Type Details Network View Device Actions The following actions can be performed on a each device listed in the table. Select the icon to display the list of actions that can be performed. The actions that can be performed are different for the different device types. 90 Action Description Alarms Displays the Alarms for the device. When selected, the alarms for this device are displayed in the Alarms screen Rename Select this menu item to rename this device.
Network View Device Type Details Action Description Classification Use this menu item to classify the device into one of Sanctioned (Inherit profiles), Unsanctioned, Neighboring, and Sanctioned (Assigned Profiles). The Sanctioned (Assigned Profiles) menu item expands to show a list of available profiles that can be assigned to this device. Action Details Select the Action Details menu item to view a table listing specific actions occurring on the device.
Network View Device Type Details Action Description Terminate Use the Terminate menu item to open the Termination options window from where you can terminate this device. Copy MAC The Copy MAC menu item is an ease of use feature and enables you to copy the MAC address of the device in hexadecimal or colon hexadecimal notation. Click this menu item to expand it and view MAC formats that can be copied. Select the MAC format to copy to your PC's clipboard.
Device Type Details Network View Click on a label to include or exclude its data in the widget. When the data for the label is excluded, the label is displayed in a lighter color. Bluetooth and Bluetooth Low Energy Devices The BT/BLE tab displays a list of Bluetooth or Bluetooth Low Energy (BLE) clients, sanctioned or otherwise, that were discovered by Extreme AirDefense in your network during regular scans. The BT/BLE tab displays a set of widgets on top of the display area.
Network View Device Type Details The BT/BLE table displays the following information for each device: Table 6: Field Description Device Displays the device type icon and its name. Place your cursor on the name to display more details about the device in a pop-up: Type Displays the type of BT/BLE device as identified by Extreme AirDefense. Severity Displays the device's threat severity to your network.
Network View Device Type Details To add/remove table columns, select the down list displays. icon to the left of any column header. The following drop- Select the Filter item to filter your data. This option might not be available for all screens. When this option is available, use the available filter criteria to filter the data displayed in the screen. Select the Columns item to view a list of columns that can be added to the table.
Network View Device Type Details Device Actions The following actions can be performed on a each device listed in the table. Select the icon to display the list of actions that can be performed. The actions that can be performed are different for the different device types. Action Description Alarms Displays the Alarms for the device. When selected, the alarms for this device are displayed in the Alarms screen Remove Select this menu item to remove the device. A small confirmation window displays.
Device Type Details Network View This widget displays the total number of devices, identified and then classified as BT/BLE Device by AirDefense. This widget shows the count of all BT/BLE devices and the number of rogue devices of this type. It also displays a graph of the devices classified as Sanctioned, Unsanctioned, or Neighboring. Hover on each of these device types to view more details.
Alarm View Object Missing on page 101 Alarms - Details View on page 102 Alarms Widget View on page 102 Alarm Details List on page 104 Use the Alarm View screen to manage your alarms from AirDefense. Alarm View screen is a single location from where you can see the alarms raised in your network. It provides various tools to drill down to the alarms and take appropriate actions on these alarms. Alarms View can be divided into three sections, Alarms Summary, Network Tree View and Details panes.
Alarm View Network Tree View Use the icon before each tree node to expand it and view its nodes. Similarly, use the collapse an expanded node. icon to Select the node for which you want to view the details. On selecting the node, the Details View pane immediately starts loading with the appropriate information. Depending on the size of the data to display, the number of devices to load and your network connection, it might take sometime for the data to be displayed.
Details View Alarm View Details View The Details View pane displays a list of alarms generated for the selected site/location. The following information is displayed: Column Description Scope This column displays the name of the site/location for which the alarm information is generated. Select the site/location name to launch the Alarm Details screen to view the alarms for the site. This option is only available for a site that has at least one alarm or notification indicated for it.
Toolbar Alarm View Toolbar The Toolbar enables you to perform specific tasks quickly. The following actions can be performed from the Alarms toolbar. Tool Description Use this field to select the scope of the data to display in this screen. Select this icon to view or hide the Grid Chart view in this pane. Periodically use this Refresh icon to refresh the data displayed on this screen. Select this icon to view a list of alarms that were raised in the last one hour.
Alarm View Alarms - Details View Alarms - Details View This screen displays a list of all alarms raised for the selected site/location along with information required to take appropriate actions with respect to these alarms. This screen is divided into these sections: • Alarm Summary (Overall) - Provides a snapshot of the current state of your network with respect to the alarms generated. Use the see Object Missing on page 101. to refresh the displayed data.
Category/Sub-category Widget Alarm View Category/Sub-category Widget The Category/Sub-Category widget displays the number of alarms raised for each alarm category or sub-category. Hover on either the Category or Sub-Category graphs to view a breakup of alarms. Device Classification The Device Classification widget displays a graph of the alarms generated by the different device types. This widget displays the break up of the alarms by device type as a bar graph and a pie chart.
Alarm Severity Alarm View Select the number above each device type icon to launch the Alarms detail view with the data filtered for the Rogue Activity and the selected Device Type. Alarm Severity The Category/Sub-Category widget displays the number of alarms raised for each alarm category or sub-category. The Alarm Severity widget displays graphs of the number of alarms of different severity, generated in your network, as a bar graph and a pie chart.
Alarm Details List Alarm View Column Description Alarm Type This column displays the type of alarm generated. Each alarm is assigned a threat or criticality index. This index value is displayed in the Criticality column. Device This column displays the device type icon and its name. Hover on the name to display more details about the device in a pop-up. The following image is a pop up that displays on hover. The information that the pop-up displays is different for the different device types.
Alarm Actions Alarm View Select the Filter item to filter your data. This option might not be available for all screens. When this option is available, use the available filter criteria to filter the data displayed in the screen. Select the Columns item to view a list of columns that can be added to the table. The following table lists the additional columns that can be added to the table. Column Description Alarm ID This column displays the unique ID assigned to this alarm when it was generated.
Alarm View Alarm Actions Column Description Set Flag Use this menu to set a flag for this alarm. Flags are used to indicate that the alarm requires attention. When an flag is set, it changes to . Remove Flag Use this menu to unset or remove a flag set for an alarm. When unset, the flag icon changes to . Mark as New Use this menu to mark an alarm as new. When marked, the alarm is indicated in bold. Mark as Acknowledged Use this menu to mark the alarm as Acknowledged.
Configuration Appliance Management on page 110 Structure Configuration on page 141 Auto-Placement Rules on page 152 Discovery Profile and Polling Configuration on page 158 Communication Profile on page 169 Security Profile on page 177 Alarm Action Manager on page 189 Device Action Manager on page 211 Sensor Manager on page 241 Alarm Configuration on page 254 Wired Network Monitoring on page 257 Performance Profile on page 259 Environment Monitoring on page 271 Client Types on page 273 Appliance Settings on
Configuration Figure 19: New User Interface - Settings Screen The following configurations are managed from this screen. • Rules Configuration - This section provides links to configure the following rules: ◦ Auto Placement - The configurations defined within this profile determine how network devices are placed in your network hierarchy tree when imported.
Configuration Appliance Management ◦ User Management - Use this configuration screen to view and manage your users with respect to this Extreme AirDefense system. For more information, see User Management on page 311. ◦ System Settings - Use this configuration screen to configure the remote log server to send your Extreme AirDefense system's activity logs to. For more information, see System Settings on page 337.
Configuration Appliance Settings Function Description Port Set the UI Port. This setting configures the system port for access to ADSP. Choose the system port from a port indicator/selector. Choices are port 1024 through 65000. Note: AirDefense will not allow you to choose a port already in use. Mail Relay Server Define the mail relay host. Enter an IP address or a fully-qualified host name. Max Connections Specify the maximum number of application server connections that can occur simultaneously.
Configuration Backup / Restore Status Function Description Port Suppression System Port Suppression enables you to turn off the port on the network switch through which a device is communicating. You can suppress the communications port for any network device, effectively shutting down the communication port for the device. Yes: Click this radio button to enable Port Suppression at the system level. See the Note, below. No: (Default). Click this radio button to disable Port Suppression.
Certificate / Key Validation Configuration The top section displays status information about backups. The bottom section displays status information about configuration restores, synchronization, clear information, and upgrade information. The following status information is displayed: • • • • A green checkmark indicates that the backup/restore was successful. A red circle containing an exclamation mark indicates that the backup/restore was unsuccessful.
Certificate / Key Validation Configuration There are three types of verifications for either appliance communications or third party communications. They are: • • • Verify master certificate against trusted certificates Verify hostname against certificate Check certificate revocation. Select the appropriate checkbox for each type of verification that you want to check. If the Check certificate revocation checkbox is selected, the OCSP Responder fields are activated.
Certificate Manager Configuration To add a public key: 1. Click the Add Key button. 2. Type in the name of the other server. 3. Select the type of public key that you want to add (SSH-RSA or SSH-DSS). 4. Paste the public key into the Key field.
Certificate Manager Configuration the AirDefense appliance. Certificates install into the AirDefense appliance and are sent by the appliance directly to your browser. Important AirDefense recommends using a security certificate for every AirDefense appliance in your network. Furthermore, we recommend that you replace the pre-installed security certificate from AirDefense with either a self-signed certificate or a root-signed certificate. AirDefense supports the X.
Certificate Manager Configuration Certificate Types Every AirDefense appliance comes with an AirDefense certificate. However, there are three other certificates available; each represents a different level of security. • • • Self-signed certificate Root-signed certificate SSL certificate. The following table describes each of the certificate types: Certificate Description AirDefense Certificate The AirDefense certificate represents a minimal level of security.
Certificate Manager Configuration ◦ Validation period stating when the certificate became valid and when it ends ◦ Certificate fingerprints. Sharing Certificates AirDefense has a Central Management feature that allows you to monitor more than one appliance. In this situation, there will be a master appliance and a slave appliance. In order for this scenario to take place, you will need to share certificates between the master and the slave appliance.
Certificate Manager Configuration The procedure to sharing certificates in the default state is: Note This procedure assumes that you have added a certificate using the procedures under Add Certificates. 1. 2. 3. 4. Access the Certificate Manager. In the Appliance field, select the slave appliance. Type in the certificate password and then click View Certificates. Click the Share Appliance Certificate button.
Certificate Manager Configuration 6. Click the Share button. 7. Click OK. 8. On the master appliance, access the Trusted Certificate tab. 9. In the Appliance field, select the master appliance. 10. Type in the certificate password and then click View Certificates. 11. Click the Import New button. 12. Browse to CA certificate and select it. 13. Click OK. 14. Restart the master appliance. 15. On the slave appliance, access the Trusted Certificate tab and then repeat steps 9 through 13. 16.
Certificate Manager Configuration 2. Send the CSR to a Certificate Authority (CA) and get certificate files. 3. Import the certificate files received from the CA. Generate Certificate Signing Request To generate a Certificate Signing Request (CSR), do the following: 1. Click the Generate Request button. A window opens for you to confirm that you want to download the CSR. 2. Click OK. A window opens for you to save your request. 3. Navigate to in a convenient place such as your Desktop to save the CSR.
Certificate Manager Configuration Once you give the CA the information from the generated file, they will give you instructions on how to proceed, probably an email message. You will have to save the certificate files somewhere on your workstation such as your Desktop. There should be three certificates: • • • Intermediate Root SSL which is the tomcat certificate. Importing Certificate Files from CA 1. Click the Import New button. The Import New Certificate window displays. 2.
Certificate Manager Configuration 3. Navigate to the Intermediate certificate, select (highlight) it, and then click the Open button. The file name should now display in the Select field. 4. Type in a name for the certificate. 5. Click OK. 6. Repeat Steps 1 to 5 to import the Root certificate. 7. Repeat Steps 1 to 5 to import the SSL certificate. Note The name for the SSL certificate defaults to tomcat. You cannot change this name. 8. Click OK.
Certificate Manager Configuration 2. Click the Browse button to open the Select file to upload window. 3. Navigate to the trusted certificate, select (highlight) it, and then click the Open button. The file name should now display in the Select field. 4. Type in a name for the certificate. 5. Click OK. Update Certificate Information This topic discusses the process to update certificate information for certificates already stored in your appliance.
Certificate Manager Configuration To change the certificate's default information: 1. Click the Update button to display the Update Appliance Certificate window. The following table describes the certificate information fields that can be modified: Field Description Name The hostname you assigned the AirDefense appliance. Department Name The department in which the AirDefense administrator is a member. Company Name The name of your company. City The city in which your company is located.
Configuration Backup Configuration Change Certificate Password The Certificates window has a default password (security). You should change this password to a more secure password. To change the password: 1. Click the Change Password link. 2. Type the new password in the Password field. 3. Type the new password again in the Confirm field. 4. Click the OK button.
Configuration Backup Configuration How Backups Work • • All backups, scheduled or on-demand, create a backup file in /usr/local/smx/backups. • If an on-demand backup is done to the desktop, the system performs a regular backup to /usr/ local/smx/backups first and then copies that file to the desktop. • If a scheduled backup is done to a remote device via SCP or FTP, the system performs a backup to /usr/local/smx/backups first and then copies that file to the remote system.
Configuration Backup • Configuration NEVER direct a backup to /usr/local/smx/backups on a standby server. This will prevent synchronization from working properly. Manual Backups You can manually back up your server configuration to your workstation by following these steps: 1. Click the Backup Now button to display the Backup Ready window. 2. Click the Download button to open a window where you can select your destination directory (folder). 3.
Configuration Configuration Backup Automatic Backups Automatic Backups backs up your system configuration to your ADSP appliance. Note Do not configure the automatic backup time and the automatic synchronization time with the same values. To schedule automatic backups, follow these steps: 1. Enable automatic backups by clicking the Enable Configuration Backup Scheduling checkbox to place a checkmark in the box. 2. Type in a name for the backup in the Job Name field. 3.
Configuration Clear Configuration Field Description Password The password used to log in on the destination server. Verify Server Certificate/Key Verifies that the server certificate (HTTPS connections) or server key (SCP and SFTP connections) is valid. Retries The number of times to retry the backup if a failure occurs. The maximum number is 5.
Configuration Configuration Clear Option Description Clear System Configuration Clears all system configuration data. This encompasses everything except what is covered by the other options. There are three other options associated with this option. • Clear Policy Configuration - Clears all policy configurations that you have changed. If you select this option, the Sensor and Device configurations will be automatically selected.
Configuration Restore Configuration Configuration Restore You can restore a backup configuration that you backed up to your workstation. To do so, follow these steps: 1. Navigate to Configuration > Appliance Management > Configuration Restore. 2. Click Replace to open a window where you can select the directory (folder) where your configuration was backed up. 3. Navigate to the directory where your configuration was backed up and select the backup file. 4. Click Open to select the file.
Download Logs Configuration Download Logs You can download configuration files that were automatically backed up to your ADSP server to your workstation. Once the backed up configuration is on your workstation, you can restore it. (See Configuration Restore. ) To download a configuration, follow these steps: 1. Navigate to Configuration > Appliance Management > Download Logs. 2. Select if you want to download a backup that exists on your appliance and/or the system logs. 3.
Configuration Download Logs 8. Click Next. The configuration is downloaded to the selected directory and a status window is displayed confirming the download. 9. Click Close. Forensic and Log Backup To enable automatic forensics backup, click the Enable Automatic Forensics Backup checkbox to place a checkmark in the checkbox. To enable this automatic log backup, click the Enable Automatic Log Backup checkbox to place a checkmark in the checkbox. Fill in the fields described in the table below.
Configuration Download Logs Field Description Host The name of the server where you want to back up forensics or log files. This can be an IP address or a DNS name defined by your DNS server. Port The port number to use during the backup. Protocol The file transfer protocol to use for backing up forensics or log files. Path The directory (folder) where to place the backup on the destination server. User The username used to log in on the destination server.
Configuration Language Interval Action Weekly Schedule Choose a frequency in days. Then, select a day or multiple days to conduct the backup by clicking the checkbox next to the day to place a checkmark in the box. Monthly Schedule Choose the months that you want to run a backup by clicking the checkbox next to the month(s) to place a checkmark in the box(es). Then, select a day of the month to conduct the backup. Last, specify a time of day.
Login / SSH Banners Configuration To activate, select Enable Pre-Login Banner checkbox. The * (Please enter text) field is available to enter text that users will see before logging into AirDefense. Text can be entered in HTLM or text format. Click Apply to save the pre-login banner. Login Banner The Login Banner tab is provided for ADSP users who wish to add their own customized agreement banner which will be shown each time users log into the system. To activate, select Enable Login Banner field.
Configuration Redundant Appliance Sync The following configuration options are available for customizing the Login Banner. Function Description At initial login... Enter the actual startup agreement text in this area; this text is what will appear when the ADSP application is first opened. Note: This text can be entered in HTML or text format. Approve button label Enter the actual text that will appear for the approve button on the Startup Agreement window.
Configuration Redundant Appliance Sync server to your secondary server so that the two servers have the same configuration. Configuration settings from the primary server will override any configuration settings on the secondary server. How Synchronization Works • • Synchronization will not work if there is no backup file or if there is a backup in progress.
Configuration Redundant Appliance Sync 3. Enter the port number of the primary server in the Port field. 4. Enter the username in the Username field that allows you to log in on the primary server you are synchronizing with. Note It is a good practice to setup an admin account (using the same username and password) on both the primary and secondary server. 5. Enter the password in the Password field that allows you to log in on the primary server you are synchronizing with. 6.
Structure Configuration Configuration Appliance Replacement Considerations Replacing an appliance should be done in such a way that no data is lost during the transition. Following these recommendations will help prevent data loss: • Scheduled jobs should be included when backing up an appliance before synchronization. This will save you valuable time when restoring the backup on a new appliance. Unless you have backed up your scheduled jobs, you will have to recreate them on the new appliance.
Structure Configuration Configuration Figure 20: Network Tree Your network tree automatically includes your appliance and any other appliance that you have added to your AirDefense system. Each appliance can be included into and then expanded within the hierarchy tree.
Floor Plans Configuration Use the icon to regenerate your network structure. Floor Plans You can create a detailed floor plan map from the Structure Configuration window. To map your floor plan, select the Floor level in the Structure Configuration tree to open the floor configuration panel. You can upload an image of your floor plan and set the boundaries and scale. You can drag and drop devices to your floor plan to add them to your map.
Configuration View And Manage Your Network Tree Figure 21: Structure Configuration Panel Use the icons next to each node on the network tree to expand or contract it. The inner most node for the network tree is the Floor node. You can create a detailed floor plan map from the Floor node. The topmost node is the Appliance node. Use the Filter text area to filter the devices to view specific terms in the Structure Configuration pane. To edit the network tree, select the dialog displays.
Generate a Network Tree Configuration Place your cursor over a node on this tree to view the actions that can be performed at that level. The following actions can be performed: • Add a tree node as a next level node (sub-node) in the hierarchy. Use the the tree. icon to add a node to When you add a node, it is always added as a sub-node of the node where this action was performed. If the main node has sub-nodes, the new node is always added as the last sub-node. • Edit the node.
Generate a Network Tree A blank network tree is generated from the Structure Configuration screen. 2. From the Structure Configuration screen, select the Default button. 3. Select the Generate button. A blank network tree is created with the top level node named as ADSP. 4. Hover on this level to display the action buttons for this level. 146 Extreme AirDefense User Guide for version 10.5.
Import the Network Tree Configuration 5. Use the icon to add a sub-node to this top level node. The Edit Structure dialog displays. For more information on viewing and managing nodes, see the topic View And Manage Your Network Tree on page 143. 6. Once you have completed populating all the nodes in your network tree, select the Done button located on the top right of this dialog. The Edit Structure dialog is closed and the Structure Configuration screen displays.
Configuration Floor Plans You can create a detailed floor plan map of your network and devices from the Structure Configuration window: To map your floor plan: 1. From the Structure Configuration tree on the Configuration tab, select the Floor level. 2. To configure your floor plan, select the Configure button at the top right corner of the panel. The Floor Details window displays. 148 Extreme AirDefense User Guide for version 10.5.
Floor Plans Configuration 3. To select the type of environment that your floor plan represents, select the down arrow to expand the drop-down list: The Environment drop-down list displays. 4. To upload an image of your floor plan, select the Browse button and choose the file to upload. 5. Use the Coverage panel in the right-hand Floor Details window to set the boundaries for your floor plan map. Select Auto to configure the map using default coverage boundaries.
Configuration Floor Plans configure the boundaries manually. Note If you select Auto to use the default coverage option, changes and varitions in the proximity of your mapped devices may occur. Use the Manual option to set your coverage to prevent these issues. 6. Use the Scale panel in the right-hand Floor Details window to set the scale for your floor plan map. Select Auto to configure the map using default scaling. Select Manual to configure the scale manually.
Configuration Floor Plans 8. To view Device Locations, navigate to the Network Snapshot tab and select any BSS, Wireless Client, or BT/BE device type. If the device type is configured for a floor plan, the Device Location window opens 9. Select Show All Devices to display all the the devices and APs: Extreme AirDefense User Guide for version 10.5.
Auto-Placement Rules Configuration 10. If a floor plan is not configured, you can configure a floor plan from this window: Auto-Placement Rules Auto-Placement rules determine where devices will be placed in the network tree when they are imported. Any device that has the specified parameter(s) and qualifying value(s) will be placed in the selected network level. Auto-Placement rules are applied differently based on the device type that are discovered in your network.
View Auto-Placement Rules Configuration • • If no Auto-Placement rules criteria match the device, it will be placed in the Unplaced Devices folder. IP based placement uses a single IP address for each device. The selected IP address for AutoPlacement is the first available address on the following ordered list of IP addresses learned by AirDefense. ◦ The first IP address on the list is the Devices Management IP Address. This is the IP address that AirDefense uses to communicate with the device.
Configuration Add an Auto-Placement Rule Figure 22: Auto-Placement Rules The screen displays the following information: Field Description Rule Name This field displays the name of the auto-placement rule. Destination This field displays the destination configured for this rule. This is the location where a device that matches the auto-placement rule is placed in. Action The icons in this field enable you to view, edit or delete autoplacement rules.
Configuration Add an Auto-Placement Rule To add a new auto-placement rule: 1. From the Auto-Placement Rules screen, select the icon. The Auto Placement Rule dialog displays. Extreme AirDefense User Guide for version 10.5.
Add an Auto-Placement Rule Configuration 2. Provide the following information to create a new auto-placement rule: Field Description Name Provide a meaningful name for the auto-placement rule. You should name your rules such that they are easy to identify from among similar rules. Destination Use the Destination drop-down list to select the floor on which the devices meeting this auto-placement rule are to be placed.
Edit an Auto-Placement Rule Configuration Field Description Use the field to configure the device's network address that is used as a selection criteria for this auto-placement rule. • DNS Server Use this field to specify the DNS server or servers the devices are using and use that information as a selection criteria for this auto-placement rule. This parameter only works with sensors not with access points and switches.
Discovery Profile and Polling Configuration Configuration To edit an existing auto-placement rule: 1. From the Auto-Placement Rules screen, select the auto-placement rule to edit. 2. Select the icon to edit the selected auto-placement rule. The Auto Placement Rule dialog displays. 3. Modify the required fields. For more information on the fields in this screen, see Add an Auto-Placement Rule on page 154. 4. Select the Apply button located to the top right of this dialog to save the auto-placement rule.
Discovery Profile Configuration Discovery Profile Discovery profiles are used to configure how devices are discovered or imported from various sources into the AirDefense managed network. Use the configurations in Discovery/Polling screen to set periodic imports and discovery of the devices into your network.
Discovery Profile Configuration View Discovery Profiles Use the Discovery/Polling screen to view a list of discovery profiles configured for this Extreme AirDefense managed network. These profiles determine how devices are discovered by Extreme AirDefense and how devices are imported into the system. Figure 23: Discovery Profiles The screen displays the following information: Field Description Profile Name The name of the discovery profile. Schedule The schedule for running this discovery profile.
Discovery Profile Configuration The Discovery Profiles screen has a provision to manually run the profiles listed in this screen. By default Extreme AirDefense runs the discovery profile based on its schedule. To force Extreme AirDefense to run a discovery profile on demand, select the icon. To add more discovery profiles, use the icon located to the top right of this screen. For more information, see Add a Discovery Profile on page 161.
Discovery Profile Configuration 2. In the Discovery Profile Name field, change the default value from New Scheduled Import to a name that describes this discovery profile. 3. Expand the Job Type field using the icon. 4. Select the method through which Extreme AirDefense imports device information: Option SNMP Discovery Configure device imports through SNMP Discovery. Local File Import devices via a local file. Remote File Import devices via a remote file.
Discovery Profile Configuration IP Range Enter a range of IP addresses. For example, 192.168.10.10-192.168.10.35. Network Address Enter a Network Address. For example, 192.168.10.0/24. FQDN Enter a fully qualified domain name. For example, www.example.com. Use the Communication Profile field to select an existing communication profile. From the dropdown list, you can select a existing communication profile, or you can create a new profile.
Discovery Profile Configuration To edit an existing discovery profile: 1. From the Discovery Profiles screen, select the discovery profile to edit. 2. Select the icon to edit the select discovery profile. The Discovery Profile dialog displays. 164 Extreme AirDefense User Guide for version 10.5.
Polling Configuration Configuration 3. Modify the required fields. For more information on the fields in this screen, see the topic Add a Discovery Profile on page 161. 4. Select the APPLY button located to the top right of this dialog to save the device discovery profile. 5. Select the small 'x' icon to the top left of the dialog to close it. Polling Configuration AirDefense uses a centralized polling feature to manage configuration audits, status polling, and data collections from a single location.
Polling Configuration Configuration You can configure different polling preferences for each node in your AirDefense hierarchy. To do so, you must select the correct node in the Structure & Tags area of the Discovery Profiles screen. After selecting the scope, you can apply the polling preferences to the scope. View the current Polling Preference details Use the icon in this control to view the current polling preference values. This information is displayed in a separate window.
Polling Configuration Configuration ADSP and you must use this switch to apply the selected configuration through out the Extreme AirDefense system. By default, any level in the Structure & Tags pane always inherits configuration from the level above it unless explicitly overridden. Since Extreme AirDefense manages its devices using a hierarchy that is configured using the Structure & Tags pane, all the nodes under the top ADSP node inherit the configurations set at that node.
Polling Configuration Configuration 3. Select the Enable Automatic Status Polling switch to toggle it. When enabled, AirDefense automatically polls for device network status at an interval defined by the frequency values configured for this field. Set the following frequency parameters for this field: Field Description Frequency Use the spinner control to set the duration value. Frequency Format Use the drop-down list to select the format for the frequency. Select from one of Days, Hours, or Minutes.
Communication Profile Configuration 5. Set the following Extended parameters. Field Description Enable ACL When enabled, this parameter enables you to carry out the ACL action from the Device Action Manager or Alarm Action manager profile. This action would enable the Access Control List on switches that meet the conditions defined in the filter of Alarm Action Manager or Device Action Manager.
Overriding Configuration Settings Configuration Overriding Configuration Settings The Enable Configuration switch is only available at the top most node of the Structure & Tags pane. Configurations can only be applied when this switch is set to ON. The top most node is always named ADSP and you must use this switch to apply the selected configuration through out the Extreme AirDefense system.
Add a Communication Profile Configuration The screen displays the following information for each communication profile: Field Description Profile Name Displays the name of this communication profile. Description This field indicates which communication settings are active. An active setting is indicated in green and an inactive setting in grey. Action The icons in this field enable you to manage your communication profiles.
Add a Communication Profile Configuration By default, the SNMP configuration tab displays. 2. Provide a meaningful name for the communication profile. You should name your profiles such that they are easy to find among similar profiles. 172 Extreme AirDefense User Guide for version 10.5.
Configuration Add a Communication Profile 3. Provide the following information for configuring SNMP settings: Field Description Enable SNMP Settings Select this switch to enable SNMP settings. SNMP Port Use the spinner to set the SNMP port for the device. The default port number is 161. Timeout (in ms) Use the spinner to set the timeout value in milliseconds to connect to the device.
Add a Communication Profile Configuration Field Description Auth. Algorithm Use the drop-down list to select the authentication algorithm. This selection must match what is set on the device. The available algorithms are MD5, SHA, and None. You must supply a pass-phrase which must also match what is set on the device. Note: This field is only available when SNMP version is V3. Priv. Algorithm Use the drop-down list to select the privacy algorithm. This selection must match what is set on the device.
Add a Communication Profile Configuration Field Description Enable Password Use this field to enter the Enable password. This password is required to enter the enable mode on the device. Protocol Use the drop-down list to select the protocol to use for console access. Select from SSH or Telnet. Port Use this field to enter the port number that is used for communications. By default port 22 is used used. 5.
Edit the Communication Profile Configuration Edit the Communication Profile Use the Communication Profiles screen to view a list of communication profiles configured for your AirDefense managed network. A Communication Profile is a set of configurations that enables you to use the same settings for connecting to various devices in your AirDefense managed network. Figure 25: Communication Profiles To edit a communication profile: 1.
Delete Communication Profiles Configuration 3. Modify the configuration settings for the different tabs in this dialog. For more information on the fields in this dialog, see Add a Communication Profile on page 171 4. Select the Apply button located to the top right of this dialog to save the communication profile. 5. Select the small 'x' icon to the top left of the dialog to close it. Delete Communication Profiles To delete a communication profile: 1.
Overriding Configuration Settings Configuration Security profiles are configured from the Configuration > Security Profile menu path. The Security Profiles screen displays. Existing security profiles are listed in the right pane of this window. Overriding Configuration Settings The Enable Configuration switch is only available at the top most node of the Structure & Tags pane. Configurations can only be applied when this switch is set to ON.
View Security Profile Configuration Figure 26: Security Profile Screen The screen displays the following information: Field Description Template Name The name of the security profile. Action The actions that can be performed on the security profile. The icons in this field enable you to manage your security profile. You can edit your profile, create a new profile by creating a duplicate of the profile, or delete the profile.
View Security Profile Configuration View a Security Profile Use the icon for a security profile to view its details. A configuration dialog displays all the details about this security profile. The following information is displayed for each security profile. Field Description Profile Name The name of this security profile. General Information The General Information field displays the following information for this security profile. SSID The SSID that is covered by this security profile.
Add a Security Profile Configuration Field Description Privacy Settings The privacy setting configured for this security profile. When privacy settings are configured, this field displays Enabled. The following additional configuration information is also displayed. Base 802.11 Authentication The Base 802.11 authentication in use with this security profile. Displays Open or Shared. Extended 802.11 Authentication The Extended 802.11 authentication used with this security profile.
Add a Security Profile Configuration A complete security profile consists of the following configurations: • • • General Configuration - This set of parameters configure settings related to wireless clients. Privacy Configuration - This set of parameters enable you to monitor privacy settings. Rate Settings - This set of parameters select the specific rates that you need to monitor.
Configuration Add a Security Profile Configure the following preferences for this security profile: Field Description Communication to Wireless Clients Select one of the following options: Enforce Isolation Select this option to isolate wireless clients within your network. Allow Communication Select this option to enable communications between wireless clients in your network.
Add a Security Profile Configuration 4. Select the Monitor Privacy Settings option to enable this feature. Provide the following additional configuration information: Field Description Extended 802.11 Authentication WPA Select to activate Wi-Fi Protected Access, which uses improved data encryption through the temporal key integrity protocol (TKIP). TKIP scrambles the keys using a hashing algorithm and, by adding an integrity-checking feature, ensures that the keys haven't been tampered with.
Add a Security Profile Configuration Field Description Advanced Key Generation 802.1x EAP-FAST When selected, it keys 802.1X EAP Flexible Authentication via Secure Tunneling. 802.1x EAP-TLS When selected, it keys EAP Transport Level Security. 802.1x EAP-TTLS When selected, it keys EAP Tunneled Transport Layer Security. 802.1x EAP-GTC When selected, it keys EAP Generic Token Card. 802.1x RSA/PKA When selected, it keys EAP RSA Public Key Authentication Protocol. 802.
Add a Security Profile Configuration Field Description Base 802.11 Authentication Open When this checkbox is selected, open system authentication does not actually provide authentication; it only performs identity verification through the exchange of two messages between the initiator (Wireless Client) and the receiver (wireless controller). Shared When selected, shared key authentication provides authentication by verifying that an initiator has knowledge of a shared secret. Under the 802.
Edit a Security Profile Configuration Select the rates that you want to apply to this security profile. 7. Select the APPLY button located to the top right of this dialog to save the security profile. The new security profile is added to the list of active profiles for this Extreme AirDefense monitored networks. 8. Select the small X icon located to the top left of the dialog to close it. Your changes will not be saved when you use this method to close the dialog.
Edit a Security Profile Configuration A complete security profile consists of the following configurations: • • • General Configuration - This set of parameters configure settings related to wireless clients. Privacy Configuration - This set of parameters configure enable you to monitor privacy settings. Rate Settings - This set of parameters configure the specific rates that you need to monitor. To edit an existing security profile: 1.
Delete a Security Profile Configuration Delete a Security Profile To delete a security profile: 1. Select the icon for the profile that you wish to delete. The Delete Rule dialog displays. 2. Review the rule to delete. 3. Select ACCEPT button to delete the selected rule. 4. To delete multiple security profiles, use the [CTRL]+Click key combination to select the profiles that you want to delete. 5. Select the located to the top right of the screen to delete the selected security profiles.
View Alarm Action Manager Rule Set Configuration Figure 29: Alarm Action Manager Rule Set Screen View Alarm Action Manager Rule Set Use the Alarm Action Manager screen to view a list of these rules sets configured for your Extreme AirDefense managed system. An Alarm Action Manager Rule Set is a set of configurations that perform certain actions depending on the alarms that are raised in your network.
View Alarm Action Manager Rule Set Configuration Field Description Actions The number of actions to be performed when the conditions specified within this rule set is met. Actions The actions that can be performed on the Alarm Action Manager rule set. The icons in this field enable you to manage your Alarm Action Manager rule set . You can edit the rule set, create a new one by creating a duplicate of an existing rule set, or delete the rule set.
View Alarm Action Manager Rule Set Configuration Figure 31: Alarm Action Manager Rule Set View Dialog The following information is displayed for each Alarm Action Manager rule set. 192 Field Description Profile Name The name of this Alarm Action Manager rule set. Description A description about the Alarm Action Manager rule set and its actions. Profile include following alarms This field lists the individual alarms included within this Alarm Action Manager rule set.
Add Alarm Action Manager Rule Set Configuration You can directly edit the rule set from within this dialog. Click the dialog to edit it. icon located to the top right of the Add Alarm Action Manager Rule Set An Alarm Action Manager profile is a set of rules that govern the automatic actions that can be performed when certain alarms are raised. These actions can be performed based on which alarms are monitored and other filtering criteria.
Add Alarm Action Manager Rule Set Configuration • Exploits - This is a collection of all alarms that indicate attempted exploits on your AirDefense system. • Infrastructure - This is a collection of all alarms that indicate issues with the infrastructure devices of the AirDefense system. • Performance - This is a collection of all alarms that indicate performance issues with your AirDefense system.
Add Alarm Action Manager Rule Set Configuration Configuring Filters Configure your filters by using logical constructs of AND, OR, and NOT that are available for use when creating and adding multiple filter criteria to your rule. These logical constructs are explained below. • • AND - All the conditions defined for this rule must be met for the actions to be triggered. • NOT (AND) - This is the opposite condition of the AND construct.
Add Alarm Action Manager Rule Set • • • • • • • • • • • • • • • • • • • Configuration DeviceMAC DeviceManufacturer DeviceModel DeviceName DevicePolledID DevicePolledSSID DeviceProtocol DeviceSSID DeviceSensedID DeviceSensedSSID DeviceSerial DeviceType DeviceVendorPrefix SensorIP SensorMAC SensorName SignalStrength WatchList WiFiDirect Important In the Alarm Action Manager, the order of filters within the rule defines how the filters are applied.
Add Alarm Action Manager Rule Set Configuration Figure 35: New Filter Use the AND, OR, NOT (AND), and NOT (OR) logical constructs to create your rule. You can add up to twenty file (25) filter rules to this Alarm Action Manager rule set. The following logical constructs are available for use: • • AND - All the conditions defined for this rule must be met for the actions to be triggered. • NOT (AND) - This is the opposite condition of the AND construct.
Configuration Add Alarm Action Manager Rule Set The selection in this list will vary with the filter selected in the Filter field. Some of the most common comparison operators are: = Is equal to != Is not equal to < Is less than <= Is less than or equal to MAC Range Range to pick up MAC address.
Add Alarm Action Manager Rule Set Configuration Actions for the alarms are classified into the following groups: • Notifications - This group of actions enable you to automatically generate emails and reports for the selected alarms when the conditions specified in the Filters tab are met. • WIPS Mitigation - This group of actions enable you to automatically take some specific WIPS mitigation actions and also generate SNMP traps.
Configuration Add Alarm Action Manager Rule Set For each email, provide the following information: Field Description To The email addresses of the recipients for this email. Add multiple email addresses separated with a semi-colon (;) sign. From The email address that is used to send this email. This is the address that will receive any reply mails received from the recipients. Subject The subject for this email.
Add Alarm Action Manager Rule Set Configuration For each report, provide the following information: Field Description Report Type Use the drop-down to select from one of the pre-created reports. Scope Increase Factor Use the drop-down to select the scope of your report. The value in this field specifies the number of levels to expand the scope of the report. A value of 1 means only use the floor level.
Add Alarm Action Manager Rule Set Configuration the floor level. A value of two (2) indicates that the devices in the floor and its parent level are to be included. And so on. The maximum value that can be set is six (6). Figure 38: ACL Hover on the ACL box to view a synopsis of its configuration. Port Suppression The Port Suppression action is used to suppress communication between unauthorized devices and the switches on your network.
Add Alarm Action Manager Rule Set Configuration Figure 40: Termination Select the Pair Termination option to enable termination of the offending pair of devices. This feature is only available for the following alarms.
Configuration Add Alarm Action Manager Rule Set By default, an empty template is made available for immediate use. Use this empty template to create your first SNMP Trap. To add additional traps, use the green + icon to create a new blank template. When you add a new SNMP Trap, a new block is created for it. You can hover on each of these blocks to get a synopsis of the configuration for that block. Multiple SNMP Traps can be generated for a Alarm Action Manager rule set.
Add Alarm Action Manager Rule Set Configuration • Data Collection - Automatically corrects configuration compliance violations when conditions specified in the filters are met. • Spectrum Analysis - Runs a Spectrum Analysis or Advanced Spectrum Analysis using the profile specified when conditions specified in the filters are met. AP Test The AP Test action runs an AP test using a specific profile if the conditions specified in the Fiters tab are met.
Add Alarm Action Manager Rule Set Configuration Figure 43: Frame Capture Configuration Provide the following Frame Capture configuration information: Field Description Frame Capture Select the scope of the frame capture. Frame capture can be limited to either Sensor or to Device. Frame Count Limit Limits the total number of frames to capture for each device category. Use the spinner control to set the value. Time Limit Specifies a time duration for the Frame Capture to run.
Add Alarm Action Manager Rule Set Configuration Hover on theFrame Capture box to view a synopsis of its configuration. Vulnerability Assessment The Vulnerability Assessment action runs a vulnerability assessment test using the specified profile if the conditions defined in the Filters tab are met. Figure 44: Vulnerability Assessment Configuration Use the Profile drop-down list to select an appropriate Vulnerability Assessment profile.
Configuration Add Alarm Action Manager Rule Set Figure 46: Spectrum Analysis Configuration Provide the following configuration information. Field Description Time Limit Specifies a time duration for the Spectrum Analysis to run. Time can be set in number of minutes. Use the spinner control to configure this value. File Name Prefix Specifies the prefix for the spectrum analysis file. This prefix is used when creating your spectrum analysis file.
Edit Alarm Action Manager Rule Set Configuration Provide the following configuration information for the normal Spectrum Analysis Field Description Scan Type Select one of Full Scan or Interference Scan. • Full Scan scans the entire 2.4GHz bandwidth (in 5MHz steps) and 5GHz bandwidth (in 20MHz steps) with a short dwell time (around 50 ms). It supports limited classification of interference sources. • Interference Scan scans three frequencies in the 2.
Delete Alarm Action Manager Rule Set Configuration Figure 47: Alarm Action Manager Screen Use the icon located to the right of each Alarm Action Manager rule set to edit its configuration. Alarm Action Manager rule sets are edited the Alarm Action Manager Screen. Figure 48: Edit an Alarm Action Manager Rule Set You can modify all the settings for this Alarm Action Manager rule set except the Profile Name assigned to this rule set.
Device Action Manager Configuration Figure 49: Alarm Action Manager Screen icon located to the right of each Alarm Action Manager rule set to delete it. A confirmation Use the dialog displays. Figure 50: Delete Alarm Action Manager window To delete the Alarm Action Manager rule set, click the ACCEPT button. The Alarm Action Manager rule set is immediately deleted. To exit without deleting the Alarm Action Manager rule set, click the CANCEL button.
View Device Action Manager Rule Set Configuration Figure 51: Device Action Manager Rule Set Screen View Device Action Manager Rule Set Use the Device Action Manager screen to view a list of these rule sets configured for your Extreme AirDefense managed system. A Device Action Manager rule set is a set of configurations that performs certain actions depending on defined conditions that occur in your network.
View Device Action Manager Rule Set Configuration Field Description Total Rules Displays the number of rules that are included in this Device Action Manager rule set. Action The actions that can be performed on the Device Action Manager rule set. The icons in this field enable you to manage your Device Action Manager rule set . You can edit the rule set, create a new one by creating a duplicate of an existing rule set, or delete the rule set.
Configuration Add a Device Action Manager Rule Set Figure 53: Device Action Manager Rule Set View Dialog The following information is displayed for each Device Action Manager rule set. Field Description Name The name of this Device Action Manager rule set. Rules A list of rules that are configured for this rule set. For each rule, the following information is displayed. • Filters - The Filters column displays the rule that is configured.
Add a Device Action Manager Rule Set Configuration Figure 54: Device Action Manager Profile Screen Use the icon to add a new Device Action Manager Rule Set. Figure 55: Device Action Manager Rule Set Types Add a New Wireless Client/BSS Rule Set Use the Device Action Manager screen to add a new wireless client/BSS rule. The same screen is also used to edit an existing rule set of the same type. Figure 56: Add a Device Action Manager Rule Set Extreme AirDefense User Guide for version 10.5.
Add a Device Action Manager Rule Set Configuration To create a new wireless client/BSS rule set, you need to do the following: 1. Assign a name to your Device Action Manager rule set. Use the Name field that is located to the top left of the screen. 2. Create at least one Rule for this rule set. You can add up to one hundred (100) rules to your rule set. Use the Add Another Rule button to add additional rules. For each rule in your rule set, you must define at least one filter criteria and one action. 3.
Add a Device Action Manager Rule Set Configuration • • • • • • • • • • • • • • • • • • • • DeviceLastPolled DeviceLastSeen DeviceMAC DeviceManufacturer DeviceName DevicePolledIP DevicePolledName DevicePolledSSID DeviceProtocol DeviceSSID DeviceSensedIP DeviceSensedSSID DeviceType DeviceVendorPrefix SensorIP SensorMAC SensorName SignalStrength WatchList WiFiDirect. Important In the Device Action Manager, the order of filters within the rule defines how the filters are applied.
Add a Device Action Manager Rule Set Configuration Figure 57: New Filter Use the AND, OR, NOT (AND), and NOT (OR) logical constructs to create your rule. You can add up to twenty file (25) filter rules to this Device Action Manager rule set. The following logical constructs are available for use: • • AND - All the conditions defined for this rule must be met for the actions to be triggered. • NOT (AND) - This is the opposite condition of the AND construct.
Add a Device Action Manager Rule Set Configuration The selection in this list will vary with the filter selected in the Filter field. Some of the most common comparison operators are: = Is equal to != Is not equal to < Is less than <= Is less than or equal to MAC Range Range to pick up MAC address.
Add a Device Action Manager Rule Set • • • • • • Configuration Set Client Type - Sets the Client Type for Wireless Clients as defined in the filter(s). ACL - Enables the Access Control List on switches that meet the conditions defined in the filter(s). Port Suppression - Suppresses communication between unauthorized devices and switches on your network as defined in the filter(s). Termination - Terminates devices that meet the conditions defined in the filter(s).
Add a Device Action Manager Rule Set Configuration Figure 59: Example Device Action Manager Rule Set Classify Device Action The Classify Device action enables you to classify a device into various categories if the conditions specified in the Filters tab are met. Figure 60: Classify Device Action Use the Classify Devices as drop-down list to select the device's classification.
Add a Device Action Manager Rule Set Configuration The Set Client Type action enables you to classify a device as a particular client type. This action is performed when the conditions specified in the Filters tab are met. Figure 62: Set Client Type Action Select the client type to apply to the devices from the list. The items in this list is populated from the Client Types screen. ACL The ACL action enables the Access Control List on devices that meet the conditions specified in the filters.
Add a Device Action Manager Rule Set Configuration Figure 64: Port Suppression Use the Scope Increase Factor drop-down to select the scope of this action. The value in this field specifies the number of levels to expand the scope of the port suppression action. A value of one (1) means only use the floor level. A value of two (2) indicates that the devices in the floor and its parent level are to be included. And so on. The maximum value that can be set is six (6).
Add a Device Action Manager Rule Set Configuration The AP Test action runs an AP test using a specific profile if the conditions specified in the Fiters tab are met. Note AP Test is a part of the Advanced Troubleshooting module and requires an Advanced Troubleshooting license for access. Figure 66: AP Test Configuration Use the Profile drop-down list to select an appropriate AP Test profile. Use the selected AP Test profile if required.
Add a Device Action Manager Rule Set Configuration Provide the following Frame Capture configuration information: Field Description Frame Capture Select the scope of the frame capture. Frame capture can be limited to either Sensor or to Device. Frame Count Limit Limits the total number of frames to capture for each device category. Use the spinner control to set the value. Time Limit Specifies a time duration for the Frame Capture to run. Time can be set in number of minutes or hours.
Configuration Add a Device Action Manager Rule Set The Delete Device action deletes all devices that meet the conditions specified in the Filters tab. Figure 69: Delete Device Action There are no configurable parameters for this action. Email Configuration The Email action enables you to configure the parameters for sending emails when there are some devices that meet the conditions specified in the Filters tab.
Add a Device Action Manager Rule Set Configuration Figure 71: Add a Device Action Manager Rule Set The actions that you need to perform to add a new Infrastructure Device Action Manager rule set is the same as those that you need to perform to add a new Wireless Clients/BSS rule set. For more information, see Add a New Wireless Client/BSS Rule Set on page 215.
Add a Device Action Manager Rule Set • • Configuration DeviceSerial DeviceVendorPrefix. Important In the Device Action Manager, the order of filters within the rule defines how the filters are applied. For example, if you want create a rule to sanction only BSSs, the first filter should be defined as DeviceType=Include BSS before defining other rules such as DeviceManufacturer or DeviceSSID. Setting the DeviceType=Include BSS as the first filter will cause all wireless client devices to be ignored.
Add a Device Action Manager Rule Set Configuration The send email action enables to send an email when the conditions specified in the Filters tab are met. You can send mails to multiple persons with customized subject, priority, and the email from which this mail is supposed to originate. When you create an action, its name is added to the top of the Actions tab. To delete a specific action, use the small X button located to the top right of the action's name in the tab.
Configuration Add a Device Action Manager Rule Set Figure 75: Frame Capture Configuration Provide the following Frame Capture configuration information: Field Description Frame Capture Select the scope of the frame capture. Frame capture can be limited to either Sensor or to Device. Frame Count Limit Limits the total number of frames to capture for each device category. Use the spinner control to set the value. Time Limit Specifies a time duration for the Frame Capture to run.
Add a Device Action Manager Rule Set Configuration Live RF / Floor Plan The Live RF / Floor Plan action runs an infrastructure device poll to update the heat map predictions in Live RF. This action is performed when the conditions specified in the Filters tab are met. The next time the user accesses the Live RF / Floor Plan, they will see the latest updates and will also see whether or not any access points or sensors are offline.
Add a Device Action Manager Rule Set Configuration Figure 78: Port Suppression Use the Scope Increase Factor drop-down to select the scope of this action. The value in this field specifies the number of levels to expand the scope of the port suppression action. A value of one (1) means only use the floor level. A value of two (2) indicates that the devices in the floor and its parent level are to be included. And so on. The maximum value that can be set is six (6).
Add a Device Action Manager Rule Set Configuration For each SNMP Trap, provide the following information: Field Description Server Address The IP address of your remote SNMP server. SNMP Port The port on which your SNMP server is listening for notifications. Community String The community string for the receiving SNMP Server. This string is a series of characters manipulated as a group, in this instance for SNMP. Transport Specifies the transport protocol to use for sending the SNMP traps.
Configuration Add a Device Action Manager Rule Set Provide the following configuration information. Field Description Time Limit Specifies a time duration for the Spectrum Analysis to run. Time can be set in number of minutes. Use the spinner control to configure this value. File Name Prefix Specifies the prefix for the spectrum analysis file. This prefix is used when creating your spectrum analysis file. Spectrum Settings Select this tab for configuring the regular Spectrum Analysis settings.
Add a Device Action Manager Rule Set Configuration For each of the above scan types, provide the following configurations: Field Description Scan Time Defines the scan time in milliseconds. Use the spinner control to set this value. The default value is 1000 milliseconds. Threshold For both the 2.4 GHz and 5.0 GHz bands, set the threshold value in dBM. Duty Cycle Threshold For both the 2.4 GHz and 5.0 GHz bands, set the duty cycle threshold value in dBM.
Add a Device Action Manager Rule Set • • • • • Configuration DeviceManufacturer DeviceVendorPrefix SignalStrength URL UUID Add Actions Actions are configured from the Actions tab. You can specify one or more (up to five (5)) actions that can be performed when the conditions set in the Filters tab are met. The valid actions are: • • • • • Classify Devices - Classifies devices using the filter(s) to determine which devices are to be classified.
Add a Device Action Manager Rule Set Configuration The following image is of a fully configured Device Action Manager Rule Set. Figure 83: Example Device Action Manager Rule Set Classify Device Action The Classify Device action enables you to classify a device into various categories if the conditions specified in the Filters tab are met. Figure 84: Classify Device Action Use the Classify Devices as drop-down list to select the device's classification.
Add a Device Action Manager Rule Set Configuration The Set Client Type action enables you to classify a device as a particular client type. This action is performed when the conditions specified in the Filters tab are met. Figure 86: Set Client Type Action Select the client type to apply to the devices from the list. The items in this list is populated from the Client Types screen. Delete Devices The Delete Device action deletes all devices that meet the conditions specified in the Filters tab.
Apply or Run the Device Action Manager Rule Sets Configuration Figure 88: E-Mail Configuration By default, an empty template is made available for immediate use. Use this empty template to create your first email. To add additional emails, use the green + icon to add a new Email action. When you add a new email action, a new block is created for it along with a blank template. Multiple Emails can be generated for a Device Action Manager rule set.
Apply or Run the Device Action Manager Rule Sets Configuration Use the option control before each rule to include or exclude it from being applied at this level in the AirDefense hierarchy. These rules will be inherited and applied to all levels that are below this level in the AirDefense hierarchy. Overriding Configuration Settings The Enable Configuration switch is only available at the top most node of the Structure & Tags pane. Configurations can only be applied when this switch is set to ON.
Sensor Manager Configuration To run the selected rules, click the RUN TEST button. On successful completion, a message is displayed. Similarly, if some of your rules fail to execute, an error message is displayed. Sensor Manager Use the Sensor Manager screen to configure sensor operation mode, channel scan, sensor appliance, and other sensor related settings.
Overriding Configuration Settings Configuration Overriding Configuration Settings The Enable Configuration switch is only available at the top most node of the Structure & Tags pane. Configurations can only be applied when this switch is set to ON. The top most node is always named ADSP and you must use this switch to apply the selected configuration through out the Extreme AirDefense system.
Configuration Operation Tab • Custom Scan - This list consists of all standard, extended, and emergency channels in both the 2.4 GHz and 5.0 GHz bands. This list allows you to select those channels that you wish to scan. • Channel Lock - This list enables you to select a particular channel to scan. When selected, the scan is locked to the selected channel. To set your Scan Mode configuration: 1. Select the appropriate Scan Mode from the drop-down list.
Operation Tab Configuration This control displays the following additional information for your Scan Mode selection. Field Description Channel Range Bar The channel range bar control enables you to narrow down the range of channels to those channels you are interested in. Use the small rectangular handles at the vertical edges of the bar to narrow down your selection of channels. The number of records shown in the Records control changes to reflect the number of channels that you have selected.
Operation Tab Configuration 2. On selecting Custom Scan in the Scan Mode control, the Channel List control becomes editable. The following fields become available for further configuration. Field Description Channel This field displays the channel's number and its frequency. This field cannot be changed. Bandwidth Use the drop-down list to select the channel's bandwidth. The available bandwidths depend on the channel's frequency.
Configuration Operation Tab 3. On selecting Channel Lock in the Scan Mode control, the Channel List control becomes editable. Note You can only select one channel at a time for this scan mode. Use the option control next to the channel's name to lock the channel scan to that particular channel. You cannot select multiple channels for this scan mode. The Width and Weight parameters cannot be modified. Scan Settings The settings in the Scan Settings control additional scan parameters.
Operation Tab Configuration Set the following parameters Field Description Enable Air Termination Air Termination lets you terminate the connection between your wireless LAN and any access point or station associated with it. By default, Air Termination is disabled. It can only be enabled in the Appliance Manager. Enable Background SA Scan Spectrum Analysis (SA) can be run as a background process. Use this switch to run SA as a background process. By default, background scans are disabled.
Configuration Settings Tab Field Description Threshold (dBm) This is the master level control for ASA scanning. Any signal levels below the threshold during scanning will be dropped. Only levels greater than the threshold will be admitted for further processing. Duty Cycle (dBm) Duty cycle is a measure of the percentage (%) of utilization for each frequency. 100% duty cycle for a frequency indicates that the frequency is busy all the time.
Settings Tab Configuration The following information is displayed for each sensor profile. Field Description Select Use this option control to select the current sensor profile and apply it to the scope selected in the Structure & Tags control. Profile Name Displays the name of the sensor profile. Primary Appliance Displays the IP address of the primary AirDefense appliance. Secondary Appliance Displays the IP address of the secondary AirDefense appliance.
Configuration Settings Tab For each profile, the following information is displayed. Field Description Sensor Profile Name The sensor profile's name. Primary Appliance The IP address for the primary AirDefense appliance. This is the IP address of the AirDefense server which sensors will attempt connecting to first. Secondary Appliance The IP address for the secondary AirDefense appliance.
Configuration Settings Tab To add a new sensor profile: 1. From the Settings screen, select the icon located to the top right. The Sensor Profile dialog displays. 2. Provide the following information to create a new sensor profile: Field Description Name Provide a meaningful name for the sensor profile. You should name your profile such that it is easy to identify the profile from among similar profiles. Primary Appliance Provide the IP address for the primary AirDefense appliance.
Configuration Settings Tab Field Description Tertiary Appliance Provide the IP address for the tertiary AirDefense appliance. This is the IP address of the AirDefense server, which sensors try connecting to, when attempts to connect to the Primary Appliance and the Secondary Appliance fail. Sensor Admin Password Enter the password to the account that has Sensor Administration privilege on your sensors. This is a mandatory field.
Settings Tab Configuration 3. Modify the required fields. For more information on the fields of this screen, see Add a Sensor Profile on page 250 4. Select the UPDATE button located to the top right of this dialog to save your modified sensor profile. 5. Select the small 'x' icon to the top left of the dialog to close it. Delete a Sensor Profile Sensor profiles are a set of sensor configurations that can be applied to a sensor or a group of sensors. To delete a sensor profile: 1.
Alarm Configuration Configuration 3. Review the information displayed in this dialog. 4. Select ACCEPT button to delete the selected sensor profile. Alarm Configuration The Alarm Configuration screen lists all the alarms that are generated within the Extreme AirDefense system. Alarms are broadly classified into the following categories. Some of these categories are further sub divided.
Alarm Configuration Configuration Figure 91: Expanded Alarm Category Select an alarm to view its configuration fields in the Alarm Configuration Screen. Each alarm has its own set of parameters that can be modified to meet your requirements. The following is the set of configuration for the Anomalous Behaviour > BSS Abnormal Activity > Associated Count Baseline Exceeded alarm. Extreme AirDefense User Guide for version 10.5.
Alarm Configuration Configuration Figure 92: Alarm Configuration Settings Use the Revert to default settings link to revert the configuration of the alarm to its defaults. Use this link in case you are not satisfied with the current settings for this particular alarm. Use the View Expert Help link to view in-depth information for this alarm. When selected, the alarm's details are displayed in a separate browser tab or window.
Wired Network Monitoring Configuration Wired Network Monitoring Wired Network Monitoring is used to monitor the wired network devices in your Extreme AirDefense monitored system. Use this screen to generate generate alarms for your wired network by selecting any of the following conditions: • New device detected on the wired network - This option is enabled by default. When selected, an alarm is generated when a new device is detected on the wired side of your Extreme AirDefense managed network.
Network PCI Compliance Monitoring Configuration option to monitor this level and all the levels below it. Customize the monitoring options to meet your requirements. For more information on overriding, see the section Overriding Configuration Settings in this document. Network PCI Compliance Monitoring Use the Set Network PCI Scope button to add VLANs to be monitored for PCI compliance. When this button is selected, the Network PCI Scope screen displays.
Performance Profile Configuration Change the configuration for the selected level as required and then use the APPLY button to implement the modified configuration settings. These settings will now be inherited by all levels below the selected level unless a sub-level has been explicitly overridden. Performance Profile Performance Profiles are used to create network performance threshold policies for BSSs and wireless clients on your wireless LAN.
Add Performance Profile Configuration The screen displays the following information: Field Description Profile Name The name of the Performance Profile. Action The actions that can be performed on the Performance Profile. The icons in this field enable you to manage your profile. You can edit the profile, create a new one by creating a duplicate of an existing rule set, or delete it. The following actions can be performed: • View - To view a Performance Profile, use the icon for the profile.
Add Performance Profile Configuration Figure 98: Performance Profile Screen Define your Performance Profile using the General, Cumulative, Wireless Clients, and BSS tabs. Once you have defined your Performance Profile, click the APPLY button to save your profile. Use the small X button to the top left of this screen to exit without saving the profile.
Add Performance Profile Configuration Figure 99: General Tab Configure the following parameters: Field Description Short Time Slot Enabled Use the switch to allow or disable the Short Time Slot capability as advertised in the Beacon, which when used on a pure 802.11g deployment, improves WLAN throughput by reducing wait time for transmitter to assure clear channel assessment.
Add Performance Profile Configuration Figure 100: Cumulative Tab Extreme AirDefense User Guide for version 10.5.
Add Performance Profile Configuration Configure the following thresholds: Threshold Description New Associations Enter the maximum number of new associations per minute Extreme AirDefense will allow between a BSS and all Wireless Clients combined. Default = 20. Generally, this number should be low. Your Wireless Clients should associate with a BSS once in the morning when users log on, and rarely after that.
Configuration Add Performance Profile Threshold Description 802.1x Authentication Frames Seen Enter the maximum number of 802.1x authentication frames allowed to be transmitted or received from all Wireless Clients. If Extreme AirDefense detects a greater number, it generates an alarm. Default = 0. Deauthentication Frames Seen Enter the maximum number of de-authentication frames allowed to be transmitted or received from all Wireless Clients.
Add Performance Profile Configuration Threshold Description Layer 3 Multicast Frames % An alarm that is generated when the system has detected a high percentage of multicast traffic violating the policy thresholds. This may be a result of potential Layer 3 broadcast storm attacks on the network. Enter the maximum percentage of data per minute allowed for multicast frames to be transmitted or received within a BSS from all stations. If Extreme AirDefense detects a greater number, it generates an alarm.
Configuration Add Performance Profile Figure 101: Wireless Client Tab Configure the following thresholds: Threshold Description Data Frames Sent Enter the maximum number of data frames per minute any Wireless Client is allowed to transmit. If Extreme AirDefense detects a greater number, it generates an alarm. Default = 0. Data Frames Received Enter the maximum number of data frames per minute any Wireless Client is allowed to receive.
Add Performance Profile Configuration Threshold Description Control Frames Received Enter the maximum number of control frames per minute any Wireless Client is allowed to receive. If Extreme AirDefense detects a greater number, an alarm is generated. Default = 0. Control frames carry information about negotiating the 802.11 protocol for getting data onto the airwaves, and are transmitted at only 1 Mbs. Unusually high numbers of Control frames may indicate bandwidth and network problems.
Configuration Add Performance Profile Figure 102: BSS Tab Note Entering 0 (zero) as a threshold value disables alarm generation for that particular threshold. Configure the following thresholds: Threshold Description Data Frames Sent Enter the maximum number of data frames per minute this BSS is allowed to transmit. If AirDefense detects a greater number, it generates an alarm. Default = 0. Data Frames Received Enter the maximum number of data frames per minute BSSs are allowed to receive.
Apply Performance Profile Configuration Threshold Description Control Frames Sent Enter the maximum number of control frames per minute BSSs are allowed to transmit. If AirDefense detects a greater number, it generates an alarm. Default = 20,000. Control Frames Received Enter the maximum number of control frames per minute BSSs are allowed to receive. If AirDefense detects a greater number, it generates an alarm. Default = 0.
Environment Monitoring Configuration If you need to apply a different Performance Profile at a specific level in your Extreme AirDefense hierarchy, navigate to the level in the Structure & Tags pane and select it. Use the control's Override option to apply the alternate Performance Profile. For more information see the section Overriding Configuration Settings in this document.
Apply Environment Monitoring Configuration Configuration Configure the following parameters: Field Description CRC Errors Cyclic redundancy check (CRC) errors should not exceed the specified percentage value. Use the spinner control to set this threshold value. Excessive BSSs BSSs on your network are considered excessive if the specified value is exceeded. Use the spinner control to set this threshold value.
Client Types Configuration Since Extreme AirDefense manages its devices using a hierarchy that is configured using the Structure & Tags pane, all the nodes under the top ADSP node inherit the configurations set at that node. However, you can override the inherited configuration at any level in the hierarchy. To override the inherited settings, in the Structure & Tags pane, select the node where you want to override the inherited configuration. Then from the control, select the Override option.
Configuration Manage Client Types Figure 105: New Client Window Use the Set Icon drop-down list to select an icon to apply to this client type. In the Name New Type field, provide a name for this new client type. Click the OK button to save this client type. If you do not want to create this client type, use the CANCEL button. Edit a Client Type Each Client Type in this window has two icons. Use the following window displays. icon to edit the selected client type.
Configuration Appliance Settings Appliance Settings Use the Appliance Settings screen to configure settings specific to this instance of the Extreme AirDefense appliance. An appliance is the physical device on which the Extreme AirDefense software runs. These settings are global in nature and apply to all networks managed by this Extreme AirDefense instance. The following Extreme AirDefense appliance settings can be configured from this screen.
Appliance Settings Configuration Field Description Max Connections Specify the maximum number of simultaneous application server connections that can occur with this Extreme AirDefense instance. A maximum of two thousand (2000) simultaneous application server connections can be set. User Session Limit Configures the number of simultaneous sessions that the same user can have with the Extreme AirDefense appliance. By default, this option is not enabled.
Device Age Out Configuration Field Description Spectrum Scan Timeout Use this option to enable timeout when performing dedicated spectrum scan for spectrum analysis. Then, use the spinner control set the timeout duration in minutes. Timeout duration can be in the range of 1-120 minutes. Sensor Cloaking Limit The number amount of Sensors that can be cloaked at any one time.
Configuration Backup Configuration When a device exceeds the age out value specified in this screen, it is no longer seen in any of the screens in the Networks tab. However, these devices will still be visible for forensics analysis. All alarms associated with these removed devices are removed as well and will not be displayed in any of the screens of the Alarms tab. Figure 109: Age out setting After configuring the age out values, click the APPLY button to save your changes.
How Backups Work Configuration Figure 110: Configuration Backup Screen By default, scheduling of backup is not turned on. You must use the Enable Configuration backup Scheduling switch to turn it on. When this switch is turned on, the icon located to the right of the APPLY button is enabled. Use this icon to create a new scheduled backup configuration. Use the BACKUP NOW button to start a configuration backup manually. The following window displays.
Configuration View Backup Schedules View Backup Schedules The Configuration Backup screen displays a list of schedules that have been configured for this Extreme AirDefense system. Figure 112: Configuration Backup Screen The following information is displayed for each configuration backup schedule: Field Description Name Displays the name assigned to this schedule Schedule Displays the type of this schedule and the time or frequency for this schedule.
Scheduling Configuration Backup Configuration This window is also used to edit existing backup schedules. In the Job Name field, add a name for this backup schedule. If the Settings field is not expanded, use the icon to expand the field. By default, the destination for the backed up configuration is always on the Extreme AirDefense appliance.
Scheduling Configuration Backup Configuration Figure 114: Schedule Field Select from one of the available schedules. The available schedules are: • • • • • Daily Weekly Monthly One Time Intra-Day Each of these schedules have different configurations. The following table lists the various configurations and their individual settings. 282 Field Description Daily The following configurations are available for the Daily schedule.
Forensic and Log Backup Configuration Field Description Monthly The following configurations are available for the Monthly schedule. • Select Month - Use this drop-down list to select the specific month or months during which this schedule will run. Use the check-box before each month to select it. You can select multiple months. • Day - Use the Day control to indicate the numerical date on which this schedule will run.
Forensic Backup Configuration Configuration Figure 115: Forensic And Log Backup Screen Forensic Backup Configuration Use the fields in the left of the screen to set the remote server for saving the forensic backups. Figure 116: Forensic Logs - Remote Server Configuration To save your forensic logs on a remote server, you should enable the feature. Use the switch in this field and set it to the ON position.
Log Backup Configuration Configuration Field Description Select Protocol The protocol to use to connect to the remote server. Can be one of: • HTTP • HTTPS • FTP • SCP • SFTP • TFTP Path The destination directory on the remote sever where the forensic log files will be stored. User The username used to connect to the remote server. Password The valid password for the account in the User field.
Log Backup Configuration Configuration Configure the following: 286 Field Description Host The IP address of the remote server on which to store the logs. Port The port number on which the remote server is listening to incoming connections. Select Protocol The protocol to use to connect to the remote server. Can be one of: • HTTP • HTTPS • FTP • SCP • SFTP • TFTP Path The destination directory on the remote sever where the backup configuration files will be stored.
Configuration Log Backup Configuration If you want to automatically backup the logs on a particular schedule, configure the following fields. Field Description Daily The following configurations are available for the Daily schedule. • Every - Use this field to take a daily backup every set number of days. Use the spinner control to set the number of days between two consecutive backups. The value can be set between 1-31 days. • Weekdays - Use this field to enable backups to be taken only on week days.
Configuration Restore Configuration Field Description One Time The following configurations are available for the One Time schedule. • Choose a date - Use this field to select the particular date on which you want to run this schedule. Use the calendar icon next to this field to select the date. • Choose Time - Use this field to set the time when the backup is taken on the specified day. Intra-Day The following configurations are available for the Intra-Day schedule.
Download Logs Configuration By default, all the fields in this screen are disabled. These fields are only enabled when you select a backup from using the BROWSE button. When you click the BROWSE button, it opens the operating system's File Browser window. Use this window to locate the correct backup file. Once the backup file is uploaded to the Extreme AirDefense system, the other controls in this screen are enabled. The following options are available when restoring a system from a backup file.
Download Logs Configuration To download a configuration, follow these steps: 1. Navigate to Configuration > Appliance Management > Download Logs. 2. Select if you want to download a backup that exists on your appliance and/or the system logs. 3. You can download all forensic logs or all appliance access logs. Alternatively, you can pick and choose the forensic logs or appliance access logs that you want to download. 4. Click Apply. A destination directory window is displayed. 5.
Forensic and Log Backup Configuration 8. Click Next. The configuration is downloaded to the selected directory and a status window is displayed confirming the download. 9. Click Close. Forensic and Log Backup To enable automatic forensics backup, click the Enable Automatic Forensics Backup checkbox to place a checkmark in the checkbox. To enable this automatic log backup, click the Enable Automatic Log Backup checkbox to place a checkmark in the checkbox. Fill in the fields described in the table below.
Forensic and Log Backup Configuration Field Description Host The name of the server where you want to back up forensics or log files. This can be an IP address or a DNS name defined by your DNS server. Port The port number to use during the backup. Protocol The file transfer protocol to use for backing up forensics or log files. Path The directory (folder) where to place the backup on the destination server. User The username used to log in on the destination server.
Redundant Appliance Synchronization Configuration Interval Action Weekly Schedule Choose a frequency in days. Then, select a day or multiple days to conduct the backup by clicking the checkbox next to the day to place a checkmark in the box. Monthly Schedule Choose the months that you want to run a backup by clicking the checkbox next to the month(s) to place a checkmark in the box(es). Then, select a day of the month to conduct the backup. Last, specify a time of day.
Synchronization Rules Configuration ◦ NEVER direct a backup from the primary server to /usr/local/smx/backups on a standby server. This will prevent synchronization from working properly. • NEVER back up to the desktop from the standby server, because that process overwrites the existing file in /usr/local/smx/backups. • As the second part of synchronization, the standby server runs a restore to itself using the file found in its own /usr/local/smx/backups directory.
Configuration Automatic Synchronization Before you can synchronize between two devices, you must designate the current device as a redundant device. Select the Designate this as a Secondary (redundant) device... option to indicate that this device is a redundant server. When this option is not selected, this device becomes the primary server and all the fields in this screen are disabled.
Configuration Automatic Synchronization Field Description Monthly The following configurations are available for the Monthly schedule. • Select Month - Use this drop-down list to select the specific month or months during which this schedule will run. Use the check-box before each month to select it. You can select multiple months. • Day - Use the Day control to indicate the numerical date on which this schedule will run.
Appliance Replacement Considerations Configuration Appliance Replacement Considerations Replacing an appliance should be done in such a way that no data is lost during the transition. Following these recommendations will help prevent data loss: • Scheduled jobs should be included when backing up an appliance before synchronization. This will save you valuable time when restoring the backup on a new appliance.
Configurations Configuration • • • • • Sensor and Device Configuration, including device details Alarm Configuration Custom Report Configuration, including stored reports Forensic Files Life RF and Location Tracking data, including measurement files The Configuration Clear screen also provides a switch to reset the Extreme AirDefense appliance to its factory defaults. This will purge all configurations and remove all devices and sensors.
Language Settings Configuration Once you have made your choices, select the APPLY button located to the top right of the screen to apply your changes. A warning dialog displays. Read and understand the information displayed within this screen. To confirm your changes, select the Yes, Logout and Clear configuration button. Select the NO, CANCEL button to exit without applying the changes you made to the parameters in this screen.
Change the Language Configuration Change the Language To set the language for your user interface: 1. Select the appropriate language from the list of available languages. The APPLY button located to the top right of the screen enables if your language has changed from the current selection. 2. Select the APPLY button to confirm your change of language. The user interface refreshes immediately. The interface now displays in the language that you selected.
License Management Configuration The screen displays two panes. The Structure & Tags pane displays the tree of your AirDefense managed network. Use this pane to drill down to the particular device of interest when applying licenses. For more information about this pane, see View And Manage Your Network Tree on page 143 The License Configuration pane displays the list of all licenses available for this AirDefense instance. The License Configuration pane displays the following information.
License Management Configuration For each license, a colored dot indicates the state of the license. Indicates that all the licenses for this feature are active. Indicates that some of the multiple licenses applied for this feature have expired. Remaining licenses are still active Indicates that all licenses applied for this feature have expired and this feature will not be available for use. Indicates that some licenses will expire in the near future.
License Management Configuration You can order a feature's license multiple times to meet your deployment's requirements. Each time you purchase a license for a particular feature, it is recorded separately under that feature's license. To view a feature's license orders, click on its label. The label expands and displays all the orders for the selected feature. When expanded, this area displays the details of each license ordered.
Overriding License Assignments Configuration Indicates that the order will expire in the near future. Overriding License Assignments The Enable Configuration switch is only available when the top most node of the Structure & Tags pane is selected. Auto Licenses can only be applied when this switch is set to ON and remains ON. The top most node is always named ADSP and you must use this switch to enable Auto Licensing through out the AirDefense system.
Auto License Management Configuration For automatic reassignment of licenses, the following rules apply: 1. Auto License must be enabled for each feature license that you want to reassign automatically. Feature licenses that do not have Auto License enabled, cannot be reassigned automatically. 2. If licenses for a feature are available for use, a license from these free licenses is assigned to the new tri-radio sensor added to your Extreme AirDefense managed network. 3.
Configuration Add Licenses • • A license will not be assigned if there are no licenses available to apply. After a license is applied, the number of available licenses is reduced accordingly. To enable or disable Auto Licensing for the selected licenses: 1. Select the Enable Configuration switch to enable applying Auto Licensing for your various licenses. At a level that is lower than the Appliance level, select the Override button.
Manage License Manually Configuration 1. Select the icon located to the top right of this screen. The License Verify screen displays. 2. Select the Browse button to load the feature license using the operating system's File Upload dialog. Navigate to the location where your license file is stored and upload it to the AirDefense system. The OK, Verify License button enables. 3. Select the OK, Verify License button to verify the license's validity for use with this AirDefense system.
Manage License Manually Configuration To manually assign licenses: 1. Select the icon that is available for all licenses except the ADSP Platform and Central Management licenses. The License Assignment dialog displays. The following information is displayed. Field Description Feature Name Displays the feature name for which this license detail is displayed. Select License Order Use this drop-down list to select a specific license order from which to apply licenses.
Configuration Manage License Manually Field Description Reassignments Displays the number of reassignments that are left for this license order. AirDefense allows you to reassign your licenses between devices a fixed number of times. Every time a license is reassigned, this value is reduced. Once this value reaches zero (0), you cannot reassign any more licenses. A license is considered reassigned when it is removed from a device and applied to another device.
Manage License Manually Configuration 4. Select the APPLY button to apply the changes made to the selected device or devices' license configuration. This license is added to or removed from the selected device depending on your choice. 5. Review the actions that will be performed. 6. Select the OK button to apply the changes listed in the dialog. At any time, select the CANCEL button to exit without applying the licensing changes made to the devices.
User Management Configuration The following dialog displays. 8. (Optional) Select the OK button to apply the changes listed in the dialog. At any time, select the CANCEL button to exit without applying the licensing changes made to the devices. The screen refreshes to display the License Configuration screen. User Management Use the User Management & Configuration screen to manage the users that are authorized to access your AirDefense instance.
Manage User Accounts Configuration By default, this screen display a list of all the users configured for this AirDefense system. Use the icon located to the top right of this screen to quickly add a user, a user group, a user profile or a remote authentication profile. When selected, this icon expands to display a menu for these options. Use the icon located to the top right of this screen to configure the permissions for any local user account created on this AirDefense appliance.
Manage User Accounts Configuration Field Description Last Failed Login The timestamp for the last failed login attempt by this user. Last Failed IP The IP address recorded by AirDefense when this user account failed to login to AirDefense. This information is only recorded for the last failed login attempt by this user. Status The current login status of the account. Action The actions that can be performed on the user account.
Manage User Accounts Configuration 4. In the Description field, provide a brief description about this account. This information should enable you to uniquely identify this account from similar accounts. 5. From the options available under the Select Authentication Type field, select the appropriate authentication type for this new account. Select from one of Local or Remote. Local Indicates that the new user account will be local to this AirDefense instance.
Manage User Accounts Configuration 7. When you select Remote in the Select Authentication Type field, the following additional inputs are required. Field Description User Name The user name for this account. This is a mandatory field. The maximum allowed user name length is 32 characters. Spaces and special characters are not allowed in user names. Select Remote Profile Name The remote authentication profile to use.
Configuration Manage User Accounts The following fields are displayed. Field Description Scope Permission This field sets the scope in the AirDefense network tree where this user account is considered valid. Expand this field and select the scope for this setting. Functional Role This field sets the functional roles that can be performed. Expand this field to view and edit the various parameters for this setting. Account Security This field sets the user account's security settings.
Manage User Accounts Configuration all its sub-levels. Use the option controls for each level to apply or revoke the user's permission on that level. 11. Select the Functional Role label to expand it. The following additional fields are displayed. Select each option to enable or disable that functional role. Field Description Security When selected, this option grants permission to manage Security alarms. Is enabled by default.
Manage User Accounts Configuration Permissions to view and edit particular areas of AirDefense is set based on the permissions configured in the User Profile selected when creating any user or user group. Select the Customize Permissions control to enable editing these permissions individually. After enabling the Customize Permissions field, select the icon located next to the current permission for the functional area that you wish to modify permissions for.
Manage User Accounts Configuration All details for this user account are pre-filled in the fields of this screen and can be modified. However, you cannot modify the User Name for the selected account. Note If you do not want to modify your account's password, do not modify the password entered in the New Password field. When saving your other modifications, AirDefense will retain the existing password for this account.
Configuration Manage User Accounts 3. Review the account name listed in this dialog. 4. Select the ACCEPT button to delete the selected user account. At anytime, select the CANCEL button to exit without deleting this user account. The selected user account is deleted and removed from the list of valid accounts for this AirDefense instance. 5. The option control in the first column of each user account entry enables you to select multiple accounts simultaneously.
Configuration Manage User Accounts 2. Configure the following Account Login Preference parameters. Field Description Max Login Attempts Use the spinner control to set the maximum number of failed login attempts allowed before the user account is locked. Account locked if max attempts reached within ... Use the spinner control to set this value.
Configuration User Group Management Field Description Uppercase alphabetic characters Select this option to ensure that Uppercase alphabets are included required in the user account password. Lowercase alphabetic characters Select this option to ensure that Lowercase alphabets are included required in the user account password. Numeric characters required Select this option to ensure that numbers are included in the user account password.
User Group Management Configuration For each user group, the following information is displayed. Field Description Group Name The name of this group. Click the group name to edit its information. Description The description assigned to this user group. Profile Name The user profile applied to this user group. Click this field to view permissions assigned to this user group.
User Group Management Configuration 3. In the Group Name field, provide a name for this user group. This is a mandatory field. 4. In the Description field, provide a brief description about this user group and its purpose. This information should enable you to uniquely identify this user group from similar groups. 5. Use the Select Remote Profile Name drop-down list to select the authentication profile to use. This configuration is defined in the Remote Profile screen.
Configuration User Group Management The following fields are displayed. Field Description Scope Permission This field sets the scope in the AirDefense network tree where this user account is considered valid. Expand this field and select the scope for this setting. Functional Role This field sets the functional roles that can be performed. Expand this field to view and edit the various parameters for this setting. Account Security This field sets the user account's security settings.
Configuration User Group Management Field Description Platform Monitoring When selected, this option grants permission to manage alarms that monitor the AirDefense system (platform). Is enabled by default. Infrastructure Management When selected, this option grants permission to manage alarms that are generated by the infrastructure management features. Is enabled by default. Locationing When selected, this option grants permission to manage alarms triggered by the Location Based Services system.
User Group Management Configuration View/Edit Grants permission to view and edit all the screens of the functional area and modify the fields in that area. The permission grants full control over this functional area. 12. Select the CREATE button located to the top of this dialog to save the newly created user group. At any point of time, if you wish to exit without creating the user group, select the small X button located to the top left of this dialog.
User Profile Management Configuration 2. From the list of user groups that are created for this AirDefense instance, select the user group that you want to delete. Then select the icon located to the right of this user group's entry. The Delete User Group dialog displays. 3. Review the user group name listed in this dialog. 4. Select the ACCEPT button to delete the selected user group. At anytime, select the CANCEL button to exit without deleting this user group.
Configuration User Profile Management • Guest - This user profile is used to grant some minimum set of permissions to users to view some of the functional areas within this AirDefense instance. • Help Desk - This user profile is used to grant certain permissions to users that act as help desk for resolving issues with this instance of AirDefense.
User Profile Management Configuration Add User Profile To add a new custom user profile to the list of valid profiles used with this AirDefense instance: 1. Select the icon to the top right of this screen. The User Profile Creation dialog displays. 2. In the Profile Name field, provide a name for this user profile. This is a mandatory field. 3. Select the Functional Role label to expand it. The following additional fields are displayed. Select each option to enable or disable that functional role.
User Profile Management Configuration 4. Select the Feature Permissions label to expand it. Review the FUNCTIONAL AREA and the PERMISSION fields. This area lists all the functional areas of AirDefense and the permissions that can be set to view or edit that area. If no permissions are granted for that particular functional area, the value NO ACCESS is displayed for it.
User Profile Management Configuration 5. Select the CREATE button located to the top of this dialog to save the newly created user profile. At any point of time, if you wish to exit without creating the user profile, select the small X button located to the top left of this dialog. Note Please note that this user profile will be created as a Custom profile inside the AirDefense instance.
User Profile Management Configuration Delete User Profile Use the User Management & Configuration screen to delete any user profile added to this AirDefense instance. Important You cannot delete any profile marked as DEFAULT in this screen. These are created by the ExtremeLocation system and cannot be edited or deleted. 1. If not selected, select the User Profile icon from the toolbar. 2. From the list of user profiles created for this AirDefense instance, select the profile that you want to delete.
Relay Server Configuration Relay Server Relay servers are devices in your network from which devices obtain configuration, firmware, and provisioning information. Note Relay server is an option that is available with the WLAN Management license. This option does not appear if you do not have the above license. Figure 121: Relay Server Screen Extreme AirDefense provides the ability to define both an external and an internal relay server.
Import Relay Servers Configuration Field Description Path The path on the remote server on which the configuration, firmware, and provisioning information is stored. It is recommended to leave this entry blank or use the root folder (/). Port The port field is automatically populated. It is dependent on the protocol selected. Username The user account used to access the remote relay server. Password The password for the above account.
Configuration Internal Relay Server The following fields must be filled for the relay server entry in the .csv file. Field Description relay_params Always use relay_params at this position. server Always use localhost here. folderpath This is the path were the files are stored in the relay server. deviceHost/applianceHost The IP address of the relay server. deviceProtocol/ applianceProtocol deviceProtocol/applianceProtocol designates the protocol used for communicating with the relay server.
System Settings Configuration Figure 123: Relay Server Screen The ADSP Master Appliance Internal Relay Server screen displays. Figure 124: ADSP Master Appliance Internal Relay Server Screen Use the Yes control to enable the internal relay server. Similarly, use the No control to disable an active internal relay server. In the Create Internal Relay Server Password field, provide a password that devices will use to login to the relay server.
Configuration Data Format System log settings are managed from the System Settings screen. This screen displays when you select Settings > System Settings menu path from the AirDefense user interface. The following screen displays. If a remote system log server is already configured, this screen displays the IP address of the currently configured server. Data Format Activity data from AirDefense is sent in the standard syslog format.
Configuration Add System Log Server IP Address 2. Provide the IP address of the remote system log server in the Syslog Server IP Address field. The IP address is only verified for proper formatting. AirDefense does not verify that the IP address is of a valid system log server. If already configured, you can also choose to provide the IP address of your current system log server in this field. This is the server where your Alarm logs are currently being sent. Note This field will not accept host names.
System Overview AirDefense in Standalone Mode on page 340 System Components on page 341 System Requirements on page 342 Version Compatibility for Upgrade on page 342 Connecting to Hardware Appliance on page 343 Configuring the Appliance on page 344 System Configuration on page 347 Selecting and Deploying APs and Sensors on page 348 Connecting to the Network on page 349 Assigning User Interfaces on page 350 Basic Navigation on page 351 Alarm Time Reporting on page 353 Extreme AirDefense (AirDefense) is an ad
System Overview System Components The AirDefense appliance provides a scalable, secure, and manageable solution for enterprises to deploy in a single office or corporate campus. As an appliance, AirDefense does not require an enterprise to buy, install, configure, lock-down, and support a server, operating system, and database. A true appliance comes ready with the application and all supporting software preloaded.
System Requirements System Overview System Requirements The following are the different requirements for AirDefense: • • • Supported Hardware Appliances Supported Browsers Supported Operating Systems Supported Hardware Appliances • • Model NX95x0 Model NX96x0 Note • AirDefense 9.0.x and later do not support legacy appliances without 64-bit OS support. Customers that have a 32-bit server cannot upgrade beyond 8.1.3. • AirDefense 9.1.
Version 9.5 System Overview Version 9.5 Version 10.0 can be upgraded directly from version 9.5.0-11 only. Direct upgrade from any other version is not supported. Note For existing customers who would like to upgrade to 10.0, you must have an AirDefense support contract. Please contact your Extreme Networks sales person if you currently do not have a support contract and would like to receive access to software updates for this product.
Connect a Laptop System Overview Connect a Laptop You can physically connect a laptop to the AirDefense hardware appliance’s Ethernet port to communicate through an IP address. By default, a fresh installation of AirDefense does not have a default IP address. It has to be assigned by the AirDefense operator. Ensure that your laptop has an IP address in the same subnet as the AirDefense Appliance.
System Overview Add-On Modules The following table shows the basic activities you will need to perform to commission your AirDefense appliance. Table 8: AirDefense Basic Commissioning Planning and Assessment Review your security policies, network infrastructure and WLAN sensor coverage requirements, and then establish your AirDefense policy configuration. Analysis and Design Develop a system implementation design tailored to your specific wireless security requirements.
Add-On Modules System Overview Module Actions Category Presence Service • License and configure. Comes with Proximity licenses. Proximity and Awareness Note: This License is EOL. Wi-Fi- Analytics • License and configure. Comes with Proximity licenses. Proximity and Awareness Note: This License is EOL. Zone Tracking • License and configure. Comes with Proximity licenses. Proximity and Awareness Note: This License is EOL. Position Tracking • License and configure. Comes with Proximity licenses.
Hardware Dependencies System Overview Module Actions Category Central Management • License and configure. Central Management Console (CMC) Advanced Infrastructure • License and configure. License can be per Forensics sensor or per AP (RadioShare licenses). Security and Compliance Note: This License is EOL. Hardware Dependencies Certain software modules may be hardware dependent. For example, Spectrum Analysis is dependent on the radio chipset, which varies between hardware platforms.
Selecting and Deploying APs and Sensors System Overview Selecting and Deploying APs and Sensors Consider the following points when selecting your access points (APs) and sensors for deployment: • Most AP models can have internal or external antennas. APs with internal antennas work best in an indoor environment. AP/Sensors with external antennas work best for warehouse deployments, mount-in-plenum spaces or deployments where specialized antennas may be required.
Setting Up APs and Sensors System Overview Example: An AP that provides client access on channel six will monitor other channels as well. The AP will stay on channel six for 10 seconds. During the 10-second interval, the AP is capable of communication with associated clients. After the 10-second interval, the AP will listen off-channel on channel seven for 110 ms.
System Overview Assigning User Interfaces Assigning User Interfaces User interfaces allow system users to access certain AirDefense components. Each user interface has permissions. The table below describes the user interfaces, the program area they manage, the functions within the program area, and the type of user interface required.
User Types System Overview User Types The Admin User uses four templates to create user accounts with permissions. These templates are: • Admin—read and write access to all areas of AirDefense server and sensor administration, including creation of other admin users. • Guest—Gives users read permission to Alarm Management, Reporting, and Analysis Tools. No access is provided for the other functional areas. • Help desk—Gives users read/write permission to Connection Troubleshooting.
System Overview Tree Structure • • • • Menu—Gives you access to the AirDefense standalone features that are part of AirDefense Toolkit. Dashboard—Provides a customizable view of your wireless LAN. Network—Displays a list of devices seen on your wireless network. Alarms—Displays an alarm table that shows all of the active alarms currently occurring on your network. • Configuration—Allows you to configure devices plus perform other administrative tasks such as user and sensor administration.
System Overview Dashboard Drill Down Dashboard Drill Down The dashboard lets you quickly assess your overall security and performance status, then lets you drill down into detailed information about the data the dashboard summarizes. You can then drill even farther down into specific device or event information. The following graphic shows dashboard drilldown. By double-clicking the Rogue Exploit column in the Top Criticalities chart, the Alarms tab is displayed showing Rogue Exploit alarms.
Extreme AirDefense on Virtual Platform Prerequisites on page 354 Installing Extreme AirDefense 10.0 on VMware on page 355 Install Extreme AirDefense on Xen Hypervisor on page 364 Extreme AirDefense (AirDefense) can be pre-loaded on an appliance or can run as a virtual machine (VM) on a supported virtual platform. When you install the AirDefense platform on a hypervisor (for example, the Xen Project™ Hypervisor 4.x) it appears that AirDefense has the host hardware’s processor, memory and resources.
Required License Extreme AirDefense on Virtual Platform You can download the latest version from Extreme Networks support site at the following URL: Required License No license is required to install AirDefense on the Virtual Machine of your choice. However, you will require an AirDefense Platform license in order to use AirDefense on the virtual platform.
Installing Extreme AirDefense 10.0 on VMware Extreme AirDefense on Virtual Platform 3. Once VMware is installed, double-click the VMware vSphere Client icon on your desktop to access the VMware vSphere server. 356 Extreme AirDefense User Guide for version 10.5.
Installing Extreme AirDefense 10.0 on VMware Extreme AirDefense on Virtual Platform 4. Enter the IP address of your server, your user name and password; then, click Login. 5. Select File > Deploy OVF Template. The Deploy OVF Template window is displayed. Extreme AirDefense User Guide for version 10.5.
Installing Extreme AirDefense 10.0 on VMware Extreme AirDefense on Virtual Platform 6. Click Browse and select the VMware image for the latest version of AirDefense. In the following example, you would select the AD-VM-adsp-9-2-0-09.ova file from your local PC. 358 Extreme AirDefense User Guide for version 10.5.
Extreme AirDefense on Virtual Platform Installing Extreme AirDefense 10.0 on VMware 7. Click Next. The OVF template details window displays. 8. Verify the OVF template details and then click Next. The Name and Location screen displays. 9. Enter a name (for example, adsp-shell) and then click Next. 10. When multiple installation destinations are available, you must select a destination for storage of the VM files and then click Next. Extreme AirDefense User Guide for version 10.5.
Installing Extreme AirDefense 10.0 on VMware Extreme AirDefense on Virtual Platform 11. Select a Disk Format and then click Next. 12. Map the networks used in this OVF template to the networks available in your inventory. Use the drop-down list under the DestinationNetworks column to select the correct network. 360 Extreme AirDefense User Guide for version 10.5.
Extreme AirDefense on Virtual Platform Installing Extreme AirDefense 10.0 on VMware 13. Verify the information. Power on after deployment should not be enabled by default. If enabled, select the control to disable this option. Click Finish to deploy. 14. Wait until the Deployment Completed Successfully dialog box displays. This could take several minutes to hours depending on the location (local or Internet) of the AirDefense image being deployed. 15. Click Close.
Installing Extreme AirDefense 10.0 on VMware 16. Right-click on the VM and then select Edit Settings. The following window is displayed. 362 Extreme AirDefense User Guide for version 10.5.
Extreme AirDefense on Virtual Platform Installing Extreme AirDefense 10.0 on VMware 17. Set Memory, CPUs and hard disk size as specified in Required System Configuration on page 355 section and also based on the network devices and clients to be supported by AirDefense. 18. Click OK. Extreme AirDefense User Guide for version 10.5.
Install Extreme AirDefense on Xen Hypervisor Extreme AirDefense on Virtual Platform 19. Right-click on the AirDefense VM and then select Power > Power On. 20.Double-click the VM, then select the Console tab, and wait for login prompt. While waiting, AirDefense VM configures automatically. 21. When login prompt displays, log into AirDefense and configure just like you would any AirDefense appliance.
Install Extreme AirDefense on Xen Hypervisor Extreme AirDefense on Virtual Platform 3. Unzip the disk image using the following command: gunzip AD-VM-adsp-9-2-0-09-dvd.gz. 4. Go to /var/lib/libvirt/images and edit the configuration file: vi AD-VMadsp-9-2-0-09-dvd.xm. Figure 125: Edit the Configuration File 5. Change the line beginning with disk to point to your the location of your AirDefense image: disk = [ file:/var/lib/libvirt/images/adsp-disk,hda,w ] 6.
Menu Installing the Toolkit on page 367 Open on page 368 Forensic Analysis-Basic on page 370 Advanced Forensic Analysis on page 373 Action Control on page 376 Reports on page 378 Report Builder on page 380 Connection Troubleshooting on page 388 Scheduled AP Tests on page 400 Scheduled Vulnerability Assessment on page 403 Scheduled Events on page 405 Add Devices on page 407 Import and Discovery on page 413 Bluetooth Monitoring on page 423 The Menu gives you access to AirDefense features.
Installing the Toolkit Menu Features such as Add Devices and Import/Discover Devices are features that are an integral part of AirDefense. Reports and Help are web-based applications. Most of the rest of the features are Java applets. To run the Java applets, you are required to install the AirDefense Toolkit on your local workstation. (If you have no need to run the applets, there is no need to install these AirDefense Toolkit.
Menu Open 2. Select the version of the installation program that corresponds to your OS (Windows or Linux) and then follow the instructions for your OS. Open Click Open to access a saved Frame Capture or Spectrum Analysis file. • • Frame Capture Analysis on page 368 Spectrum Analysis on page 369 Frame Capture Analysis Live View saves session frame data in a temporary file on your ADSP appliance. This process is called Frame Capture.
Spectrum Analysis Menu The Capture File window is basically the same as the Live View window minus the buttons and menus that are not needed for Frame Capture Analysis. The tabs display the same information as the Live View window. Spectrum Analysis After conducting a Spectrum Analysis, you can save the temporary spectrum data to a permanent file on the appliance or to a file on your workstation.
Forensic Analysis-Basic Menu The Spectrum View window is opened minus the buttons and menus that are needed for generating spectrum analysis data. Forensic Analysis-Basic Using Forensic Analysis, you can analyze historical data collected and stored for wireless devices. Forensics furnishes details on devices detected by AirDefense, e.g., APs, sensors, switches, BSSs and wireless clients.
Accessing Forensic Analysis Menu • Using left click the drop-down menu then selecting Forensic Analysis. next to a device within the AirDefense user interface and Method 1 To access forensic data for a device: 1. Select Menu > Forensic Analysis 2. Enter the MAC address of the device in the appropriate field. Method 2 Use the context sensitive menu for the device to view Forensic Analysis: 1. Left-click the drop-down menu button of a device anywhere within AirDefense. 2.
Menu Setting Time Setting Time Once you have accessed Forensic Analysis, a time window displays and you must select the device and time range. Basic Forensic Analysis, by default, only shows 24 hours worth of data. For detailed historical analysis, you can change the 24 hour time period by selecting a new date and time. However, you cannot view more than 24 hours of data at any one time. Note Advanced Forensic Analysis allows you to specify your own time period which can exceed 24 hours.
Advanced Forensic Analysis Menu If you select one of the tabs, the summary is expanded into more detailed forensic data so that you can learn more about the wireless device and if necessary, take immediate action. Note The tabs displayed will vary depending on the device selected and on whether you have installed Basic Forensic Analysis or Advanced Forensic Analysis. You can access the following tabs in Forensic Analysis for more detail: • Adoption History (APs and Switches.
Scope Based Forensic Analysis Menu administrators can review events months later to improve network security posture, assist in forensic investigations, and ensure policy compliance. These records can be used to provide evidence that an attacker has made repeated attempts to break into the wireless network and to know where the attack was launched. See the following table for a comparison of the features that are available with Basic vs. Advanced Forensics. Table 9: Advanced vs.
Device Based Forensic Analysis Menu The following forensic data is included with Scope Based Forensic Analysis: • A summary that includes high-level information about the threat level, device counts and traffic for the entire scope over the selected time range (Summary tab). • • • • • • • Active alarm information (Threat Analysis tab). Threat level information on items within the selected scope (Threat Breakdown tab). Transmitted and received traffic by all devices in the selected scope.
Menu Action Control Device Based Forensic Analysis provides AirDefense administrators with the same forensic data that Basic Forensic Analysis, but also includes the extra features. The Basic Forensic Analysis tabs are included plus an extra Location Analysis tab for BSSs and Wireless Clients is added. The Location Analysis tab provides information to help administrators locate devices in their wireless network. A Heat Map and a Location Map are used to locate a device.
Action Control Menu Selecting an action displays details about the action in the Action Details window. Use the button to launch a window that enables you to filter to the actions of interest on a specific device. Extreme AirDefense User Guide for version 10.5.
Menu Action Control Table Action Control Table The Action Control table displays specific information about an action that is taking place.
Web Reporting Interface Menu Web Reporting Interface To access the Web Reporting web site, log in to the GUI and then select Menu > Reports. The report names are displayed by category. Select the desired report and click on the link to display it. The Web Reporting interface consists of three tabs: Reports, Published and Favorites. To move from one page to another, click the tab name. See the following list for a description of each tab.
Report Builder Menu The Online Help describes each of these tabs in detail and explains how to create reports, add reports to the Favorites tab, and schedule reports. Report Builder The Report Builder application allows advanced users to create completely original reports from blank templates. Alternatively, you can choose a report template you like and edit it to meet your requirements. All report components are based on whether you want a report on a single device or multiple devices.
Adding a Report Menu Adding a Report 1. Click New on the Report Builder tool bar. 2. Choose a template. Either choose an existing report to edit, or choose the blank report for either a single device or for multiple devices. Note You cannot change the number of devices after you start creating a report. To change then number of devices on your report, you must create a new report. 3. In the Name field, type the name you want to use for this report.
Adding Report Components Menu Adding Report Components After you have created a report, regardless of whether you started with a blank template or an existing report, use the following guidelines for enhancing it: Note Right-click menus make it easy to work with report components. The Report Builder interface displays the right-click options that are available for use, and grays out those that are not. • To add sections - Right-click on the name of the report in the tree.
Menu Available Report Components Extreme AirDefense User Guide for version 10.5.
Configuring Report Components Menu Configuring Report Components Every report component (data field, table, or chart) has configuration options you can use to create reports that contain the exact information you need. After you add a report component to your report tree, Report Builder displays the configuration options for that component. You can name the component, and then configure filters. Note You may want to include the units of measure in the name you give the field. For example: Alarm (count).
Configuring Report Filters Menu • Boolean (example): • Text box (example): Extreme AirDefense User Guide for version 10.5.
Menu Deleting a Report Deleting a Report To delete an existing report: 1. Select File > Delete Report in the tool bar. A Confirmation Window appears. 2. Select (highlight) the report that you want to delete. 3. Click Delete Report to delete. 4. Click Yes to confirm. 386 Extreme AirDefense User Guide for version 10.5.
Importing a Report Menu Importing a Report You can import a report from the Report Builder screen by using the following steps. 1. Select File > Import. The Import Reports window is displayed. 2. Click Add. 3. Navigate to the selected report, select (highlight) it, and click Open. The report is added to the Report Files list. You may add as many reports as you like. 4. If a report name already exists, click the Overwrite existing reports checkbox. 5. Click OK to import the report.
Exporting a Report Menu Exporting a Report You can export a report from the Report Builder screen by using the following steps. 1. Click File > Export. The Export Reports window is displayed. 2. Select (highlight) one or more reports that you want to export. 3. Click Add to add the reports to the Selected Reports list. The Add All button adds all of the available reports to the Selected Reports list. The Remove button removes selected (highlighted) reports from the Selected Reports list.
Getting Started Menu Getting Started You must first determine the MAC address of the Wireless Client or the device name of the Wireless Client. One way to do this is to right-click on the Wireless Client while in the GUI and copy the MAC address. If for some reason you cannot copy the MAC address, you can click the question mark next to the Troubleshoot Device field to display hints on how to determine the MAC address or device name.
Find MAC Address-Windows 2. In the Search Programs and Files control at the bottom of the menu, type cmd and then press Enter. The Windows™ command line interface window displays. 390 Extreme AirDefense User Guide for version 10.5.
Find MAC Address-MAC OSx Menu 3. In the cmd window that displays, type ipconfig /all and then press Enter. A list of available network interfaces is displayed. 4. If the list of interfaces displays multiple interfaces, search for the appropriate adapter. In the above image, the correct adapter is the Wireless LAN adapter Wireless Network Connection. The MAC address of the interface is displayed as Physical Address. In this example, the MAC address of the interface of interest is 64-80-99-F9-CE-FF.
Menu Linux Variants Open System Preferences and select Network. Select the wireless interface from the list in the Show drop down. The MAC address is the AirPort ID which is 00:0d:31:83:dd:37 in the screen shot below. Linux Variants To find the MAC address on a Linux or its variant system: Open a terminal and type ifconfigand then press Enter. The command displays all the network adapters on the machine. Identify the appropriate interface adapter.
Menu Linux Variants Extreme AirDefense User Guide for version 10.5.
Device Selection Wizard Menu Device Selection Wizard The Device Selection Wizard is used to locate and select a Wireless Client for troubleshooting. Click the wand to access the Device Selection Wizard and then follow these steps to select a Wireless Client. 1. Select a scope by highlighting the appliance or a network level. Select Next to continue. You should try to narrow the scope as much as possible. By default, only authorized stations are included in the device list.
Menu Device Selection Wizard 2. Highlight the vendor name by selecting it. Click Next to continue. If you are unsure of the vendor of your device, you can select Unknown from the list. Extreme AirDefense User Guide for version 10.5.
Device Selection Wizard Menu 3. Type in any information that can identify the device. You may type partial names or addresses. The Device Selection Wizard finds all devices matching the provided information. Click Next to continue. 4. Check the list of devices on the left side of the window below. If there is only one device in the list, it most likely the Wireless Client you are searching for. Select it and then select Finish.
Troubleshoot Another Wireless Client Menu d. Click the Use this Device. The Wireless Client's MAC address is placed in the Troubleshoot Device field where you can proceed to troubleshoot it. If more than one device is found, the list of devices will update. Click Try Again and then repeat steps. You may have to keep trying again until there is only one device found. Note After following these steps and the device list is empty, please choose another sensor to retry.
Menu Results Summary If problems were observed, you may see a Results Summary window similar to the one shown below. The Results Summary screen will change according to the results but the symbols remain constant. No problem observed. Possible problem; needs further investigation. Definite problem observed. To view the individual summary sections, select on the section name of interest. To get a more detailed explanation of the summary, click on the Information icon window opens displaying the details.
Observed Network Menu Observed Network The Observed Network window displays how the troubleshooted Wireless Client appears in the network. It shows any wireless or wired connections between the wireless client and other devices in the network. A dark gray line between devices signifies the connection was checked and communications are good. A red line between devices signifies the connection was checked and there is a problem. No line between devices signifies no connection was observed.
Menu Scheduled AP Tests A dialog window opens where you can name and save the exported file to your local hard drive. Once saved on your workstation, the exported file can be opened in the Frame Capture Analysis tool to analyze the sequence of events that occurred during troubleshooting. Warning Packet capture files are over written every time trouble shooting tests are run. It is recommended that you export the PCAP file to your local hard drive before running the next test.
Menu Scheduled AP Test On-demand AP Tests On-demand AP tests can be performed on sanctioned APs only. Select the AP to test from the Networks tab and then run the required AP tests on it. To run an on-demand AP test: 1. Click the Network tab. The Network tab loads and displays a list of all discovered APs. 2. Select BSS from the Show drop-down menu. A list of APs is displayed. 3. Select the AP you wish to test. Note The AP must be sanctioned, as indicated by the green symbol on the device.
Scheduled AP Test Menu 4. Click on the down arrow on the device and in the drop-down menu, select AP Test. 5. The test results for that device are displayed in a window. AP Test License An AP Test license is required to access the Scheduled AP Test feature. AP Test is not part of the default AirDefense system. If the AP Test license is not installed, you will receive the following error when attempting to access the Scheduled AP Test feature: 402 Extreme AirDefense User Guide for version 10.5.
Scheduled Vulnerability Assessment Menu Click Exit to close this dialog window. Scheduled Vulnerability Assessment Wireless vulnerability assessment provides remote wireless security testing. By simulating attacks from a wireless hackers point of view, administrators can now identify sensitive systems exposed to the wireless network. This eliminates the need to go on-site and perform penetration testing. Scheduled Vulnerability Assessment To manage and schedule Vulnerability Assessment: 1.
Vulnerability Assessment License Menu 2. Select Add to create and add a new Scheduled Vulnerability Assessment test. 3. Select the Ok button after setting the parameters for this Vulnerability Assessment test. At any time, select Cancel to exit without saving the configuration. Vulnerability Assessment License A Vulnerability Assessment license is required to access the Scheduled Vulnerability Assessment feature.
Scheduled Events Menu Click Exit to close this dialog window. Scheduled Events The Scheduled Events feature allows you to monitor all scheduled events from one source. You can schedule events throughout AirDefense, and monitor the scheduled events from the Scheduled Events window. Monitoring Scheduled Events Scheduled events can be monitored by: 1. Select Menu > Scheduled Events. The Scheduled Events window displays with a list of events. Extreme AirDefense User Guide for version 10.5.
Monitoring Scheduled Events Menu 2. Use the Schedule Type drop-down to filter to the events of a particular type. Select All to view all scheduled events (default). The different types of events that can be selected are: • • • • • • • • • • AP Test Auto Classification Backups Firmware Upgrade Frame Capture Server Sync System Forensic Backup Device Import Vulnerability Assessment • • • • • • • • • Device Management Poll Device Configuration Deferred Device Configuration LiveRF Background Analysis.
Altering Event Schedules Menu Altering Event Schedules You can alter an event schedule by highlighting the scheduled event and clicking the Edit Schedule button. To alter an event's schedule: 1. Select the event by highlighting it and then select the Edit Schedule button. The Edit Schedule window displays. 2. From the drop-down, select the appropriate schedule.
Menu BSS Fields You can add any of the following devices by selecting the device from the Device Type menu: • • • • • • • • BSS Wireless Client Wired Switch Wireless Switch WLSE AirWave MSP Appliance The fields change according to the selected device. BSS Fields The following screen is displayed when BSS is selected. 408 Extreme AirDefense User Guide for version 10.5.
Menu BSS Fields The following fields are available when adding BSSs: Field Description MAC Address The MAC address of the device Name The name you want your device to display in your network Description A description of the device Add to appliance You may add the device to your primary appliance or all appliances that Extreme AirDefense is mionitoring. Select the appropriate radio button. Extreme AirDefense User Guide for version 10.5.
Wireless Client Fields Menu Field Description Annotations Specify if the device should be flagged or if it will be bridged. Select the appropriate checkbox. Classification Specify if the device should be classified as: • Neighboring • Unsanctioned • Sanctioned (Inherit Profiles) • Sanctioned (Assign Profiles) - a list of available profiles is displayed to use as the override profile(s). You may select one or more profiles.
Other Device Fields Menu The following fields are available when adding Wireless Clients: Field Description MAC Address The MAC address of the device Name The name you want your device to display in your network Description Select a scope (usually a floor network level) from the drop-down menu Add to appliance You may add the device to your primary appliance or all appliances that Extreme AirDefense is monitoring. Select the appropriate radio button.
Menu Appliance Fields The following fields are available when adding the above device types. Field Description MAC Address The MAC address of the device. Name The name you want your device to display in your network. Scope Select a scope (usually a floor network level) from the drop-down menu. Host The host name of the device. Description A description of the device. Appliance Fields The following screen is displayed when Appliance is selected.
Menu Import and Discovery Import and Discovery Import and Discovery is used to import or discover devices from one of the following sources: • • • • Local file Remote file SNMP discovery using a list of networks to scan Wireless Manager/Switch. All imported devices will be configured and classified according to the Device Import Rules. You may also use Auto-Placement Rules to place the device in your network, or you may place the device yourself.
Menu SNMP Discovery Field Description Device placement You have the option of using the auto-placement rules or selecting a folder from your network tree. Execution Method You have the option of selecting an existing profile or entering the import information manually. If you elect to enter the information manually, additional options are displayed.
Menu Import Local File Import Local File The following fields are available when importing local files: Field Description Job Type Import Local File Descriptions System generated description. You may change if you want to. Path Browse to specify a path on your local workstation including the import filename (e.g., c:\temp\filename) Select a sample CSV file Selects a sample CSV file from the drop-down list. Once a file is selected, click Open in New Window.
Import Remote File Menu Import Remote File The following fields are available when importing remote files: 416 Field Description Job Type Import Remote File Descriptions System generated description. You may change if you want. Host Host name or IP address Protocol Protocol used for communications Path Path name on the remote host including the import filename (e.g.
Menu Import from Wireless Manager or Switch Import from Wireless Manager or Switch The following fields are available when importing wireless managers or switches: Field Description Job Type Import from Wireless Manager/Switch Descriptions System generated description. You may change if you want. Basic Search Specify a partial or full MAC address of a Switch or enter the name; then, click Search. The search results are listed in the Select from search results box.
Menu Import File Formats Import File Formats There are two types of import files: • • Devices Profiles (configurations). Import files contain records, made up of columns (fields), that are used to import devices or profiles and configuration settings into ADSP. You will need to use text files to import devices and profiles. There are two commonly used text file formats: • Comma separated values text files (CSV), in which the comma character typically separates each field of text.
Profiles and Configurations Menu Requirements: Importing BSSs require performance and security policy information. The relevant policies must be created prior to importing the file or created within the file. You can create the BSS in line 1 of the file and the policies later in the file. The sequence does not matter. • • • DEV_IMPORT_CLASS DEV_ON_WIRE STATION Requirements: Importing Stations require performance and security policy information.
Profiles and Configurations • • • CHANNEL_CONFIG CLEAR_COMM CLI_CONF Mapping for Device Type: ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ • • • • • • • • • • • • • • • • ap51x1=1 ap71x1=2 ws2000=4 ws5100=5 rfsx000=6 airespace=7 wm3x00=8 ap35x0=9 ap47x0=10 brx000=11 br51x1=12 br71x1=13 ap7181=14 Cisco1200Plugin=20 cb3000=23 ap650SA5000R= Wing 5.2=25 IRIS=26 SILK=27 ArubaPlugin=28 extreme.
Scheduling AP Test or Vulnerability Assessment Menu • • • • • • • • • RADIUS_INFO REALM_CONFIG RELAY_PARAMS SCHEDULED_IMPORT SECURITY_PROFILE SENSOR_SETTINGS SYSTEM_SETTINGS USER_INFO WLAN_PROFILE Import Rules: ◦ The last field NUM_KEYS_RADIUS_SERVERS is zero by default. ◦ For protocol EAP,WPA and WPA2, RADIUS server information is expected. ◦ RADIUS Server information is preceded by record name radius_info and followed by RADIUS server name.
Scheduling AP Test or Vulnerability Assessment • • • • • • • • Menu Last seen time in minutes Skip test on sensor busy (true or false) Filter on SSID (true or false) Time to wait for Sensor in minutes Number of tests (assessments) to run in parallel Prefer OTA tests (true or false) Schedule name Schedule type (daily, intraday, monthly, weekly, or onetime): ◦ Daily has the following sub-fields: ▪ hours (the hour of the day) ▪ minutes (the minute of the hour) ▪ type (interval, weekdays, or weekends)-inter
Bluetooth Monitoring Menu Bluetooth Monitoring Bluetooth monitoring is a feature that provides 24x7 monitoring of Bluetooth devices in Enterprise environments. With this feature, ADSP can automatically scan and detect security threats from unsanctioned Bluetooth devices, as described in the following list. • • • Detection of any unsanctioned Bluetooth device. Detection of any unsanctioned Bluetooth device present longer than the configured duration.
Bluetooth License Bluetooth License You must have a WIPS license on the sensor device in order to access the Bluetooth feature. 424 Extreme AirDefense User Guide for version 10.5.
AirDefense Dashboard The Dashboard on page 425 Selecting Dashboard Scope on page 427 Customizing Dashboard Views on page 428 Dashboard Components on page 429 The Extreme AirDefense Dashboard provides a quick visual representation of your network. Network state and other information is displayed using widgets. You can select from a large array of useful widgets to customize the AirDefense Dashboard to display the network state information that you are interested in.
AirDefense Dashboard The Dashboard ADSP provides five default views involving the most important aspects of your network. Each view is fully customizable where you can add any one of the already defined dashboard components. The default views are: • General - Displays general information about your network using some components of the other three views.
Selecting Dashboard Scope AirDefense Dashboard • Infrastructure - Displays infrastructure information such as: ◦ ◦ ◦ ◦ ◦ ◦ • Infrastructure Status Last 5 Infrastructure Alarms Device Breakdown by Model Top Infrastructure Criticalities Wireless Client Associations by WLAN Radio Channel Breakdown. Performance - Displays performance information such as: ◦ Performance Threat by Tree Level ◦ Performance Threat by Device.
Capabilities with a Central Management License AirDefense Dashboard Scopes are defined as the following network levels: • SystemDisplays information for your entire network (system). If you have a Central Management license, selecting System as the scope displays a combination of all appliances being managed. • ADSPDisplays server information including all the network levels (Country, Region, City, Campus, Building, and Floor) as defined in the Configuration tab under Appliance Platform > Tree Setup.
AirDefense Dashboard Draggable Components You can click on the 2x2 or 3x3 button. You can then change the name of a view by clicking the Rename button, typing in the new name, and then clicking OK. Draggable Components You may customize any of the existing views as well as the empty custom views. The components panel contains all of the components that can be viewed in the Dashboard. You may add components to the Dashboard by dragging and dropping a component onto the Dashboard.
Dashboard Components AirDefense Dashboard Component Description BT_Sensors Displays Bluetooth sensors see on your network. BSSs by Configuration Displays a pie chart of BSSs by configuration (sanctioned, unsanctioned, and neighboring). Also lists the total number of BSSs seen on your network. BSSs by Last Seen Displays a pie chart of the BSSs seen on your network over the last five days. Also lists the total number of BSSs as well as the totals for each day.
AirDefense Dashboard Dashboard Components Component Description PCI 11.1 Status Lists the compliance status of Rogue APs, Rogue Wireless Clients, and Accidental Associations as related to PCI Section 11.1. A green checkmark signifies you are in compliance. A red x signifies you are out of compliance. PCI Status Lists the compliance status of PCI Sections 2, 4, 11.1, and 11.4. A green checkmark signifies you are in compliance. A red x signifies you are out of compliance.
Dashboard Components 432 AirDefense Dashboard Component Description Severity by Device Displays a bar chart showing the severity scores of the top offending devices. Severity by Tree Level Displays a bar chart showing the severity scores of the top offending network levels. Signal Strength Status Displays a pie chart showing the number of clients and APs greater than or equal to -70dBm, and the number of clients and APs less than -70 dBm.
Network Tab Capabilities with a Central Management License on page 434 Select-Network View on page 434 Network Devices on page 435 Association Tree on page 442 Network Graph on page 443 Network Filters on page 445 Actions Menu on page 460 Actions Descriptions on page 462 Advanced Search on page 474 The Network tab displays a list of devices seen in your wireless network. Also displayed is a total device count.
Capabilities with a Central Management License Network Tab In a large list of devices, you can use the Search field to find a device or group of similar devices. Entering a string will reduce the list of devices to the ones that has information matching the string. Entering a device name will display the device matching the typed name. You can hide (uncheck) or view (check) columns by clicking the drop-down button located after the last column (Compliant.
Actions Menu Network Tab • • Unknown Devices Bluetooth Devices In the graphical view, the following items are displayed in the Show menu: • • Association Tree Network Graph. You can select the different views by selecting the appropriate view button. The first button selects the tabular view. The second button selects the graphical view. The last button is the Advanced Search button which is explained later. Types of Devices From the drop-down menu under Show, you can select a device.
Network Devices Network Tab The list of Network Devices are displayed in a tabular format using a combination of the following columns: Column Description Flag Indicates if a Network Device has been flagged (blue flag (default header) Device Displays the Network Device's icon along with the its name. (default header) Name Displays the name of the Network Device. MAC Displays the Network Device's MAC address. IP Displays the Network Device's IP address.
Network Tab BSS Column Description Associated Clients Displays the number of clients that have associated with the Network Device. Adopted APs Displays the number of APs that the Network Device has adopted. BSS Click the drop-down menu under Show and click on BSS. AirDefense displays a list of all BSSs seen in your wireless network.
Wireless Client Network Tab Column Description Manufacturer Displays the manufacturer of the device. Classification Displays how BSSs are classified. Sensed Authentication Displays the sensed method of authentication. Sensed Encryption Displays the sensed method of encryption. Protocols Displays the protocols being utilized by the BSS. Rogue Indicates if a BSS is a rogue (true or false). (default header) Device Actions Indicates a current live state.
Network Tab Wireless Client Column Description MAC Displays the Wireless Clients MAC address. IP Displays the Wireless Clients IP address. Severity Displays the Wireless Client threat level to your network. (default header) First Seen Displays the first time the Wireless Client was seen on the network. Last Seen Displays the last time the Wireless Client was seen on the network. (default header) Scope Displays where the Wireless Client is located within the network scope.
Unknown Devices Network Tab Unknown Devices Click the drop-down menu under Show and click on Unknown Devices. AirDefense displays a list of all Unknown Devices seen in your network. Unknown devices are defined from the source or destination address detected in communication to or from a wireless device.
Network Tab Bluetooth Devices Column Description On Network Identifies how AirDefense obtained the MAC address of a nonwireless device. The different entries are: • Sensor SegmentThe frame containing MAC address was detected by a sensor on its wired port. This device is therefore known to be on a LAN segment containing the sensor and is therefore on the same wired infrastructure. • SwitchThis MAC address was obtained from a data poll of the tables of a wireless switch.
Network Tab Menu Network Support Column Description Severity Displays the threat level to your network. Green indicates a sanctioned device. Red indicates an unsanctioned device. (default header) Last Seen Displays the last time the Bluetooth device was seen on the network. (default header) Scope Displays the area where the Bluetooth device is located within the network scope. (default header) Floor Displays the floor where the Bluetooth device is located.
Network Graph Network Tab Click the Expand button to open a branch of the tree. Click the i tree. The table columns for the Association Tree are: button to close a branch of the Column Description Devices Displays the name of the devices on your network. Severity Displays the threat level to your network for a floor and all the devices on that floor. Device Count Displays the number of devices on a tree level. Last Seen Displays the last time a device was seen on the network.
Network Tab Network Graph To switch to the Hierarchical view, click the Hierarchical button. Click Concentric to return to the Concentric view. You can manipulate the graph by using: • • • • Graph Zoom to zoom the graph in and out. Device Labels to remove or display the device labels. Icon Size to increase or decrease the size of the icons. Network Depth to see more devices or less devices in your network. 444 Extreme AirDefense User Guide for version 10.5.
Network Filters Network Tab Network Filters Network filters are provided to filter the displayed network information. They are displayed on the left side of the Network tab. The different filters are: • • • Grouping - you can view devices by grouping them using similar criteria. Network Scope - you can view devices according to where they are in the network tree. First/Last Seen Filter - filters devices according to when they where first seen and/or last seen on your network.
Network Tab Grouping Filter • • • • • • • • • Flag - you can optionally view all flagged devices. Alarm Severity - you can view devices by alarm criticality. Alarm Type - filters devices by alarm type. Device - filters devices by model, manufacturer, and/or capabilities. Compliance - displays devices according to state of compliance with network policies. Status - displays devices according to their uptime/offline status. Signal Strength - filters devices within a specific signal strength range.
Grouping Filter Network Tab • Classification - Groups devices by how they are classified. This view is accessible when displaying BSSs, Wireless Clients, or Unknown Devices. • Signal Strength - Groups devices in a range of signal strengths. This view is accessible when displaying BSSs or Wireless Clients. • Sensed Authentication - Groups devices based on their sensed method of authentication. This view is accessible when displaying BSSs or Wireless Clients.
Network Scope Filter Network Tab • Client Type - Groups devices based on their client type. This view is accessible only when displaying Wireless Clients. • On Network - Groups devices based whether they are on the network or not. This view is accessible only when displaying Unknown Devices. • Status - Groups devices based on their online/offline status. This view is accessible when displaying Network Devices. • Scope - Groups devices based on where they are in the network.
First Last Seen Filter Network Tab First Last Seen Filter The First/Last Seen filter allows you to filter devices according to when they where first seen and/or last seen on your network. Extreme AirDefense User Guide for version 10.5.
Network Tab Flag Filter The last seen times may be: • • • • • • • • • • Any time period 0 - 5 minutes 5 - 10 minutes 10 - 20 minutes 20 - 30 minutes 30 - 60 minutes 1 - 12 hours 12 - 24 hours 24 - 72 hours More than 72 hours. The first seen times may be: • • • • • Any time period 1 - 12 hours 12 - 24 hours 24 - 72 hours More than 72 hours.
Alarm Type Filter Network Tab The severities are: • • • • • Severe - Displays only Severe alarms. Critical - Displays Critical and Severe alarms. Major - Displays Major, Critical, and Severe alarms. Minor - Displays Major, Critical, and Severe alarms. Safe - Displays alarms of all criticalities. You can select the alarms that you want to view by checking the checkbox. Alarm Type Filter The Alarm Type filter allows you to view devices by alarm type.
Classification Filter Network Tab Click Edit, select the alarm type(s), and then click OK. The following graphic shows that you only want to display rogue alarms. To remove an alarm type, select (highlight) the alarm type and click Remove. Classification Filter The Classification filter is used to filter devices by their device classification. 452 Extreme AirDefense User Guide for version 10.5.
On Network Filter Network Tab Devices are displayed by the following classifications: • • • SanctionedDisplay sanctioned devices. UnsanctionedDisplay unsanctioned devices. NeighboringDisplay neighboring devices. Select the checkbox(es) for the classification(s) that you want to display. You can also display devices by rogue classification. You options are to display all devices or to display only rogue devices. Select the appropriate radio button.
Network Tab Device Filter . You can also filter network devices based on the capability of the device. When you select a capability, only devices with that capability are displayed. For network devices, you may select: • • • • • • Access Point BT_Sensors Wireless Switch Sensor Wired Switch Network Manager. Wireless Clients For wireless clients, you can filter devices based on the manufacturer. Select the manufacturer from the drop-down menu.
Device Filter Network Tab You can also filter Wireless Clients based on the client type. When you select a client type, only devices of that type are displayed.
Network Tab Device Filter Compliance Filter The Compliance filter is used to display devices according to their state of compliance with your network policies. This filter is only available when displaying Network Devices .Devices are displayed if you have their compliance state checked. The different states are: • • • Compliant - Displays devices that are compliant. Not Compliant - Displays devices that are not compliant. Unlicensed - Displays devices that do not have the required license.
Device Filter Network Tab You may adjust the signal strength range by sliding the adjusters. The maximum range is -100 dBm to -1 dBm. Sliding the left slider adjusts the minimum signal strength. Sliding the right slider adjusts the maximum signal strength. Security-Sensed Filter The Security-Sensed filter is used to display devices using a combination of the sensed method of authentication and/or the sensed method of encryption. This filter is only available when displaying BSSs and Wireless Clients.
Network Tab Device Filter Figure 127: Encryption You may select any combination of authentication methods and/or encryption methods. The available authentication methods are: • • • • • • • • • • • • • • • • • • • Unknown Open Pre-Share Key WPA 802.1x RSN LEAP PEAP EAP-MD5 EAP-OTP EAP-GTC EAP-TLS EAP-FAST EAP-TTLS RSA EAP-SIP RAS EAP-PKA Network EAP Symbol Keyguard Other. 458 Extreme AirDefense User Guide for version 10.5.
Device Filter Network Tab The available encryption methods are: • • • • • • Unknown Unencrypted WEP TKIP AES(CCMP) Other Encryption. Security-Polled Filter The Security-Polled filter is used to display devices using a combination of the polled method of authentication and/or the polled method of encryption. This filter is only available when displaying wireless clients. You may select any combination of authentication methods and/or encryption methods.
Network Tab Actions Menu The available encryption methods are: • • • • • • • Unencrypted WEP64 WEP128 AES(CCMP) TKIP Symbol Keyguard WPA2 PSK. Actions Menu The Network tab includes an Actions menu where you can execute an action. Depending on the device type, clicking the Actions button displays one of the following menus: Network Device Actions BSS Actions 460 Extreme AirDefense User Guide for version 10.5.
Network Tab Wireless Client Actions Wireless Client Actions Unknown Devices Actions Extreme AirDefense User Guide for version 10.5.
Bluetooth Devices Actions Network Tab Bluetooth Devices Actions Actions Descriptions Actions are active (selectable) or inactive (un-selectable) depending on the device type selected in the Show menu. Some actions are executed when you select a device and then select an action. In this case, no other input is required. Other actions will display a dialog that require more input.
Audit Devices Network Tab Action Description Remove Devices Allows you to remove selected device(s) from monitoring (see < LINK HERE >.) Move Devices Allows you to place selected device(s) on a floor (see < LINK HERE >.) Upgrade Devices Allows you to upgrade the firmware for the selected device(s) (see < LINK HERE >.) Import CLI Variables Allows you to import CLI variables at the device level (see < LINK HERE >.
Retrieve Diagnostic Logs Network Tab The Compliant Configuration is a list of CLI commands that were pulled from the CLI Profile for the device. If there are differences, they are highlighted. Also, the Revert to Compliant Config and Accept Polled Config buttons are activated. Otherwise, the buttons are inactive. You may change the displayed configuration by selecting a configuration type from the drop-down menu. When you change a configuration type, the CLI commands for that type are displayed.
Network Tab Retrieve Diagnostic Logs To view your diagnostic logs, you will have to export them to your workstation by clicking Export Consolidated Logs. Note The Export Consolidated Logs button is inactive until the status changes to Pass and the diagnostic logs are ready to export. Click OK to continue. Navigate to a location and click Save. The consolidated logs are saved in a ZIP file using the specified file name. You can now view the logs. Extreme AirDefense User Guide for version 10.5.
Network Tab Remove Devices Remove Devices To remove devices: 1. Click Remove Devices to remove a selected (highlighted) device. You are prompted to confirm removal. 2. Click OK to remove the listed devices. Click Cancel to exit without removing the device(s). Move Devices Use the Move Devices action to move a selected (highlighted) device to a scope (floor) that you specify. When selected, you are prompted to select a scope To move a device: 1. Select Move Devices action.
Upgrade Devices Network Tab 2. Click the Select Scope drop-down menu to make your scope and then click OK. You are prompted to confirm your selection. 3. Click OK to move the device(s). Click Cancel to exit without moving the device(s). Upgrade Devices To upgrade the firmware for devices on your network, select (highlight) a device and then select Upgrade Devices from the menu. Extreme AirDefense User Guide for version 10.5.
Network Tab Upgrade Devices You have the option of upgrading immediately or upgrading later. If you decide to upgrade later, select Upgrade Later and then select a time from the drop-down menu and a date from the calendar. You may enter a description in the Description field. This information is displayed when you check the Job Status and helps identify the job. There are four checkbox options that you can select. They are: • • • • Downgrade devices with newer firmware.
Import CLI Variables Network Tab By default, all devices are selected. If you decide not to upgrade one or more devices, uncheck the checkbox for that type of device. Click OK to start or schedule the upgrade. Click Cancel to exit and not upgrade. Import CLI Variables Note A WLAN Management license is required to import CLI variables. The Import CLI Variables action is used to import CLI variables at the device level.
Export Devices Network Tab Select the import file and then click Open to import the CLI variables. Verify Import of CLI Variables To verify that the CLI variables were imported: 1. Click the device's drop-down menu button. 2. Select Properties from the menu. 3. Select the CLI Profile for the device. The imported CLI variables should be visible in the Variables section.
Network Tab Command Run and Log When you click OK, a dialog window opens where you can specify the directory (folder) and name of the CSV file. Note At this time, files exported using Export Devices are for external viewing only. They cannot be imported back into AirDefense. AirDefense names the CSV file devices.csv by default. You can keep that name or change it. Click Save button to save the CSV file. Click Cancel to exit without saving the file.
Command Run and Log Network Tab The commands are applied to all devices selected in the Network tab. Selected devices are listed in the Devices that will be affected field. Each command must be on a line by itself. If a command requests a confirmation from a device, ADSP will respond Yes. You may import an updated configuration from device(s) after a command has run successfully. Just select the Import checkbox. The logs for the Command Run and Log are placed at: /usr/local/smx/device-mgmt/jobs.
Search Device Configuration Network Tab You can view the log of another device by selecting the device from Devices drop-down menu. Click Copy to Clipboard to copy the log contents to the clipboard. Click Cancel to exit the log. Search Device Configuration Use the Search Device Configuration action to search for devices by configuration. Depending on the number of infrastructure devices in network, the process can take some time. Follow these steps to search for device configurations: 1.
Network Tab Advanced Search 3. From the Actions menu, select Search Device Configuration. 4. Enter the name of the device configuration you are searching for. 5. Check Search Results to display the search results. 6. When the devices are found, click Upgrade Firmware to upgrade; Command Run & Log to run the command log; and Cancel to exit without saving. Advanced Search The Network tab has an advanced search feature that allows you to supply additional criteria to the basic search.
Advanced Search Network Tab • • • The model number of a device or any model. The SSID of the device The client type of the device ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ • • Default Type MCD VoIP Phone Laptop Employee Laptop Employee Phone Employee Device High Priority Visitor Device Visitor Device Low Priority Visitor Device The manufacturer of the device The source ◦ ◦ ◦ ◦ ◦ All Sensor Segment Switch Authorized AP Unknown You may add additional criteria as needed by clicking the Add Search Criteria link.
Network Tab Advanced Search Additional criteria may be added until you added all the search criteria for the type of devices being displayed. Added criteria may be removed by hovering your cursor over the criteria and then clicking the located to the right of the criteria. Additional criteria includes: Criteria Description Flag Select whether you want to display flagged or un-flagged devices. Firmware Supply a firmware version for devices you want to display.
Alarms AirDefense Alarm Model on page 479 Capabilities with a Central Management License on page 480 Alarm Table on page 481 Alarm Filters on page 481 Alarm Categories and Criticality on page 489 Alarm Details on page 490 Alarm Actions on page 491 Alarms Tab The Alarms tab displays an alarm table that shows all of the active and inactive alarms currently occurring on your network, sorted in columns by: • • • • • • • flag alarm criticality alarm type offending device start time alarm status SSID of the of
Alarms Alarms Tab The alarms listed in the table are determined by the network level and the filters you have selected. Select the network level in Show alarms in the drop-down menu. Select filters using the instructions described in the Alarm Filters on page 481 section. You can hide (uncheck) or view (check) columns by clicking the drop-down button located to the right of the last column.
AirDefense Alarm Model Alarms AirDefense Alarm Model Suppressed Alarm Repetition AirDefense has made significant advancements in the Alarm Model, dramatically decreasing the occurrence of repetitious alarms. In the new Alarm Model, the AirDefense appliance leverages the extensive data it collects about security events to determine whether events are: • • • Unique events Repeat occurrences of activities that constitute a single security event Repeat observances of a single, ongoing event.
Duration of Alarm Alarms Duration of Alarm The alarm stays active for a period of time after the security event ends. This period of time is called the duration. The duration is user-configurable, although AirDefense has determined default duration times correlated to the expected life-cycle of each specific event. When the duration time ends, the alarm becomes inactive. You can use the forensic analysis to view historical alarms.
Alarm Table Alarms If displaying alarms on an appliance level or a network level, only the alarms generated by that appliance or network level are shown. Alarm Table The alarm table is customizable and includes the following information (columns): Column Description Flag Indicates whether or not a alarm has been flagged. Criticality Displays the criticality of the alarm. (See Alarm Criticality on page 490 for more information.) Alarm ID Displays the alarm identification.
Alarms Grouping Filter The indicator on the right of each filter turns green when you change a filter from its original state. Click the green indicator to return a filter to its default state. The different filters are: • • • • • • • • Grouping Filterview devices by grouping them using similar criteria. Network Scope Filterview alarms according to where they appear in the network tree. Alarm Severityview alarms by severity. Alarm Typeview devices by alarm type.
Grouping Filter Alarms The following views are available: • • No GroupingDisplays all alarms without grouping. • Alarm CategoryGroups alarms into alarm categories. • Alarms Sub-CategoryGroups alarms into alarm sub-categories. • Alarm TypeGroups alarms by alarm type. SeverityGroups alarms into the different threat levels to your network. Threat levels that are not sensed are not shown. Extreme AirDefense User Guide for version 10.5.
Network Scope Filter Alarms • Alarm StateGroups alarms by the state of the alarms. • Alarm StartGroups alarms by when they started. • Device TypeGroups alarms by the device type. • Device ClassificationGroups alarms based on the device classification. • ScopeGroups alarms based on where they are in the network. The highest network levels under the appliance level are displayed as the group. Clicking on a group will display the individual alarms in that group.
Alarm Severity Filter Alarms If the appliance level is selected, all the alarms for that appliance are displayed. If a floor level is selected, only the alarms on that floor are displayed. Alarm Severity Filter The Alarm Severity filter allows you to view devices by alarm severity. The severities are: • • • • • Severe - - Displays only Severe alarms. Critical - - Displays Critical and Severe alarms. Major - - Displays Major, Critical, and Severe alarms.
Alarms Alarm Type Filter You also have the option of displaying all alarm types or you may filter alarms by a specific type. The different alarm types are: • • • • • • • • • • • Anomalous Behavior Bluetooth Exploits Infrastructure Performance Platform Health Policy Compliance Proximity Reconnaissance Rogue Activity Vulnerabilities. Use the Edit button to select the alarm types that you want to display. Click the Edit button, select the alarm type(s), and then click OK.
View Filter Alarms To remove an alarm type, select (highlight) the alarm type and click the Remove button. View Filter The View filter gives you the option of viewing all alarms, new alarms, or flagged alarms. To select an option, click All, New, or the blue flag - . The option you select will be highlighted. Device Filter The Device filter is used to filter alarms by device classification, device type, and/or license status.
Alarm Lifecycle Filter Alarms In addition to or instead of, alarms can be displayed by device type: • • • • • BSS Network Device (includes APs, Sensors, Switches, and Wireless Managers) Unknown Devices Wireless Client Bluetooth Also, alarms can be displayed by license status: • • Licensed Unlicensed Select the checkbox(es) for the device classifications and/or device types that you want to display.
Alarm ID Filter Alarms • • Alarms that started 24 to 72 hours ago Alarms that started more than 72 hours ago. Select the checkbox(es) for the alarm states and/or time ranges when the alarms started that you want to display. Alarm ID Filter Use the Alarm ID to filter alarms using the alarm ID. Normally, the alarm ID can be found in things such as: • • • an email that was generated by an alarm. a SNMP notification generated by a Trap action defined in the Action Manager.
Alarms Alarm Criticality • Rogue ActivityUnauthorized Devices detected by AirDefense which pose a risk to the security of your network. • VulnerabilitiesDevices that are detected to be susceptible to attack. Alarm Criticality Alarms are assign a default criticality by ADSP. You can optionally change the default criticality of each alarm to match your environment when configuring alarms under Configuration > Operational Management > Alarm Configuration.
Alarm Actions Alarms • • The time when the alarm will expire Any notes added by a user. At the bottom of the detailed information are links that allow you to execute a function or provide more information. Link Description Clear Alarm Clear alarm works the same as Clear Alarm in the Actions menu. Disable for device Disables the alarm specifically for the device causing the alarm. If you wish to re-enable the alarm, you must go to Alarm Configuration and remove the device from the disabled list.
Alarm Actions Alarms A description of the actions are as follows: Action Description Clear Alarm Clear the selected alarm using one of the following options: • Clear Alarm (no time limit) • Clear for 1 hour • Clear for 6 hours • Clear for 12 hours • Clear for 24 hours. If you click one of the options with a time limit. The alarm is cleared for the specified time and then returns if the conditions that generated the alarm are not cleared.
Configuration Tab Search on page 494 Appliance Platform on page 495 Security & Compliance on page 536 Network Assurance on page 540 Infrastructure Management on page 562 Operational Management on page 590 Appliance Management on page 668 Account Management on page 699 Drop-down Menu Access on page 739 The Configuration tab allows you to initially set up AirDefense, configure devices for management, and perform other administrative tasks such as user and sensor administration.
Configuration Tab Search Search This feature allows you to Searches the Configuration tab for quick location of a configuration feature. To conduct a search, just start typing. 494 Extreme AirDefense User Guide for version 10.5.
Configuration Tab Appliance Platform Typing just one character will list available features related to that character. To narrow your search, type more text. Click the link for the feature to navigate to it. Appliance Platform The Appliance Platform category includes all the necessary features that are needed to initially set up AirDefense. Extreme AirDefense User Guide for version 10.5.
Appliance Licensing Configuration Tab The Appliance Platform category allows you to: • • • • Appliance Licensing - License your appliance and devices. Tree Setup - Establish a network tree. Security Profiles - Create security profiles that will initiate WIPS. Auto-Placement Rules - Define Auto-Placement rules that will automatically place devices in your network tree. • Auto-Licensing - Establish an import policy that controls how device licenses are applied during the import process.
Configuration Tab Appliance Licensing View Current License Information License information is displayed about WIPS (base license) and the following add-on modules: Note Modules are only displayed when they are installed.
Appliance Licensing • Radio Share Network Assurance License, which includes: ◦ ◦ ◦ ◦ • • • Configuration Tab Radio Share AP Test (available as a separate license) Radio Share Advanced Forensics (available as a separate license) Radio Share Connection Troubleshooting (available as a separate license) Radio Share Spectrum Analysis (available as a separate license) Vulnerability Assessment License WEP Cloaking License WLAN Management License License Status License status is determined by: • • • A gre
Configuration Tab Appliance Licensing Add Licenses To install a license, click the Add Licenses button to begin. There are three ways to install a license: • • • Using a License File on page 499 Using an Authorization Code on page 501 Requesting a License on page 502 Using a License File A license file contains information about your license. If you have a license file, select the I have a license file option and then click Next. Extreme AirDefense User Guide for version 10.5.
Appliance Licensing Configuration Tab Navigate to the file and select it. Once you have selected the licensing file, click Open. The license information is updated. 500 Extreme AirDefense User Guide for version 10.5.
Configuration Tab Appliance Licensing Using an Authorization Code To add licenses using authorization codes: 1. If you have an authorization code, select the I have an authorization code option and then click Next. Extreme AirDefense User Guide for version 10.5.
Appliance Licensing Configuration Tab 2. Enter your company name, contact name, email address, and server serial number. Click Next. 3. Enter your authorization code and then click the Add button. The authorization code is added to the New Authorization Codes list. Click Next to continue. After the license is installed, the following message is displayed: Licenses installed successfully. Requesting a License To request a license or to check if your requested license has been received: 1.
Configuration Tab Appliance Licensing Once the ID is displayed, click the Copy button to copy the ID. Download Appliance Keys You can download appliance keys to your workstation from the Licenses window. Follow these steps to download appliance keys: 1. Click the Appliance Keys button. 2. Click OK. 3. Navigate to the location where you want to save the appliance key file. 4. Click Save. License Assignments Use the License Assignments link to view which license is assigned to a device.
Tree Setup Configuration Tab The following information is displayed: • • • • • Total number of licenses Number of licenses assigned Number of licenses available Number of licenses available for reassignment List of licenses assigned to devices. Assigning a License to a Device This feature only allows you to assign a fixed license to a device. To do so, follow these steps: 1. Select a fixed license by clicking on the license name. 2. Click the License Assignments link.
Configuration Tab Tree Setup Planning Your Network Tree Your network tree automatically includes your appliance and any other appliance that you have added to your system. Each appliance can be expanded into a tree with five network levels and floors.
Configuration Tab Tree Setup UI Scope Considerations You control the scope of data you see at any time by selecting levels in the tree. If you want to view data from one area of your WLAN separately from data about the rest of the WLAN, such as different buildings/floors, you should consider how you can create network levels for that area. Then, viewing its data discretely is as easy as clicking on that node in the tree.
Configuration Tab Tree Setup Create Network Levels In Tree Setup, you add network levels by selecting an existing starting point in the tree and clicking the add child link. Any time you add a network level and an equivalent level already exists, it appears in the tree in alphabetical order. Note The menu will only display the network level that is available at the selected level. You cannot add a network level that is higher up in the network tree. Click the network level that you want to add.
Tree Setup Configuration Tab Add Floors You can add floors by selecting the building and then increasing the floor number using the Floors field. Notice in the previous screenshot there are two floors (AirDefense 1 and AirDefense 2) under the area (The Falls 1125). Floor numbers are displayed inside the Floor icon. You can delete a floor by decreasing the floor number. The last floor is always deleted first. Importing Your Network Tree You can import a tree structure using the Import button.
Configuration Tab Security Profiles You can edit existing tree structures using the Import Tree Structure button. Importing a new CSV files does not replace an existing tree structure; instead, you can use the commands add or delete at the end of an import line to incrementally add or remove scope levels from the existing tree structure. The add and remove commands must be added to each line, separated by a comma, after the Path entry.
Security Profiles Configuration Tab Modify Security Profiles You can edit, copy or delete any selected (highlighted) profile by clicking the appropriate link. To copy or edit a profile, select (highlight) the Security Profile, click the Copy or Edit link, and then make changes in any of the three tabs. Click OK to save your changes. Click the Copy settings to all appliances button to copy the defined Security Profiles and all profile assignments to all appliances in your system.
Configuration Tab Security Profiles ◦ Allow SSID broadcast to be seen in the beacon. ◦ Enable wireless client isolation. • Privacy—Enables privacy monitoring for: ◦ ◦ ◦ ◦ ◦ • Base 802.11 authentication (Open or Shared) Extended 802.11 authentication (WPA, WPA2, or Symbol KeyGuard) Advanced key generation 802.11 encryption Other encryption methods such as Cranite, AirFortress, IP-Sec, or other ethertypes. Rates—Selects transmit and receive data rates for BSSs to use.
Security Profiles Configuration Tab The Applies to SSID field specifies a SSID that the Security Profile applies to. This must be a valid SSID used in your system. The Preferences are: Preference Description Unsanctioned Wireless Clients Choose to allow unsanctioned Wireless Clients or not to allow unsanctioned Wireless Clients in your system. SSID Broadcast in Beacon Choose to allow the BSS SSID to be broadcast in its beacon or not to allow the BSS SSID to be broadcast in its beacon.
Configuration Tab Security Profiles You must check the Monitor Privacy Settings checkbox to activate the functions. The functions are: Function Description Base 802.11 Authentication Open - When this checkbox is selected, open system authentication does not actually provide authentication; it only performs identity verification through the exchange of two messages between the initiator (Wireless Client) and the receiver (wireless ).
Security Profiles Configuration Tab Function Description 802.11 Encryption Unencrypted Allowed - Select this checkbox to allow no 802.11 encryption for wireless traffic. TKIP - When selected, this enables the BSS to advertise support for Temporal Key Integrity Protocol (TKIP). WEP - When selected, causes the BSS and Wireless Client to use WEP as their encryption policy. AES (CCMP) - When selected, causes the BSS to advertise support for Advanced Encryption Standard (AES-CCMP).
Configuration Tab Auto-Placement Rules You must check the Monitor Privacy Settings checkbox to activate the settings. Select the transmit and receive data rates you want BSSs to use. Apply a Security Profile Once you have defined and added a Security Profile, you must apply it to your system Note You may select multiple Security Profiles by checking more than one checkbox. You should always apply a Security Profile at the appliance level. When you do, the profile is inherited for all the other levels.
Auto-Placement Rules Configuration Tab Auto-Placement Rules for Devices Auto-Placement rules can be used in two ways: one method is for sensors and the other is for APs and switches. • • Sensors on page 516 APs and Switches on page 516 Sensors Auto-Placement rules for sensors are applied every 20 minutes. If a rule exists, new sensors in the Unplaced Devices folder are moved into a predefined scope level. This only happens to sensors seen in your network since the last 20 minute poll.
Configuration Tab Auto-Placement Rules Note Before you can define any Auto-Placement rules, the network tree must already be configured. Add Auto-Placement Rules Follow these steps to add a new auto-placement rule: 1. Click the Add button. The new rule is added to the list of rules and is automatically selected (highlighted) in the ADD drop-down menu. Note You may optionally choose where you want the new rule to be placed by selecting a placement item from the drop-down menu. (Inset At End is the default.
Configuration Tab Auto-Placement Rules Field Description MAC Address A range of MAC addresses that the device(s) must fall within. DNS Server The DNS server that the device(s) are using. This parameter only works with sensors not APs and switches. Uses DHCP Specify whether or not DHCP is used (True or False). This parameter only works with sensors not APs and switches. Device Name The name of the device. Model Name The model number of the device.
Configuration Tab Auto-Licensing Example: autoplacement_rule,localhost,/USA/AutoPlacementTest/ Floor1,,172.17.17.0-172.17.17.19,,,,,,6.0.196.0 autoplacement_rule,localhost,/USA/AutoPlacementTest/ Floor6,,172.17.15.0-172.17.15.200,,,,,,6.0.196.0 autoplacement_rule,localhost,/USA/AutoPlacementTest/Floor 4,172.17.18.0/24,172.17.18.100-172.17.18.101, 00:16:5d:20:47:60-00:16:5d:20:47:61,172.17.0.83,disable,BASensor-240,M520,5.2.0.11.
Communication Settings Profile Configuration Tab The following rules apply: • • • • Only selected licenses (identified by a checkmark) are assigned. You can narrow the scope by selecting a network level from the network tree. A license will not be assigned if there are no available licenses. After a license assignment, the number of licenses are reduced accordingly. Click the Apply button to save your changes.
Configuration Tab Communication Settings Profile The Copy settings to all appliances button will copy Communication Settings to all appliances in your system. Note It is recommended that you do not modify the default profiles for the following reason: when you apply a profile, ADSP will search the existing profiles list for the best match, starting at the top of the list and working its way down to the bottom of the list.
Communication Settings Profile Configuration Tab The following SNMP fields can be set: Field Description Profile Name Enter a name that you want for the new profile. Once the profile is saved, its name cannot be changed when editing the profile. Enable SNMP Settings Select the checkbox to enable (default) SNMP communications settings. Versions Select V2 or V3 as the SNMP version used. Read Community Enter the Read Community string, which is used for the SNMP authentication.
Configuration Tab Communication Settings Profile The following fields must be set when using a console to interface with a device: Field Description Enable Console Settings Select this checkbox to enable Console communications settings. User The user name used to log into a device. Password The password used to log into a device. You also have an option to display passwords while typing them. Enable Password The enable password must be supplied in order to enter the enable mode.
Communication Settings Profile Configuration Tab The following fields must be set when using a web UI to interface with a device: Field Description Enable HTTP Settings Select this checkbox to enable HTTP communications settings. User The user name used to log into a device. Password The password used to log into a device. You also have an option to display passwords while typing them. Protocol The protocol used to log into a device. The available options are HTTP and HTTPS.
Configuration Tab Communication Settings Profile You should always configure Communication Settings at the appliance level. When you do, the configuration is inherited for all the other levels. Then, if you have a level that needs a different configuration, you can apply that profile to that level using the override feature. For example, if most of the network devices require a console to interface with it, you can configure the Communication Settings for console interface at the appliance level.
Communication Settings Profile • Configuration Tab Through your appliance CLI with the import command (see Import/Discover Devices for command syntax). Importing communications settings require a separate import file. You should not combine importing communications settings with importing devices. Also, when importing communications settings for a device, the device must be imported into ADSP first. Comma delimited files are used to import communications settings.
Configuration Tab Polling Examples: comm_settings,ProfileName,3,public,private,snmpV3user,snmpV3authpassphr,snmpV3privpassphr, MD5, 3DES,161,300,4,Cisco,Cisco,Cisco,SSH,22,admin,adminpassword,https,443 Note Although the above example is shown on multiple lines, all entries must be on a single line with no line breaks or carriage returns.
Configuration Tab Polling You have an option to enable polling for supported devices. When enabled, WMS automatically polls for device network status at an interval defined by a user supplied frequency value (default frequency is 1 hour). You may configure polling at the appliance network level all the way down to the floor network level, but you should always configure polling at the appliance level. Any network level below the appliance level will inherit the configuration.
Configuration Tab • • Relay Server Background switch port scanning Device configuration management (must select Audit Only - configuration from device or Template Based Configuration Management - configuration from CLI profile). If you have a Central Management license and there are multiple appliances in your system, after configuring polling, you can copy the configuration to all appliances in the system. Click the Apply button to save your changes. Click the Reset button to discard your changes.
Configuration Tab Relay Server You can copy the Relay Server configuration to all your appliances by clicking the Copy settings to all appliances button. Note You must have a Central Management license in order to copy settings to all appliances. External Relay Server After selecting the Enable configuration checkbox, you will need to set up an external (or internal) server. The screen defaults to External Relay Server. Complete the fields to set up the External Relay Server .
Configuration Tab Relay Server Import Relay Server Information Import Relay Server Information When using an external relay server, you can import relay server information using the Import Parameters button on the Relay Server bar. When you click Import Parameters, you can browse to the location of the file you wish to import. You will need to use Comma delimited files to import relay server information.
Configuration Tab Relay Server Examples: relay_params,localhost,/ ADSP,172.17.0.80,ftp,/,21,anonymous,anonymous,172.17.0.80,ftp,/,21,anonymous,anonymous relay_params,localhost,/US/Southeast/ AirDefense,172.17.0.80,ftp,/,21,anonymous,anonymous,172.17.0.80,ftp,/,21,anonymous,anonymo us relay_params,localhost,/ relay_test,172.17.0.80,tftp,/,69,,,172.17.0.85,ftp,/,21,anonymous,anonymous You have two other options available: Export Parameters and Get Template.
Configuration Tab Import/Discover Devices This displays the same window where you can make changes and click Save to save the changes. Import/Discover Devices Import/Discover Devices is used to schedule imports from one of the following sources: • • Remote file SNMP discovery using a list of networks to scan. Go to Configuration > Appliance Platform > Import/Discover Devices. Click the Add button to get started.
Configuration Tab Import/Discover Devices Available Fields for Importing Switches Using a Remote File Refer to the following table for more information: Field Description Job Name Name of your switch import job Import Source Remote File Host Host name or IP address Protocol Protocol used for communications Path Path name on the remote host User User name needed to log in Password Password needed to log in Add to appliance Appliance where you want to import device Available Fields for SNM
Configuration Tab Import/Discover Devices You can select One Time Schedule, Intra-Day Schedule, Daily Schedule, Weekly Schedule, or Monthly Schedule. Depending on the selected interval, fill in the related fields using the following table: Field Description One Time Schedule Choose a time for importing the device. Then, select a day. Intra-Day Schedule Select a time to begin importing the device. Then, select a frequency in hours.
Configuration Tab Security & Compliance Example: station,name,desc,02:02:02:02:02:02,true,sanctioned,perfprofile,secprof1;secprof2 Note The value station must always be the first field. Format: ap | name | description | mac | ip | dnsName | model Note model is optional and can be left blank. Example: ap,apname,apdesc,03:03:03:03:03:03,10.10.10.10,ap.dns.name,AP650 Note The value ap must always be the first field.
Configuration Tab Security Profiles Security Profiles Security Profiles (also part of Appliance Platform) define the security configurations of sanctioned wireless clients on your wireless LAN. Refer to Security Profilesi under the Appliance Platform topic. Wired Network Monitoring Wired Network Monitoring is used to monitor the wired network devices in your system.
Generate Alarm Policy for New Devices Configuration Tab Generate Alarm Policy for New Devices You should generate an alarm policy for new devices detected on your wired network by following these steps: After enabling monitoring, select the New device detected on the wired network checkbox. To authorize all detected devices for the first time, or at any major infrastructure change, click on the Mass Wired Network Device Classification button. The Sanction Devices dialog opens.
Configuration Tab Generate Alarm Policy for New Devices Select all the vendors you recognize as authorized and permanent for that site. (Help text is provided just above the Mass Wired Network Device Classification button.) Then, sanction devices detected at your site by clicking OK. To have a finer control over alarms about new known vendor devices and new unknown vendor devices, you can utilize the Known Vendors classification tool. Click on the Known Vendors button to display a list of known vendors.
Configuration Tab Network Assurance Network Assurance The Network Assurance category allows you to: • Configure Live RF settings to use when displaying Live RF heatmaps. This feature is only available with an Live RF license. • Create Performance Profiles that are used to create and edit network performance threshold policies for BSSs and Wireless Clients. • Set up Environment Monitoring that is used to monitor your system for unobserved devices and generate alarms for missing devices.
Configuration Tab Live RF Settings The Background analysis interval drop-down allows you to set an interval for restarting background analysis. The options are: • • • 1 minutes 15 minutes 60 minutes. The Visualizations tab is used to change the visual aspects of LiveRF. The Applications tab is used to set options that allow you to determine if you have adequate coverage for your wireless network.
Live RF Settings Configuration Tab Visualizations Visualizations configure how Live RF heat maps are visually displayed. Each visualization contains items that are identified by a color.You can view the visualizations (shown below) by selecting one from the Visualization drop-down menu. While viewing a visualization, you can change the default color of an item by clicking on the color and then selecting a new color from the color chart.
Configuration Tab Visualization Live RF Settings Default Colors Signal To Interference (Threshold inactive) Peak Data Rate (Threshold inactive) Extreme AirDefense User Guide for version 10.5.
Live RF Settings Visualization Configuration Tab Default Colors Noise (Threshold inactive) Coverage Overlap (Threshold inactive) 544 Extreme AirDefense User Guide for version 10.5.
Configuration Tab Visualization Live RF Settings Default Colors Channel Coverage (Threshold inactive) Service Counts (Threshold inactive) Applications Live RF uses applications to determine if you have adequate coverage for your wireless network. The applications have options that you can set to help you make this determination. Extreme AirDefense User Guide for version 10.5.
Configuration Tab Live RF Settings The default applications are: • • • • • Basic Wi-Fi Connectivity Mobile Handsets Video Surveillance Wireless VoIP Handsets Location Tracking. 546 Extreme AirDefense User Guide for version 10.5.
Configuration Tab Performance Profiles To set the options for each application, select the application from the drop-down menu at the top of the Applications tab next to the Add button. When an application is selected, you can select the options that you want to use and set an values for the options. The options are: Option Description Coverage (%) Specifies the percentage of your wireless network that you consider your network is covered.
Performance Profiles Configuration Tab alarm is generated if the performance thresholds for that profile are exceeded. If there are no Performance Profiles applied to your system, no performance alarms are generated. Note You should monitor new ADSP deployments for several weeks to determine normal network activity before configuring Performance Profiles. View Performance Profiles To access the Performance Profiles configuration screen, go to Configuration > Network Assurance > Performance Profiles.
Configuration Tab Performance Profiles Add a New Performance Profile Click the New Profile button to add a new profile. Define your Performance Profile using the General, Cumulative, Wireless Clients, and BSS tabs. Once you have defined your Performance Profile, click OK to save your profile or Cancel to exit without saving the profile.
Performance Profiles Configuration Tab one that is more appropriate to its function. Once you save your profile, you cannot change the name. The functions are: Function Description Short Time Slot Enabled Choose Yes to allow short time slot capability as advertised in the Beacon, which when used on a pure 802.11g deployment, improves WLAN throughput by reducing wait time for transmitter to assure clear channel assessment. Choose No to disable.
Configuration Tab Performance Profiles The thresholds are: Threshold Description New Associations Enter the maximum number of new associations per minute AirDefense will allow between a BSS and all Wireless Clients combined. Default = 20. Generally, this number should be low. Your Wireless Clients should associate with a BSS once in the morning when users log on, and rarely after that.
Performance Profiles Configuration Tab Threshold Description Management Frames Seen Enter the maximum number of management frames per minute allowed to be transmitted from all Wireless Clients combined. If AirDefense detects a greater number, it generates an alarm. Default = 0. Control Frames Seen Enter the maximum number of control frames per minute allowed to be transmitted from all Wireless Clients combined. If AirDefense detects a greater number, it generates an alarm. Default = 0.
Configuration Tab Performance Profiles Threshold Description Low Speed Frames % 802.11 protocols operate on a shared medium and use collision avoidance mechanism to access this medium. Excessive use of lower rates for transmitting frames is likely caused by stations which are either misconfigured to use lower rates or are too far from the APs to be able to support higher rates and cause alarms to be generated.
Performance Profiles Configuration Tab The thresholds are: Threshold Description Traffic Sent % Enter the maximum percentage of data per minute any Wireless Client is allowed transmit. If AirDefense detects a greater number, it generates an alarm. Default = 30. Traffic Received % Enter the maximum percentage of data per minute any Wireless Client is allowed to receive. If AirDefense detects a greater number, it generates an alarm. Default = 30.
Configuration Tab Performance Profiles Threshold Description Management Frames Received Enter the maximum number of management frames per minute any Wireless Client is allowed to receive. If AirDefense detects a greater number, it generates an alarm. Default = 0. Control Frames Sent Enter the maximum number of control frames per minute any Wireless Client is allowed to transmit. If AirDefense detects a greater number, it generates an alarm. Default = 0.
Performance Profiles Configuration Tab BSS Tab The BSS tab is where you assign thresholds for transmitting data to/from BSSs. The thresholds are: 556 Threshold Description Traffic Sent % Enter the maximum percentage of data per minute BSSs are allowed to transmit. If AirDefense detects a greater number, it generates an alarm. Default = 60. Traffic Received % Enter the maximum percentage of data per minute BSSs are allowed to receive. If AirDefense detects a greater number, it generates an alarm.
Configuration Tab Performance Profiles Threshold Description Management Frames Received Enter the maximum number of management frames per minute BSSs are allowed to receive. If AirDefense detects a greater number, it generates an alarm. Default = 0. Control Frames Sent Enter the maximum number of control frames per minute BSSs are allowed to transmit. If AirDefense detects a greater number, it generates an alarm. Default = 20,000.
Performance Profiles Configuration Tab Apply a Performance Profile Once you have defined a Performance Profile, to use it, you must apply it to your system. You should always apply a Performance Profile at the appliance level. When you do, the profile is inherited for all the other levels. Then, if you have a level that needs a different Performance Profile, you can apply that profile to that level.
Configuration Tab Environment Monitoring Environment Monitoring Environment Monitoring allows you to configure the thresholds for monitoring. If a threshold value is exceeded, an alarm is generated. You can also elect to monitor your system for unobserved devices and generate alarms for missing devices. To apply Environment Monitoring to your system, you must first select the Enable configuration checkbox. You should always monitor your system at the appliance level.
Configuration Tab Anomaly Baseline View Threshold Description Excessive Clients Wireless clients on your network are considered excessive if the specified value is exceeded. Avg. Signal Strength (dBm) The average signal strength (in dBm) of APs on your network should not exceed the specified value. BSSs per Channel The number of BSSs on any particular channel should not exceed the specified value.
Configuration Tab Anomaly Baseline View Anomalous Behavior Alarms (ABA) feature is only available for AirDefense Enterprise servers and does not require any specific license. This feature is enabled when you enable Performance Profile. ABA is calculated for sanctioned clients and BSS only. All other data is ignored. The AirDefense server flags traffic behavior that deviates significantly from observed normal behavior.
Infrastructure Management • • • Configuration Tab AP Data Frame Anomalous Behavior Bytes AP Control Frame Anomalous Behavior Bytes AP Anomalous Number of Connected MUs Infrastructure Management Infrastructure management involves: • • Defining how AirDefense interfaces with devices, and Providing information to AirDefense so that it can apply the correct regulatory rules to the domain.
Configuration Tab Device Access Devices cannot be fully managed by AirDefense until the configurations are applied. Device Access Device Access is used to specify the passwords to access devices and specify the interfaces that can be used to access devices. Note You must define how to communicate with devices. This is done under Configuration > Appliance Platform > Communication Settings.
Configuration Tab Device Access Click the Apply button to save your changes. A confirmation overlay is displayed. You have the option to save for the next update, update immediately or update later. If you choose to update later, you must supply a date and time. You can supply a description that will help identify the update later. A list of device types along with the number of affected devices that will be updated is displayed. Also, if applicable, a list of unsupported settings is displayed.
Configuration Tab Device Access The following fields are available: Field Description Encrypt Passwords and Keys on Flash Select checkbox to encrypt passwords and keys on flash. Enable Password Specify (set) the enable password. Must be supplied in order to enter the enable mode. User Accounts Specify (add) additional user accounts using the Add button. You must specify a username and password. Interfaces Tab The Interfaces tab is used to specify the interfaces that can be used to access devices.
Device Firmware Configuration Tab Device Firmware Device Firmware configuration allows you to upload new AP, Sensor, or Switch (Controller) firmware from a workstation to a network server. Once the firmware is uploaded, you can upgrade your APs, Sensors, or Switches using AirDefense. Uploaded firmware images are listed by device type, version number, and image file name. Just select (highlight) a device type to display the version number and image for that device.
Configuration Tab RF-Domain 3. Select (highlight) the upgrade file and then click Open. An Identify Firmware Image File window is displayed with the image file name identified. 4. Click OK. The firmware image is uploaded and now appears in the list of devices. It can now be used to upgrade APs or Sensors on your network. Note This symbol indicates something of special interest or importance to the reader. Failure to read the note will not result in physical harm to the reader, equipment or data.
Configuration Tab RF-Domain To configure RF-Domain, you must first select (highlight) ADSP from the tree and then enable configuration by selecting the Enable configuration checkbox. The configuration fields for each radio are: Note You should enter data for each field on one line with no carriage returns. Field Description Description Allows you to give a meaningful description for the RF domain. Address Specifies the address of the RF domain.
Configuration Tab Channel Settings You have the option to save for the next update, update immediately or update later. If you choose to update later, you must supply a date and time. You can supply a description that will help identify the update later. A list of device types along with the number of affected devices that will be updated is displayed. Also, if applicable, a list of unsupported settings is displayed. Click OK to apply changes or Cancel to abort.
Configuration Tab Channel Settings By default, Channel Settings are enabled, and are set for maximum power and automatic channel selection. The configuration fields for each radio are: Field Description Power (dBM) Enter the maximum power value (in dBm) that APs and wireless switches must have. Channel Selection Select one of three options: • AutomaticADSP automatically sets which channel is used.
Configuration Tab Radio Settings You have the option to save for the next update, update immediately or update later. If you choose to update later, you must supply a date and time. You can supply a description that will help identify the update later. A list of device types along with the number of affected devices that will be updated is displayed. Also, if applicable, a list of unsupported settings is displayed. Click OK to apply changes or Cancel to abort.
Configuration Tab Radio Settings There are three possible radio configurations: • • • B/G/N Radio A/N Radio 3rd Radio. By default, Radio Settings are enabled, and all data rates are selected for both 2.4 and 5ghz radio settings. Use the individual radio tabs to configure each radio. 572 Extreme AirDefense User Guide for version 10.5.
Configuration Tab Radio Settings The configuration fields for each B/G/N Radio and the A/N Radio are: Field Description Function Defines the radio as a Sensor or an infrastructure device (AP or wireless switch). You can also disable the radio. Select the function from the drop-down menu. Data Rates Sets the data rates for the radios. Click the Edit button to set the rates. By default, all data rates are selected. For 802.11 a/b/g, select the checkbox for each rate that you want to support.
Configuration Tab Radio Settings Field Description Max Retries Specifies the supported number of RTS retries. This can be a value between 1 and 128. The default value is 32. Preamble Specifies that the preamble is short or long. This field is not available for A/N radios. Beacon Period Specifies the supported beacon interval (period) in kilomicroseconds. The default values is 0. Max Data Retries Specifies how often to resend packets. This can be a value between 1 and 128. The default value is 32.
Configuration Tab WLAN Profiles Updates to Radio Settings are treated as jobs and are included in Job Status under Configuration > Operational Management. The description supplied in the confirmation helps identify jobs. Click the Reset button to discard your changes. WLAN Profiles Use the WLAN Profiles feature to configure the WLAN settings for devices utilizing your network. To access WLAN profiles, go to Configuration > Infrastructure Management > WLAN Profiles.
WLAN Profiles Configuration Tab You have the option to save for the next update, update immediately or update later. If you choose to update later, you must supply a date and time. You can supply a description that will help identify the update later. A list of device types along with the number of affected devices that will be updated is displayed. Also, if applicable, a list of unsupported settings is displayed. Click OK to apply changes or Cancel to abort.
Configuration Tab WLAN Profiles Complete the required fields as follows: Field Description Name Enter the profile name. Description Enter a short description of the profile. SSID Enter the Service Set Identifier (SSID) for devices. Protocol Enter the protocol that the device can use [a, b, g, n (2.4 GHz), or n (5 GHz)]. WLAN Index Enter the order in which WLAN profiles will be assigned to a sensor.
WLAN Profiles Configuration Tab Click Save when complete. The template is now displayed in the Template column. Security Tab The Security tab is where you define the security aspects of your WLAN Profile. Complete the required fields as follows: 578 Field Description Authentication Specify the type of authentication devices may use (Open, Shared, WPA, WPA PSK, WPA2, WPA2 PSK, or Legacy EAP).
Configuration Tab WLAN Profiles Field Description WEP Keys Specifies the WEP keys used to connect to the network. The WEP key may be ASCII or hexadecimal. You may also elect to transmit the WEP key. Check the Display Passwords check box to display the passwords in plain text. Use the Add button to add a new key or the Delete button to delete a key. RADIUS Servers Note: This field is displayed only when the authentication method is WPA, WPA2, or Legacy EAP.
CLI Configuration Configuration Tab You should always apply a WLAN Profile at the appliance level. When you do, the profile is inherited for all the other levels. Then, if you have a level that needs a different WLAN Profile, you can apply that profile to that level.
Configuration Tab CLI Configuration or all of the devices in your network. Devices are typically APs and switches. The following devices are currently supported: • • • • • • • • • • • • • • • • • • • • • Alcatel AL v5.x Alcatel AL-CA v5.x Aruba Aruba600 Brocade BR v5.x Brocade BR51X1 Brocade BR71X1 Brocade BRX000 Cisco Autonomous 12x0/11x0 Extreme Networks AP35X0 Extreme Networks AP47X0 Extreme Networks EX v5.
CLI Configuration Configuration Tab To create a new profile: 1. Select one of the supported CLI configurations from the CLI Configuration drop-down menu. The selected profile is accessed. Note You can reduce the list of supported devices to only the devices in your system by selecting the Only show device type in system checkbox. 2. If you want to add a new profile at the appliance level, select the appliance level and then select the Enable configuration checkbox.
Configuration Tab CLI Configuration 3. Click New Template. The template for the selected CLI Profile is displayed. In the following image, the AP7131 template is displayed. 4. Enter a name for the profile. 5. Decide if you want to reboot the device and write configuration updates to the startup configuration, or not reboot and write configuration updates to the running configuration. Then, select the radio button reflecting your choice. 6. Update the CLI commands to match your criteria.
CLI Configuration Configuration Tab A good practice is to apply a CLI profile to the appliance level. This profile should be generic as possible to fit a wide range of devices in your network. Then, if you have any special considerations, apply CLI profiles to individual network levels that must meet your predefined special configurations. To apply a CLI profile, follow these steps: 1. Select one of the supported CLI configurations from the CLI Configuration drop-down menu.
Configuration Tab CLI Configuration 4. Click Apply to save the configuration. A confirmation dialog is displayed. Note If you decide not to save the configuration, click Reset to discard any changes/updates and refresh the screen's display. The device type and the total count of affected devices are displayed. 5. Decide if you want to save this update to be included in the next update, update immediately, or schedule the update for another time. Then, select your option. 6.
CLI Configuration Configuration Tab AirDefense can update a new default configuration or an existing configuration of a device by manipulating the displayed configuration file and its CLI command set. This CLI command set represents a template that can be applied to other related devices or just a single . The template has placeholders for providing variable values for full or partial device configurations. The placeholders follow a syntax convention defined by AirDefense.
Configuration Tab CLI Configuration Use the Variables section to define configuration variances unique to the specific device parameters listed. For example, highlight the Gateway parameter and click under the Device Value column to display a field used to assign a unique Gateway address to this specific profile. Select and assign new default values as needed for each available profile.
Command Run and Log Configuration Tab [WLAN_RADIO_CHANNEL_EXPANSION] is an expansion variable that includes configuration information from WLAN Profiles, Radio Settings, and Channel Settings. The Status column displays the status of the variable (inherited, overridden, or removed). • Inherited - Variable is inherited from a higher network level. The inherited level is displayed in this field. • • Overridden - Variable is overridden at the current network level.
Configuration Tab Command Run and Log The commands are applied to all devices in the selected scope. The scope may be any network level or floor. To select a scope, just select a scope from the Scope drop-down menu. Each command must be on a line by itself. If a command requests a confirmation from a device, AirDefense will respond Yes. You may import an updated configuration from device(s) after a command has run successfully. Just select the Import checkbox.
Operational Management Configuration Tab You can view the log of another device by selecting the device from Devices drop-down menu. The Copy to Clipboard button copies the log contents to the clipboard. The Cancel button exits the log. Operational Management The Operational Management category includes features that apply to the normal operations of AirDefense. The Operational Management category allows you to: • • • • • Automatically respond to alarms in your system with a predetermined action.
Configuration Tab Alarm Action Manager Alarm Action Manager Alarm Action Manager allows you to automatically respond to alarms in your system with a predetermined action called an Action Rule. By automating your response to certain alarms, you are free to concentrate on other administrative task. You may define as many Action Rules as you need to manage your network. Action Rules are added to the Alarm Action Manager to define an action (response) to an alarm. Multiple actions may be assigned to a rule.
Alarm Action Manager Configuration Tab In the Action Rule field, give your action rule a name and select the Enable profile checkbox to enable the action rule. The Action Rule Template window has four tabs that are used to define an Action Rule: Alarms, Actions, Advanced Filter, and Description. Use each of these to configure the action rule. Alarms Tab The Alarms tab is where you identify the alarms that you want to generate for your Action Rule.
Configuration Tab Alarm Action Manager Actions Tab The Actions tab is where you define the actions for your Action Rules Actions are divided into the following three categories: • • • Notifications - Generates an email or a report if certain conditions are met. WIPS Mitigation - Mitigates a WIPS condition according to the selected action. Info Gathering - Executes one or more actions to gather information about your system. Each category has actions specific to it.
Alarm Action Manager Configuration Tab The following fields should be filled: Field Description To Specifies the email address of the recipient. From Specifies the email address of the sender. Subject Gives a short description of the email. Format Specifies a format in which to send the email. Choose a format from the drop-down menu. 594 Extreme AirDefense User Guide for version 10.5.
Configuration Tab Alarm Action Manager Field Description Priority Specifies a priority for the email. Choose a priority from the dropdown menu. Send email options There are two options to send email: • Send email on alarm active - Send email on active alarms. • Send email on alarm active, clear and expire - Send email on active alarms, cleared alarms, and expired alarms. Report The Report action runs a specific report if the conditions defined in the filter are met.
Configuration Tab Alarm Action Manager The following configuration fields are available: Field Description Report Type Specifies the type of report to run by selecting a report from the drop-down menu. Scope Increase factor Specifies the number of network levels to expand the scope. A value of 1 means only use the floor level. A value of 2 means use the floor and the floor's parent, and so forth. Run immediate for previous Executes the action immediately for the previous hours, days, or weeks.
Configuration Tab Alarm Action Manager The Scope Increase Factor option specifies the number of network levels to expand the scope. A value of 1 means only use the floor level. A value of 2 means use the floor and the floor's parent, and so forth. Port Suppression The Port Suppression action is used to suppress communication between unauthorized devices and switches on your network. To select the Port Suppression action, select WIPS Mitigation > Port Suppression from the Search Actions menu tree.
Alarm Action Manager Configuration Tab There are two options to configure: Scope Increase Factor and Device Limit. The Scope Increase Factor option specifies the number of network levels to expand the scope. A value of 1 means only use the floor level. A value of 2 means use the floor and the floor's parent, and so forth. The Device Limit option specifies a device limit. For instance, if you specify a device limit of 10 and more than 10 devices are connected to the port, the action will not be performed.
Configuration Tab Alarm Action Manager When Pair Termination is selected (the default state) and one of the following alarms is generated, the offending pair of devices are terminated: • • • • • • Ad-Hoc Connection between Sanctioned Stations Ad-Hoc Networking Extrusion Detected Sanctioned Client Association to Unsanctioned Virtual WiFI Unauthorized Roaming Unsanctioned Client Associated to Sanctioned Client running Virtual Wi-Fi Wireless Client Accidental Association.
Alarm Action Manager Configuration Tab 3. Select the check box for Policy-based Air Termination system. 4. Click the Apply button. SNMP Trap The SNMP Trap action sends an SNMP notification to your SNMP server if the conditions defined in the filter are met. To select the SNMP Trap action, go to WIPS Mitigation > SNMP Trap and then select SNMP Trap from the Search Actions. Note Before you can use the SNMP Trap action, you must enable SNMP trap.
Configuration Tab Alarm Action Manager Field Description Transport Specifies the desired transport protocol. Choices are: • UDP: User Datagram Protocol • TCP: Transmission Control Protocol. Hint: Typically, UDP is the transport for SNMP traps. However, TCP can be useful for tunneling the traps over Secure Socket Layer (SSL). Max Queue Size Specifies the maximum queue size for the notification. Choose a size from the drop-down menu.
Configuration Tab Alarm Action Manager The following field is available: Field Description Profile Select a test profile from the drop-down menu. The Edit button can be used to modify the test profile. See Scheduled AP Tests on page 400 in The Menu chapter for details on how to schedule both automated and on-demand tests for APs.
Configuration Tab Alarm Action Manager The following configuration fields are available: Field Description Frame Capture Limits the scope of the frame capture to a Sensor or a Device. Frame Count Limit Limits the total amount of frames to capture. Time Limit Specifies a time duration for the Frame Capture to run. You must enter x amount of minutes or hours. File Name Prefix Specifies a prefix for the file name. The prefix is added to a number sequence to make up the file name.
Configuration Tab Alarm Action Manager Vulnerability Assessment Note Vulnerability Assessment requires a Vulnerability Assessment license for access. The Vulnerability Assessment action runs an vulnerability assessment using the specified profile if the conditions defined in the filter are met. To select the Vulnerability Assessment action, select Info Gathering > Vulnerability Assessment from Search Actions.
Configuration Tab Alarm Action Manager Data Collection The Data Collection action automatically corrects configuration compliance violations when the conditions defined in the filter are met. To select the Data Collection action, select Info Gathering > Data Collection from the Search Actions. There is only one option: Automatically correct configuration compliance violations.
Configuration Tab Alarm Action Manager There are no configuration options for Live RF / Floor Plan. Spectrum Analysis Note Spectrum Analysis requires a Spectrum Analysis license for access. The Spectrum Analysis action runs a regular Spectrum Analysis or an Advanced Spectrum Analysis using the specified profile if the conditions defined in the filter are met. To select the Spectrum Analysis action, select Info Gathering > Spectrum Analysis from the Search Actions.
Configuration Tab Alarm Action Manager The following fields are available: Field Description Time Limit Places a time limit on how long the Spectrum Analysis will run. File Name Prefix Defines a prefix for the Spectrum Analysis file. You may add to the prefix if you want to. Spectrum Settings Only used in regular Spectrum Analysis. These are the same Spectrum Settings described under Spectrum Settings. Advanced Spectrum Settings Only used in Advanced Spectrum Analysis.
Alarm Action Manager Configuration Tab The following fields should be filled: Field Description Server Address Specifies the IP address of your Syslog server. Syslog Port Specifies the port you want to use for Syslog Notifications. Facility Specifies a Syslog Facility which is an information field associated with a Syslog message. It is defined by the Syslog protocol. The intent of the facility is to provide an indication as to what part of the system the Syslog message originated.
Configuration Tab Alarm Action Manager Field Description Format Specifies the format of the notification. At this time, the only option is Syslog. Email Send Time Specifies when to send the email by selecting one of the following conditions: • On Alarm Activation • On Activation, clear or expire • Every x amount of minutes or hours. Priority Map The Priority Map enables you to change the name of the default priorities to an alternate selection.
Alarm Action Manager Configuration Tab Filter List The Filter List lets you build an alarm filter from two or more conditions. To start a Filter List, click the Filter List radio button. Start off selecting when the filters (When statement) will be used. There are four options: • • • • All - All of the selected conditions must be met (logical 'and' operation). Any - One or more selected conditions must be met (logical 'or' operation).
Configuration Tab • • • • • • • • • • • • • • • • • • Alarm Action Manager DeviceManufacturer DeviceModel DeviceName DevicePolledID DevicePolledSSID DeviceProtocol DeviceSSID DeviceSensedID DeviceSensedSSID DeviceSerial DeviceType DeviceVendorPrefix SensorIP SensorMAC SensorName SignalStrength WatchList WiFiDirect. When a filter is selected, an Edit button is displayed.
Configuration Tab Alarm Action Manager Click the drop-down menu to select the type of comparison. This will vary according to the selected filter.
Configuration Tab Alarm Action Manager You can have up to 25 filters. Click the Add Another button to add additional filters. You can remove a filter by clicking the X next to the filter. Expression Editor The Expression Editor allows you to build a filter using expressions. An expression is made up of a field, operator (parentheses or quotation marks), and a value. The filters are the same as the ones used in the Filter List. The operators (parentheses and quotation marks) are: ! Logical NOT operator.
Configuration Tab Alarm Action Manager Wildcard matching any character NOT IN Opposite of IN. Condition does not exist within the filter value. You can use AND/OR or parentheses to create complex expressions. The filter is selected from a drop-down menu while the operators (parentheses and quotation marks) are selected by clicking on them. The filter values vary depending on the filter just like in the Filter List. You may type in part or all of the expression.
Configuration Tab Alarm Action Manager Type a description and then click Save or Save and Close. Apply an Alarm Action Manager Template Once you have defined an Alarm Action Manager template, to use it, you must apply it to your system. To apply a template, you must first select the Enable configuration check box. Note You may select multiple Alarm Action Manager templates by checking more than one check box. You should always apply an Alarm Action Manager template at the appliance level.
Alarm Configuration Configuration Tab Manager template, you can apply that template to that level. For example, in the above screen shot, the Alarm Action Manager template for the appliance is the Action_Manager-Corporate template and then for a special case (in the following screen shot) you could override the Alarm Action Manager template at the ADSP level and apply the Action_Manager-Guest template to the Sanctuary Park network level.
Configuration Tab Alarm Configuration Each alarm type is broken down into sub-types and then the actual alarm. The alarm types are: • Anomalous Behavior - Devices that operate outside of their normal behavior settings and generate events that could indicate anomalous or suspicious activity. • Bluetooth - Bluetooth monitoring is an unique capability in AirDefense for 24x7 monitoring of Bluetooth devices in Enterprise environments.
Alarm Configuration Configuration Tab When an alarm is selected, the alarm configuration options are displayed on the right. You can view more information about an alarm by clicking the View Expert Help link. This will display another window where you can view the following alarm information by clicking the appropriate link: • • • • Summary - A summary description of the Alarm. Description - More detailed description of the alarm and what the likely cause is of the alarm.
Configuration Tab Alarm Configuration Option Description Duration An active alarm means that at least one condition occurred that triggered the alarm, and the condition still holds true. When the condition of the alarm no longer holds, the alarm will remain visible for an amount of time called the Alarm Duration. Although you can customize the alarm duration, the default values are recommended.
Alarm Configuration Configuration Tab wherever the feature is implemented. Synchronizing Accounts has a good example of how the synchronization feature works.) Note You must have a Central Management license in order to use the Check Synchronization feature. Anomalous Behavior Alarms Behavior Alarms track atypical device behavior based on a long term forensic baseline of devices at that site.
Configuration Tab Alarm Configuration malicious user with basic computer skills, a laptop, and a CD drive can obtain various sets of open source tool kits which will transform the laptop into a fully configured wireless attack platform. As time has progressed these tools kits have become increasingly easier to use while offering an increasingly sophisticated toolset. The bottom line is the wireless attack tools have become accessible to a broader range of users.
Alarm Configuration Configuration Tab on a per device basis. Each trap includes a message defining the significant event and optional varbinds that provide additional information related to the event. Each infrastructure device includes settings for enabling a specific trap or group of traps, where the trap(s) should be forwarded and what community string should be used to allow the management station to process the trap (similar to a password).
Configuration Tab Alarm Configuration • Security - Security events are based on wireless network security SNMP traps received from infrastructure devices. The alarms in this category indicate that a security-related event has occurred as detected by an infrastructure device. Wireless controllers and APs that have been dedicated as 'detectors' periodically scan the wireless network for neighboring APs, possible rogue devices, wireless intrusions and active wireless attacks.
Alarm Configuration Configuration Tab These connectivity tests can be run automatically or manually. The AP test uses the deployed sensors as a wireless station to connect to an AP and validate the available resources. The test validates wireless authentication, encryption, DHCP, ACL, firewall testing, general network connectivity and application availability testing. • Configuration/Compatibility - 802.
Configuration Tab Alarm Configuration Platform Health Alarms Platform Health Alarms alert you to events that provide information about the state of the AirDefense Services Platform and the Sensors which report back to the appliance. Platform Health Alarms are broken down into the following three sub-types: • License Manager - License events provide information about the features and functionality in the AirDefense that require a license to operate.
Alarm Configuration • Configuration Tab Environment - Environmental events allow for monitoring of generic operation wireless network activities. These events could have an impact on enterprise compliance, security and performance requirements. ADSP Environment policy compliance includes alarms that alert you to Wi-Fi Direct devices that are violating your network compliance policy. Wi-Fi Direct is peer-to-peer networking which may present issues with corporate networks controlling Wi-Fi Direct devices.
Configuration Tab Alarm Configuration life applications of the capability include: Geofencing, Prioritized Device Tracking, and Wi-Fi Device Inventory. Alarm Library To view a list of Proximity Alarms for each alarm sub-type, go to Configuration > Operational Management > Alarm Configuration, open Proximity, and then open the alarm sub-type to see all the alarms associated with the sub-type.
Alarm Configuration Configuration Tab Alarm Library To view a list of Reconnaissance Alarms for each alarm sub-type, go to Configuration > Operational Management > Alarm Configuration, open Reconnaissance, and then open the alarm sub-type to see all the alarms associated with the sub-type. Rogue Activity Alarms Rogue Activity Alarms alert you to devices participating in unauthorized communication in your airspace.
Configuration Tab Alarm Configuration Alarm Library To view a list of Rogue Activity Alarms for each alarm sub-type, go to Configuration > Operational Management > Alarm Configuration, open Rogue Activity, and then open the alarm sub-type to see all the alarms associated with the sub-type. Vulnerabilities Alarms Vulnerabilities Alarms alert you to weaknesses that are not actively exploited, but have been detected in the airspace. Weaknesses can potentially be exploited by both active and passive methods.
Client Types Configuration Tab security concern entails the broadcast or multi-cast wired traffic which the AP bridges into the air in clear text. All devices within range of the AP can passively listen to this traffic and gain information about network configuration, routing, and the devices on the wired network. This is problem is compounded when the AP is placed on a VLAN which has user systems NetBios traffic that can reveal a great deal about the networked devices.
Configuration Tab Device Action Manager Manage Client Types To manage Client Types: 1. Click the New button to add a new client type. 2. Select an icon by choosing an icon from the Set Icon drop-down menu, type in a new name in the Name New Type field, and then click OK. A new Client Type is created. 3. To edit a client type select (highlight) the client type and then click the Edit button. You can change the client type icon or the client type name. 4.
Configuration Tab Device Action Manager The Device Action Manager table displays one rule per row using the following columns: Column Description Assignment Specifies if a template defining a rule is marked for use. Template Name The name of the template defining a rule. Once a template is added to the Device Action Manager, you can edit, copy, or delete it by selecting (highlighting) a template and then clicking on the appropriate link that appears to the right of the template.
Configuration Tab Device Action Manager There are three things that you must do to define a Wireless Client / BSS / Unknown Devices Rule Set: 1. Name the rule set. 2. Select and define at least one filter. You may have up to ten filter. Click the Add Another button to add additional filters. Each added filter adds an and statement. 3. Select and define at least one action. You may have up to five actions. Click the Add Another button to add additional actions. A rule set may have one or more rules.
Device Action Manager Configuration Tab The When statement works together with an If statement matching a filter with a value.
Configuration Tab • • Device Action Manager WatchList WiFiDirect. Important In DeviceActionMgr, the filters order within the rule are order dependent. For example, if you want create a rule to sanction BSSs, the first filter would be DeviceType=Include BSS (this would ignore all clients), then DeviceManufacturer and then SSID. If you are using LIKE or ILIKE the % sign is a wildcard. (LIKE or ILIKE can also be used for wildcards.
Configuration Tab Device Action Manager Click the drop-down menu to select the type of comparison. This will vary according to the selected filter. The type of comparison may be: = Is equal to != Is not equal to < Is less than <= Is less than or equal to MAC Range Range to pick up MAC address.
Configuration Tab Device Action Manager You can remove a statement by clicking the X next to the statement. Actions You may specify one or more actions to run when certain conditions are met as defined by the filter(s). Valid actions are: • • Classify Devices - Classifies devices using the filter(s) to determine which devices are to be classified. • • • Set Client Type - Sets the Client Type for Wireless Clients as defined in the filter(s).
Device Action Manager Configuration Tab When an action is selected, an Edit button is displayed. Click the Edit button to configure the action. Configuration will be different for each type of action. For example, selecting Classify Devices as your action displays the following dialog window. Classify Devices allows you to classify devices as: Sanction (Inherit Profiles), Unsanctioned, Neighboring, or Sanction (Assign Profiles).
Configuration Tab Device Action Manager You can remove an action by clicking the x next to the action. Click the Save and Close button to save the rule set and exit the window. Add an Infrastructure Device Rule Set The Infrastructure Device Rule Set window is where you add an Infrastructure Device Rule Set or edit an existing Infrastructure Device Rule Set. Extreme AirDefense User Guide for version 10.5.
Device Action Manager Configuration Tab Basically, the Infrastructure Device Rule Set works the same as the Wireless Client / BSS / Unknown Devices Rule Set with differences in the filters and actions.
Configuration Tab • • • • Device Action Manager DevicePolledIP DeviceSensedIP DeviceSerial DeviceVendorPrefix. Actions The available actions for the Infrastructure Device Rule Set are: • Clear active alarm for active devices - Clears any active alarm if the conditions defined in the filter(s) are met. • Frame Capture - Monitors and analyzes real-time data traffic flow from devices in your wireless LAN and saves the data in a file if the conditions defined in the filter(s) are met.
Configuration Tab Device Age Out You should always apply a Device Action Manager template at the appliance level. When you do, the profile is inherited for all the other levels. Then, if you have a level that needs a different Device Action Manager template, you can apply that template to that level.
Configuration Tab Job Status You may set an age out value for any of the following devices: • • • • Unsanctioned BSSs Ad-Hoc BSSs Unsanctioned Wireless Client Unknown, unsanctioned devices. Values are specified in hours or days with a minimum of 1 hour and a maximum of 7 days. If you enter an illegal value, the field is highlighted by a red box. After specifying an age out value, if that value is exceeded, the device will no longer be displayed in the Network tab but it will still be seen by forensics.
Configuration Tab Job Status Job statuses are displayed in table format with seven columns. Column Description Type The job type. Description A description of the job. This information is collected when a user inputs a description when confirming an update. User The name of the user who initiated the job. Status Gives status information such as scheduled jobs, jobs completed successfully, jobs in progress, jobs that have failed, etc. Start Time The date and time the job started.
Configuration Tab Location Based Services Location Based Services Use Location Based Services (LBS) to customize how frequently devices within specific locations are performing RF scans. For example, you may want to use a short frequency such as seconds to track high priority client devices, but use a lower frequency for tracking APs. For each device type, you will need to create and assign an LBS profile.
Location Based Services Configuration Tab A LBS Profile consists of Client Based Settings and Global LBS Settings configuration. • • Client Based Settings on page 646 Global LBS Settings on page 649 Client Based Settings Select the Client Based Settings tab to define your LBS profile. Use the Copy Settings button to copy the configuration of the selected Client type configuration to other client types. For more information see Copy Settings on page 646.
Configuration Tab Location Based Services When finished selecting, click Copy Settings to copy the settings and return to the previous dialog box. Set Client Type Priorities Use the Set all client type priorities button to set the default priorities for the different client types. Click the Set all client type priorities button to display a list of client types. On this screen you can select which client types you want to track and prioritize the devices in order of importance.
Location Based Services Configuration Tab When finished, click Set Priorities to set your selected priorities and return to the previous dialog box. Use the Reset button to reset your priorities to their previous settings.
Configuration Tab Location Based Services Location Tracking Settings Define the Client Based Settings for your LBS profile using the following fields found in the Location Tracking Settings tab: Field Description Select all Sources Select the type of source to use (Wi-Fi Zones or Wi-Fi Positioning). Enable all Virtual Region Events Identifies which of the available virtual region events the given device can trigger: Enter, Exit, Proximity, and/or Contained.
Location Based Services Configuration Tab Click Apply to save your changes. A confirmation is displayed the bottom of the screen: Set Different Profile If you have a level that needs a different LBS profile, you can apply a different profile to that level. The Override settings option is available when you select (highlight) a network level below the appliance level. Use the Expand button beside the AirDefense appliance icon to reveal the other levels. 650 Extreme AirDefense User Guide for version 10.
Configuration Tab Location Based Services For example, in the above screen shot, the LBS profile for AirDefense shows as the Default_LBS_Profile. In the left column you have selected the Country1 level and you can use the Override settings option and apply the New_LBS_Profile profile. Click Apply to save your changes. Note Updates to LBS profiles are treated as jobs and are included in Job Status under Configuration > Operational Management. Extreme AirDefense User Guide for version 10.5.
Location Subscriber Profiles Configuration Tab Location Subscriber Profiles Use Location Subscriber Profiles to define subscriber profiles used in Proximity and Analytics. The profile specifies information for connecting to a third party application. Existing profiles are displayed in the table below the row of buttons. You can edit, copy or delete any selected (highlighted) profile by clicking the appropriate link.
Configuration Tab Location Subscriber Profiles You have the option to save for the next update, update immediately or update later. If you choose to update later, you must supply a date and time. You can supply a description that will help identify the update later. A list of device types along with the number of affected devices that will be updated is displayed. Also, if applicable, a list of unsupported settings is displayed. Click OK to apply changes or Cancel to abort.
Location Subscriber Profiles Configuration Tab Add a New Location Subscriber Profile To add a new Location Subscription Profile: 1. Click New Template to add a new profile. 2. .Name your Location Subscriber Profile in the Subscriber Name field and use the following tabs to define the profile: • • • • Connection Settings Location & Region Events Presence Events RSSI Data. Note These tabs are described in detail in the following sections. 3. Click Save and Close to save the profile and exit.
Configuration Tab Location Subscriber Profiles The Connections Settings tab is divided into two parts: subscriber information (required) and proxy settings (optional). The subscriber information supplies the information needed to make the connection to the third party application. Subscriber information includes the following fields: Field Description Subscriber Push URL Supplies the IP address (192.168.1.1:1234) or domain name (example.com:1234) used to connect to a third party application.
Location Subscriber Profiles Configuration Tab Field Description Username A valid username used to authenticate a user to the proxy. Password The password of the user used for authentication. You may select the Display Password checkbox to reveal the password. Location and Region Events Use the Location & Region Events tab to stream location and region events to a third party application.
Configuration Tab Location Subscriber Profiles Field Description Select all Client Types Filters streaming by client types. You may select all client types by selecting Select all Client Types, or you may select one or more client types separately. When a client type is detected, location and region event information for that particular client type is sent to the third party application. Filter by Wireless Clients Filter streaming using the MAC address of one or more Wireless Clients.
Location Subscriber Profiles Configuration Tab Field Description Select all Client Types Filters streaming by client types. You may select all client types by selecting Select all Client Types, or you may select one or more client types separately. When a client type is detected, presence event information for that particular client type is sent to the third party application. Filter by Wireless Client Filter streaming using the MAC address of one or more Wireless Clients.
Configuration Tab Pending State - Audit You should always apply a Location Subscriber Profile at the appliance level. When you do, the profile is inherited for all the other levels. Then, if you have a level that needs a different Location Subscriber Profile, you can apply that profile to that level.
Sensor Only Settings Configuration Tab Folders with a checkmark identify that folder as having devices that in a pending state. Devices with a checkmark identify that the marked device is in a pending state. You have the option to save for the next update, update immediately or update later. If you choose to update later, you must supply a date and time. You can supply a description that will help identify the update later using Job Status under Operation Management.
Configuration Tab Sensor Only Settings Existing profiles are displayed in the table below the row of buttons. You can copy, edit or delete any selected (highlighted) profile by clicking the appropriate link. To copy or edit a profile, select (highlight) the Sensor Only Settings profile, click the Copy or Edit link, and then make your changes. Click Save to save your changes.
Sensor Only Settings Configuration Tab Add a New Sensor Settings Profile Click the New Template button to add a new profile. Define your Sensor Settings profile using the following fields are: Field Description Primary Appliance Specifies the IP address of the primary appliance. Secondary Appliance Specifies the IP address of the secondary appliance. Sensor Admin Password Specifies the admin password for your Sensors. Supplying this password is mandatory.
Configuration Tab Sensor Only Settings Field Description Enable FIPS mode FIPS Level Encryption is disabled by default. FIPS level encryption is generally not needed.If you want to use FIPS level encryption, select the checkbox. This setting controls the https encryption level between the Sensor and the browser. When selected, the Sensor will only allow AES encryption to the browser (Sensor UI). Only browsers that support this type of encryption will be able to connect to the Sensor UI (e.g.
Configuration Tab Sensor Operation then for a special case (in the following screen shot) you could override the Sensor Only Settings Profile at the ADSP level and apply the Sensor_Settings_Profile_AD profile to the AirDefense 2 floor. Note The Override settings option is available when you select (highlight) a network level below the appliance level. Use the Expand button to reveal the other levels. Click the Apply button to save your changes. Click the Reset button to discard your changes.
Configuration Tab Sensor Operation Use the Scan Settings and ASA In-Line Settings tabs to configure Sensor Operation. You can copy Sensor Operation configurations to all your appliances by clicking the Copy settings to all appliances button. Note You must have a Central Management license in order to copy settings to all appliances. To save any configuration changes, click the Apply button. Clicking the Reset button resets all options back to their original settings.
Sensor Operation Configuration Tab The appliance level can be expanded to show the lower levels. If a lower level is selected from the tree, its scan settings are displayed on the right. If the scan settings are inherited from a parent level, the options are read only and grayed-out. If the scan settings are overridden, the options have read/write permission and can be edited. All tree levels that do not inherit the same settings as the selected node are displayed with gray text.
Configuration Tab Sensor Operation Feature/Function Description Enable Location Tracking RSSI Scan Devices can report RSSI scan data to ADSP. This option allows you to use that data in location tracking. Once this option is selected, you can adjust the location tracking refresh rate from 1 to 60 seconds. The optimal rate is 1 second. (You must have a Proximity and Analytics license before this option is visible.
Appliance Management Configuration Tab ASA In-Line Settings The ASA In-Line Settings tab is used to configure sensor settings for Advanced Spectrum Analysis. These settings are for the ASA In-Line based scan, not for the Dedicated scan. There are four settings: two for 2.4 GHz band and two for 5GHz band. The values in the fields are the default settings. Normally, these levels are fine for normal use and should not have to be changed. Threshold (dBm)—This is the master level control for ASA scanning.
Configuration Tab Appliance Settings Appliance Settings Use the Appliance Settings window to specify information needed by your appliance and to enable key system features. Important You must be a user with read/write access to the System Configuration functional area to use this feature. To access this window, go to Configuration > Appliance Management > Appliance Settings. Function Description Port Set the UI Port. This setting configures the system port for access to ADSP.
Configuration Tab Backup / Restore Status Function Description Policy-based Air Termination System Enabled Policy-based Air Termination is an automated version of Air Termination. This feature enables you to formulate an Action Plan to automatically terminate the connection between your wireless LAN and any associated authorized or unauthorized or Wireless Client, based on alarms. Yes: Click this radio button to enable Policy-based Termination at the system level. No: (Default).
Configuration Tab Certificate / Key Validation The top section displays status information about backups. The bottom section displays status information about configuration restores, synchronization, clear information, and upgrade information. The following status information is displayed: • • • • A green checkmark indicates that the backup/restore was successful. A red circle containing an exclamation mark indicates that the backup/restore was unsuccessful.
Certificate / Key Validation Configuration Tab There are three types of verifications for either appliance communications or third party communications. They are: • • • Verify master certificate against trusted certificates Verify hostname against certificate Check certificate revocation. Select the appropriate checkbox for each type of verification that you want to check. If the Check certificate revocation checkbox is selected, the OCSP Responder fields are activated.
Configuration Tab Certificate Manager To add a public key: 1. Click the Add Key button. 2. Type in the name of the other server. 3. Select the type of public key that you want to add (SSH-RSA or SSH-DSS). 4. Paste the public key into the Key field.
Certificate Manager Configuration Tab the AirDefense appliance. Certificates install into the AirDefense appliance and are sent by the appliance directly to your browser. Important AirDefense recommends using a security certificate for every AirDefense appliance in your network. Furthermore, we recommend that you replace the pre-installed security certificate from AirDefense with either a self-signed certificate or a root-signed certificate. AirDefense supports the X.
Configuration Tab Certificate Manager Certificate Types Every AirDefense appliance comes with an AirDefense certificate. However, there are three other certificates available; each represents a different level of security. • • • Self-signed certificate Root-signed certificate SSL certificate. The following table describes each of the certificate types: Certificate Description AirDefense Certificate The AirDefense certificate represents a minimal level of security.
Certificate Manager Configuration Tab ◦ Validation period stating when the certificate became valid and when it ends ◦ Certificate fingerprints. Sharing Certificates AirDefense has a Central Management feature that allows you to monitor more than one appliance. In this situation, there will be a master appliance and a slave appliance. In order for this scenario to take place, you will need to share certificates between the master and the slave appliance.
Configuration Tab Certificate Manager The procedure to sharing certificates in the default state is: Note This procedure assumes that you have added a certificate using the procedures under Add Certificates. 1. 2. 3. 4. Access the Certificate Manager. In the Appliance field, select the slave appliance. Type in the certificate password and then click View Certificates. Click the Share Appliance Certificate button.
Certificate Manager Configuration Tab 6. Click the Share button. 7. Click OK. 8. On the master appliance, access the Trusted Certificate tab. 9. In the Appliance field, select the master appliance. 10. Type in the certificate password and then click View Certificates. 11. Click the Import New button. 12. Browse to CA certificate and select it. 13. Click OK. 14. Restart the master appliance. 15. On the slave appliance, access the Trusted Certificate tab and then repeat steps 9 through 13. 16.
Configuration Tab Certificate Manager 2. Send the CSR to a Certificate Authority (CA) and get certificate files. 3. Import the certificate files received from the CA. Generate Certificate Signing Request To generate a Certificate Signing Request (CSR), do the following: 1. Click the Generate Request button. A window opens for you to confirm that you want to download the CSR. 2. Click OK. A window opens for you to save your request. 3.
Certificate Manager Configuration Tab Once you give the CA the information from the generated file, they will give you instructions on how to proceed, probably an email message. You will have to save the certificate files somewhere on your workstation such as your Desktop. There should be three certificates: • • • Intermediate Root SSL which is the tomcat certificate. Importing Certificate Files from CA 1. Click the Import New button. The Import New Certificate window displays. 2.
Configuration Tab Certificate Manager 3. Navigate to the Intermediate certificate, select (highlight) it, and then click the Open button. The file name should now display in the Select field. 4. Type in a name for the certificate. 5. Click OK. 6. Repeat Steps 1 to 5 to import the Root certificate. 7. Repeat Steps 1 to 5 to import the SSL certificate. Note The name for the SSL certificate defaults to tomcat. You cannot change this name. 8. Click OK.
Certificate Manager Configuration Tab 2. Click the Browse button to open the Select file to upload window. 3. Navigate to the trusted certificate, select (highlight) it, and then click the Open button. The file name should now display in the Select field. 4. Type in a name for the certificate. 5. Click OK. Update Certificate Information This topic discusses the process to update certificate information for certificates already stored in your appliance.
Configuration Tab Certificate Manager To change the certificate's default information: 1. Click the Update button to display the Update Appliance Certificate window. The following table describes the certificate information fields that can be modified: Field Description Name The hostname you assigned the AirDefense appliance. Department Name The department in which the AirDefense administrator is a member. Company Name The name of your company. City The city in which your company is located.
Configuration Backup Configuration Tab Change Certificate Password The Certificates window has a default password (security). You should change this password to a more secure password. To change the password: 1. Click the Change Password link. 2. Type the new password in the Password field. 3. Type the new password again in the Confirm field. 4. Click the OK button.
Configuration Tab Configuration Backup How Backups Work • • All backups, scheduled or on-demand, create a backup file in /usr/local/smx/backups. • If an on-demand backup is done to the desktop, the system performs a regular backup to /usr/ local/smx/backups first and then copies that file to the desktop. • If a scheduled backup is done to a remote device via SCP or FTP, the system performs a backup to /usr/local/smx/backups first and then copies that file to the remote system.
Configuration Backup • Configuration Tab NEVER direct a backup to /usr/local/smx/backups on a standby server. This will prevent synchronization from working properly. Manual Backups You can manually back up your server configuration to your workstation by following these steps: 1. Click the Backup Now button to display the Backup Ready window. 2. Click the Download button to open a window where you can select your destination directory (folder). 3.
Configuration Tab Configuration Backup Automatic Backups Automatic Backups backs up your system configuration to your ADSP appliance. Note Do not configure the automatic backup time and the automatic synchronization time with the same values. To schedule automatic backups, follow these steps: 1. Enable automatic backups by clicking the Enable Configuration Backup Scheduling checkbox to place a checkmark in the box. 2. Type in a name for the backup in the Job Name field. 3.
Configuration Clear Configuration Tab Field Description Password The password used to log in on the destination server. Verify Server Certificate/Key Verifies that the server certificate (HTTPS connections) or server key (SCP and SFTP connections) is valid. Retries The number of times to retry the backup if a failure occurs. The maximum number is 5.
Configuration Tab Configuration Clear Option Description Clear System Configuration Clears all system configuration data. This encompasses everything except what is covered by the other options. There are three other options associated with this option. • Clear Policy Configuration - Clears all policy configurations that you have changed. If you select this option, the Sensor and Device configurations will be automatically selected.
Configuration Restore Configuration Tab Configuration Restore You can restore a backup configuration that you backed up to your workstation. To do so, follow these steps: 1. Navigate to Configuration > Appliance Management > Configuration Restore. 2. Click Replace to open a window where you can select the directory (folder) where your configuration was backed up. 3. Navigate to the directory where your configuration was backed up and select the backup file. 4. Click Open to select the file.
Configuration Tab Download Logs Download Logs You can download configuration files that were automatically backed up to your ADSP server to your workstation. Once the backed up configuration is on your workstation, you can restore it. (See Configuration Restore. ) To download a configuration, follow these steps: 1. Navigate to Configuration > Appliance Management > Download Logs. 2. Select if you want to download a backup that exists on your appliance and/or the system logs. 3.
Configuration Tab Download Logs 8. Click Next. The configuration is downloaded to the selected directory and a status window is displayed confirming the download. 9. Click Close. Forensic and Log Backup To enable automatic forensics backup, click the Enable Automatic Forensics Backup checkbox to place a checkmark in the checkbox. To enable this automatic log backup, click the Enable Automatic Log Backup checkbox to place a checkmark in the checkbox. Fill in the fields described in the table below.
Configuration Tab Download Logs Field Description Host The name of the server where you want to back up forensics or log files. This can be an IP address or a DNS name defined by your DNS server. Port The port number to use during the backup. Protocol The file transfer protocol to use for backing up forensics or log files. Path The directory (folder) where to place the backup on the destination server. User The username used to log in on the destination server.
Configuration Tab Language Interval Action Weekly Schedule Choose a frequency in days. Then, select a day or multiple days to conduct the backup by clicking the checkbox next to the day to place a checkmark in the box. Monthly Schedule Choose the months that you want to run a backup by clicking the checkbox next to the month(s) to place a checkmark in the box(es). Then, select a day of the month to conduct the backup. Last, specify a time of day.
Configuration Tab Login / SSH Banners To activate, select Enable Pre-Login Banner checkbox. The * (Please enter text) field is available to enter text that users will see before logging into AirDefense. Text can be entered in HTLM or text format. Click Apply to save the pre-login banner. Login Banner The Login Banner tab is provided for ADSP users who wish to add their own customized agreement banner which will be shown each time users log into the system. To activate, select Enable Login Banner field.
Configuration Tab Redundant Appliance Sync The following configuration options are available for customizing the Login Banner. Function Description At initial login... Enter the actual startup agreement text in this area; this text is what will appear when the ADSP application is first opened. Note: This text can be entered in HTML or text format. Approve button label Enter the actual text that will appear for the approve button on the Startup Agreement window.
Configuration Tab Redundant Appliance Sync server to your secondary server so that the two servers have the same configuration. Configuration settings from the primary server will override any configuration settings on the secondary server. How Synchronization Works • • Synchronization will not work if there is no backup file or if there is a backup in progress.
Configuration Tab Redundant Appliance Sync 3. Enter the port number of the primary server in the Port field. 4. Enter the username in the Username field that allows you to log in on the primary server you are synchronizing with. Note It is a good practice to setup an admin account (using the same username and password) on both the primary and secondary server. 5. Enter the password in the Password field that allows you to log in on the primary server you are synchronizing with. 6.
Configuration Tab Account Management Appliance Replacement Considerations Replacing an appliance should be done in such a way that no data is lost during the transition. Following these recommendations will help prevent data loss: • Scheduled jobs should be included when backing up an appliance before synchronization. This will save you valuable time when restoring the backup on a new appliance. Unless you have backed up your scheduled jobs, you will have to recreate them on the new appliance.
Configuration Tab Account Access • • Delete user accounts (Delete link). Synchronize user accounts (Check Synchronization button). Note You must be an Admin User to use the Account Access feature. To access this feature, go to Configuration > Account Management > Account Access. New User Account Select the New User Account option from the drop-down menu to display the New User Account page.
Configuration Tab Account Access Add or Edit User Accounts Click the New User Account button to access the New User Account overlay. Use the following table to configure the user account: Field Description Username The account name of the user. Full Name Enter a formal name of the user, if desired. Description Enter a description of the user account, if desired. Extreme AirDefense User Guide for version 10.5.
Account Access Configuration Tab Field Description Authentication Select Local if the user will use Local Authentication. Select Remote if the user will use Remote Authentication. Select Remote with local fall back if the user will use Remote Authentication with local fall back. Note: At least one Administrator should be set to Local Authentication to avoid getting locked out of the system if a WLAN link is disconnected. When adding a remote user, Remote Authentication must be set up first.
Configuration Tab Account Access Field Description Lock after x days inactivity Check this checkbox if you want to lock the account after x amount of days of no use. Select the Show Passwords checkbox to reveal passwords. Change password at next logon Check this checkbox if you want to force the user to change password at the next logon. Select the Show Passwords checkbox to reveal passwords. Feature Permissions Limits users to specific functions within ADSP.
Configuration Tab Account Access Field Description Functional Roles Gives access to the following Functional Roles: • Security - Manage security alarms • Platform Monitoring - Manage the alarms that monitor the platform (system) • Locationing - Manage the alarms triggered by Location Based Services • Performance Monitoring and Troubleshooting - Manage the alarms that monitor platform (system) performance and alarms generated by troubleshooting features such as AP Test • Infrastructure Management - Mana
Configuration Tab Account Access AirDefense has four default role types with different levels of access to its functionality. • • Admin - Gives users read/write permission to all functional areas. Guest - Gives users read permission to Alarm Management, Reporting, Analysis Tools, and Connection Troubleshooting. No access is provided for the other functional areas. • Helpdesk - Gives users read/write permission to Connection Troubleshooting. No access is provided for all other function areas.
Account Access Configuration Tab Capabilities for the individual functional areas are: Functional Area Capabilities (use of) Device Tuning • Setting annotations • Device profile configuration (existing) Alarm Management • • • • • • Appliance Management Access to all settings under current appliance management, with the exception of functional areas covered by System Configuration Alarm Criticality Configure the scale of an alarm's criticalness.
Configuration Tab Account Access Functional Area Capabilities (use of) Vulnerability Assessment • On-demand or scheduled Vulnerability Assessment • Vulnerability Assessment profiles Connection Troubleshooting Troubleshooting tools AirDefense also tracks some functionality by account, regardless of role, such as keeping track of private vs shared reports and logging appliance activity. Functional Roles There are four functional roles for users: • • • • • Security - Manage security alarms.
Configuration Tab Account Access Use the following table to configure the user account: Field Description Group Name Enter the name of the group account. Description Enter a description of the group account, if desired. Disable group login Disable the current login group. Test Authentication Test remote user authentication using LDAP or RADIUS. Enter a user's username and password. Then, click the Test button. If the credentials are valid, you will receive a pass message.
Configuration Tab Account Access is briefly displayed (top-right area if overlay) to confirm the account addition. AirDefense will alert you to any errors. You can display more information about the error by clicking on the error message. Click the X in the top-right corner to close the New Group Account overlay panel. Edit, Copy, or Delete User Accounts Roll over the account and click the copy link (shown below) to copy an account.
Configuration Tab Local Authentication Note You must have a Central Management license in order to use the Check Synchronization feature. With a Central Management license, you can use the Check Synchronization feature to check all the accounts on all your managed appliances and list the differences. You then have the option of synchronizing selected appliances or synchronizing all appliances. Click Check Synchronization to see if all accounts on all appliances in your system are in sync.
Configuration Tab Password Reset Field Description Max Login Attempts The maximum amount of login attempts before a user is locked out of an account. You must also specify if the account is locked within a time limit or no time limit. Password must be changed after The number of days a password can be used before it expires. Once x days expired, users are required to change passwords.
Configuration Tab Remote Authentication Field Description Old Password Enter your current password here. New Password Enter your new user password here. Verify Password Enter your new password here again. After entering your password information, click the Apply button to save your changes. Click the Reset button to discard any changes. Remote Authentication Remote Authentication is used authenticate users by using the password stored on a RADIUS or LDAP server.
Configuration Tab Remote Authentication Note If you encounter problems, contact your LDAP administrator. He/she can advise you on how to fill in the fields. If you can, use an LDAP browser (https://www.ldapadministrator.com/ download.htm) to login and browse. This will allow you to test your settings to see if they are right. There should also be errors in the LDAP server log that give more details on the problem.
Remote Authentication 714 Configuration Tab Field Description Shared Secret Enter the shared secret password for the RADIUS server. You can make passwords viewable by selecting the Display Passwords checkbox. This option only displays for RADIUS servers. Timeout Enter a timeout value for authentication. This option only displays for RADIUS servers. Retries Enter the number of times to retry authentication. This option only displays for RADIUS servers.
Configuration Tab Remote Authentication Field Description Use LDAP for ... This field is displayed if LDAP is chosen for the Type field. Select this checkbox if you are using external group based authentication. If checked, more fields are displayed. • Server type - For now, Active Directory is the only option. The information supplied in the other four fields are used in group identification for the Active Directory server type. • Search Base - Enter a string to find your domain name in the directory.
Configuration Tab User Preferences After the entering the Remote Authentication data, click the Apply button to save the configuration. The configuration name is now displayed in the list on your left. If you highlight (click) a name in the list you can edit the fields for that configuration. You may also delete any highlighted configuration by clicking the Delete button. You can change the order of configuration preference using the Move Up or Move Down button.
Configuration Tab User Preferences Default View Select the default view when logging into AirDefense. The following views are available: • • • • Dashboard tab Network tab Alarms tab Configuration tab. Auto Refresh AirDefense application data is automatically refreshed according to the refresh rate that you specify. The following rates are available: • • • • No auto refresh - Turn off automatic refresh. 10 minute refresh - Automatically refresh AirDefense data every 10 minutes.
Configuration Tab User Preferences When viewing devices in the Network tab, the row of any device that is considered inactive will have lighter text than active devices. Copy MAC Formats Copy MAC Formats allows you to specify the formats you can use when copying a MAC address for a device in ADSP. You may select any or all of the following formats: • • • • ff:ff:ff:ff:ff:ff ff-ff-ff-ff-ff-ff ffff.ffff.ffff ffffffffffff Once set, when you copy a device's MAC address, you will have a choice of formats.
Configuration Tab User Preferences Click OK to save your changes. Show Job Initiation Message Dialogs You have option of displaying a message dialog when initiating certain jobs.
Automatic Configuration of WLAN Infrastructure Devices • Configuration Tab Show Backup Download Job Initiation Message Dialog - Displays the following dialog window when a backup download job is manually initiated: In all four cases, you are given the option of not showing the message again. You can also view the job status by clicking the OK, Go to Job Status button, or by navigating to Configuration > Operational Management > Job Status if you wish to view the job status later.
Automatic Configuration of WLAN Infrastructure Devices Configuration Tab The Auto-Connect feature is specifically designed to get un-configured APs into AirDefense as Sensors. After a successful DNS lookup, the un-configured AP attaches to AirDefense. AirDefense must then have the correct RF-domain setting for the final placement location of the newly added AP and a Sensor-only policy configured before it will automatically re-configure the AP device to work as a Sensor.
Automatic Configuration of WLAN Infrastructure Devices Configuration Tab ◦ SFTP or FTP traffic between the device and the Relay server (can be same system as the AirDefense appliance) ◦ SFTP or FTP traffic between AirDefense and the external relay server when one is used. Setup Prerequisites 1. Enable SNMP Trap reception on the ADSP appliance: a. From the ADSPadmin utility on the appliance console, select C for Config then SNMP for Enable/ Disable SNMP trap reception. b.
Configuration Tab Automatic Configuration of WLAN Infrastructure Devices For example, for deployments of just WiNG 5.1 devices, you would uncheck all default profiles but the WiNG 5.x Default. Note Leaving all profiles checked will not prevent the zero touch feature from working but it will slow down the process. d. Add a new profile which uses the non default production credentials that the infrastructure will have after completion of the zero touch configuration.
Automatic Configuration of WLAN Infrastructure Devices Configuration Tab 4. Setup network device configuration action: a. The system must be enabled to allow configuration push to the new infrastructure devices. To set this up, go to Configuration > Appliance Platform > Polling. b. Enable the following settings: • • • Automatically Correct Configuration Compliance Violations Device Configuration Management Template Based Configuration Management 5.
Automatic Configuration of WLAN Infrastructure Devices Configuration Tab Note For devices which require password change at first login, this is the password the system shall use when rotating the password. Also, it should match the console and the "http" password for the production communication profile. d. Specify the interfaces to be used. If using SNMP access, specify read and write community passwords. e. Click Apply to save changes. Extreme AirDefense User Guide for version 10.5.
Configuration Examples Configuration Tab 7. Set up CLI configuration push. a. Set up a CLI template to push the configuration to the device. This template can include just a few lines of code to set the device as a sensor or can include a complete configuration to set and configure all parameters on the device. To create a configuration template, go to Configuration > Infrastructure Management > CLI Configuration and select the specific device type of interest. b.
Configuration Tab Configuration Examples 5. Add a CLI profile using the default AP7131 device type (or other device type) as a template and apply the profile to the floor the device is located on. a. Go to Configuration > Infrastructure Management > CLI Configuration. b. Select WiNG v5.x from the CLI Configuration drop-down menu. c. Select a floor for the device. Note The floor should already exist. If it does not, use tree setup to create it (Configuration > Appliance Platform > Tree Setup). d.
Configuration Examples Configuration Tab h. Click Apply. 8. Ensure that the device firmware is current. (Configuration > Infrastructure Management > Device Firmware). If firmware is not current, update it. 9. Create a Radio Settings configuration for the AP-7131 and apply it to the floor the device is placed. You must include some data rates. Note ADSP automatically sets up a default Radio Settings profile. Only follow these steps, if you want to use your own settings. a.
Configuration Tab Configuration Examples the General tab, enable data collection and enable configuration. For SNMP, set version to v2c with proper read/write community information. Under Console tab, add the same user you have for device access and enable password information so that ADSP can talk to the AP-7131 . Now ADSP can communicate with the AP-7131. a. Go to Configuration > Appliance Platform > Communication Settings. b. Select the floor. c. Select Override settings. d. Enter SNMP information. e.
Configuration Examples Configuration Tab 6. Enable SNMP on the device and verify that you can execute snmpwalk from the server. You will need the IP address and community string for the device. To verify SNMP connectivity, from the server, run the following command against your target device: snmpwalk -v2c -c . 7. Add a CLI profile using the default Cisco Autonomous 12x0/11x0 device type (or other device type) as a template. a. b. c. d. e. f. g.
Configuration Tab Configuration Examples h. Enable SNMP and enter passwords for the Read/Write community. Then, enter password for a Trap Destination including your server IP address. Note You must also add the Trap Community and destination to get traps on your server. This can be done from the server CLI: ADSPadmin > Config > SNMP Enable. i. Click Apply. 10. Ensure that the device firmware is current. (Configuration > Infrastructure Management > Device Firmware). If firmware is not current, update it.
Configuration Examples Configuration Tab 16. If necessary, configure the Communication Settings so what ADSP can communicate with the device. HTTP is only used for Airwave and WLSE devices so this is not needed for Cisco devices. On the General tab, enable data collection and enable configuration. For SNMP, set version to v2c with proper read/write community information.
Configuration Tab Configuration Examples If the properties page of a device that inherits this folder level is accessed, the defined variables are displayed from the folder level. In this case, the CLI profile (ProfileX) is not merged with the CLIVars Profile since there is no CLIVars. The result of this scenario is that these settings are defined at the CLI Profile level and inherited straight from their definition at the folder level. Extreme AirDefense User Guide for version 10.5.
Configuration Examples Configuration Tab Scenario B ProfileX is defined at the folder level but modified at the device level (override a named profile) or (inherit profile but edit variables) as follows: 1. Information is inherited from ProfileX. a. HOSTNAME=Test-Hostname b. GATEWAY=172.17.1.1 2. Make some changes. a. HOSTNAME=TestDevice b. GATEWAY is cleared to null After the modification, the variables that are not null (empty string) are saved and applied at the device level.
Configuration Tab Configuration Examples The result of this combination will result in the HOSTNAME coming from the CLIVars and the GATEWAY coming from the CLI Profile (ProfileX) Scenario C ProfileX and ProfileY are defined at the folder level but modified at the device level (override a named profile) or (inherit profile but edit variables) as follows: 1. Information is inherited from ProfileX. a. HOSTNAME=Test-Hostname b. GATEWAY=172.17.1.1 2. Set override and make some changes. a.
Configuration Examples Configuration Tab 3. Save changes. 4. Now set back to inherit either ProfileX or ProfileY (any other profile). In this case (as in Scenario B), these values were set at the device level. Override was removed and the device was set to inherit again. You might expect Step 2 of this example to be reset to Step 1. This is not the case.
Configuration Tab Configuration Examples Custom CLI Example This example shows how to use custom CLI variables. Note Customization of device values from ADSP requires expert knowledge of what each configuration parameter does and how making changes to those values will affect the device being modified. The following conditions are assumed: • • • A non-default CISCO VLAN configuration is used.
Configuration Examples Configuration Tab 3. The following screen shot shows how it is used: a. The variable $[CustomVLAN] is inserted directly into the CLI profile that is applied to a device. b. When $[CustomVLAN] is first entered into the profile, it becomes available for use in the Variables section as CustomVLAN. This is where you enter the custom VLAN value. 4. To complete this VLAN customization example for the Cisco 1230 AP, the following modifications need to be made: a. interface Dot11Radio0.
Configuration Tab Drop-down Menu Access 6. As with all customizations, you should test it in a lab environment before putting it into production. Configuration Notes AirDefense 9.x WS2000 upgrade will only occur if the relay server is accessible from subnet1. Drop-down Menu Access Drop-down menus are located throughout AirDefense. Whenever a device or network level is displayed, it has an associated drop-down menu. You can access the drop-down menu to get details on functions and properties.
DevicesDrop-down Menu Configuration Tab The drop-down menu for APs contains the following functions: Function Description Alarms Accesses the Alarms tab where you can view the alarms for the selected AP. See Alarms Properties Opens the Properties overlay for the selected AP. Upgrade Upgrades the firmware for the selected AP. (For more information, see Upgrade Devices.) Rename Opens a dialog window to rename the selected AP. Move Moves the selected AP to another network level (floor).
Configuration Tab DevicesDrop-down Menu APs - Properties You can view the properties of an AP by clicking the drop-down menu button and clicking Properties. The following information is displayed: Field Description Name The name of the AP. Description A description of the AP. Last Audit The date and time of the last audit. Host Address IP address of the AP. Flagged Flag an AP that you want to bring attention to. In compliance / Not in compliance Status of the last compliance audit.
DevicesDrop-down Menu Configuration Tab You can view and/or override the AP configuration by selecting: • • • • • • • • • CLI Configuration on page 580 Channel Settings on page 569 Device Access on page 563 Radio Settings on page 571 RF-Domain on page 567 Relay Server on page 529 Communication Settings Profile on page 520 WLAN Profiles on page 575 WLAN Profiles on page 575—Display valid licenses for APs. These configuration settings (or profiles) are all located in the Configuration Tab on page 493.
Configuration Tab DevicesDrop-down Menu The drop-down menu for BSSs contains the following functions: Function Description Alarms Accesses the Alarms tab where you can view the alarms for the selected BSS. See WLAN Profiles on page 575 Properties Opens the Properties overlay for the selected BSS. Rename Opens a dialog window to rename the selected BSS. Remove Removes the selected BSS from your network. (See WLAN Profiles on page 575 for more information.
Configuration Tab DevicesDrop-down Menu The following information is displayed: Field Description Name The name of the BSS. Description A description of the BSS. Classification The classification of the BSS: Sanctioned, Unsanctioned, or Neighboring. Annotations The annotations specified for the BSS: Flagged or Bridged. Observed Data Data that AirDefense observed about the BSS. You can filter the observed data by entering significant text in the Search field.
Configuration Tab DevicesDrop-down Menu The drop-down menu for Wireless Clients contains the following functions: Function Description Alarms Accesses the Alarms tab where you can view the alarms for the selected Wireless Client. See Alarms on page 477 for more information. Properties Opens the Properties overlay for the selected Wireless Client. Rename Opens a dialog window to rename the selected Wireless Client. Remove Removes the selected Wireless Client from your network.
DevicesDrop-down Menu Configuration Tab Function Description Client Type Client Type appears in the menu only when a Wireless Client is sanctioned. As default, Wireless Clients are assumed to be laptops, displaying a laptop icon. This menu item allows you to differentiate phones and hand-held devices from laptops in ADSP.
Configuration Tab DevicesDrop-down Menu Function Description Terminate Opens the Termination options so that you can terminate the connection of the Wireless Client to your network. (See Terminate on page 800 for more information.) Copy MAC Copies the MAC address of the selected Wireless Client for later use. Wireless Clients - Properties You can view the properties of a Wireless Client by clicking the drop-down menu button Properties.
DevicesDrop-down Menu Configuration Tab You can view and/or override a Wireless Client's configuration by selecting: • • Performance Profiles on page 547 Security Profiles on page 509. These configuration settings (or profiles) are all located in the Configuration Tab on page 493. If you make changes, click Save to save them. Click the Delete Device button to delete a device from your network. Click the Close button - X to close the Properties overlay.
Configuration Tab DevicesDrop-down Menu Function Description Rename Opens a dialog window to rename the selected Sensor. Move Moves the selected Sensor to another network level (floor). (See Move Devices on page 466 for more information.) Remove Removes the selected Sensor from your network. See Remove Devices on page 466 for more information. Action Details Displays a table listing specific actions that are occurring to devices seen on your WLAN.
Configuration Tab DevicesDrop-down Menu The following information is displayed: Field Description Name The name of the Sensor. Description A description of the Sensor. Host Address The IP address of the host. Flagged Flag a Sensor that you want to bring attention to. Observed Data Data that AirDefense Services Platform observed about the Sensor. You can filter the observed data by entering significant text in the Search field. The scope of the Sensor is shown under the Scope tab.
Configuration Tab DevicesDrop-down Menu There are three configurable sections: • • • IPv4 on page 751 IPv6 on page 751 DNS on page 751 IPv4 Field Description Use DHCP Select the checkbox to enable DHCP, short for Dynamic Host Configuration Protocol, which is a protocol for assigning dynamic IP addresses to devices in a network. IP Address Manually enter a static IP address for the Sensor. Net Mask Manually enter the subnet to which the Sensor belongs.
DevicesDrop-down Menu Configuration Tab Wireless Switch Drop-down Menu The Wireless Switch drop-down menu contains functions that you can apply to the selected Wireless Switch. Click the drop-down menu button next to the Wireless Switch name to display the dropdown menu. The drop-down menu for Wireless Switches contains the following functions: 752 Function Description Alarms Accesses the Alarms tab where you can view the alarms for the selected Wireless Switch.
Configuration Tab DevicesDrop-down Menu Function Description Port Lookup Scans MAC Addresses to view a list of switch ports. See Port Lookup on page 784 for more information. Forensic Analysis Opens the Forensic AnalysisBasic window for the specified Wireless Switch. See Forensic Analysis-Basic on page 370 for more information. Direct Connect Accesses the user interface (UI) for the selected Wireless Switch. Copy MAC Copies the MAC address of the selected Wireless Switch for later use.
Configuration Tab DevicesDrop-down Menu Field Description In compliance / Not in compliance Status of the last compliance audit. Click the Managed Configuration button to display the Wireless Switch configuration. Click the Generated Configuration button to display a generated configuration for a Wireless Switch. The generated configuration is the same configuration sent to a relay server to configure a Wireless Switch.
Configuration Tab DevicesDrop-down Menu The drop-down menu for Wired Switches contains the following functions: Function Description Alarms Accesses the Alarms tab where you can view the alarms for the selected Wired Switch. See Alarms on page 477 for more information. Properties Opens the Properties overlay for the selected Wired Switch. Upgrade Upgrades the firmware for the selected Wired Switch. See Upgrade Devices for more information.
Configuration Tab DevicesDrop-down Menu Wired Switch - Properties You can view the properties of a Wired Switch by clicking the drop-down menu button and clicking Properties. The following information is displayed: Field Description Name The name of the Wired Switch. Description A description of the Wired Switch. Host Address The IP address of the Wired Switch. Flagged Flag a Wired Switch that you want to bring attention to.
Configuration Tab DevicesDrop-down Menu If you make changes, click Save to save them. Click the Delete Device button to delete a device from your network. Click the Close button—X to close the Properties overlay. Unknown Devices Drop-down Menu The Unknown Devices drop-down menu contains functions that you can apply to the selected Unknown Device. Click the drop-down menu button next to the Unknown Device name to display the dropdown menu.
Configuration Tab DevicesDrop-down Menu Function Description Live View Opens the Live View window for the selected unknown device; allows you to analyze current WLAN activity on the device. Port Lookup Opens the Port Lookup window where you can locate the physical port where the Unknown Device is accessing your network. Terminate Accesses the Terminate options so that you can terminate the connection of the Unknown Device to your network.
Configuration Tab DevicesDrop-down Menu You can view and/or override a Unknown Device's configuration by selecting: • • Performance Profiles Assignments Security Profiles Assignments. These configuration settings (or profiles) are all located in the Configuration Tab on page 493. If you make changes, Save to save them. Click the Delete Device button to delete a device from your network. Click the Close button X to close the Properties overlay.
Configuration Tab DevicesDrop-down Menu Function Description Readiness Test Validates that the WLSE device is management ready (that is, it can be manage through ASDP). You are alerted of problem areas. (See Readiness Test on page 787 for more information.) Action Details Displays a table listing specific actions that are occurring to devices seen on your WLAN. Direct Connect Accesses the user interface (UI) for the selected WLSE device.
Configuration Tab DevicesDrop-down Menu Alarms related to the WLSE are shown in the Alarms tab. The Actions button can be used to perform one of the listed functions on a selected (highlighted) alarm. You can view and/or override an WLSE's configuration by selecting Communication Settings. These configuration settings are all located in the Configuration Tab on page 493. You can display valid licenses for a WLSE by selecting License. If you make changes, click Save to save them.
Configuration Tab DevicesDrop-down Menu Function Description Move Moves the selected AirWave device to another network level (floor). See Move Devices on page 466 for more information. Remove Removes the selected AirWave device from your network. See Remove Devices on page 466 for more information. Readiness Test Validates that the AirWave device is management ready (that is, it can be manage through ASDP). You are alerted of problem areas. See Readiness Test on page 787 for more information.
Configuration Tab DevicesDrop-down Menu The following information is displayed: Field Description Name The name of the AirWave Switch. Description A description of the AirWave Switch. Last Audit The date and time of the last audit. Host Address The IP address of the AirWave Switch. Flagged Flag a AirWave Switch that you want to bring attention to. In compliance / Not in compliance Status of the last compliance audit.
Device Functions Requiring More Explanation Configuration Tab Device Functions Requiring More Explanation The device functions discussed here are drop-down menu functions that operate on devices and require more details on how to use them. Depending on the device, these functions may or may not appear in the drop-down menu. They are: • • • • • • Live View Locate Port Lookup Readiness Test Spectrum Analysis Terminate.
Configuration Tab Device Functions Requiring More Explanation You can either start the monitoring session and suspend the Spectrum Analysis, or cancel the Live View session. Live View consists of four main categories of information: • • • • Data Connections Devices Frames. Common Area The common area holds the menus and buttons that are common to the Live View window. It is located at the top of the window.
Device Functions Requiring More Explanation Menu Configuration Tab Option Description Settings Opens the Live View Settings popup window where you can set options for your Live View sessions. (See Live View Settings on page 767 for more information.) Edit Filters Opens the Live View Filter popup window where you can set options to filter data. (See Live View Filters on page 768 for more information.) Schedule Frame Capture Schedule a Frame Capture session using the scheduler.
Configuration Tab Device Functions Requiring More Explanation Buttons Button Description Starts a Live View session. Stops a Live View session. Freezes a Live View session. The data in the window freezes but Live View keeps collecting data to display later after you unfreeze the session. Click the Freeze button again to unfreeze the session. Opens the Live View Filter popup window. where you can set options to filter data. (See Live View Filters on page 768 for more information.
Configuration Tab Device Functions Requiring More Explanation Setting Description Capture Control Frames Sets the Live Monitoring sessions to capture control frames. If selected, you can also truncate control frames to a specific number of bytes or have no truncation. Capture Data Frames Sets the Live Monitoring sessions to capture data frames. If selected, you can also truncate data frames to a specific number of bytes or have no truncation.
Configuration Tab Device Functions Requiring More Explanation Frames may be filtered by any of the following methods: Method Description Devices To filter Live View frames by devices, go to the Devices tab and check Filter frames by device. Select any of the following conditions: • Any Address • Source • Destination • BSSID • A1 (RX) • A2 (TX) • A3 • A4 For every condition that you select, you must specify a MAC address.
Configuration Tab Device Functions Requiring More Explanation Method Description Channel Filters To filter by channels, go to the Channels tab and check Filter frames by channel. Deselect the channels that you do not want to display. You may filter out a whole category of channels or individual channels. Rates Filters To filter by transmission rate, go to the Rates tab and check Filter frames by rate. Deselect any rate that you do not want to display.
Configuration Tab Device Functions Requiring More Explanation The Data tab focus can be changed by changing the view. Depending on the view that is selected different charts are displayed. There are four available views: View Description Summary Provides a summary of frame data using the following charts: • Traffic By Transmitter Authorization • Retry • Traffic By Rate • Traffic By Channel • Devices By Authorization. This is the default view.
Configuration Tab Device Functions Requiring More Explanation To remove a chart, click the Remove button associated with the chart. Once you have customized the display to fit your needs, click the Save Changes button to save your arrangement. The customized view is saved on your ADSP server. Now, whenever you access Live View, you can access your customized arrangement. This is true even if you are accessing the GUI on another workstation.
Configuration Tab Device Functions Requiring More Explanation Options are provided to display devices with broadcast frames, devices with multicast frames, or both. Just select the checkbox for the option you want. The Data Frames and Bytes fields display the count of data frames and bytes. If more than 50,000 frames have been captured during the Live View session, only the most recent 50,000 frames are displayed.
Device Functions Requiring More Explanation Configuration Tab Options are provided to show all devices, only BSSs, Wireless Clients, or Wired Clients. If more than 50,000 frames have been captured during the live monitoring session, only the most recent 50,000 frames are displayed. The Export button can be used to export device data to a CSV file. Just browse to a folder (directory) to save the file in, type in a name, and click the Select button. The name of the file is displayed in the File field.
Configuration Tab Device Functions Requiring More Explanation Column Description SSID Lists the Service Set Identifiers. An SSID is a 32-character unique identifier attached to the header of packets sent over a WLAN. The SSID acts as a password when a mobile device tries to connect to the BSS (Basic Service Set.) Channel Lists the WLAN channel that the device is operating on. Channel Extension Lists the WLAN channel extension that the device is operating on.
Configuration Tab Device Functions Requiring More Explanation The captured file is stored in either/or, at times, both of the following directories: /usr/local/smx/pcaptiures OR /usr/local/smx/pcaptures/saved. You can switch to the frames view by clicking the Frames View 776 Extreme AirDefense User Guide for version 10.5. button.
Configuration Tab Device Functions Requiring More Explanation Click the Data Table button to switch back to the table view. If more than 50,000 frames have been captured during the live monitoring session, only the most recent 50,000 frames are displayed. Frames data is displayed as follows: • • • Frames table (located on top) Hex values for a selected frame (located on bottom left) Decodes for a selected frame (located on bottom right).
Device Functions Requiring More Explanation • Configuration Tab Rearrange columns by clicking on a column heading and dragging it to a new position. When a frame is selected (highlighted), the frame data is shown in the hex values and decodes areas. The decodes area shows the 802.11 interpretation of the frame data in a tree structure. The hex values area and decodes area are linked so that selections in one area will follow the selections in the other.
Configuration Tab Device Functions Requiring More Explanation Live View automatically saves session frame data in a temporary file on your ADSP server. You can save the temporary file to a permanent file on the server or to a file on your workstation. To save a file, first stop the session (click Stop button or select Session > Stop) and then select File > Save to display the Save Frame Capture popup window. To save the file on your workstation: 1. Select the Save locally radio button. 2. 3. 4. 5.
Configuration Tab Device Functions Requiring More Explanation To schedule automatic frame captures, follow these steps: 1. Decide how often you want to run the frame capture by selecting One Time Schedule, IntraDay Schedule, Daily Schedule, Weekly Schedule, or Monthly Schedule from the drop-down menu. 2.
Configuration Tab Device Functions Requiring More Explanation There are four additional fields in the Advance Schedule Frame Capture window. The steps to set a schedule are the same except you need to set the additional fields. There is a Capture Size Limit (frames) field where you can set a limit on how large the captured frame file can grow. The three other fields are used to truncate the captured frame file for captured: • • • Capture Management Frames Capture Control Frames Capture Data Frames.
Configuration Tab Device Functions Requiring More Explanation ◦ Three (minimum) AirDefense compatible sensors per map loaded. Importing Maps To use the built-in Location Tracking feature, you will need to import a map first and place the sensors at their specific locations. Note Each map can be loaded by floor. You may have to re-arrange the sensors to accommodate a map for each floor. You will also need a minimum of three sensors per map. Note A map can only be linked to sensors on the same floor.
Configuration Tab Device Functions Requiring More Explanation desired floor plan and select Open. The map is then displayed. Scale the image as directed and click Next: Add to floor when you are satisfied with the image. Important The Floor Plan single dimension limit (width or height) is 8192 pixels while the total pixel count (width x height) limit is 8,000,000 pixels.
Device Functions Requiring More Explanation Configuration Tab Clicking the Refresh button will refresh the Floor Plan. If the device has moved, you will see its new position in the Floor Plan. The Floor Plan is also refreshed automatically (unless turned off) using Menu > Auto Refresh. The available refresh rates are: • • • 30 seconds 1 minute 5 minutes. You can place your cursor over the tracked device to display statistics and information about the device.
Configuration Tab Device Functions Requiring More Explanation If the device you select is a Wireless Client, the following window displays: The following table provides detail on the Switch Port Lookup window's functions and features. Function/Feature Description Search Scope A drop-down menu that allows you to limit the scope of your search. Selected Device A read-only field that displays the MAC address of the selected device. Extreme AirDefense User Guide for version 10.5.
Configuration Tab Device Functions Requiring More Explanation Function/Feature Description Similar MACs offset by This function appears only if selected device is a BSS. If checked, the search includes other BSSs with a MAC address similar to the selected station. The other stations are listed in the sub-window. Use this function to search for a range of MAC addresses. The range is set by the offset value that you select.
Configuration Tab Device Functions Requiring More Explanation 5. Click Next. The following window showing the search results displays. From this window, you can disable or enable a selected (highlighted) interface by clicking the appropriate button. 6. Click Close to exit. Readiness Test The Readiness Test checks the connections and the communication settings between AirDefense and devices in your network. The devices may be an AP, a Sensor, or a Switch.
Device Functions Requiring More Explanation Configuration Tab If you are running the Readiness Test from a device, it is run only on that device. If you are running the Readiness Test from a network folder (level), the test is run on all the devices included in that folder. There are four categories of tests: Appliance Configuration, Management Modes, Device Communication Verification, and Relay Server Communication Verification.
Configuration Tab Device Functions Requiring More Explanation There are eight tests for Management Modes: • License Assigned—validates that the number of licenses do not exceed the number of configured devices. • Polling Configuration—validates that the folder or device selected inherits a configured polling profile. • • Data Collection—validates that data collection is enabled when polling. SNMP Credentials—validates that the SNMP credentials are supplied for the communications settings.
Device Functions Requiring More Explanation Configuration Tab There are five tests for Relay Server Communication Verification: • Relay server settings—validates that the folder or device selected inherits a configured relay server profile. • • • • Relay Server Connection Test— validates that the relay server can be reached. Relay Server Upload Test—validates that the relay server can upload CLI profiles. Relay Server Download Test—validates that the relay server can download CLI profiles.
Configuration Tab Device Functions Requiring More Explanation This usually will happen if you only have one radio turned on. If you continue, your wireless application may be disrupted but Spectrum Analysis will run. To access the Spectrum View window, click the drop-down menu button Spectrum Analysis from the drop-down menu. for a Sensor and then select Select File > Close to exit the Spectrum View window. You will be prompted to save the scan to an ADSP file.
Configuration Tab Device Functions Requiring More Explanation You must click OK to continue. You can turn the warning off by selecting the checkbox next to Don't show this warning again. There are three conditions that may prevent a scan from starting. They are: • • • The Sensor is already running a dedicated RF scan for any user Another user is running Live View on the Sensor Ten scans are already running (maximum supported).
Configuration Tab Device Functions Requiring More Explanation There are two scanning modes: • • Full Scan Interference Scan Full Scan scans the entire 2.4GHz bandwidth (in 5MHz steps) and 5GHz bandwidth (in 20MHz steps) with a short dwell time (around 50 ms). It supports limited classification of interference sources. Interference Scan scans three frequencies in the 2.4GHz band and three frequencies in the 5GHz band with a longer dwell time (around 500 ms).
Device Functions Requiring More Explanation Configuration Tab Advanced Spectrum Analysis Note A Spectrum Analysis license is required to access this feature. Advanced Spectrum Analysis is the next generation of Spectrum Analysis. Advanced Spectrum Analysis will only run on devices with the MB92 or newer chipsets. Currently, only the models AP621, AP622, AP6511, AP6521, AP6522, and AP8132 can run this enhanced version of Spectrum Analysis.
Configuration Tab Device Functions Requiring More Explanation If one of these conditions exists, a warning similar to this is displayed: To continue, you will have to click OK to suspend the activity. Clicking Cancel will stop Advanced Spectrum Analysis from running. You can stop a scan by click the Stop Scan be started by clicking the Start Scan button or selecting Scan > Stop Scan. A new scan can button or selecting Scan > Start Scan.
Device Functions Requiring More Explanation Configuration Tab The scan time (default 1000) should be entered in milliseconds. The threshold (default -105 for 2.4 and 5 GHz) and duty cycle (default -90 for 2.4 and 5 GHz) should be entered in dBm. After making changes, click OK to confirm the changes or click Cancel to discard any changes. Scan Type Advanced Spectrum Analysis supports two types of scans: • • Dedicated Scan—Conducts a full detailed spectrum scan (default).
Configuration Tab Device Functions Requiring More Explanation You can change which charts are displayed for each view using the Charts drop-down menu. Once you have changed charts and you want to save the changes, click the Save Changes button. You can change the name of a view by clicking the Rename button. This allows you to name the views according to your needs. If for any reason you want to retrieve the default views, you can do so by clicking the Reset to Defaults button.
Device Functions Requiring More Explanation 798 Extreme AirDefense User Guide for version 10.5.
Configuration Tab Device Functions Requiring More Explanation The fields used to schedule a Spectrum Analysis are: Field Description Schedule There are five options to schedule an assessment. Depending on the option you select, you must fill in the related fields as follows: • One Time Schedule—Choose a time for the assessment by selecting a time from the Time drop-down menu. Then, select a day for the assessment by clicking the Calendar button in the Date field and selecting a date.
Device Functions Requiring More Explanation Configuration Tab When searching, you can supply additional information such as: • • • • • • • • • Select the scope from the network tree The MAC address of the device The name of the device The IP address of the device The 802.1x username used for authentication The vendor name of the device The DNS name used by the device The SSID of the device Select whether or not the device supports the 802.11a, b, g, or n protocols.
Configuration Tab Network Level Drop-down Menus Network Level Drop-down Menus Each network level has a drop-down menu containing functions that operate on the selected network level. You can configure the following network levels: • • • • • • • Appliance Country Region City Campus Building Floor. Appliance Level Drop-down Menu The Appliance level drop-down menu contains functions that you can apply to the selected Appliance as well as the features included in the Menu.
Network Level Drop-down Menus Configuration Tab The drop-down menu for appliances contains the following functions: Function Description Alarms Accesses the Alarms tab where you can view the alarms for the selected Appliance. See Alarms on page 477 for more information. Properties Opens the Properties overlay for the selected Appliance. Readiness Test Validates that devices in the appliance scope are management ready (that is, devices can be manage through ASDP). You are alerted of problem areas.
Configuration Tab Network Level Drop-down Menus Function Description Action Rules on Demand Runs an on demand test on your alarm action rules and/or device action rules. You can run the test and view the results later in Job Status on page 643, or you can run the test now and view the results now. There are two options for each type of test: • Only enabled rules-run test on the enabled rules. • All rules-run test on all rules (enabled or not). This option is deactivated on run now tests.
Network Level Drop-down Menus Configuration Tab The drop-down menu for countries contains the following functions: Function Description Alarms Accesses the Alarms tab where you can view the alarms for the selected Country. See Frame Capture Analysis on page 368 for more information. Properties Opens the Properties overlay for the selected Country. Readiness Test Validates that devices in the country scope are management ready (that is, devices can be manage through ASDP).
Configuration Tab Network Level Drop-down Menus Function Description Add Folder Adds a new folder to the network tree by selecting one of the available network levels. The added folder is given a generic name. You should rename the new folder. Copy Folder Copies the network scope of a Country. Enter a name for the country, select if you want the to include the floor plans or not, and click OK. Rename Opens a dialog window to rename the selected Country.
Network Level Drop-down Menus Configuration Tab The drop-down menu for regions contains the following functions: Function Description Alarms Accesses the Alarms tab where you can view the alarms for the selected Region. See Alarms on page 477 for more information. Properties Opens the Properties overlay for the selected Region. Readiness Test Validates that devices in the region scope are management ready of problem areas. You are alerted of problem areas.
Configuration Tab Network Level Drop-down Menus Function Description Add Folder Adds a new folder to the network tree by selecting one of the available network levels. The added folder is given a generic name. You should rename the new folder. Copy Folder Copies the network scope of a Region. Enter a name for the region, select if you want the to include the floor plans or not, and click OK. Rename Opens a dialog window to rename the selected Region.
Network Level Drop-down Menus Configuration Tab The drop-down menu for cities contains the following functions: Function Description Alarms Accesses the Alarms tab where you can view the alarms for the selected City. See Alarms on page 477 for more information. Properties Opens the Properties overlay for the selected City. Readiness Test Validates that devices in the city scope are management ready (that is, devices can be manage through ASDP). You are alerted of problem areas.
Configuration Tab Network Level Drop-down Menus Function Description Add Folder Adds a new folder to the network tree by selecting one of the available network levels. The added folder is given a generic name. You should rename the new folder. Copy Folder Copies the network scope of a City. Enter a name for the city, select if you want the to include the floor plans or not, and click OK. Rename Opens a dialog window to rename the selected City. Remove Removes the selected City from your network.
Network Level Drop-down Menus Configuration Tab The drop-down menu for campuses contains the following functions: Function Description Alarms Accesses the Alarms tab where you can view the alarms for the selected Campus. See Alarms on page 477 for more information. Properties Opens the Properties overlay for the selected Campus. Readiness Test Validates that devices in the campus scope are management ready (that is, devices can be manage through ASDP). You are alerted of problem areas.
Configuration Tab Network Level Drop-down Menus Function Description Forensic Analysis Accesses Forensic Analysis—Basic. See Forensic Analysis-Basic on page 370 for more information. AP Test Accesses AP Test (Scheduled AP Tests). See Scheduled AP Test for more information. Wireless Vulnerability Assessment Accesses Wireless Vulnerability Assessment (Scheduled Vulnerability Assessment). See Scheduled Vulnerability Assessment on page 853 for more information.
Network Level Drop-down Menus Configuration Tab Function Description Action Rules on Demand Runs an on demand test on your alarm action rules and/or device action rules. You can run the test and view the results later in Job Status on page 643, or you can run the test now and view the results now. There are two options for each type of test: • Only enabled rules-run test on the enabled rules. • All rules-run test on all rules (enabled or not). This option is deactivated on run now tests.
Configuration Tab Network Level Drop-down Menus Live RF/Floor Plan Level Drop-down Menu The Live RF/Floor Plan level drop-down menu contains functions that you can apply to the selected floor level. Click the drop-down menu button next to the Floor name to display the drop-down menu. The drop-down menu for floors contain the following functions: Function Description Alarms Accesses the Alarms tab where you can view the alarms for the selected Floor. See Alarms on page 477 for more information.
Configuration Tab Network Level Drop-down Menus Function Description Live RF / Floor Plan Views the floor plan for a building where you can manipulate the floor plan, add devices, and track devices. Upgrade Upgrades the firmware for devices in the selected Floor. See Upgrade Devices for more information. Rename Opens a dialog window to rename the selected Floor. Forensic Analysis Accesses Forensic Analysis-Basic. See Forensic Analysis-Basic on page 370 for more information.
Configuration Tab Network Level Drop-down Menus When the floor plan is complete, you will need to click the Close button X to save and close. The Floor Plan can then be viewed throughout AirDefense, and can be used to locate devices in your network and display Live RF data. To upload a background image, click the Continue floor configuration button or the Design Floorplan link to get started.
Network Level Drop-down Menus 1. Click the Browse button. 816 Extreme AirDefense User Guide for version 10.5.
Configuration Tab Network Level Drop-down Menus 2. Browse to the location of the image, select it (usually a BMP, GIF, or JPG file), and then click Open. The Upload button is now active. Click it. This is the Floor Plan wizard. You can use it to guide you through adding a floor to your Floor Plan. 3. You can crop the image to only show the area you are concerned with. Draw a rectangle around the area you want to crop by: a. Clicking on a point in the image. b. Dragging your mouse to draw the rectangle.
Network Level Drop-down Menus Configuration Tab 5. Click the Next: Scale Image button. 6. Scale your image by clicking on a point in the image, draw a line, and then click an end point. Enter the distance of the line which represents the actual length of the physical space in feet or meters. The Set scale button is activated. Click it to complete scaling. 818 Extreme AirDefense User Guide for version 10.5.
Configuration Tab Network Level Drop-down Menus 7. The Next: Add to floor button is activated. Click it to add the floor to your floor plan. Note You can undo any changes by clicking the Cancel button. You can remove an image by clicking the Replace floor plan button. Your uploaded floor plan will look similar to the following one: You can now use the editing tools to add walls, cubicles, doors, elevators, etc.
Network Level Drop-down Menus 2. Click the Add or Remove Floors link. The following dialog box is displayed: 3. Click OK to continue to the following dialog box: 820 Extreme AirDefense User Guide for version 10.5.
Configuration Tab Network Level Drop-down Menus 4. Click the New Floor Count drop-down and select a floor number. If you increase the floor count, floors are added accordingly. You can have as many as 100 floors in a building. If you decrease the floor count, floors are removed starting at the top floor. Click OK to make the change. 5. After you add a floor, you will need to upload a background image for your floor or design a new floor plan. The following floor plan shows a building with two floors: 6.
Configuration Tab Global Tools The first time you enter the Edit Mode the How to wizard is accessed. The How to wizard guides you step-by-step through the editing process to set up your Floor Plan. You can hide the How to wizard by clicking its Close (X) button and edit your Floor Plan as you like using the Tools, Devices, and Advanced tabs. If the How to wizard is hidden, you can access it by clicking the Show me how link.
Configuration Tab Global Tools Context Label The Context Label, located near the top-center of the Floor Plan, controls the context of the Floor Plan. The Context Label shows you the following information: Field Description Manage Designs When this field is clicked, a list of existing designs is displayed: You can edit or add to the list using the following actions: • Click the Primary field for a design to make it the primary design. • Click on the Edit name link to change the name.
Global Tools Configuration Tab Field Description RF Settings RF Settings includes: • RF Mode setting • Protocol setting • AP Load View setting • Network Association Filter. RF Mode Setting The RF Mode setting determines if your heat maps display no RF data (deselected), Live RF data (selected), or Predicted RF data (selected). Protocol Setting The Protocol setting allows you to filter RF data according to the selected protocol.
Configuration Tab Global Tools Field Description Network Association Filter Setting The Network Association Filter is where the network device association is shown in a network tree. You may select an entire SSID or individual devices. RF Coverage This field lets you select the coverage visualization or application coverage for your heat maps. If you click the field, you can select another visualization or application.
Configuration Tab Floor Plan Actions Field Description Location Tracking This field displays a list of devices being tracked grouped by device type. If a device in the list is selected (highlighted) it is highlighted in the floor plan map. Location Tracking has two views: Icon location view and Heat map display. The Icon location view displays the most likely location for selected devices as an icon for each device.
Configuration Tab Floor Plan Actions Auto Refresh Auto Refresh works on both Live RF and location tracking. For Live RF, auto refresh uses the latest data (radio, power, channel, live status, etc.) AirDefense has about devices to refresh RF data. For location tracking, it refreshes the current position of the devices being tracked. There are four options for Auto Refresh: • • • • Off 30 seconds 1 Minute 5 Minutes (default).
Configuration Tab Floor Plan Actions The following fields are available: Field Description Design Selects the design to use when generating the bill of materials. Floors Selects the floors of the design to use when generating the bill of materials. A checkmark selects the floors. The top checkbox, when checked, will select or deselect all of the floors.
Configuration Tab Floor Plan Actions First select the design you want to replace (indicate with a checkmark) and then click the Select File button. Next, navigate to the file, select it, and then click Open. When the import is complete, a confirmation is displayed. Click the Close button to return to the Floor Plan. Note LAN Planner and Outdoor Planner are legacy products that are no longer available for purchase. However, If you have the application, ADSP will support it.
Floor Plan Actions Configuration Tab Basically, Import PDF works like Import ZIP / SPZ with the following exceptions: • • • • • • • • You can choose the default wall type with Import PDF as follow: Basement or foundation wall Brick, concrete, or concrete block Cubicle wall Drywall or sheetrock Elevator or metallic obstacle Glass door or window, no tint Metallic rack Wooden door. Imported PDF pages are automatically mapped to existing floors.
Configuration Tab Floor Manipulation Tools Export Floor Plan to ZIP File Note Before exporting a floor plan design for a newly created or edited floor plan, you must leave the Editing page first. If you do not, DWG files will not export correctly. 1. Select Export ZIP to export the selected floor plan design to a ZIP file that can be imported into LAN Planner. 2. To begin, select a design from the drop-down menu and then click Start. A checklist is generated to indicate success or not. 3.
Configuration Tab Floor Manipulation Tools The following tools are available: Function Description Enlarges the size (zoom in) a floor plan image. Clicking the image area will zoom into another level. Reduces the size (zoom out) a floor plan image. Clicking the image area will zoom out to another level. Fills the floor plan area with an image. Depending on the size of the image, the image will expand to fit or reduce to fit the floor plan area. Moves/re-positions the floor plan image.
Configuration Tab Floor Manipulation Tools tab of the Edit Mode. Once you have the planned devices in place, click the RF Selection drop-down menu (top, right of the Context Label) and select Predictive RF. Live Comparison Tab The Live Comparison tab displays two views of the floor plan side-by-side so that you can make a comparison. You have access to the Context Label where you can manipulate one or both of the images.
Floor Manipulation Tools Configuration Tab Forensic Comparison Tab The Forensic RF tab visualizes forensic data to display coverage over a specific time range. Click the Forensic RF tab to display a historical heat map for signal coverage. Specify a beginning time and date, specify an end time and date, and then click Select Time Range button. Two heat maps are displayed: one displaying Live RF for the current date and time, and one displaying Forensic RF for the specified time range.
Configuration Tab Floor Manipulation Tools All sensed devices are displayed when Location Tracking (in the list of devices and the floor plan) is first accessed. You can group devices by type by selecting Filter by device type from the drop-down menu. You can search for devices by selecting Search for devices from the drop-down menu. There are two views for Location Tracking: • • Icon location view displays the devices on the map by its icon and device name.
Floor Manipulation Tools Configuration Tab You can enter the complete MAC address or a part of it. Note The Advanced link is used to open a search dialog that gives you more options to find devices. When you see the device listed, click on it and then click Track Device. The device is displayed in the tracked device list. Note You may select more than one device using the key or the key.
Configuration Tab Floor Manipulation Tools You can track more than one device by adding them as described above. Each time you add a device it is displayed in a list of tracked devices. Click the Close button or anywhere outside the Location Tracking dialog to display the devices in the Floor Plan. Extreme AirDefense User Guide for version 10.5.
Floor Manipulation Tools Configuration Tab AP Assisted Tracking In order to get AP assisted location tracking working with the NX and VX controllers, the WiOS controller must be enabled so that RSSI data can be passed to ADSP. There are procedures for BSSs and Wireless Clients tracking. Refer BSS Tracking and Ciient Tracking. Note This is only for the controller infrastructure. The 5.x version of APs do not require this sort of configuration.
Configuration Tab Unplaced Devices Level Drop-down Menu input the MAC of each Wireless Client (MU) into the switch, and then wait until it is pushed into ADSP. Follow these steps: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. Log in to the RFSX000. Navigate to Security > Enhanced Probe/Beacon Table > Probe Table. Select the Enable Enhanced Probe Table check box. In the Preferred MUs section, click the Add button.
Configuration Tab Unplaced Devices Level Drop-down Menu The drop-down menu for unplaced devices contains the following functions: Function Description Alarms Accesses the Alarms tab where you can view the alarms for the selected Unplaced Devices level. See Alarms on page 477 for more information. Properties Opens the Properties overlay for the selected Unplaced Devices level. Rename Opens a dialog window to rename the selected unplaced device.
Configuration Tab Unplaced Devices Level Drop-down Menu Appliance Level The following information is displayed: Function Description Name The name of the appliance. Host The host name of the appliance. Port The port number of the appliance. Status The status of the appliance in your network. The Autoplace button is used to place all devices located in the selected network folder to the proper network level using Auto-Placement rules.
Configuration Tab Unplaced Devices Level Drop-down Menu • • Location Based Services on page 645 Pending State - Audit on page 659 These configuration settings (or profiles) are equivalent to the ones described earlier in the Configuration section of this chapter. You must save any changes that you make. All Other Levels The following information is displayed: Function Description Name The name of the network level. Description A description of the network level.
Configuration Tab • • • • Unplaced Devices Level Drop-down Menu Communication Settings Profile on page 520 WLAN Profiles on page 575 Location Based Services on page 645 Pending State - Audit on page 659 These configuration settings (or profiles) are equivalent to the ones described earlier in the Configuration section of this chapter. You must save any changes that you make. Extreme AirDefense User Guide for version 10.5.
Security WIPS on page 844 Planning Your Sensor Deployment on page 845 Physical and Electromagnetic Interference on page 846 Planning Your Sensor Placement on page 848 Sensor Monitoring on page 851 Vulnerability Assessment on page 852 WEP Cloaking on page 854 AirDefense has several modules that you can install to provide security for your network.
Planning Your Sensor Deployment Security • Masquerade ◦ MAC spoofing ◦ Evil twin attacks/Wi-Phishing attacks • Insertion ◦ Man-in-the-middle attack ◦ Multicast/broadcast injection • Denial-of-service attacks ◦ Disassociation ◦ Duration field spoofing ◦ RF jamming AirDefense WIPS can mitigate wireless threats via the air by disabling wireless connections between intruders and authorized devices.
Physical and Electromagnetic Interference Security Physical and Electromagnetic Interference Many devices can interfere with sensors monitoring of the wireless network, including: • • • • Cordless phones and headsets Bluetooth devices Microwave ovens Consumer cordless devices (for example, surveillance cameras, baby monitors, and video transmission extenders).
Device Placement Considerations Security • Connection Termination—To terminate a devices connection to your network, the device must be in range of a sensor sending termination signals. • Policy Enforcement—To ensure adherence to policies or to detect attacks against managed devices, sensors must be able to receive a representative sampling of traffic sent by all devices they are monitoring. • Rogue Detection—iEven sporadic emanations from wireless clients and s can reveal the presence of rogues.
Planning Your Sensor Placement Security not ideally located for sensor placement, sensors may take advantage of Power Over Ethernet, either from a single power injector or a compliant switch. PoE injectors are available from Extreme Networksi. If there are gaps in coverage, or if deployment cost is a factor (due to the required density of sensors or the cost of wiring to place sensors in strategic locations), there are several relatively inexpensive remedies.
Procedure Security • • Regulatory rules and codes for wiring, construction, materials, etc., where applicable. Access to all areas to be monitored is required during the survey. Procedure Follow these steps to plan your sensor placement: 1. Obtain Maps/Layouts of the facility and determine the traversal plan. 2. Start AirDefense Mobile. 3. Turn on the target device ( could be a laptop/PDA with wireless client card). AirDefense Mobile should detect the target device. 4.
Sensor Placement with Location Tracking Security surrounded by parking areas, you may want to consider additional sensors in the back for complete protection. • Channel coverage - A single sensor should not be required to cloak more than 3 s at a time. For effective cloaking there must be sufficient chaff WEP frames to confuse the statistical WEP cracking tools. At the same time, the sensors must perform regular Wireless IPS scanning on other channels.
Sensor Monitoring Security Example 1 You have a small office of 10,000 sq. ft. For Wireless IDS/IPS you would only need 1 sensor; to maximize the coverage it makes sense to place the sensor in the center of the building. When location tracking is need in this same scenario, a minimum of 3 sensors for each floor plan would be required, and recommended placement is at the corners. Example 2 You have a multi-floor building with 3 floors. Depending on floor construction the RF may travel through each floor.
Vulnerability Assessment Security Navigation: Configuration > Operational Management > Sensor Operation • Environment Monitoring is used to configure the thresholds for monitoring. If a threshold value is exceeded, an alarm is generated. You can also elect to monitor your system for unobserved devices and generate alarms for missing devices.
Scheduled Vulnerability Assessment Security The Vulnerability Assessment window allows you to configure and run the assessment. After you have configured an assessment, you can save it as a profile. A profile can be selected later to run test on a similar scope. Scheduled Vulnerability Assessment Scheduled Vulnerability Assessments must be scheduled using the Schedule Vulnerability Assessment window. Navigate to Menu > Scheduled Vulnerability Assessment. Extreme AirDefense User Guide for version 10.5.
Security WEP Cloaking The Scheduled Vulnerability Assessment window displays a list of all scheduled assessments. From this window you can: • • • Add, edit, delete, and cancel assessments View detail assessment results Manage the profiles that are used to run assessments on similar scopes. For details on how to schedule Vulnerability Assessments and use the Schedule Vulnerability Assessment window, see the section Scheduling AP Test or Vulnerability Assessment on page 421.
Security WEP Cloaking Overview An attacker sniffing traffic will not be able to distinguish between cloaking frames and legitimate frames, and therefore, cannot filter out the cloaked frames. When statistical WEP cracking tools are run on the captured data, they simply fail to decode the key. The following figure shows a screenshot of Aircrack-ng with WEP Cloaking enabled. Extreme AirDefense User Guide for version 10.5.
Ongoing Cloaking Ability Security Ongoing Cloaking Ability In the event of a wired network outage, even if sensors lose connection with the centralized server, they will continue to cloak. In addition, WEP Cloaking is optimized to not disturb the wireless environment or impact Wireless LAN performance. The sensors use countermeasures, correlation through the server, and mutual coordination over the air to maximize the effectiveness of cloaking with nominal wired and wireless bandwidth consumption.
WLAN Management Infrastructure Management on page 857 Operational Management on page 864 Appliance Platform on page 865 WLAN Management gives you the tools to configure wireless infrastructure devices regardless of device type or vendor. WLAN Management simplifies the WLAN configuration process by providing the same configuration interface for all wireless infrastructure devices, eliminating the need to understand the individual syntax for multiple vendors/device types.
WLAN Management Device Firmware Device Firmware Device Firmware configuration allows you to upload new AP or sensor firmware from a workstation to a network server. Once the firmware is uploaded, you can upgrade your APs and/or sensors using AirDefense. Uploaded firmware images are listed by device type, version number, and image file name. Use the Upload Firmware Image button to upload firmware.
WLAN Management WLAN Profiles The configuration fields for each b/g/n Radio and the a/n Radio are: Field Description Function Defines the radio as a sensor or an infrastructure device (AP or wireless switch). You can also disable the radio. Data Rates Sets the data rates for the radios. You can set rates for 802.11 a/b/g as a group or 802.11 n. DTIM Period Specifies the supported Delivery Traffic Indication Message (DTIM) interval. The default value is 1.
WLAN Profiles WLAN Management Field Description VLAN Specifies the Virtual Local Area Network (VLAN) the device is authorized to use. Association Limit Specifies the number of associations allowed per device. Station Timeout Specifies the number of seconds or minutes that a device has to become a sanctioned device. Other Options Specifies which of the following options may a device perform: • Respond to all probe requests • Broadcast SSID in Beacon • Wireless Client Isolation • Locally Bridged.
WLAN Management CLI Configuration CLI Configuration The Command Line Interface (CLI) for devices is a powerful tool that gives you direct access to APs and switches. The CLI commands can be used to configure and control how devices interface with your network. Extreme AirDefense uses the CLI to construct device profiles that can be used to control and manage devices in your network.
CLI Configuration WLAN Management Add a CLI Profile To create a new profile, select a device from the CLI Configuration drop-down menu and then click the New Template button. The following fields are available: Field Description Name This field is used to name your new profile. Device Type This field displays the device that was selected from the CLI Configuration drop-down menu. You cannot change the device once it has been chosen.
WLAN Management CLI Configuration To apply a CLI profile to a device type, select a device type from CLI Configuration drop-down menu. If you want to apply the CLI profile to the appliance level, select the appliance level and then select the Enable configuration checkbox. Next, select the profile from the list of profiles. If there is only one profile, it is selected automatically. Click Apply to apply the selected profile to devices in the appliance level.
Operational Management WLAN Management New user-defined variables can be added to the Variables section by adding a variable in the CLI Commands section when creating a new profile or editing an existing profile. Use the following format: $[VARIABLE_NAME] Once a variable is added to the CLI Commands section and the profile is saved, its name is displayed in the Variables section with an empty default value.
Appliance Platform WLAN Management Folders with a checkmark identifies that folder as having devices that in a pending state. Devices with a checkmark identifies that device as a device that are in a pending state. You have the option to save for the next update, update immediately or update later. If you choose to update later, you must supply a date and time. You can supply a description that will help identify the update later using Job Status under Device Monitoring.
Import Relay Server Information WLAN Management If different than the Device Relay, set the following values for Appliance Relay Server (upload): Note Use the Same as Device Relay Server option if the Relay Server connection address and login credentials will always be the same for both the AirDefense appliance and the device.
Import Relay Server Information WLAN Management • If the server information is the same, you still must enter information for both servers. Also, if the information for both relay servers match, the Same as Device Relay Server checkbox is selected in the GUI after the import. • Normally, you will supply a username and password. However, when using the TFTP protocol, the username and password fields can be left blank with no blank space between the commas (i.e., ,,).
Central Management Console Configuring Master/Slave Servers on page 868 Adding a Slave Server on page 869 The Central Management Console (CMC) is a centralized management system that allows you to administer multiple AirDefense Appliances from one location. CMC can be used to ensure that configurations are the same across multiple appliances. You no longer have to configure each appliance separately.
Central Management Console Adding a Slave Server 3. Restart both the Master and the Slave servers. Note The default password is security for both the Master and Slave appliances. Note Sometimes the Slave appliance will show as off-line even after a restart of the AirDefense processes. In this case, remove the Slave appliance and try adding it again. Adding a Slave Server To add a Slave server to be managed from the Central Management Console: 1. Use the Menu > Add Devices menu to add a new device.
Central Management Console Adding a Slave Server 2. From the Device Type drop-down list, select Appliance. The Add Devices changes to display the parameters to configure an appliance. 3. Provide the following information: Field Description Name Provide a friendly name for identifying this Slave server on the CMC console. Host Provide the IPv4 IP address of the Slave server to be managed by the CMC. Port Enter the port number for the Slave server. The default port number is 8543. 4.
Adding a Slave Server Central Management Console 6. Click the Scope drop-down list and select System as the scope. If the Slave server is added successfully, you will see it's IP address in the Scope drop-down list. Note When a new Slave server is added, it cannot be accessed immediately from the Master server's Central Management Console. Hovering about the newly added Slave server entry in the Scope drop-down list displays the information that the login to the Slave server has failed.
Adding a Slave Server Central Management Console 8. From the menu, select Share Certificates. The Share Appliance Certificate with Master window displays. 9. Provide the following information for the Slave Appliance fields: Field Description User Name Provide the user Name on the Slave server used for authentication requests from the Master server. Password Provide the Password for the User name configured on the Slave server used for authentication requests from the Master server.
Central Management Console Adding a Slave Server 10. Click Save to save the entered credentials. Click Cancel to exit without saving the changes made to this screen. When the Slave server is added successfully to the Master server's Central Management Console, the Slave server can be remotely configured and monitored from the Master server's console. Extreme AirDefense User Guide for version 10.5.
ADSPAdmin Accessing the ADSPadmin Console on page 874 Manage System on page 875 Manage the Database on page 876 Software on page 876 Configure AirDefense on page 876 When performing initial AirDefense configuration, you have to use AirDefense's ADSPadmin utility from the command line interface (CLI). Once AirDefense is set up, use the Graphical User Interface (GUI) for ongoing configuration.
ADSPAdmin Manage System 2. Type c, then press at the command prompt. The Config screen displays. Manage System Use the following included utilities to perform system management tasks: ADSPadmin Utility Use this utility to... STATUS Display the process and disk status of the system. SYSLOG Display system log entries resulting from authentication and sendmail failures.You can either display the logs on screen, or write logs to a text file (syslogdata.txt).
ADSPAdmin Manage the Database ADSPadmin Utility Use this utility to... REBOOT Reboot AirDefense appliance Warning: This is a full system reboot! HALT Halt AirDefense (stop processes.) Manage the Database Use the following included utilities to manage AirDefense database. ADSPadmin Utility Use this utility to... IRESTORE Restore Forensics files. IREPAIR Repair Forensics files. INTCK Check integrity of databases. OUI Update vendor MAC address information in the database.
ADSPAdmin Configure IDS • • • • • • • • PING—use this to enable or disable ICMP echo request responses. SNMPA—use this to enable or disable reception SNMP agent requests. SNMPC—use this to configure SNMP agent community string. SNMPT—use this to enable or disable SNMP trap reception. HTTP—use this to enable or disable unencrypted Sensor connections. PANIC—use this to enable or disable reboot on a system error. UIPORT—use this to display the network port you are using for the GUI.
ADSPAdmin IPv6 IPv6 To configure the IPv6 address of your AirDefense server: 1. Type ipv6, then press [Enter] at the prompt to change the IPv6 address. The IPv6 configuration screen opens, displaying the current network configuration. 2. If this is your first time using IPv6, you are prompted to enable IPv6. Just type yes and press [Enter]. 3. Type a new IPv6 address at the prompt. Press [Enter]. 4. Type yes at the prompt to commit the changes. This returns you to the previous network screen.
Bonding Configuration ADSPAdmin 2. At the prompt, type a to add a new DNS server. To delete a server, type d. Important Multiple DNS servers process DNS requests in order. The first DNS server on the list (identified by the number 1) is the first to offer name resolution, the second DNS server on the list (identified by the number 2) is the second to process the request if the first is unable to do so.
Time Configuration ADSPAdmin Time Configuration Important Changing the system time/date could affect the integrity of the database. Any change will cause a system reboot on exit from ADSPadmin. Setting AirDefense time consists of setting the Time and Date (TIME) and the Timezone (TZ), or alternately, enabling an NTP server (NTP). You must set the correct time, time of day, timezone, and date. You can also enable an NTP server when you first setup AirDefense.
ADSPAdmin PING Config For example, if you change the AirDefense time such as when you move the AirDefense appliances location from the east to west coast of the United States, you must also locate a new network time server in the same time zone. 1. Type ntp at the command prompt to enable or disable a specific network time server (NTP). The NTP screen displays your current status in bold text, whether or not you are currently set to use NTP. 2. Type e to enable NTP.
SNMP Trap Configuration ADSPAdmin 3. Type yes and press [Enter] to save your change (or no to disregard your change). SNMP Trap Configuration You can enable SNMP Trap reception by following these steps: 1. Type snmpt at the command prompt. A SNMP status message is displayed to alert you that SNMP trap reception is enabled or disabled. 2. At the prompt, type e to enable SNMP trap reception. 3. Type q to return to the Config menu. You are prompted to save your changes. 4.
Troubleshooting AP Testing on page 883 Connection Troubleshooting on page 884 Live RF on page 884 Forensic RF on page 885 Spectrum Analysis on page 886 Advanced Spectrum Analysis on page 887 Advanced Troubleshooting on page 889 Assurance Suite (Network Assurance) on page 889 Radio Share Network Assurance on page 889 Customer Support on page 889 AirDefense provides modules and solution packages to assist you in troubleshooting your network.
Connection Troubleshooting Troubleshooting testing. These connectivity tests can be run automatically or manually providing proactive notification that the network resources may be unavailable. See the AP Testing for details on how to schedule both automated and on-demand tests for APs. Connection Troubleshooting Connection Troubleshooting provides a web application that allows you to troubleshoot a Wireless Client's ability to connect to your wireless network.
Forensic RF Troubleshooting Live RF data is available on all Floor Plan pages. When the Floor Plan is refreshed (manually or automatically), RF data is updated using the latest data (radio, power, channel, live status, etc.) about the devices. This data comes from the last polling cycle for the devices. If the Poll Devices button is clicked, the devices are refreshed first by AirDefense and then the RF data is updated and displayed in the Floor Plan.
Troubleshooting Spectrum Analysis Spectrum Analysis The Spectrum Analysis module gives you a tool to identify and locate interference sources on your wireless network. The analysis is conducted using only AirDefense software; no extra hardware is required. Note You must have a valid Spectrum Analysis license for each sensor that you wish to conduct an analysis from.
Troubleshooting Advanced Spectrum Analysis The Spectrum Analysis topic in Menu chapter fully explains how to use Spectrum Analysis. Advanced Spectrum Analysis Advanced Spectrum Analysis (ASA) is the next generation of Spectrum Analysis. ASA has four customizable views, each with its own set of default charts: Extreme AirDefense User Guide for version 10.5.
Advanced Spectrum Analysis • Troubleshooting Utilization—Displays charts showing how your network is being utilized. The default charts are: ◦ Device Count ◦ RF Quality Index ◦ Duty Cycle. • Physical Layer—Displays charts that highlight the physical layer of your network. The default charts are: ◦ Spectrogram ◦ Duty Cycle. • Interference—Displays charts showing interference sources in your network. The default charts are: ◦ Interference ◦ Spectral Density.
Advanced Troubleshooting Troubleshooting The Advanced Spectrum Analysis topic in Configuration chapter fully explains how to confiure and use the Advanced Spectrum Analysis tool. Advanced Troubleshooting An Advanced Troubleshooting license gives you access to two modules: AP Test and Connection Troubleshooting. AP Test provides a way to remotely test connectivity to APs while Connection Troubleshooting allows you to remotely troubleshoot stations.
AirDefense Icons AirDefense Application Icons on page 890 Wireless Client Icons on page 897 AirDefense uses a large number of icons to represent the different states of devices managed by it. AirDefense icons can be broadly classified as: • • AirDefense Application Icons—Describes the various icons used to depict AirDefense's state. Wireless Client Icons—Describes the various icons used to depict the state of wireless clients identified in the AirDefense managed network.
AirDefense Icons Overlay Icons Overlay Icons The following symbols are used in conjunction (as overlay) with the device icons to help identify them: Symbol Description Offline device Unlicensed device Device on wired network Device on wireless network Unmanaged device Part of a bridged network Associated to a network Participating in an Ad-Hoc network Wi-Fi Direct device Dashboard Icons The following icons represent the dashboard graphs and charts: Icon Description Displays Dashboard components as a p
Tree Icons AirDefense Icons Tree Icons The following icons describe the device in the tree view window: Icon Description This is the highest level in the tree. It represents the entire system. This is the second highest level in the tree. It represents an appliance. This is the third highest level in the tree. It represents the country. This is the fourth highest level in the tree. It represents a region This is the fifth highest level in the tree. It represents a city.
AirDefense Icons Icon Appliance Icons Description Performance—Wireless LAN traffic that exceeds set performance thresholds for devices. Platform Health—Events that provide information about the state of the AirDefense Services Platform and the Sensors which report back to the appliance. Policy Compliance—Events which indicate devices are not in compliance with the defined policy. Reconnaissance—Monitors and tracks external devices that are attempting to monitor your Wireless LAN.
Sensor Icons AirDefense Icons Icon Description A managed online switch seen on your wireless network that has been configured for polling. An online switch seen on your wireless network that is not managed by ADSP. A managed offline switch seen on your wireless network that has been configured for polling. A managed online switch that you are planning to add to your wireless network.
AirDefense Icons Icons Icons These icons indicate an APs state and capabilities: Icon Description An online AP that is managed by AirDefense. An online AP that is not managed by AirDefense. An offline AP that is managed by AirDefense. A planned as related to adding planned devices to a floor plan. An AP that has a Sensor in radio share mode. BSS Icons These icons indicate the state of the BSS: Icon Description Sanction BSS—BSS that has been sanctioned by AirDefense.
Unknown Device Icons Icon AirDefense Icons Description Wi-Fi Direct Sanctioned BSS—Wi-Fi Direct BSS that has been sanctioned by AirDefense. Wi-Fi Direct Unsanctioned BSS—Wi-Fi Direct BSS that has not been sanctioned by AirDefense. Wi-Fi Direct Neighboring BSS—Wi-Fi Direct BSS that is on a neighboring network. Unknown Device Icons These icons depict the status of unknown devices in the network: Icon Description Unknown device detected in your wireless traffic.
AirDefense Icons Wireless Client Icons Wireless Client Icons There are various types of Wireless Clients. Each type has its own set of icons to identify the Wireless Clients throughout the AirDefense GUI.
MCDs AirDefense Icons Icon Description A Wireless Client that is not sanctioned by AirDefense and is currently probing and is associated to a BSS. A Wireless Client on a neighboring network that is currently probing and is associated to a BSS. One or more Wireless Clients that are sanctioned by AirDefense forming an Ad-Hoc network. One or more Wireless Clients that are not sanctioned by AirDefense forming an Ad-Hoc network. One or more Wireless Clients on a neighboring network forming an Ad-Hoc network.
AirDefense Icons Icon VoIP Phones Description A MCD on a neighboring network that is currently probing and is associated to a BSS. One or more MCDs that are sanctioned by AirDefense forming an Ad-Hoc network. One or more MCDs that are not sanctioned by AirDefense forming an Ad-Hoc network. One or more MCDs on a neighboring network forming an Ad-Hoc network. A Wi-Fi Direct MCD that is sanctioned by AirDefense. A Wi-Fi Direct MCD that is not sanctioned by AirDefense.
Laptops AirDefense Icons Icon Description A VoIP Phone is not sanctioned by AirDefense and is currently probing and is associated to a BSS. A VoIP Phone on a neighboring network that is currently probing and is associated to a BSS. One or more VoIP Phones that are sanctioned by AirDefense forming an Ad-Hoc network. One or more VoIP Phones that are not sanctioned by AirDefense forming an Ad-Hoc network. One or more VoIP Phones on a neighboring network forming an Ad-Hoc network.
AirDefense Icons Icon Employee Laptops Description A Laptop on a neighboring network that is currently probing and is associated to a BSS. One or more Laptops that are sanctioned by AirDefense forming an Ad-Hoc network. One or more Laptops that are not sanctioned by AirDefense forming an Ad-Hoc network. One or more Laptops on a neighboring network forming an Ad-Hoc network. A Wi-Fi Direct Laptop that is sanctioned by AirDefense. A Wi-Fi Direct Laptop that is not sanctioned by AirDefense.
Employee Phones Icon AirDefense Icons Description One or more Employee Laptops that are sanctioned by AirDefense forming an Ad-Hoc network. One or more Employee Laptops that are not sanctioned by AirDefense forming an Ad-Hoc network. One or more Employee Laptops on a neighboring network forming an Ad-Hoc network. A Wi-Fi Direct Employee Laptop that is sanctioned by AirDefense. A Wi-Fi Direct Employee Laptop that is sanctioned by AirDefense. A Wi-Fi Direct Employee Laptop on a neighboring network.
AirDefense Icons Icon Employee Devices Description One or more Employee Phones that are not sanctioned by AirDefense forming an Ad-Hoc network. One or more Employee Phones on a neighboring network forming an Ad-Hoc network. A Wi-Fi Direct Employee Phone that is sanctioned by AirDefense. A Wi-Fi Direct Employee Phone that is not sanctioned by AirDefense. A Wi-Fi Direct Employee Phone on a neighboring network.
High Priority Visitor Devices Icon AirDefense Icons Description One or more Employee Devices on a neighboring network forming an Ad-Hoc network. A Wi-Fi Direct Employee Device that is sanctioned by AirDefense. A Wi-Fi Direct Employee Device that is not sanctioned by AirDefense. A Wi-Fi Direct Employee Device on a neighboring network. High Priority Visitor Devices These icons display the status of high priority visitor devices in your network.
AirDefense Icons Icon Visitor Devices Description A Wi-Fi Direct High Priority Visitor Device that is sanctioned by AirDefense. A Wi-Fi Direct High Priority Visitor Device that is not sanctioned by AirDefense. A Wi-Fi Direct High Priority Visitor Device on a neighboring network. Visitor Devices These icons display the status of visitor devices in your network. Icon Description A Visitor Device that is sanctioned by AirDefense and is currently probing but is not associated to a BSS.
Low Priority Visitor Devices Icon AirDefense Icons Description A Wi-Fi Direct Visitor Device that is not sanctioned by AirDefense. A Wi-Fi Direct Visitor Device on a neighboring network. Low Priority Visitor Devices These icons display the status of low priority visitor devices in your network. Icon Description A Low Priority Visitor Device that is sanctioned by AirDefense and is currently probing but is not associated to a BSS.
AirDefense Icons Icon Low Priority Visitor Devices Description A Wi-Fi Direct Low Priority Visitor Device that is not sanctioned by AirDefense. A Wi-Fi Direct Low Priority Visitor Device on a neighboring network. Extreme AirDefense User Guide for version 10.5.
Legacy Content Menu on page 908 AirDefense Dashboard on page 966 Network Tab on page 974 Alarms on page 1016 Configuration Tab on page 1031 Security on page 1378 WLAN Management on page 1390 Central Management Console on page 1400 ADSPAdmin on page 1406 Troubleshooting on page 1414 AirDefense Icons on page 1419 Menu The Menu gives you access to AirDefense features. 908 Extreme AirDefense User Guide for version 10.5.
Installing the Toolkit Legacy Content Features such as Add Devices and Import/Discover Devices are features that are an integral part of AirDefense. Reports and Help are web-based applications. Most of the rest of the features are Java applets. To run the Java applets, you are required to install the AirDefense Toolkit on your local workstation. (If you have no need to run the applets, there is no need to install these AirDefense Toolkit.
Legacy Content Open 2. Select the version of the installation program that corresponds to your OS (Windows or Linux) and then follow the instructions for your OS. Open Click Open to access a saved Frame Capture or Spectrum Analysis file. • • Frame Capture Analysis on page 368 Spectrum Analysis on page 369 Frame Capture Analysis Live View saves session frame data in a temporary file on your ADSP appliance. This process is called Frame Capture.
Open Legacy Content The Capture File window is basically the same as the Live View window minus the buttons and menus that are not needed for Frame Capture Analysis. The tabs display the same information as the Live View window. Spectrum Analysis After conducting a Spectrum Analysis, you can save the temporary spectrum data to a permanent file on the appliance or to a file on your workstation.
Legacy Content Forensic Analysis-Basic The Spectrum View window is opened minus the buttons and menus that are needed for generating spectrum analysis data. Forensic Analysis-Basic Using Forensic Analysis, you can analyze historical data collected and stored for wireless devices. Forensics furnishes details on devices detected by AirDefense, e.g., APs, sensors, switches, BSSs and wireless clients.
Forensic Analysis-Basic Legacy Content Method 1 To access forensic data for a device: 1. Select Menu > Forensic Analysis 2. Enter the MAC address of the device in the appropriate field. Method 2 Use the context sensitive menu for the device to view Forensic Analysis: 1. Left-click the drop-down menu button of a device anywhere within AirDefense. 2. Select Forensic Analysis from the menu to drill down into the device statistics.
Forensic Analysis-Basic Legacy Content historical analysis, you can change the 24 hour time period by selecting a new date and time. However, you cannot view more than 24 hours of data at any one time. Note Advanced Forensic Analysis allows you to specify your own time period which can exceed 24 hours. For more details, see the section Advanced vs. Basic Forensic Analysis on page 373.
Advanced Forensic Analysis Legacy Content If you select one of the tabs, the summary is expanded into more detailed forensic data so that you can learn more about the wireless device and if necessary, take immediate action. Note The tabs displayed will vary depending on the device selected and on whether you have installed Basic Forensic Analysis or Advanced Forensic Analysis. You can access the following tabs in Forensic Analysis for more detail: • Adoption History (APs and Switches.
Advanced Forensic Analysis Legacy Content investigations, and ensure policy compliance. These records can be used to provide evidence that an attacker has made repeated attempts to break into the wireless network and to know where the attack was launched. See the following table for a comparison of the features that are available with Basic vs. Advanced Forensics. Table 10: Advanced vs.
Advanced Forensic Analysis Legacy Content The following forensic data is included with Scope Based Forensic Analysis: • A summary that includes high-level information about the threat level, device counts and traffic for the entire scope over the selected time range (Summary tab). • • • • • • • Active alarm information (Threat Analysis tab). Threat level information on items within the selected scope (Threat Breakdown tab). Transmitted and received traffic by all devices in the selected scope.
Legacy Content Action Control Device Based Forensic Analysis provides AirDefense administrators with the same forensic data that Basic Forensic Analysis, but also includes the extra features. The Basic Forensic Analysis tabs are included plus an extra Location Analysis tab for BSSs and Wireless Clients is added. The Location Analysis tab provides information to help administrators locate devices in their wireless network. A Heat Map and a Location Map are used to locate a device.
Action Control Legacy Content Selecting an action displays details about the action in the Action Details window. Use the button to launch a window that enables you to filter to the actions of interest on a specific device. Extreme AirDefense User Guide for version 10.5.
Legacy Content Reports Action Control Table The Action Control table displays specific information about an action that is taking place.
Reports Legacy Content Web Reporting Interface To access the Web Reporting web site, log in to the GUI and then select Menu > Reports. The report names are displayed by category. Select the desired report and click on the link to display it. The Web Reporting interface consists of three tabs: Reports, Published and Favorites. To move from one page to another, click the tab name. See the following list for a description of each tab.
Report Builder Legacy Content The Online Help describes each of these tabs in detail and explains how to create reports, add reports to the Favorites tab, and schedule reports. Report Builder The Report Builder application allows advanced users to create completely original reports from blank templates. Alternatively, you can choose a report template you like and edit it to meet your requirements. All report components are based on whether you want a report on a single device or multiple devices.
Report Builder Legacy Content Adding a Report 1. Click New on the Report Builder tool bar. 2. Choose a template. Either choose an existing report to edit, or choose the blank report for either a single device or for multiple devices. Note You cannot change the number of devices after you start creating a report. To change then number of devices on your report, you must create a new report. 3. In the Name field, type the name you want to use for this report.
Legacy Content Report Builder Adding Report Components After you have created a report, regardless of whether you started with a blank template or an existing report, use the following guidelines for enhancing it: Note Right-click menus make it easy to work with report components. The Report Builder interface displays the right-click options that are available for use, and grays out those that are not. • To add sections - Right-click on the name of the report in the tree.
Legacy Content Report Builder Extreme AirDefense User Guide for version 10.5.
Legacy Content Report Builder Configuring Report Components Every report component (data field, table, or chart) has configuration options you can use to create reports that contain the exact information you need. After you add a report component to your report tree, Report Builder displays the configuration options for that component. You can name the component, and then configure filters. Note You may want to include the units of measure in the name you give the field. For example: Alarm (count).
Report Builder Legacy Content • Boolean (example): • Text box (example): Extreme AirDefense User Guide for version 10.5.
Legacy Content Report Builder Deleting a Report To delete an existing report: 1. Select File > Delete Report in the tool bar. A Confirmation Window appears. 2. Select (highlight) the report that you want to delete. 3. Click Delete Report to delete. 4. Click Yes to confirm. 928 Extreme AirDefense User Guide for version 10.5.
Report Builder Legacy Content Importing a Report You can import a report from the Report Builder screen by using the following steps. 1. Select File > Import. The Import Reports window is displayed. 2. Click Add. 3. Navigate to the selected report, select (highlight) it, and click Open. The report is added to the Report Files list. You may add as many reports as you like. 4. If a report name already exists, click the Overwrite existing reports checkbox. 5. Click OK to import the report.
Connection Troubleshooting Legacy Content Exporting a Report You can export a report from the Report Builder screen by using the following steps. 1. Click File > Export. The Export Reports window is displayed. 2. Select (highlight) one or more reports that you want to export. 3. Click Add to add the reports to the Selected Reports list. The Add All button adds all of the available reports to the Selected Reports list.
Connection Troubleshooting Legacy Content Getting Started You must first determine the MAC address of the Wireless Client or the device name of the Wireless Client. One way to do this is to right-click on the Wireless Client while in the GUI and copy the MAC address. If for some reason you cannot copy the MAC address, you can click the question mark next to the Troubleshoot Device field to display hints on how to determine the MAC address or device name.
Connection Troubleshooting Legacy Content 2. In the Search Programs and Files control at the bottom of the menu, type cmd and then press Enter. The Windows™ command line interface window displays. 932 Extreme AirDefense User Guide for version 10.5.
Connection Troubleshooting Legacy Content 3. In the cmd window that displays, type ipconfig /all and then press Enter. A list of available network interfaces is displayed. 4. If the list of interfaces displays multiple interfaces, search for the appropriate adapter. In the above image, the correct adapter is the Wireless LAN adapter Wireless Network Connection. The MAC address of the interface is displayed as Physical Address.
Connection Troubleshooting Legacy Content Open System Preferences and select Network. Select the wireless interface from the list in the Show drop down. The MAC address is the AirPort ID which is 00:0d:31:83:dd:37 in the screen shot below. Linux Variants To find the MAC address on a Linux or its variant system: Open a terminal and type ifconfigand then press Enter. The command displays all the network adapters on the machine. Identify the appropriate interface adapter.
Legacy Content Connection Troubleshooting Extreme AirDefense User Guide for version 10.5.
Connection Troubleshooting Legacy Content Device Selection Wizard The Device Selection Wizard is used to locate and select a Wireless Client for troubleshooting. Click the wand to access the Device Selection Wizard and then follow these steps to select a Wireless Client. 1. Select a scope by highlighting the appliance or a network level. Select Next to continue. You should try to narrow the scope as much as possible. By default, only authorized stations are included in the device list.
Legacy Content Connection Troubleshooting 2. Highlight the vendor name by selecting it. Click Next to continue. If you are unsure of the vendor of your device, you can select Unknown from the list. Extreme AirDefense User Guide for version 10.5.
Connection Troubleshooting Legacy Content 3. Type in any information that can identify the device. You may type partial names or addresses. The Device Selection Wizard finds all devices matching the provided information. Click Next to continue. 4. Check the list of devices on the left side of the window below. If there is only one device in the list, it most likely the Wireless Client you are searching for. Select it and then select Finish.
Connection Troubleshooting Legacy Content d. Click the Use this Device. The Wireless Client's MAC address is placed in the Troubleshoot Device field where you can proceed to troubleshoot it. If more than one device is found, the list of devices will update. Click Try Again and then repeat steps. You may have to keep trying again until there is only one device found. Note After following these steps and the device list is empty, please choose another sensor to retry.
Legacy Content Connection Troubleshooting If problems were observed, you may see a Results Summary window similar to the one shown below. The Results Summary screen will change according to the results but the symbols remain constant. No problem observed. Possible problem; needs further investigation. Definite problem observed. To view the individual summary sections, select on the section name of interest.
Legacy Content Connection Troubleshooting Observed Network The Observed Network window displays how the troubleshooted Wireless Client appears in the network. It shows any wireless or wired connections between the wireless client and other devices in the network. A dark gray line between devices signifies the connection was checked and communications are good. A red line between devices signifies the connection was checked and there is a problem.
Legacy Content Scheduled AP Tests A dialog window opens where you can name and save the exported file to your local hard drive. Once saved on your workstation, the exported file can be opened in the Frame Capture Analysis tool to analyze the sequence of events that occurred during troubleshooting. Warning Packet capture files are over written every time trouble shooting tests are run. It is recommended that you export the PCAP file to your local hard drive before running the next test.
Legacy Content Scheduled AP Tests On-demand AP Tests On-demand AP tests can be performed on sanctioned APs only. Select the AP to test from the Networks tab and then run the required AP tests on it. To run an on-demand AP test: 1. Click the Network tab. The Network tab loads and displays a list of all discovered APs. 2. Select BSS from the Show drop-down menu. A list of APs is displayed. 3. Select the AP you wish to test. Note The AP must be sanctioned, as indicated by the green symbol on the device.
Scheduled AP Tests Legacy Content 4. Click on the down arrow on the device and in the drop-down menu, select AP Test. 5. The test results for that device are displayed in a window. AP Test License An AP Test license is required to access the Scheduled AP Test feature. AP Test is not part of the default AirDefense system. If the AP Test license is not installed, you will receive the following error when attempting to access the Scheduled AP Test feature: 944 Extreme AirDefense User Guide for version 10.
Scheduled Vulnerability Assessment Legacy Content Click Exit to close this dialog window. Scheduled Vulnerability Assessment Wireless vulnerability assessment provides remote wireless security testing. By simulating attacks from a wireless hackers point of view, administrators can now identify sensitive systems exposed to the wireless network. This eliminates the need to go on-site and perform penetration testing. Scheduled Vulnerability Assessment To manage and schedule Vulnerability Assessment: 1.
Scheduled Vulnerability Assessment Legacy Content 2. Select Add to create and add a new Scheduled Vulnerability Assessment test. 3. Select the Ok button after setting the parameters for this Vulnerability Assessment test. At any time, select Cancel to exit without saving the configuration. Vulnerability Assessment License A Vulnerability Assessment license is required to access the Scheduled Vulnerability Assessment feature.
Scheduled Events Legacy Content Scheduled Events The Scheduled Events feature allows you to monitor all scheduled events from one source. You can schedule events throughout AirDefense, and monitor the scheduled events from the Scheduled Events window. Monitoring Scheduled Events Scheduled events can be monitored by: 1. Select Menu > Scheduled Events. The Scheduled Events window displays with a list of events. Extreme AirDefense User Guide for version 10.5.
Scheduled Events Legacy Content 2. Use the Schedule Type drop-down to filter to the events of a particular type. Select All to view all scheduled events (default). The different types of events that can be selected are: • • • • • • • • • • AP Test Auto Classification Backups Firmware Upgrade Frame Capture Server Sync System Forensic Backup Device Import Vulnerability Assessment • • • • • • • • • Device Management Poll Device Configuration Deferred Device Configuration LiveRF Background Analysis.
Add Devices Legacy Content Altering Event Schedules You can alter an event schedule by highlighting the scheduled event and clicking the Edit Schedule button. To alter an event's schedule: 1. Select the event by highlighting it and then select the Edit Schedule button. The Edit Schedule window displays. 2. From the drop-down, select the appropriate schedule.
Legacy Content Add Devices You can add any of the following devices by selecting the device from the Device Type menu: • • • • • • • • BSS Wireless Client Wired Switch Wireless Switch WLSE AirWave MSP Appliance The fields change according to the selected device. BSS Fields The following screen is displayed when BSS is selected. 950 Extreme AirDefense User Guide for version 10.5.
Legacy Content Add Devices The following fields are available when adding BSSs: Field Description MAC Address The MAC address of the device Name The name you want your device to display in your network Description A description of the device Add to appliance You may add the device to your primary appliance or all appliances that Extreme AirDefense is mionitoring. Select the appropriate radio button. Extreme AirDefense User Guide for version 10.5.
Add Devices Legacy Content Field Description Annotations Specify if the device should be flagged or if it will be bridged. Select the appropriate checkbox. Classification Specify if the device should be classified as: • Neighboring • Unsanctioned • Sanctioned (Inherit Profiles) • Sanctioned (Assign Profiles) - a list of available profiles is displayed to use as the override profile(s). You may select one or more profiles.
Add Devices Legacy Content The following fields are available when adding Wireless Clients: Field Description MAC Address The MAC address of the device Name The name you want your device to display in your network Description Select a scope (usually a floor network level) from the drop-down menu Add to appliance You may add the device to your primary appliance or all appliances that Extreme AirDefense is monitoring. Select the appropriate radio button.
Legacy Content Add Devices The following fields are available when adding the above device types. Field Description MAC Address The MAC address of the device. Name The name you want your device to display in your network. Scope Select a scope (usually a floor network level) from the drop-down menu. Host The host name of the device. Description A description of the device. Appliance Fields The following screen is displayed when Appliance is selected.
Legacy Content Import and Discovery Import and Discovery Import and Discovery is used to import or discover devices from one of the following sources: • • • • Local file Remote file SNMP discovery using a list of networks to scan Wireless Manager/Switch. All imported devices will be configured and classified according to the Device Import Rules. You may also use Auto-Placement Rules to place the device in your network, or you may place the device yourself.
Legacy Content Import and Discovery Field Description Device placement You have the option of using the auto-placement rules or selecting a folder from your network tree. Execution Method You have the option of selecting an existing profile or entering the import information manually. If you elect to enter the information manually, additional options are displayed.
Legacy Content Import and Discovery Import Local File The following fields are available when importing local files: Field Description Job Type Import Local File Descriptions System generated description. You may change if you want to. Path Browse to specify a path on your local workstation including the import filename (e.g., c:\temp\filename) Select a sample CSV file Selects a sample CSV file from the drop-down list. Once a file is selected, click Open in New Window.
Import and Discovery Legacy Content Import Remote File The following fields are available when importing remote files: Field Description Job Type Import Remote File Descriptions System generated description. You may change if you want. Host Host name or IP address Protocol Protocol used for communications Path Path name on the remote host including the import filename (e.g.
Import and Discovery Legacy Content Import from Wireless Manager or Switch The following fields are available when importing wireless managers or switches: Field Description Job Type Import from Wireless Manager/Switch Descriptions System generated description. You may change if you want. Basic Search Specify a partial or full MAC address of a Switch or enter the name; then, click Search. The search results are listed in the Select from search results box.
Legacy Content Import and Discovery • Profiles (configurations). Import files contain records, made up of columns (fields), that are used to import devices or profiles and configuration settings into ADSP. You will need to use text files to import devices and profiles. There are two commonly used text file formats: • Comma separated values text files (CSV), in which the comma character typically separates each field of text.
Import and Discovery Legacy Content • • DEV_ON_WIRE STATION Requirements: Importing Stations require performance and security policy information. The relevant policies must be created prior to importing the file or created within the file. You can create the Station in line 1 of the file and the policies later in the file. The sequence does not matter.
Import and Discovery Mapping for Device Type: ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ • • • • • • • • • • • • • • • • • • • ap51x1=1 ap71x1=2 ws2000=4 ws5100=5 rfsx000=6 airespace=7 wm3x00=8 ap35x0=9 ap47x0=10 brx000=11 br51x1=12 br71x1=13 ap7181=14 Cisco1200Plugin=20 cb3000=23 ap650SA5000R= Wing 5.2=25 IRIS=26 SILK=27 ArubaPlugin=28 extreme.
Import and Discovery Legacy Content • • • • • • SCHEDULED_IMPORT SECURITY_PROFILE SENSOR_SETTINGS SYSTEM_SETTINGS USER_INFO WLAN_PROFILE Import Rules: ◦ The last field NUM_KEYS_RADIUS_SERVERS is zero by default. ◦ For protocol EAP,WPA and WPA2, RADIUS server information is expected. ◦ RADIUS Server information is preceded by record name radius_info and followed by RADIUS server name. ◦ For WPA_PSK and WPA2_PSK, the primary shared key and ascii value need to be made available.
Legacy Content Import and Discovery • • • • • Time to wait for Sensor in minutes Number of tests (assessments) to run in parallel Prefer OTA tests (true or false) Schedule name Schedule type (daily, intraday, monthly, weekly, or onetime): ◦ Daily has the following sub-fields: ▪ hours (the hour of the day) ▪ minutes (the minute of the hour) ▪ type (interval, weekdays, or weekends)-interval means run in every x days. weekdays means run on weekdays. weekends means run on weekends.
Bluetooth Monitoring Legacy Content Bluetooth Monitoring Bluetooth monitoring is a feature that provides 24x7 monitoring of Bluetooth devices in Enterprise environments. With this feature, ADSP can automatically scan and detect security threats from unsanctioned Bluetooth devices, as described in the following list. • • • Detection of any unsanctioned Bluetooth device. Detection of any unsanctioned Bluetooth device present longer than the configured duration.
AirDefense Dashboard Legacy Content Bluetooth License You must have a WIPS license on the sensor device in order to access the Bluetooth feature. AirDefense Dashboard The Extreme AirDefense Dashboard provides a quick visual representation of your network. Network state and other information is displayed using widgets. You can select from a large array of useful widgets to customize the AirDefense Dashboard to display the network state information that you are interested in.
The Dashboard Legacy Content ADSP provides five default views involving the most important aspects of your network. Each view is fully customizable where you can add any one of the already defined dashboard components. The default views are: • General - Displays general information about your network using some components of the other three views.
Legacy Content Selecting Dashboard Scope • Infrastructure - Displays infrastructure information such as: ◦ ◦ ◦ ◦ ◦ ◦ • Infrastructure Status Last 5 Infrastructure Alarms Device Breakdown by Model Top Infrastructure Criticalities Wireless Client Associations by WLAN Radio Channel Breakdown. Performance - Displays performance information such as: ◦ Performance Threat by Tree Level ◦ Performance Threat by Device.
Customizing Dashboard Views Legacy Content Scopes are defined as the following network levels: • SystemDisplays information for your entire network (system). If you have a Central Management license, selecting System as the scope displays a combination of all appliances being managed. • ADSPDisplays server information including all the network levels (Country, Region, City, Campus, Building, and Floor) as defined in the Configuration tab under Appliance Platform > Tree Setup.
Dashboard Components Legacy Content You can click on the 2x2 or 3x3 button. You can then change the name of a view by clicking the Rename button, typing in the new name, and then clicking OK. Draggable Components You may customize any of the existing views as well as the empty custom views. The components panel contains all of the components that can be viewed in the Dashboard. You may add components to the Dashboard by dragging and dropping a component onto the Dashboard.
Legacy Content Dashboard Components Component Description BT_Sensors Displays Bluetooth sensors see on your network. BSSs by Configuration Displays a pie chart of BSSs by configuration (sanctioned, unsanctioned, and neighboring). Also lists the total number of BSSs seen on your network. BSSs by Last Seen Displays a pie chart of the BSSs seen on your network over the last five days. Also lists the total number of BSSs as well as the totals for each day.
Dashboard Components Legacy Content Component Description PCI 11.1 Status Lists the compliance status of Rogue APs, Rogue Wireless Clients, and Accidental Associations as related to PCI Section 11.1. A green checkmark signifies you are in compliance. A red x signifies you are out of compliance. PCI Status Lists the compliance status of PCI Sections 2, 4, 11.1, and 11.4. A green checkmark signifies you are in compliance. A red x signifies you are out of compliance.
Legacy Content Dashboard Components Component Description Severity by Device Displays a bar chart showing the severity scores of the top offending devices. Severity by Tree Level Displays a bar chart showing the severity scores of the top offending network levels. Signal Strength Status Displays a pie chart showing the number of clients and APs greater than or equal to -70dBm, and the number of clients and APs less than -70 dBm. System Load Displays a column chart reflecting system load.
Legacy Content Network Tab Network Tab The Network tab displays a list of devices seen in your wireless network. Also displayed is a total device count. You can narrow the scope by selecting an ADSP appliance, country, region, city, campus, building, or floor from the network tree or from the for menu. You can also filter device information using the Network Filter. The information displayed depends on the type of device selected.
Select-Network View Legacy Content Select-Network View Show Menu Use the Show menu on the top menu bar to select the devices that you want to display in the Network tab. Viewing the Network You can choose to display the Network tab in a tabular or graphical view as follows: In the tabular view, the following items are displayed in the Show menu: • Network Devices (includes APs, Sensors, Wired Switches, Wireless Switches, WLSE devices, AirWave devices, and Managed Services Providers (MSPs).
Network Devices Legacy Content Types of Devices From the drop-down menu under Show, you can select a device. The choices are: • • • • • Network Devices BSS Wireless Clients Unknown Devices Bluetooth. Select for AirDefense system or a specific city, building, floor, etc. Actions Menu From the drop-down menu under Actions on the top menu bar, you can select a an action to apply to the selected device. The actions available vary by device, as explained in the following section, Network Devices.
Network Devices Legacy Content Column Description Name Displays the name of the Network Device. MAC Displays the Network Device's MAC address. IP Displays the Network Device's IP address. (default header) Severity Displays the Network Device's threat level to your network. (default header) First Seen Displays the date and time the Network Device was first seen in your network. Last Seen Displays the date and time the Network Device was last seen in your network.
Network Devices Legacy Content The list of BSSs are displayed in a tabular format using a combination of the following columns: Column Description Flag Indicates if a BSS has been flagged (blue flag Device Displays the BSS icon along with the vendors ID. (default header) Name Displays the name of the BSS. MAC Displays the BSS's MAC address. IP Displays the BSS's IP address. Severity Displays the BSS threat level to your network.
Legacy Content Network Devices Wireless Client Click the drop-down menu under Show and click on Wireless Client. AirDefense displays a list of all Wireless Clients seen in your wireless network. A list of wireless clients is displayed in a tabular format using a combination of the following columns: Column Description Flag Indicates if a Wireless Client has been flagged (blue flag (default header) Device Displays the Wireless Client icon along with the vendors ID.
Legacy Content Network Devices Column Description Sensed Authentication Displays the sensed method of authentication. Sensed Encryption Displays the sensed method of encryption. Polled Authentication Displays the polled method of authentication. Polled Encryption Displays the polled method of encryption. Protocols Displays the protocols being utilized by the Wireless Client. Rogue Indicates if a Wireless Client is a rogue (true or false).
Network Devices Legacy Content The list of Unknown Devices are displayed in a tabular format using a combination of the following columns: Column Description Flag Indicates if a Unknown Device has been flagged (blue flag (default header) Device Displays the Unknown Device icon along with the switch name. (default header) Name Displays the name of the Unknown Device. MAC Displays the Unknown Devices MAC address. (default header) IP Displays the Unknown Devices IP address.
Legacy Content Association Tree The list of Bluetooth devices are displayed in a tabular format using a combination of the following columns: Column Description Device Contains the MAC address. Click on the down-arrow to display the MAC address, appliance, when last seen, and signal strength. Type Displays the type of Bluetooth device (such as computer.) Severity Displays the threat level to your network. Green indicates a sanctioned device. Red indicates an unsanctioned device.
Network Graph Legacy Content Click the Expand button to open a branch of the tree. Click the i tree. The table columns for the Association Tree are: button to close a branch of the Column Description Devices Displays the name of the devices on your network. Severity Displays the threat level to your network for a floor and all the devices on that floor. Device Count Displays the number of devices on a tree level. Last Seen Displays the last time a device was seen on the network.
Legacy Content Network Graph To switch to the Hierarchical view, click the Hierarchical button. Click Concentric to return to the Concentric view. You can manipulate the graph by using: • • • • Graph Zoom to zoom the graph in and out. Device Labels to remove or display the device labels. Icon Size to increase or decrease the size of the icons. Network Depth to see more devices or less devices in your network. 984 Extreme AirDefense User Guide for version 10.5.
Network Filters Legacy Content Network Filters Network filters are provided to filter the displayed network information. They are displayed on the left side of the Network tab. The different filters are: • • • Grouping - you can view devices by grouping them using similar criteria. Network Scope - you can view devices according to where they are in the network tree. First/Last Seen Filter - filters devices according to when they where first seen and/or last seen on your network.
Legacy Content Network Filters • • • • • • • • • Flag - you can optionally view all flagged devices. Alarm Severity - you can view devices by alarm criticality. Alarm Type - filters devices by alarm type. Device - filters devices by model, manufacturer, and/or capabilities. Compliance - displays devices according to state of compliance with network policies. Status - displays devices according to their uptime/offline status. Signal Strength - filters devices within a specific signal strength range.
Legacy Content Network Filters • Classification - Groups devices by how they are classified. This view is accessible when displaying BSSs, Wireless Clients, or Unknown Devices. • Signal Strength - Groups devices in a range of signal strengths. This view is accessible when displaying BSSs or Wireless Clients. • Sensed Authentication - Groups devices based on their sensed method of authentication. This view is accessible when displaying BSSs or Wireless Clients.
Legacy Content Network Filters • Client Type - Groups devices based on their client type. This view is accessible only when displaying Wireless Clients. • On Network - Groups devices based whether they are on the network or not. This view is accessible only when displaying Unknown Devices. • Status - Groups devices based on their online/offline status. This view is accessible when displaying Network Devices. • Scope - Groups devices based on where they are in the network.
Network Filters Legacy Content First Last Seen Filter The First/Last Seen filter allows you to filter devices according to when they where first seen and/or last seen on your network. The last seen times may be: • • Any time period 0 - 5 minutes Extreme AirDefense User Guide for version 10.5.
Legacy Content Network Filters • • • • • • • • 5 - 10 minutes 10 - 20 minutes 20 - 30 minutes 30 - 60 minutes 1 - 12 hours 12 - 24 hours 24 - 72 hours More than 72 hours. The first seen times may be: • • • • • Any time period 1 - 12 hours 12 - 24 hours 24 - 72 hours More than 72 hours. For example, if 30 - 60 minutes is selected as the last seen time and no other times are selected (first/last seen), only devices that were last seen within 30 to 60 minutes are displayed.
Network Filters Legacy Content • • Minor Safe - Displays Major, Critical, and Severe alarms. - Displays alarms of all criticalities. You can select the alarms that you want to view by checking the checkbox. Alarm Type Filter The Alarm Type filter allows you to view devices by alarm type. Devices are grouped together according to their alarm threat to your network. You have the option of displaying all alarm types or filtering alarms by a specific type.
Network Filters Legacy Content Click Edit, select the alarm type(s), and then click OK. The following graphic shows that you only want to display rogue alarms. To remove an alarm type, select (highlight) the alarm type and click Remove. Classification Filter The Classification filter is used to filter devices by their device classification. 992 Extreme AirDefense User Guide for version 10.5.
Network Filters Legacy Content Devices are displayed by the following classifications: • • • SanctionedDisplay sanctioned devices. UnsanctionedDisplay unsanctioned devices. NeighboringDisplay neighboring devices. Select the checkbox(es) for the classification(s) that you want to display. You can also display devices by rogue classification. You options are to display all devices or to display only rogue devices. Select the appropriate radio button.
Legacy Content Network Filters . You can also filter network devices based on the capability of the device. When you select a capability, only devices with that capability are displayed. For network devices, you may select: • • • • • • Access Point BT_Sensors Wireless Switch Sensor Wired Switch Network Manager. Wireless Clients For wireless clients, you can filter devices based on the manufacturer. Select the manufacturer from the drop-down menu.
Network Filters Legacy Content • • Tablet Uncategorized Device BSSs and Unknown Devices For BSSs and Unknown Devices, you can filter devices based on the manufacturer but not on client type or capabilities. Select the manufacturer from the drop-down menu. You may also type in the manufacturer's name, including a partial name. Bluetooth Devices There are no device filter for Bluetooth devices.
Legacy Content Network Filters You may select one or more of the following statuses: • • OfflineDisplays any offline devices. Uptime (0 - 1 hours)Displays devices that have been online from 0 to 1 hour. Note Devices that do not track uptime are shown in this time slot. • • • • Uptime (1 - 12 hour)Displays devices that have been online from 1 to 12 hours. Uptime (12 - 24 hours)Displays devices that have been online from 12 to 24 hours.
Legacy Content Network Filters Figure 128: Authentication Figure 129: Encryption Extreme AirDefense User Guide for version 10.5.
Legacy Content Network Filters You may select any combination of authentication methods and/or encryption methods. The available authentication methods are: • • • • • • • • • • • • • • • • • • • Unknown Open Pre-Share Key WPA 802.1x RSN LEAP PEAP EAP-MD5 EAP-OTP EAP-GTC EAP-TLS EAP-FAST EAP-TTLS RSA EAP-SIP RAS EAP-PKA Network EAP Symbol Keyguard Other. The available encryption methods are: • • • • • • Unknown Unencrypted WEP TKIP AES(CCMP) Other Encryption.
Actions Menu Legacy Content You may select any combination of authentication methods and/or encryption methods. The available authentication methods are: • • • • • • • • Open Pre-Share Key EAP WPA WPA PSK WPA2 WPA2 PSK Unknown. The available encryption methods are: • • • • • • • Unencrypted WEP64 WEP128 AES(CCMP) TKIP Symbol Keyguard WPA2 PSK. Actions Menu The Network tab includes an Actions menu where you can execute an action.
Legacy Content Actions Menu Network Device Actions BSS Actions Wireless Client Actions 1000 Extreme AirDefense User Guide for version 10.5.
Legacy Content Actions Descriptions Unknown Devices Actions Bluetooth Devices Actions Actions Descriptions Actions are active (selectable) or inactive (un-selectable) depending on the device type selected in the Show menu. Some actions are executed when you select a device and then select an action. In this case, Extreme AirDefense User Guide for version 10.5.
Actions Descriptions Legacy Content no other input is required. Other actions will display a dialog that require more input. Descriptions of the actions are as follows: Action Description Set Flag Allows you to flag the selected device(s) to indicate attention is required. Clear Flag Allows you to remove a flag from the selected device(s).
Actions Descriptions Legacy Content Action Description Search Device Configuration Allows you to search for device configurations on the network. Generate Tracker Files Allows you to generate tracker files and save the files to a directory on your computer Audit Devices The Audit Devices action runs a compliance audit on the selected device(s). When selected, a Compliance Audit overlay displays and the audit starts. Once the audit is complete, the device(s) are listed in the Devices sub-window.
Legacy Content Actions Descriptions When you change a configuration type, the CLI commands for that type are displayed. If there are differences, they are highlighted. Click Revert to Compliant Config to update the highlighted device with the CLI commands from Compliant Configuration. Click Accept Polled Config to accept the CLI commands from Polled Configuration. Click Close button to exit the compliance audit overlay.
Legacy Content Actions Descriptions To view your diagnostic logs, you will have to export them to your workstation by clicking Export Consolidated Logs. Note The Export Consolidated Logs button is inactive until the status changes to Pass and the diagnostic logs are ready to export. Click OK to continue. Navigate to a location and click Save. The consolidated logs are saved in a ZIP file using the specified file name. You can now view the logs. Extreme AirDefense User Guide for version 10.5.
Actions Descriptions Legacy Content Remove Devices To remove devices: 1. Click Remove Devices to remove a selected (highlighted) device. You are prompted to confirm removal. 2. Click OK to remove the listed devices. Click Cancel to exit without removing the device(s). Move Devices Use the Move Devices action to move a selected (highlighted) device to a scope (floor) that you specify. When selected, you are prompted to select a scope To move a device: 1. Select Move Devices action.
Legacy Content Actions Descriptions 2. Click the Select Scope drop-down menu to make your scope and then click OK. You are prompted to confirm your selection. 3. Click OK to move the device(s). Click Cancel to exit without moving the device(s). Upgrade Devices To upgrade the firmware for devices on your network, select (highlight) a device and then select Upgrade Devices from the menu. Extreme AirDefense User Guide for version 10.5.
Actions Descriptions Legacy Content You have the option of upgrading immediately or upgrading later. If you decide to upgrade later, select Upgrade Later and then select a time from the drop-down menu and a date from the calendar. You may enter a description in the Description field. This information is displayed when you check the Job Status and helps identify the job. There are four checkbox options that you can select. They are: • • • • Downgrade devices with newer firmware.
Actions Descriptions Legacy Content By default, all devices are selected. If you decide not to upgrade one or more devices, uncheck the checkbox for that type of device. Click OK to start or schedule the upgrade. Click Cancel to exit and not upgrade. Import CLI Variables Note A WLAN Management license is required to import CLI variables. The Import CLI Variables action is used to import CLI variables at the device level.
Actions Descriptions Legacy Content Select the import file and then click Open to import the CLI variables. Verify Import of CLI Variables To verify that the CLI variables were imported: 1. Click the device's drop-down menu button. 2. Select Properties from the menu. 3. Select the CLI Profile for the device. The imported CLI variables should be visible in the Variables section.
Legacy Content Actions Descriptions When you click OK, a dialog window opens where you can specify the directory (folder) and name of the CSV file. Note At this time, files exported using Export Devices are for external viewing only. They cannot be imported back into AirDefense. AirDefense names the CSV file devices.csv by default. You can keep that name or change it. Click Save button to save the CSV file. Click Cancel to exit without saving the file.
Actions Descriptions Legacy Content The commands are applied to all devices selected in the Network tab. Selected devices are listed in the Devices that will be affected field. Each command must be on a line by itself. If a command requests a confirmation from a device, ADSP will respond Yes. You may import an updated configuration from device(s) after a command has run successfully. Just select the Import checkbox. The logs for the Command Run and Log are placed at: /usr/local/smx/device-mgmt/jobs.
Actions Descriptions Legacy Content You can view the log of another device by selecting the device from Devices drop-down menu. Click Copy to Clipboard to copy the log contents to the clipboard. Click Cancel to exit the log. Search Device Configuration Use the Search Device Configuration action to search for devices by configuration. Depending on the number of infrastructure devices in network, the process can take some time. Follow these steps to search for device configurations: 1.
Legacy Content Advanced Search 3. From the Actions menu, select Search Device Configuration. 4. Enter the name of the device configuration you are searching for. 5. Check Search Results to display the search results. 6. When the devices are found, click Upgrade Firmware to upgrade; Command Run & Log to run the command log; and Cancel to exit without saving. Advanced Search The Network tab has an advanced search feature that allows you to supply additional criteria to the basic search.
Advanced Search Legacy Content • • • The model number of a device or any model. The SSID of the device The client type of the device ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦ • • Default Type MCD VoIP Phone Laptop Employee Laptop Employee Phone Employee Device High Priority Visitor Device Visitor Device Low Priority Visitor Device The manufacturer of the device The source ◦ ◦ ◦ ◦ ◦ All Sensor Segment Switch Authorized AP Unknown You may add additional criteria as needed by clicking the Add Search Criteria link.
Legacy Content Alarms Additional criteria may be added until you added all the search criteria for the type of devices being displayed. Added criteria may be removed by hovering your cursor over the criteria and then clicking the located to the right of the criteria. Additional criteria includes: Criteria Description Flag Select whether you want to display flagged or un-flagged devices. Firmware Supply a firmware version for devices you want to display.
Alarms Tab Legacy Content The alarms listed in the table are determined by the network level and the filters you have selected. Select the network level in Show alarms in the drop-down menu. Select filters using the instructions described in the Alarm Filters on page 481 section. You can hide (uncheck) or view (check) columns by clicking the drop-down button located to the right of the last column.
AirDefense Alarm Model Legacy Content AirDefense Alarm Model Suppressed Alarm Repetition AirDefense has made significant advancements in the Alarm Model, dramatically decreasing the occurrence of repetitious alarms. In the new Alarm Model, the AirDefense appliance leverages the extensive data it collects about security events to determine whether events are: • • • Unique events Repeat occurrences of activities that constitute a single security event Repeat observances of a single, ongoing event.
Capabilities with a Central Management License Legacy Content Duration of Alarm The alarm stays active for a period of time after the security event ends. This period of time is called the duration. The duration is user-configurable, although AirDefense has determined default duration times correlated to the expected life-cycle of each specific event. When the duration time ends, the alarm becomes inactive. You can use the forensic analysis to view historical alarms.
Legacy Content Alarm Table If displaying alarms on an appliance level or a network level, only the alarms generated by that appliance or network level are shown. Alarm Table The alarm table is customizable and includes the following information (columns): Column Description Flag Indicates whether or not a alarm has been flagged. Criticality Displays the criticality of the alarm. (See Alarm Criticality on page 490 for more information.) Alarm ID Displays the alarm identification.
Alarm Filters Legacy Content The indicator on the right of each filter turns green when you change a filter from its original state. Click the green indicator to return a filter to its default state. The different filters are: • • • • • • • • Grouping Filterview devices by grouping them using similar criteria. Network Scope Filterview alarms according to where they appear in the network tree. Alarm Severityview alarms by severity. Alarm Typeview devices by alarm type.
Legacy Content Alarm Filters The following views are available: • • No GroupingDisplays all alarms without grouping. • Alarm CategoryGroups alarms into alarm categories. • Alarms Sub-CategoryGroups alarms into alarm sub-categories. • Alarm TypeGroups alarms by alarm type. SeverityGroups alarms into the different threat levels to your network. Threat levels that are not sensed are not shown. 1022 Extreme AirDefense User Guide for version 10.5.
Alarm Filters Legacy Content • Alarm StateGroups alarms by the state of the alarms. • Alarm StartGroups alarms by when they started. • Device TypeGroups alarms by the device type. • Device ClassificationGroups alarms based on the device classification. • ScopeGroups alarms based on where they are in the network. The highest network levels under the appliance level are displayed as the group. Clicking on a group will display the individual alarms in that group.
Legacy Content Alarm Filters If the appliance level is selected, all the alarms for that appliance are displayed. If a floor level is selected, only the alarms on that floor are displayed. Alarm Severity Filter The Alarm Severity filter allows you to view devices by alarm severity. The severities are: • • • • • Severe - - Displays only Severe alarms. Critical - - Displays Critical and Severe alarms. Major - - Displays Major, Critical, and Severe alarms.
Alarm Filters Legacy Content You also have the option of displaying all alarm types or you may filter alarms by a specific type. The different alarm types are: • • • • • • • • • • • Anomalous Behavior Bluetooth Exploits Infrastructure Performance Platform Health Policy Compliance Proximity Reconnaissance Rogue Activity Vulnerabilities. Use the Edit button to select the alarm types that you want to display. Click the Edit button, select the alarm type(s), and then click OK.
Legacy Content Alarm Filters To remove an alarm type, select (highlight) the alarm type and click the Remove button. View Filter The View filter gives you the option of viewing all alarms, new alarms, or flagged alarms. To select an option, click All, New, or the blue flag - . The option you select will be highlighted. Device Filter The Device filter is used to filter alarms by device classification, device type, and/or license status.
Alarm Filters Legacy Content • • • Unknown Devices Wireless Client Bluetooth Also, alarms can be displayed by license status: • • Licensed Unlicensed Select the checkbox(es) for the device classifications and/or device types that you want to display. Alarm Lifecycle Filter Use the Alarm Lifecycle filter to filter alarms over a specified range of time. You can select alarm states and/or a time range when the alarms started.
Alarm Categories and Criticality Legacy Content Alarm ID Filter Use the Alarm ID to filter alarms using the alarm ID. Normally, the alarm ID can be found in things such as: • • • an email that was generated by an alarm. a SNMP notification generated by a Trap action defined in the Action Manager. a report generated by the Report system. Type or paste an alarm ID in the Alarm ID field to filter alarms using that alarm ID. Only the alarm matching the ID will be displayed.
Alarm Details Legacy Content Management > Alarm Configuration. You must be a user with read/write permission for the Alarm Management functional area to change the criticality of an alarm. Alarm Criticality Description Severe Serious alarms that may have catastrophic effects on your WLAN network. Critical Serious alarms on devices that require immediate attention. Major Potentially serious alarms on devices that require priority attention.
Legacy Content Alarm Actions At the bottom of the detailed information are links that allow you to execute a function or provide more information. Link Description Clear Alarm Clear alarm works the same as Clear Alarm in the Actions menu. Disable for device Disables the alarm specifically for the device causing the alarm. If you wish to re-enable the alarm, you must go to Alarm Configuration and remove the device from the disabled list.
Configuration Tab Legacy Content A description of the actions are as follows: Action Description Clear Alarm Clear the selected alarm using one of the following options: • Clear Alarm (no time limit) • Clear for 1 hour • Clear for 6 hours • Clear for 12 hours • Clear for 24 hours. If you click one of the options with a time limit. The alarm is cleared for the specified time and then returns if the conditions that generated the alarm are not cleared.
Legacy Content Search • • Appliance Management is used to configure the AirDefense appliance. Account Management is use to set up user account parameters, including access, authentication and passwords. Search This feature allows you to Searches the Configuration tab for quick location of a configuration feature. To conduct a search, just start typing. 1032 Extreme AirDefense User Guide for version 10.5.
Legacy Content Appliance Platform Typing just one character will list available features related to that character. To narrow your search, type more text. Click the link for the feature to navigate to it. Appliance Platform The Appliance Platform category includes all the necessary features that are needed to initially set up AirDefense. Extreme AirDefense User Guide for version 10.5.
Appliance Platform Legacy Content The Appliance Platform category allows you to: • • • • Appliance Licensing - License your appliance and devices. Tree Setup - Establish a network tree. Security Profiles - Create security profiles that will initiate WIPS. Auto-Placement Rules - Define Auto-Placement rules that will automatically place devices in your network tree. • Auto-Licensing - Establish an import policy that controls how device licenses are applied during the import process.
Appliance Platform Legacy Content Appliance Licensing The AirDefense GUI handles license management for AirDefense and any modules. Using Appliance Licensing, you can: • • • • View current license agreement information Add licenses Copy appliance MAC address Download appliance keys View Current License Information Extreme AirDefense User Guide for version 10.5.
Legacy Content Appliance Platform License information is displayed about WIPS (base license) and the following add-on modules: Note Modules are only displayed when they are installed.
Appliance Platform Legacy Content Field Description Order Date Indicates the date the license was ordered and the license ID number. License Count Includes the following information: • The number of units. The number of active units cannot exceed this number. Unit counts may be 0, a specific number, or unlimited. • A style that specifies that the unit count is fixed or floating. Fixed licenses get consumed as they are used and are not released.
Appliance Platform Legacy Content There are three ways to install a license: • • • Using a License File on page 499 Using an Authorization Code on page 501 Requesting a License on page 502 Using a License File A license file contains information about your license. If you have a license file, select the I have a license file option and then click Next. Navigate to the file and select it. Once you have selected the licensing file, click Open. The license information is updated.
Legacy Content Appliance Platform To add licenses using authorization codes: 1. If you have an authorization code, select the I have an authorization code option and then click Next. Extreme AirDefense User Guide for version 10.5.
Appliance Platform Legacy Content 2. Enter your company name, contact name, email address, and server serial number. Click Next. 3. Enter your authorization code and then click the Add button. The authorization code is added to the New Authorization Codes list. Click Next to continue. After the license is installed, the following message is displayed: Licenses installed successfully. Requesting a License To request a license or to check if your requested license has been received: 1.
Appliance Platform Legacy Content Once the ID is displayed, click the Copy button to copy the ID. Download Appliance Keys You can download appliance keys to your workstation from the Licenses window. Follow these steps to download appliance keys: 1. Click the Appliance Keys button. 2. Click OK. 3. Navigate to the location where you want to save the appliance key file. 4. Click Save. License Assignments Use the License Assignments link to view which license is assigned to a device.
Appliance Platform Legacy Content The following information is displayed: • • • • • Total number of licenses Number of licenses assigned Number of licenses available Number of licenses available for reassignment List of licenses assigned to devices. Assigning a License to a Device This feature only allows you to assign a fixed license to a device. To do so, follow these steps: 1. Select a fixed license by clicking on the license name. 2. Click the License Assignments link.
Appliance Platform Legacy Content Planning Your Network Tree Your network tree automatically includes your appliance and any other appliance that you have added to your system. Each appliance can be expanded into a tree with five network levels and floors.
Appliance Platform Legacy Content You control the scope of data you see at any time by selecting levels in the tree. If you want to view data from one area of your WLAN separately from data about the rest of the WLAN, such as different buildings/floors, you should consider how you can create network levels for that area. Then, viewing its data discretely is as easy as clicking on that node in the tree.
Legacy Content Appliance Platform In Tree Setup, you add network levels by selecting an existing starting point in the tree and clicking the add child link. Any time you add a network level and an equivalent level already exists, it appears in the tree in alphabetical order. Note The menu will only display the network level that is available at the selected level. You cannot add a network level that is higher up in the network tree. Click the network level that you want to add.
Legacy Content Appliance Platform You can add floors by selecting the building and then increasing the floor number using the Floors field. Notice in the previous screenshot there are two floors (AirDefense 1 and AirDefense 2) under the area (The Falls 1125). Floor numbers are displayed inside the Floor icon. You can delete a floor by decreasing the floor number. The last floor is always deleted first. Importing Your Network Tree You can import a tree structure using the Import button.
Appliance Platform Legacy Content The add and remove commands must be added to each line, separated by a comma, after the Path entry.
Legacy Content Appliance Platform To copy or edit a profile, select (highlight) the Security Profile, click the Copy or Edit link, and then make changes in any of the three tabs. Click OK to save your changes. Click the Copy settings to all appliances button to copy the defined Security Profiles and all profile assignments to all appliances in your system. Note You must have a Central Management license in order to copy settings to all appliances. Click the Apply button to save your additions (changes).
Appliance Platform Legacy Content ◦ 802.11 encryption ◦ Other encryption methods such as Cranite, AirFortress, IP-Sec, or other ethertypes. • Rates—Selects transmit and receive data rates for BSSs to use. Profiles are built using a template. Click the New Template button to add a new profile. Then, define your Security Profile using the General, Privacy, and Rates tabs. Once you have defined your Security Profile, click OK to save your profile or Cancel to exit without saving the profile.
Appliance Platform 1050 Extreme AirDefense User Guide for version 10.5.
Legacy Content Appliance Platform You must check the Monitor Privacy Settings checkbox to activate the functions. The functions are: Function Description Base 802.11 Authentication Open - When this checkbox is selected, open system authentication does not actually provide authentication; it only performs identity verification through the exchange of two messages between the initiator (Wireless Client) and the receiver (wireless ).
Legacy Content Appliance Platform Function Description 802.11 Encryption Unencrypted Allowed - Select this checkbox to allow no 802.11 encryption for wireless traffic. TKIP - When selected, this enables the BSS to advertise support for Temporal Key Integrity Protocol (TKIP). WEP - When selected, causes the BSS and Wireless Client to use WEP as their encryption policy. AES (CCMP) - When selected, causes the BSS to advertise support for Advanced Encryption Standard (AES-CCMP).
Appliance Platform Legacy Content You must check the Monitor Privacy Settings checkbox to activate the settings. Select the transmit and receive data rates you want BSSs to use. Apply a Security Profile Once you have defined and added a Security Profile, you must apply it to your system Note You may select multiple Security Profiles by checking more than one checkbox. You should always apply a Security Profile at the appliance level. When you do, the profile is inherited for all the other levels.
Legacy Content Appliance Platform Auto-Placement Rules for Devices Auto-Placement rules can be used in two ways: one method is for sensors and the other is for APs and switches. • • Sensors on page 516 APs and Switches on page 516 Sensors Auto-Placement rules for sensors are applied every 20 minutes. If a rule exists, new sensors in the Unplaced Devices folder are moved into a predefined scope level. This only happens to sensors seen in your network since the last 20 minute poll.
Legacy Content Appliance Platform Note Before you can define any Auto-Placement rules, the network tree must already be configured. Add Auto-Placement Rules Follow these steps to add a new auto-placement rule: 1. Click the Add button. The new rule is added to the list of rules and is automatically selected (highlighted) in the ADD drop-down menu. Note You may optionally choose where you want the new rule to be placed by selecting a placement item from the drop-down menu. (Inset At End is the default.
Legacy Content Appliance Platform Field Description MAC Address A range of MAC addresses that the device(s) must fall within. DNS Server The DNS server that the device(s) are using. This parameter only works with sensors not APs and switches. Uses DHCP Specify whether or not DHCP is used (True or False). This parameter only works with sensors not APs and switches. Device Name The name of the device. Model Name The model number of the device.
Appliance Platform Legacy Content autoplacement_rule,localhost,/USA/AutoPlacementTest/ Floor6,,172.17.15.0-172.17.15.200,,,,,,6.0.196.0 autoplacement_rule,localhost,/USA/AutoPlacementTest/Floor 4,172.17.18.0/24,172.17.18.100-172.17.18.101, 00:16:5d:20:47:60-00:16:5d:20:47:61,172.17.0.83,disable,BASensor-240,M520,5.2.0.11.1234567890 Auto-Licensing Auto-Licensing allows you to select licenses to be assigned to devices upon discovery.
Appliance Platform Legacy Content Click the Apply button to save your changes. A confirmation message Successfully saved configuration is displayed next to the Reset button. Click the Reset button to return rules as they were. If there are multiple appliances in your system, once you have defined the device import rules, you can copy the configuration to all appliances in your system by clicking Copy settings to all appliances button.
Legacy Content Appliance Platform Add a New Communications Settings Profile Click the New Template button to add a new profile using the Communication Settings Profile window. Then configure your communication settings using the following tabs: • • • SNMP Tab on page 521 Console Tab on page 522 HTTP Tab on page 523 SNMP Tab Use the SNMP tab to configure connectivity settings for SNMP devices.
Legacy Content Appliance Platform Field Description Port Enter the Simple Network Management Protocol number for the devices. This is normally set to 161, but it can be different. Timeout in MS Enter a timeout value in milliseconds to connect to a SNMP device. Retries Enter a maximum number of retries that can be made while attempting to connect to a SNMP device. User Enter the name of the V3 user, which is configured on the switch for SNMP V3 access.
Legacy Content Appliance Platform The following fields must be set when using a console to interface with a device: Field Description Enable Console Settings Select this checkbox to enable Console communications settings. User The user name used to log into a device. Password The password used to log into a device. You also have an option to display passwords while typing them. Enable Password The enable password must be supplied in order to enter the enable mode.
Appliance Platform Legacy Content Field Description Password The password used to log into a device. You also have an option to display passwords while typing them. Protocol The protocol used to log into a device. The available options are HTTP and HTTPS. Port The port number that is used for communications. Port 80 is normally used but it may be another port number. Once you have configured your communication settings, click Save to save your profile or Cancel to exit without saving the profile.
Appliance Platform Legacy Content Note You may select multiple Communication Settings Profiles by checking more than one checkbox. If more than one profile is selected, ADSP will attempt to find the best match to apply starting at the top of the list and working its way down to the bottom of the list. Click the Apply button to save your changes. Click the Reset button to discard your changes.
Appliance Platform • • • • • • • • • • • • • • • • • • Legacy Content SNMP write community SNMPv3 username SNMPv3 authentication passphrase SNMPv3 privacy passphrase SNMPv3 authentication algorithm (None, MD5, or SHA) SNMPv3 privacy algorithm (3DES, DES, AES128, AES192, AES256,or None) SNMP port SNMP timeout (in milliseconds) SNMP number of retries Console user Console password Console enable password Console protocol (SSH or Telnet) Console port HTTP user HTTP password HTTP protocol (HTTP or HTTPS) HTTP
Legacy Content Appliance Platform Polling ADSP uses a centralized Polling feature to manage configuration audits, status polling and data collections from one location. You have an option to enable polling for supported devices. When enabled, WMS automatically polls for device network status at an interval defined by a user supplied frequency value (default frequency is 1 hour).
Legacy Content Appliance Platform The following features can be enabled by selecting the appropriate checkbox: • • • • ACL Port suppression Background switch port scanning Device configuration management (must select Audit Only - configuration from device or Template Based Configuration Management - configuration from CLI profile).
Appliance Platform Legacy Content You can copy the Relay Server configuration to all your appliances by clicking the Copy settings to all appliances button. Note You must have a Central Management license in order to copy settings to all appliances. External Relay Server After selecting the Enable configuration checkbox, you will need to set up an external (or internal) server. The screen defaults to External Relay Server. Complete the fields to set up the External Relay Server .
Legacy Content Appliance Platform Import Relay Server Information When using an external relay server, you can import relay server information using the Import Parameters button on the Relay Server bar. When you click Import Parameters, you can browse to the location of the file you wish to import. You will need to use Comma delimited files to import relay server information.
Appliance Platform Legacy Content us relay_params,localhost,/ relay_test,172.17.0.80,tftp,/,69,,,172.17.0.85,ftp,/,21,anonymous,anonymous You have two other options available: Export Parameters and Get Template. The Export Parameters button exports all the parameters to a file for you to use as an import file. The Get Template button displays a template that you can copy, paste the contents into an editor, and edit the contents to create an import file.
Appliance Platform Legacy Content Import/Discover Devices Import/Discover Devices is used to schedule imports from one of the following sources: • • Remote file SNMP discovery using a list of networks to scan. Go to Configuration > Appliance Platform > Import/Discover Devices. Click the Add button to get started. Imported APs, switches and sensors will be placed in the network tree according to Auto-Placement rules.
Appliance Platform Legacy Content Available Fields for Importing Switches Using a Remote File Refer to the following table for more information: Field Description Job Name Name of your switch import job Import Source Remote File Host Host name or IP address Protocol Protocol used for communications Path Path name on the remote host User User name needed to log in Password Password needed to log in Add to appliance Appliance where you want to import device Available Fields for SNMP Disco
Legacy Content Appliance Platform You can select One Time Schedule, Intra-Day Schedule, Daily Schedule, Weekly Schedule, or Monthly Schedule. Depending on the selected interval, fill in the related fields using the following table: Field Description One Time Schedule Choose a time for importing the device. Then, select a day. Intra-Day Schedule Select a time to begin importing the device. Then, select a frequency in hours. Daily Schedule Select a frequency in day, weekdays only, or weekends only.
Security & Compliance Legacy Content Example: station,name,desc,02:02:02:02:02:02,true,sanctioned,perfprofile,secprof1;secprof2 Note The value station must always be the first field. Format: ap | name | description | mac | ip | dnsName | model Note model is optional and can be left blank. Example: ap,apname,apdesc,03:03:03:03:03:03,10.10.10.10,ap.dns.name,AP650 Note The value ap must always be the first field.
Security & Compliance Legacy Content Security Profiles Security Profiles (also part of Appliance Platform) define the security configurations of sanctioned wireless clients on your wireless LAN. Refer to Security Profilesi under the Appliance Platform topic. Wired Network Monitoring Wired Network Monitoring is used to monitor the wired network devices in your system.
Legacy Content Security & Compliance Generate Alarm Policy for New Devices You should generate an alarm policy for new devices detected on your wired network by following these steps: After enabling monitoring, select the New device detected on the wired network checkbox. To authorize all detected devices for the first time, or at any major infrastructure change, click on the Mass Wired Network Device Classification button. The Sanction Devices dialog opens.
Security & Compliance Legacy Content To have a finer control over alarms about new known vendor devices and new unknown vendor devices, you can utilize the Known Vendors classification tool. Click on the Known Vendors button to display a list of known vendors. Select the approved vendors and click OK. After configuring the Wired Network Monitoring options, click the Apply button to save your changes. Click the Reset button to discard your changes.
Network Assurance Legacy Content Network Assurance The Network Assurance category allows you to: • Configure Live RF settings to use when displaying Live RF heatmaps. This feature is only available with an Live RF license. • Create Performance Profiles that are used to create and edit network performance threshold policies for BSSs and Wireless Clients. • Set up Environment Monitoring that is used to monitor your system for unobserved devices and generate alarms for missing devices.
Network Assurance Legacy Content The Check Synchronization button is used to check all the appliances in your system to see if the Live RF Settings match. (The Synchronize Accounts topic has a good example of how the synchronization feature works.) Note You must have a Central Management license in order to use the Check Synchronization feature. Click the Apply button to save your additions (changes). Click the Reset button to discard any additions (changes).
Legacy Content Visualization Network Assurance Default Colors Signal Coverage (Threshold inactive) Signal To Interference (Threshold inactive) Extreme AirDefense User Guide for version 10.5.
Network Assurance Visualization Legacy Content Default Colors Peak Data Rate (Threshold inactive) Noise (Threshold inactive) Coverage Overlap (Threshold inactive) 1080 Extreme AirDefense User Guide for version 10.5.
Network Assurance Legacy Content Visualization Default Colors Channel Coverage (Threshold inactive) Service Counts (Threshold inactive) Applications Live RF uses applications to determine if you have adequate coverage for your wireless network. The applications have options that you can set to help you make this determination. Extreme AirDefense User Guide for version 10.5.
Network Assurance The default applications are: • • • • • Basic Wi-Fi Connectivity Mobile Handsets Video Surveillance Wireless VoIP Handsets Location Tracking. 1082 Extreme AirDefense User Guide for version 10.5.
Network Assurance Legacy Content To set the options for each application, select the application from the drop-down menu at the top of the Applications tab next to the Add button. When an application is selected, you can select the options that you want to use and set an values for the options. The options are: Option Description Coverage (%) Specifies the percentage of your wireless network that you consider your network is covered.
Legacy Content Network Assurance alarm is generated if the performance thresholds for that profile are exceeded. If there are no Performance Profiles applied to your system, no performance alarms are generated. Note You should monitor new ADSP deployments for several weeks to determine normal network activity before configuring Performance Profiles. View Performance Profiles To access the Performance Profiles configuration screen, go to Configuration > Network Assurance > Performance Profiles.
Network Assurance Legacy Content Add a New Performance Profile Click the New Profile button to add a new profile. Define your Performance Profile using the General, Cumulative, Wireless Clients, and BSS tabs. Once you have defined your Performance Profile, click OK to save your profile or Cancel to exit without saving the profile.
Network Assurance Legacy Content one that is more appropriate to its function. Once you save your profile, you cannot change the name. The functions are: Function Description Short Time Slot Enabled Choose Yes to allow short time slot capability as advertised in the Beacon, which when used on a pure 802.11g deployment, improves WLAN throughput by reducing wait time for transmitter to assure clear channel assessment. Choose No to disable.
Legacy Content Network Assurance The thresholds are: Threshold Description New Associations Enter the maximum number of new associations per minute AirDefense will allow between a BSS and all Wireless Clients combined. Default = 20. Generally, this number should be low. Your Wireless Clients should associate with a BSS once in the morning when users log on, and rarely after that.
Network Assurance Legacy Content Threshold Description Management Frames Seen Enter the maximum number of management frames per minute allowed to be transmitted from all Wireless Clients combined. If AirDefense detects a greater number, it generates an alarm. Default = 0. Control Frames Seen Enter the maximum number of control frames per minute allowed to be transmitted from all Wireless Clients combined. If AirDefense detects a greater number, it generates an alarm. Default = 0.
Legacy Content Network Assurance Threshold Description Low Speed Frames % 802.11 protocols operate on a shared medium and use collision avoidance mechanism to access this medium. Excessive use of lower rates for transmitting frames is likely caused by stations which are either misconfigured to use lower rates or are too far from the APs to be able to support higher rates and cause alarms to be generated.
Network Assurance Legacy Content The thresholds are: Threshold Description Traffic Sent % Enter the maximum percentage of data per minute any Wireless Client is allowed transmit. If AirDefense detects a greater number, it generates an alarm. Default = 30. Traffic Received % Enter the maximum percentage of data per minute any Wireless Client is allowed to receive. If AirDefense detects a greater number, it generates an alarm. Default = 30.
Legacy Content Network Assurance Threshold Description Management Frames Received Enter the maximum number of management frames per minute any Wireless Client is allowed to receive. If AirDefense detects a greater number, it generates an alarm. Default = 0. Control Frames Sent Enter the maximum number of control frames per minute any Wireless Client is allowed to transmit. If AirDefense detects a greater number, it generates an alarm. Default = 0.
Network Assurance Legacy Content BSS Tab The BSS tab is where you assign thresholds for transmitting data to/from BSSs. The thresholds are: Threshold Description Traffic Sent % Enter the maximum percentage of data per minute BSSs are allowed to transmit. If AirDefense detects a greater number, it generates an alarm. Default = 60. Traffic Received % Enter the maximum percentage of data per minute BSSs are allowed to receive. If AirDefense detects a greater number, it generates an alarm. Default = 60.
Legacy Content Network Assurance Threshold Description Management Frames Received Enter the maximum number of management frames per minute BSSs are allowed to receive. If AirDefense detects a greater number, it generates an alarm. Default = 0. Control Frames Sent Enter the maximum number of control frames per minute BSSs are allowed to transmit. If AirDefense detects a greater number, it generates an alarm. Default = 20,000.
Legacy Content Network Assurance Apply a Performance Profile Once you have defined a Performance Profile, to use it, you must apply it to your system. You should always apply a Performance Profile at the appliance level. When you do, the profile is inherited for all the other levels. Then, if you have a level that needs a different Performance Profile, you can apply that profile to that level.
Legacy Content Network Assurance Environment Monitoring Environment Monitoring allows you to configure the thresholds for monitoring. If a threshold value is exceeded, an alarm is generated. You can also elect to monitor your system for unobserved devices and generate alarms for missing devices. To apply Environment Monitoring to your system, you must first select the Enable configuration checkbox. You should always monitor your system at the appliance level.
Legacy Content Network Assurance Threshold Description Excessive Clients Wireless clients on your network are considered excessive if the specified value is exceeded. Avg. Signal Strength (dBm) The average signal strength (in dBm) of APs on your network should not exceed the specified value. BSSs per Channel The number of BSSs on any particular channel should not exceed the specified value.
Network Assurance Legacy Content Anomalous Behavior Alarms (ABA) feature is only available for AirDefense Enterprise servers and does not require any specific license. This feature is enabled when you enable Performance Profile. ABA is calculated for sanctioned clients and BSS only. All other data is ignored. The AirDefense server flags traffic behavior that deviates significantly from observed normal behavior. The server learns specific attributes of traffic monitored over a configurable period of time.
Infrastructure Management • • • Legacy Content AP Data Frame Anomalous Behavior Bytes AP Control Frame Anomalous Behavior Bytes AP Anomalous Number of Connected MUs Infrastructure Management Infrastructure management involves: • • Defining how AirDefense interfaces with devices, and Providing information to AirDefense so that it can apply the correct regulatory rules to the domain.
Legacy Content Infrastructure Management Devices cannot be fully managed by AirDefense until the configurations are applied. Device Access Device Access is used to specify the passwords to access devices and specify the interfaces that can be used to access devices. Note You must define how to communicate with devices. This is done under Configuration > Appliance Platform > Communication Settings.
Infrastructure Management Legacy Content Click the Apply button to save your changes. A confirmation overlay is displayed. You have the option to save for the next update, update immediately or update later. If you choose to update later, you must supply a date and time. You can supply a description that will help identify the update later. A list of device types along with the number of affected devices that will be updated is displayed. Also, if applicable, a list of unsupported settings is displayed.
Legacy Content Infrastructure Management The following fields are available: Field Description Encrypt Passwords and Keys on Flash Select checkbox to encrypt passwords and keys on flash. Enable Password Specify (set) the enable password. Must be supplied in order to enter the enable mode. User Accounts Specify (add) additional user accounts using the Add button. You must specify a username and password.
Infrastructure Management Legacy Content Device Firmware Device Firmware configuration allows you to upload new AP, Sensor, or Switch (Controller) firmware from a workstation to a network server. Once the firmware is uploaded, you can upgrade your APs, Sensors, or Switches using AirDefense. Uploaded firmware images are listed by device type, version number, and image file name. Just select (highlight) a device type to display the version number and image for that device.
Legacy Content Infrastructure Management 3. Select (highlight) the upgrade file and then click Open. An Identify Firmware Image File window is displayed with the image file name identified. 4. Click OK. The firmware image is uploaded and now appears in the list of devices. It can now be used to upgrade APs or Sensors on your network. Note This symbol indicates something of special interest or importance to the reader.
Legacy Content Infrastructure Management To configure RF-Domain, you must first select (highlight) ADSP from the tree and then enable configuration by selecting the Enable configuration checkbox. The configuration fields for each radio are: Note You should enter data for each field on one line with no carriage returns. Field Description Description Allows you to give a meaningful description for the RF domain. Address Specifies the address of the RF domain.
Legacy Content Infrastructure Management You have the option to save for the next update, update immediately or update later. If you choose to update later, you must supply a date and time. You can supply a description that will help identify the update later. A list of device types along with the number of affected devices that will be updated is displayed. Also, if applicable, a list of unsupported settings is displayed. Click OK to apply changes or Cancel to abort.
Legacy Content Infrastructure Management By default, Channel Settings are enabled, and are set for maximum power and automatic channel selection. The configuration fields for each radio are: Field Description Power (dBM) Enter the maximum power value (in dBm) that APs and wireless switches must have. Channel Selection Select one of three options: • AutomaticADSP automatically sets which channel is used.
Legacy Content Infrastructure Management You have the option to save for the next update, update immediately or update later. If you choose to update later, you must supply a date and time. You can supply a description that will help identify the update later. A list of device types along with the number of affected devices that will be updated is displayed. Also, if applicable, a list of unsupported settings is displayed. Click OK to apply changes or Cancel to abort.
Infrastructure Management Legacy Content There are three possible radio configurations: • • • B/G/N Radio A/N Radio 3rd Radio. By default, Radio Settings are enabled, and all data rates are selected for both 2.4 and 5ghz radio settings. Use the individual radio tabs to configure each radio. 1108 Extreme AirDefense User Guide for version 10.5.
Legacy Content Infrastructure Management The configuration fields for each B/G/N Radio and the A/N Radio are: Field Description Function Defines the radio as a Sensor or an infrastructure device (AP or wireless switch). You can also disable the radio. Select the function from the drop-down menu. Data Rates Sets the data rates for the radios. Click the Edit button to set the rates. By default, all data rates are selected. For 802.11 a/b/g, select the checkbox for each rate that you want to support.
Legacy Content Infrastructure Management Field Description Max Retries Specifies the supported number of RTS retries. This can be a value between 1 and 128. The default value is 32. Preamble Specifies that the preamble is short or long. This field is not available for A/N radios. Beacon Period Specifies the supported beacon interval (period) in kilomicroseconds. The default values is 0. Max Data Retries Specifies how often to resend packets. This can be a value between 1 and 128.
Infrastructure Management Legacy Content Updates to Radio Settings are treated as jobs and are included in Job Status under Configuration > Operational Management. The description supplied in the confirmation helps identify jobs. Click the Reset button to discard your changes. WLAN Profiles Use the WLAN Profiles feature to configure the WLAN settings for devices utilizing your network. To access WLAN profiles, go to Configuration > Infrastructure Management > WLAN Profiles.
Infrastructure Management Legacy Content You have the option to save for the next update, update immediately or update later. If you choose to update later, you must supply a date and time. You can supply a description that will help identify the update later. A list of device types along with the number of affected devices that will be updated is displayed. Also, if applicable, a list of unsupported settings is displayed. Click OK to apply changes or Cancel to abort.
Legacy Content Infrastructure Management Complete the required fields as follows: Field Description Name Enter the profile name. Description Enter a short description of the profile. SSID Enter the Service Set Identifier (SSID) for devices. Protocol Enter the protocol that the device can use [a, b, g, n (2.4 GHz), or n (5 GHz)]. WLAN Index Enter the order in which WLAN profiles will be assigned to a sensor.
Infrastructure Management Legacy Content Click Save when complete. The template is now displayed in the Template column. Security Tab The Security tab is where you define the security aspects of your WLAN Profile. Complete the required fields as follows: 1114 Field Description Authentication Specify the type of authentication devices may use (Open, Shared, WPA, WPA PSK, WPA2, WPA2 PSK, or Legacy EAP).
Infrastructure Management Legacy Content Field Description WEP Keys Specifies the WEP keys used to connect to the network. The WEP key may be ASCII or hexadecimal. You may also elect to transmit the WEP key. Check the Display Passwords check box to display the passwords in plain text. Use the Add button to add a new key or the Delete button to delete a key. RADIUS Servers Note: This field is displayed only when the authentication method is WPA, WPA2, or Legacy EAP.
Infrastructure Management Legacy Content You should always apply a WLAN Profile at the appliance level. When you do, the profile is inherited for all the other levels. Then, if you have a level that needs a different WLAN Profile, you can apply that profile to that level.
Infrastructure Management Legacy Content • • • • • • • • • • • • • • • • • • • Aruba Aruba600 Brocade BR v5.x Brocade BR51X1 Brocade BR71X1 Brocade BRX000 Cisco Autonomous 12x0/11x0 Extreme Networks AP35X0 Extreme Networks AP47X0 Extreme Networks EX v5.x Extreme Networks WM2X00 Extreme Networks WM3X00 Zebra AP51X1 Zebra AP650 Zebra AP7131 Zebra AP7181 Zebra WS5100 CB3000 RFSX000 WiNG v5.x A device must be in a compliant state to receive a template.
Legacy Content Infrastructure Management To create a new profile: 1. Select one of the supported CLI configurations from the CLI Configuration drop-down menu. The selected profile is accessed. Note You can reduce the list of supported devices to only the devices in your system by selecting the Only show device type in system checkbox. 2. If you want to add a new profile at the appliance level, select the appliance level and then select the Enable configuration checkbox.
Infrastructure Management Legacy Content 3. Click New Template. The template for the selected CLI Profile is displayed. In the following image, the AP7131 template is displayed. 4. Enter a name for the profile. 5. Decide if you want to reboot the device and write configuration updates to the startup configuration, or not reboot and write configuration updates to the running configuration. Then, select the radio button reflecting your choice. 6. Update the CLI commands to match your criteria.
Infrastructure Management Legacy Content A good practice is to apply a CLI profile to the appliance level. This profile should be generic as possible to fit a wide range of devices in your network. Then, if you have any special considerations, apply CLI profiles to individual network levels that must meet your predefined special configurations. To apply a CLI profile, follow these steps: 1. Select one of the supported CLI configurations from the CLI Configuration drop-down menu.
Legacy Content Infrastructure Management 4. Click Apply to save the configuration. A confirmation dialog is displayed. Note If you decide not to save the configuration, click Reset to discard any changes/updates and refresh the screen's display. The device type and the total count of affected devices are displayed. 5. Decide if you want to save this update to be included in the next update, update immediately, or schedule the update for another time. Then, select your option. 6.
Infrastructure Management Legacy Content AirDefense can update a new default configuration or an existing configuration of a device by manipulating the displayed configuration file and its CLI command set. This CLI command set represents a template that can be applied to other related devices or just a single . The template has placeholders for providing variable values for full or partial device configurations. The placeholders follow a syntax convention defined by AirDefense.
Infrastructure Management Legacy Content Use the Variables section to define configuration variances unique to the specific device parameters listed. For example, highlight the Gateway parameter and click under the Device Value column to display a field used to assign a unique Gateway address to this specific profile. Select and assign new default values as needed for each available profile.
Infrastructure Management Legacy Content [WLAN_RADIO_CHANNEL_EXPANSION] is an expansion variable that includes configuration information from WLAN Profiles, Radio Settings, and Channel Settings. The Status column displays the status of the variable (inherited, overridden, or removed). • Inherited - Variable is inherited from a higher network level. The inherited level is displayed in this field. • • Overridden - Variable is overridden at the current network level.
Legacy Content Infrastructure Management The commands are applied to all devices in the selected scope. The scope may be any network level or floor. To select a scope, just select a scope from the Scope drop-down menu. Each command must be on a line by itself. If a command requests a confirmation from a device, AirDefense will respond Yes. You may import an updated configuration from device(s) after a command has run successfully. Just select the Import checkbox.
Operational Management Legacy Content You can view the log of another device by selecting the device from Devices drop-down menu. The Copy to Clipboard button copies the log contents to the clipboard. The Cancel button exits the log. Operational Management The Operational Management category includes features that apply to the normal operations of AirDefense. The Operational Management category allows you to: • • • • • Automatically respond to alarms in your system with a predetermined action.
Operational Management Legacy Content Alarm Action Manager Alarm Action Manager allows you to automatically respond to alarms in your system with a predetermined action called an Action Rule. By automating your response to certain alarms, you are free to concentrate on other administrative task. You may define as many Action Rules as you need to manage your network. Action Rules are added to the Alarm Action Manager to define an action (response) to an alarm. Multiple actions may be assigned to a rule.
Operational Management Legacy Content In the Action Rule field, give your action rule a name and select the Enable profile checkbox to enable the action rule. The Action Rule Template window has four tabs that are used to define an Action Rule: Alarms, Actions, Advanced Filter, and Description. Use each of these to configure the action rule. Alarms Tab The Alarms tab is where you identify the alarms that you want to generate for your Action Rule.
Operational Management Legacy Content The Actions tab is where you define the actions for your Action Rules Actions are divided into the following three categories: • • • Notifications - Generates an email or a report if certain conditions are met. WIPS Mitigation - Mitigates a WIPS condition according to the selected action. Info Gathering - Executes one or more actions to gather information about your system. Each category has actions specific to it.
Operational Management Legacy Content The following fields should be filled: Field Description To Specifies the email address of the recipient. From Specifies the email address of the sender. Subject Gives a short description of the email. Format Specifies a format in which to send the email. Choose a format from the drop-down menu. 1130 Extreme AirDefense User Guide for version 10.5.
Legacy Content Operational Management Field Description Priority Specifies a priority for the email. Choose a priority from the dropdown menu. Send email options There are two options to send email: • Send email on alarm active - Send email on active alarms. • Send email on alarm active, clear and expire - Send email on active alarms, cleared alarms, and expired alarms. Report The Report action runs a specific report if the conditions defined in the filter are met.
Legacy Content Operational Management The following configuration fields are available: Field Description Report Type Specifies the type of report to run by selecting a report from the drop-down menu. Scope Increase factor Specifies the number of network levels to expand the scope. A value of 1 means only use the floor level. A value of 2 means use the floor and the floor's parent, and so forth. Run immediate for previous Executes the action immediately for the previous hours, days, or weeks.
Legacy Content Operational Management The Scope Increase Factor option specifies the number of network levels to expand the scope. A value of 1 means only use the floor level. A value of 2 means use the floor and the floor's parent, and so forth. Port Suppression The Port Suppression action is used to suppress communication between unauthorized devices and switches on your network. To select the Port Suppression action, select WIPS Mitigation > Port Suppression from the Search Actions menu tree.
Operational Management Legacy Content There are two options to configure: Scope Increase Factor and Device Limit. The Scope Increase Factor option specifies the number of network levels to expand the scope. A value of 1 means only use the floor level. A value of 2 means use the floor and the floor's parent, and so forth. The Device Limit option specifies a device limit. For instance, if you specify a device limit of 10 and more than 10 devices are connected to the port, the action will not be performed.
Operational Management Legacy Content When Pair Termination is selected (the default state) and one of the following alarms is generated, the offending pair of devices are terminated: • • • • • • Ad-Hoc Connection between Sanctioned Stations Ad-Hoc Networking Extrusion Detected Sanctioned Client Association to Unsanctioned Virtual WiFI Unauthorized Roaming Unsanctioned Client Associated to Sanctioned Client running Virtual Wi-Fi Wireless Client Accidental Association.
Operational Management Legacy Content 3. Select the check box for Policy-based Air Termination system. 4. Click the Apply button. SNMP Trap The SNMP Trap action sends an SNMP notification to your SNMP server if the conditions defined in the filter are met. To select the SNMP Trap action, go to WIPS Mitigation > SNMP Trap and then select SNMP Trap from the Search Actions. Note Before you can use the SNMP Trap action, you must enable SNMP trap.
Operational Management Legacy Content Field Description Transport Specifies the desired transport protocol. Choices are: • UDP: User Datagram Protocol • TCP: Transmission Control Protocol. Hint: Typically, UDP is the transport for SNMP traps. However, TCP can be useful for tunneling the traps over Secure Socket Layer (SSL). Max Queue Size Specifies the maximum queue size for the notification. Choose a size from the drop-down menu.
Legacy Content Operational Management The following field is available: Field Description Profile Select a test profile from the drop-down menu. The Edit button can be used to modify the test profile. See Scheduled AP Tests on page 400 in The Menu chapter for details on how to schedule both automated and on-demand tests for APs.
Operational Management Legacy Content The following configuration fields are available: Field Description Frame Capture Limits the scope of the frame capture to a Sensor or a Device. Frame Count Limit Limits the total amount of frames to capture. Time Limit Specifies a time duration for the Frame Capture to run. You must enter x amount of minutes or hours. File Name Prefix Specifies a prefix for the file name. The prefix is added to a number sequence to make up the file name.
Legacy Content Operational Management Note Vulnerability Assessment requires a Vulnerability Assessment license for access. The Vulnerability Assessment action runs an vulnerability assessment using the specified profile if the conditions defined in the filter are met. To select the Vulnerability Assessment action, select Info Gathering > Vulnerability Assessment from Search Actions. The following field is available: Field Description Profile Select an assessment profile from the drop-down menu.
Operational Management Legacy Content The Data Collection action automatically corrects configuration compliance violations when the conditions defined in the filter are met. To select the Data Collection action, select Info Gathering > Data Collection from the Search Actions. There is only one option: Automatically correct configuration compliance violations.
Operational Management Legacy Content There are no configuration options for Live RF / Floor Plan. Spectrum Analysis Note Spectrum Analysis requires a Spectrum Analysis license for access. The Spectrum Analysis action runs a regular Spectrum Analysis or an Advanced Spectrum Analysis using the specified profile if the conditions defined in the filter are met. To select the Spectrum Analysis action, select Info Gathering > Spectrum Analysis from the Search Actions.
Operational Management Legacy Content The following fields are available: Field Description Time Limit Places a time limit on how long the Spectrum Analysis will run. File Name Prefix Defines a prefix for the Spectrum Analysis file. You may add to the prefix if you want to. Spectrum Settings Only used in regular Spectrum Analysis. These are the same Spectrum Settings described under Spectrum Settings. Advanced Spectrum Settings Only used in Advanced Spectrum Analysis.
Operational Management Legacy Content The following fields should be filled: Field Description Server Address Specifies the IP address of your Syslog server. Syslog Port Specifies the port you want to use for Syslog Notifications. Facility Specifies a Syslog Facility which is an information field associated with a Syslog message. It is defined by the Syslog protocol. The intent of the facility is to provide an indication as to what part of the system the Syslog message originated.
Operational Management Legacy Content Field Description Format Specifies the format of the notification. At this time, the only option is Syslog. Email Send Time Specifies when to send the email by selecting one of the following conditions: • On Alarm Activation • On Activation, clear or expire • Every x amount of minutes or hours. Priority Map The Priority Map enables you to change the name of the default priorities to an alternate selection.
Operational Management Legacy Content The Filter List lets you build an alarm filter from two or more conditions. To start a Filter List, click the Filter List radio button. Start off selecting when the filters (When statement) will be used. There are four options: • • • • All - All of the selected conditions must be met (logical 'and' operation). Any - One or more selected conditions must be met (logical 'or' operation). None (All) - None of the selected conditions are met (logical 'and' operation).
Operational Management Legacy Content • • • • • • • • • • • • • • • • • DeviceModel DeviceName DevicePolledID DevicePolledSSID DeviceProtocol DeviceSSID DeviceSensedID DeviceSensedSSID DeviceSerial DeviceType DeviceVendorPrefix SensorIP SensorMAC SensorName SignalStrength WatchList WiFiDirect. When a filter is selected, an Edit button is displayed.
Legacy Content Operational Management Click the drop-down menu to select the type of comparison. This will vary according to the selected filter.
Legacy Content Operational Management You can have up to 25 filters. Click the Add Another button to add additional filters. You can remove a filter by clicking the X next to the filter. Expression Editor The Expression Editor allows you to build a filter using expressions. An expression is made up of a field, operator (parentheses or quotation marks), and a value. The filters are the same as the ones used in the Filter List. The operators (parentheses and quotation marks) are: ! Logical NOT operator.
Operational Management Legacy Content You can use AND/OR or parentheses to create complex expressions. The filter is selected from a drop-down menu while the operators (parentheses and quotation marks) are selected by clicking on them. The filter values vary depending on the filter just like in the Filter List. You may type in part or all of the expression. If the expression is valid, a message Parsing successful. is displayed at the bottom of the window.
Operational Management Legacy Content Type a description and then click Save or Save and Close. Apply an Alarm Action Manager Template Once you have defined an Alarm Action Manager template, to use it, you must apply it to your system. To apply a template, you must first select the Enable configuration check box. Note You may select multiple Alarm Action Manager templates by checking more than one check box. You should always apply an Alarm Action Manager template at the appliance level.
Operational Management Legacy Content Manager template, you can apply that template to that level. For example, in the above screen shot, the Alarm Action Manager template for the appliance is the Action_Manager-Corporate template and then for a special case (in the following screen shot) you could override the Alarm Action Manager template at the ADSP level and apply the Action_Manager-Guest template to the Sanctuary Park network level.
Operational Management Legacy Content Each alarm type is broken down into sub-types and then the actual alarm. The alarm types are: • Anomalous Behavior - Devices that operate outside of their normal behavior settings and generate events that could indicate anomalous or suspicious activity. • Bluetooth - Bluetooth monitoring is an unique capability in AirDefense for 24x7 monitoring of Bluetooth devices in Enterprise environments.
Operational Management Legacy Content When an alarm is selected, the alarm configuration options are displayed on the right. You can view more information about an alarm by clicking the View Expert Help link. This will display another window where you can view the following alarm information by clicking the appropriate link: • • • • Summary - A summary description of the Alarm. Description - More detailed description of the alarm and what the likely cause is of the alarm.
Operational Management Legacy Content Option Description Duration An active alarm means that at least one condition occurred that triggered the alarm, and the condition still holds true. When the condition of the alarm no longer holds, the alarm will remain visible for an amount of time called the Alarm Duration. Although you can customize the alarm duration, the default values are recommended.
Operational Management Legacy Content wherever the feature is implemented. Synchronizing Accounts has a good example of how the synchronization feature works.) Note You must have a Central Management license in order to use the Check Synchronization feature. Anomalous Behavior Alarms Behavior Alarms track atypical device behavior based on a long term forensic baseline of devices at that site.
Operational Management Legacy Content malicious user with basic computer skills, a laptop, and a CD drive can obtain various sets of open source tool kits which will transform the laptop into a fully configured wireless attack platform. As time has progressed these tools kits have become increasingly easier to use while offering an increasingly sophisticated toolset. The bottom line is the wireless attack tools have become accessible to a broader range of users.
Operational Management Legacy Content on a per device basis. Each trap includes a message defining the significant event and optional varbinds that provide additional information related to the event. Each infrastructure device includes settings for enabling a specific trap or group of traps, where the trap(s) should be forwarded and what community string should be used to allow the management station to process the trap (similar to a password).
Legacy Content Operational Management • Security - Security events are based on wireless network security SNMP traps received from infrastructure devices. The alarms in this category indicate that a security-related event has occurred as detected by an infrastructure device. Wireless controllers and APs that have been dedicated as 'detectors' periodically scan the wireless network for neighboring APs, possible rogue devices, wireless intrusions and active wireless attacks.
Operational Management Legacy Content These connectivity tests can be run automatically or manually. The AP test uses the deployed sensors as a wireless station to connect to an AP and validate the available resources. The test validates wireless authentication, encryption, DHCP, ACL, firewall testing, general network connectivity and application availability testing. • Configuration/Compatibility - 802.
Operational Management Legacy Content Platform Health Alarms Platform Health Alarms alert you to events that provide information about the state of the AirDefense Services Platform and the Sensors which report back to the appliance. Platform Health Alarms are broken down into the following three sub-types: • License Manager - License events provide information about the features and functionality in the AirDefense that require a license to operate.
Operational Management Legacy Content ADSP Environment policy compliance includes alarms that alert you to Wi-Fi Direct devices that are violating your network compliance policy. Wi-Fi Direct is peer-to-peer networking which may present issues with corporate networks controlling Wi-Fi Direct devices. Being able to detect Wi-Fi Direct gives corporate personnel a tool to investigate and determine if there is a threat to their network.
Operational Management Legacy Content To view a list of Proximity Alarms for each alarm sub-type, go to Configuration > Operational Management > Alarm Configuration, open Proximity, and then open the alarm sub-type to see all the alarms associated with the sub-type. Reconnaissance Alarms Reconnaissance Alarms alert you to events that track devices which are actively attempting to locate wireless networks. 802.
Operational Management Legacy Content Rogue Activity Alarms Rogue Activity Alarms alert you to devices participating in unauthorized communication in your airspace. Events included in this category range from detection of a wireless device operating in the airspace to detection of the most severe risks, e.g., unsanctioned wireless device communicating with the wired network.
Operational Management Legacy Content Vulnerabilities Alarms Vulnerabilities Alarms alert you to weaknesses that are not actively exploited, but have been detected in the airspace. Weaknesses can potentially be exploited by both active and passive methods. For example, unencrypted wired side traffic leakage can be exploited passively by discovering wired-side device information, while rogue APs can be actively exploited by a station associating to it.
Operational Management Legacy Content reveal a great deal about the networked devices. It is best practice to place the APs on a dedicated subnet which will limit the broadcast domain of the network to minimize wired side leakage. Alarm Library To view a list of Vulnerability Alarms for each alarm sub-type, go to Configuration > Operational Management > Alarm Configuration, open Vulnerabilities, and then open the alarm sub-type to see all the alarms associated with the sub-type.
Legacy Content Operational Management 2. Select an icon by choosing an icon from the Set Icon drop-down menu, type in a new name in the Name New Type field, and then click OK. A new Client Type is created. 3. To edit a client type select (highlight) the client type and then click the Edit button. You can change the client type icon or the client type name. 4. To remove a client type, select (highlight) the client type and then click the Remove button. Click OK to remove the client type.
Legacy Content Operational Management The Device Action Manager table displays one rule per row using the following columns: Column Description Assignment Specifies if a template defining a rule is marked for use. Template Name The name of the template defining a rule. Once a template is added to the Device Action Manager, you can edit, copy, or delete it by selecting (highlighting) a template and then clicking on the appropriate link that appears to the right of the template.
Operational Management Legacy Content There are three things that you must do to define a Wireless Client / BSS / Unknown Devices Rule Set: 1. Name the rule set. 2. Select and define at least one filter. You may have up to ten filter. Click the Add Another button to add additional filters. Each added filter adds an and statement. 3. Select and define at least one action. You may have up to five actions. Click the Add Another button to add additional actions. A rule set may have one or more rules.
Operational Management • • • • • • • • • • • • • • • Legacy Content DevicePolledID DevicePolledName DevicePolledSSID DeviceProtocol DeviceSSID DeviceSensedID DeviceSensedSSID DeviceType DeviceVendorPrefix SensorIP SensorMAC SensorName SignalStrength WatchList WiFiDirect. Important In DeviceActionMgr, the filters order within the rule are order dependent.
Legacy Content Operational Management When you select a filter, an Edit button is displayed. Click the Edit button to select a mathematical comparison to indicate the relationship between the filter and a value that you specify. Extreme AirDefense User Guide for version 10.5.
Legacy Content Operational Management Click the drop-down menu to select the type of comparison. This will vary according to the selected filter. The type of comparison may be: = Is equal to != Is not equal to < Is less than <= Is less than or equal to MAC Range Range to pick up MAC address.
Operational Management Legacy Content You can remove a statement by clicking the X next to the statement. Actions You may specify one or more actions to run when certain conditions are met as defined by the filter(s). Valid actions are: • • Classify Devices - Classifies devices using the filter(s) to determine which devices are to be classified. Clear active alarm for active devices - Clears any active alarm if the conditions defined in the filter(s) are met.
Operational Management Legacy Content When an action is selected, an Edit button is displayed. Click the Edit button to configure the action. Configuration will be different for each type of action. For example, selecting Classify Devices as your action displays the following dialog window. Classify Devices allows you to classify devices as: Sanction (Inherit Profiles), Unsanctioned, Neighboring, or Sanction (Assign Profiles).
Operational Management Legacy Content You can remove an action by clicking the x next to the action. Click the Save and Close button to save the rule set and exit the window. Add an Infrastructure Device Rule Set The Infrastructure Device Rule Set window is where you add an Infrastructure Device Rule Set or edit an existing Infrastructure Device Rule Set. Extreme AirDefense User Guide for version 10.5.
Operational Management Legacy Content Basically, the Infrastructure Device Rule Set works the same as the Wireless Client / BSS / Unknown Devices Rule Set with differences in the filters and actions.
Legacy Content • • • • Operational Management DevicePolledIP DeviceSensedIP DeviceSerial DeviceVendorPrefix. Actions The available actions for the Infrastructure Device Rule Set are: • Clear active alarm for active devices - Clears any active alarm if the conditions defined in the filter(s) are met. • Frame Capture - Monitors and analyzes real-time data traffic flow from devices in your wireless LAN and saves the data in a file if the conditions defined in the filter(s) are met.
Operational Management Legacy Content You should always apply a Device Action Manager template at the appliance level. When you do, the profile is inherited for all the other levels. Then, if you have a level that needs a different Device Action Manager template, you can apply that template to that level.
Operational Management Legacy Content You may set an age out value for any of the following devices: • • • • Unsanctioned BSSs Ad-Hoc BSSs Unsanctioned Wireless Client Unknown, unsanctioned devices. Values are specified in hours or days with a minimum of 1 hour and a maximum of 7 days. If you enter an illegal value, the field is highlighted by a red box.
Legacy Content Operational Management Job statuses are displayed in table format with seven columns. Column Description Type The job type. Description A description of the job. This information is collected when a user inputs a description when confirming an update. User The name of the user who initiated the job. Status Gives status information such as scheduled jobs, jobs completed successfully, jobs in progress, jobs that have failed, etc. Start Time The date and time the job started.
Operational Management Legacy Content Location Based Services Use Location Based Services (LBS) to customize how frequently devices within specific locations are performing RF scans. For example, you may want to use a short frequency such as seconds to track high priority client devices, but use a lower frequency for tracking APs. For each device type, you will need to create and assign an LBS profile.
Operational Management Legacy Content A LBS Profile consists of Client Based Settings and Global LBS Settings configuration. • • Client Based Settings on page 646 Global LBS Settings on page 649 Client Based Settings Select the Client Based Settings tab to define your LBS profile. Use the Copy Settings button to copy the configuration of the selected Client type configuration to other client types. For more information see Copy Settings on page 646.
Legacy Content Operational Management When finished selecting, click Copy Settings to copy the settings and return to the previous dialog box. Set Client Type Priorities Use the Set all client type priorities button to set the default priorities for the different client types. Click the Set all client type priorities button to display a list of client types. On this screen you can select which client types you want to track and prioritize the devices in order of importance.
Legacy Content Operational Management When finished, click Set Priorities to set your selected priorities and return to the previous dialog box. Use the Reset button to reset your priorities to their previous settings. Presence Settings Define the Client Based Settings for your Location Based Services profile using the following fields found in the Presence Settings tab: Field Description Enable all Presence enter events Enables the enter events that alerts ADSP that a device has entered the premises.
Legacy Content Operational Management Define the Client Based Settings for your LBS profile using the following fields found in the Location Tracking Settings tab: Field Description Select all Sources Select the type of source to use (Wi-Fi Zones or Wi-Fi Positioning). Enable all Virtual Region Events Identifies which of the available virtual region events the given device can trigger: Enter, Exit, Proximity, and/or Contained.
Operational Management Legacy Content Click Apply to save your changes. A confirmation is displayed the bottom of the screen: Set Different Profile If you have a level that needs a different LBS profile, you can apply a different profile to that level. The Override settings option is available when you select (highlight) a network level below the appliance level. Use the Expand button beside the AirDefense appliance icon to reveal the other levels. 1186 Extreme AirDefense User Guide for version 10.5.
Legacy Content Operational Management For example, in the above screen shot, the LBS profile for AirDefense shows as the Default_LBS_Profile. In the left column you have selected the Country1 level and you can use the Override settings option and apply the New_LBS_Profile profile. Click Apply to save your changes. Note Updates to LBS profiles are treated as jobs and are included in Job Status under Configuration > Operational Management. Extreme AirDefense User Guide for version 10.5.
Operational Management Legacy Content Location Subscriber Profiles Use Location Subscriber Profiles to define subscriber profiles used in Proximity and Analytics. The profile specifies information for connecting to a third party application. Existing profiles are displayed in the table below the row of buttons. You can edit, copy or delete any selected (highlighted) profile by clicking the appropriate link.
Operational Management Legacy Content You have the option to save for the next update, update immediately or update later. If you choose to update later, you must supply a date and time. You can supply a description that will help identify the update later. A list of device types along with the number of affected devices that will be updated is displayed. Also, if applicable, a list of unsupported settings is displayed. Click OK to apply changes or Cancel to abort.
Legacy Content Operational Management Add a New Location Subscriber Profile To add a new Location Subscription Profile: 1. Click New Template to add a new profile. 2. .Name your Location Subscriber Profile in the Subscriber Name field and use the following tabs to define the profile: • • • • Connection Settings Location & Region Events Presence Events RSSI Data. Note These tabs are described in detail in the following sections. 3. Click Save and Close to save the profile and exit.
Legacy Content Operational Management The Connections Settings tab is divided into two parts: subscriber information (required) and proxy settings (optional). The subscriber information supplies the information needed to make the connection to the third party application. Subscriber information includes the following fields: Field Description Subscriber Push URL Supplies the IP address (192.168.1.1:1234) or domain name (example.com:1234) used to connect to a third party application.
Operational Management Legacy Content Field Description Username A valid username used to authenticate a user to the proxy. Password The password of the user used for authentication. You may select the Display Password checkbox to reveal the password. Location and Region Events Use the Location & Region Events tab to stream location and region events to a third party application.
Legacy Content Operational Management Field Description Select all Client Types Filters streaming by client types. You may select all client types by selecting Select all Client Types, or you may select one or more client types separately. When a client type is detected, location and region event information for that particular client type is sent to the third party application. Filter by Wireless Clients Filter streaming using the MAC address of one or more Wireless Clients.
Legacy Content Operational Management Field Description Select all Client Types Filters streaming by client types. You may select all client types by selecting Select all Client Types, or you may select one or more client types separately. When a client type is detected, presence event information for that particular client type is sent to the third party application. Filter by Wireless Client Filter streaming using the MAC address of one or more Wireless Clients.
Operational Management Legacy Content You should always apply a Location Subscriber Profile at the appliance level. When you do, the profile is inherited for all the other levels. Then, if you have a level that needs a different Location Subscriber Profile, you can apply that profile to that level.
Operational Management Legacy Content Folders with a checkmark identify that folder as having devices that in a pending state. Devices with a checkmark identify that the marked device is in a pending state. You have the option to save for the next update, update immediately or update later. If you choose to update later, you must supply a date and time. You can supply a description that will help identify the update later using Job Status under Operation Management.
Operational Management Legacy Content Existing profiles are displayed in the table below the row of buttons. You can copy, edit or delete any selected (highlighted) profile by clicking the appropriate link. To copy or edit a profile, select (highlight) the Sensor Only Settings profile, click the Copy or Edit link, and then make your changes. Click Save to save your changes.
Operational Management Legacy Content Add a New Sensor Settings Profile Click the New Template button to add a new profile. Define your Sensor Settings profile using the following fields are: Field Description Primary Appliance Specifies the IP address of the primary appliance. Secondary Appliance Specifies the IP address of the secondary appliance. Sensor Admin Password Specifies the admin password for your Sensors. Supplying this password is mandatory.
Operational Management Legacy Content Field Description Enable FIPS mode FIPS Level Encryption is disabled by default. FIPS level encryption is generally not needed.If you want to use FIPS level encryption, select the checkbox. This setting controls the https encryption level between the Sensor and the browser. When selected, the Sensor will only allow AES encryption to the browser (Sensor UI). Only browsers that support this type of encryption will be able to connect to the Sensor UI (e.g.
Operational Management Legacy Content then for a special case (in the following screen shot) you could override the Sensor Only Settings Profile at the ADSP level and apply the Sensor_Settings_Profile_AD profile to the AirDefense 2 floor. Note The Override settings option is available when you select (highlight) a network level below the appliance level. Use the Expand button to reveal the other levels. Click the Apply button to save your changes. Click the Reset button to discard your changes.
Legacy Content Operational Management Use the Scan Settings and ASA In-Line Settings tabs to configure Sensor Operation. You can copy Sensor Operation configurations to all your appliances by clicking the Copy settings to all appliances button. Note You must have a Central Management license in order to copy settings to all appliances. To save any configuration changes, click the Apply button. Clicking the Reset button resets all options back to their original settings.
Operational Management Legacy Content The appliance level can be expanded to show the lower levels. If a lower level is selected from the tree, its scan settings are displayed on the right. If the scan settings are inherited from a parent level, the options are read only and grayed-out. If the scan settings are overridden, the options have read/write permission and can be edited. All tree levels that do not inherit the same settings as the selected node are displayed with gray text.
Operational Management Legacy Content Feature/Function Description Enable Location Tracking RSSI Scan Devices can report RSSI scan data to ADSP. This option allows you to use that data in location tracking. Once this option is selected, you can adjust the location tracking refresh rate from 1 to 60 seconds. The optimal rate is 1 second. (You must have a Proximity and Analytics license before this option is visible.
Appliance Management Legacy Content ASA In-Line Settings The ASA In-Line Settings tab is used to configure sensor settings for Advanced Spectrum Analysis. These settings are for the ASA In-Line based scan, not for the Dedicated scan. There are four settings: two for 2.4 GHz band and two for 5GHz band. The values in the fields are the default settings. Normally, these levels are fine for normal use and should not have to be changed. Threshold (dBm)—This is the master level control for ASA scanning.
Legacy Content Appliance Management Appliance Settings Use the Appliance Settings window to specify information needed by your appliance and to enable key system features. Important You must be a user with read/write access to the System Configuration functional area to use this feature. To access this window, go to Configuration > Appliance Management > Appliance Settings. Function Description Port Set the UI Port. This setting configures the system port for access to ADSP.
Legacy Content Appliance Management Function Description Policy-based Air Termination System Enabled Policy-based Air Termination is an automated version of Air Termination. This feature enables you to formulate an Action Plan to automatically terminate the connection between your wireless LAN and any associated authorized or unauthorized or Wireless Client, based on alarms. Yes: Click this radio button to enable Policy-based Termination at the system level. No: (Default).
Appliance Management Legacy Content The top section displays status information about backups. The bottom section displays status information about configuration restores, synchronization, clear information, and upgrade information. The following status information is displayed: • • • • A green checkmark indicates that the backup/restore was successful. A red circle containing an exclamation mark indicates that the backup/restore was unsuccessful.
Appliance Management Legacy Content There are three types of verifications for either appliance communications or third party communications. They are: • • • Verify master certificate against trusted certificates Verify hostname against certificate Check certificate revocation. Select the appropriate checkbox for each type of verification that you want to check. If the Check certificate revocation checkbox is selected, the OCSP Responder fields are activated.
Appliance Management Legacy Content To add a public key: 1. Click the Add Key button. 2. Type in the name of the other server. 3. Select the type of public key that you want to add (SSH-RSA or SSH-DSS). 4. Paste the public key into the Key field.
Legacy Content Appliance Management the AirDefense appliance. Certificates install into the AirDefense appliance and are sent by the appliance directly to your browser. Important AirDefense recommends using a security certificate for every AirDefense appliance in your network. Furthermore, we recommend that you replace the pre-installed security certificate from AirDefense with either a self-signed certificate or a root-signed certificate. AirDefense supports the X.
Appliance Management Legacy Content Certificate Types Every AirDefense appliance comes with an AirDefense certificate. However, there are three other certificates available; each represents a different level of security. • • • Self-signed certificate Root-signed certificate SSL certificate. The following table describes each of the certificate types: Certificate Description AirDefense Certificate The AirDefense certificate represents a minimal level of security.
Appliance Management Legacy Content ◦ Validation period stating when the certificate became valid and when it ends ◦ Certificate fingerprints. Sharing Certificates AirDefense has a Central Management feature that allows you to monitor more than one appliance. In this situation, there will be a master appliance and a slave appliance. In order for this scenario to take place, you will need to share certificates between the master and the slave appliance.
Appliance Management Legacy Content The procedure to sharing certificates in the default state is: Note This procedure assumes that you have added a certificate using the procedures under Add Certificates. 1. 2. 3. 4. Access the Certificate Manager. In the Appliance field, select the slave appliance. Type in the certificate password and then click View Certificates. Click the Share Appliance Certificate button.
Appliance Management Legacy Content 6. Click the Share button. 7. Click OK. 8. On the master appliance, access the Trusted Certificate tab. 9. In the Appliance field, select the master appliance. 10. Type in the certificate password and then click View Certificates. 11. Click the Import New button. 12. Browse to CA certificate and select it. 13. Click OK. 14. Restart the master appliance. 15. On the slave appliance, access the Trusted Certificate tab and then repeat steps 9 through 13. 16.
Appliance Management Legacy Content 2. Send the CSR to a Certificate Authority (CA) and get certificate files. 3. Import the certificate files received from the CA. Generate Certificate Signing Request To generate a Certificate Signing Request (CSR), do the following: 1. Click the Generate Request button. A window opens for you to confirm that you want to download the CSR. 2. Click OK. A window opens for you to save your request. 3. Navigate to in a convenient place such as your Desktop to save the CSR.
Appliance Management Legacy Content Once you give the CA the information from the generated file, they will give you instructions on how to proceed, probably an email message. You will have to save the certificate files somewhere on your workstation such as your Desktop. There should be three certificates: • • • Intermediate Root SSL which is the tomcat certificate. Importing Certificate Files from CA 1. Click the Import New button. The Import New Certificate window displays. 2.
Appliance Management Legacy Content 3. Navigate to the Intermediate certificate, select (highlight) it, and then click the Open button. The file name should now display in the Select field. 4. Type in a name for the certificate. 5. Click OK. 6. Repeat Steps 1 to 5 to import the Root certificate. 7. Repeat Steps 1 to 5 to import the SSL certificate. Note The name for the SSL certificate defaults to tomcat. You cannot change this name. 8. Click OK.
Appliance Management Legacy Content 2. Click the Browse button to open the Select file to upload window. 3. Navigate to the trusted certificate, select (highlight) it, and then click the Open button. The file name should now display in the Select field. 4. Type in a name for the certificate. 5. Click OK. Update Certificate Information This topic discusses the process to update certificate information for certificates already stored in your appliance.
Appliance Management Legacy Content To change the certificate's default information: 1. Click the Update button to display the Update Appliance Certificate window. The following table describes the certificate information fields that can be modified: Field Description Name The hostname you assigned the AirDefense appliance. Department Name The department in which the AirDefense administrator is a member. Company Name The name of your company. City The city in which your company is located.
Legacy Content Appliance Management The Certificates window has a default password (security). You should change this password to a more secure password. To change the password: 1. Click the Change Password link. 2. Type the new password in the Password field. 3. Type the new password again in the Confirm field. 4. Click the OK button.
Appliance Management Legacy Content How Backups Work • • All backups, scheduled or on-demand, create a backup file in /usr/local/smx/backups. • If an on-demand backup is done to the desktop, the system performs a regular backup to /usr/ local/smx/backups first and then copies that file to the desktop. • If a scheduled backup is done to a remote device via SCP or FTP, the system performs a backup to /usr/local/smx/backups first and then copies that file to the remote system.
Appliance Management • Legacy Content NEVER direct a backup to /usr/local/smx/backups on a standby server. This will prevent synchronization from working properly. Manual Backups You can manually back up your server configuration to your workstation by following these steps: 1. Click the Backup Now button to display the Backup Ready window. 2. Click the Download button to open a window where you can select your destination directory (folder). 3.
Legacy Content Appliance Management Automatic Backups Automatic Backups backs up your system configuration to your ADSP appliance. Note Do not configure the automatic backup time and the automatic synchronization time with the same values. To schedule automatic backups, follow these steps: 1. Enable automatic backups by clicking the Enable Configuration Backup Scheduling checkbox to place a checkmark in the box. 2. Type in a name for the backup in the Job Name field. 3.
Appliance Management Legacy Content Field Description Password The password used to log in on the destination server. Verify Server Certificate/Key Verifies that the server certificate (HTTPS connections) or server key (SCP and SFTP connections) is valid. Retries The number of times to retry the backup if a failure occurs. The maximum number is 5.
Legacy Content Appliance Management Option Description Clear System Configuration Clears all system configuration data. This encompasses everything except what is covered by the other options. There are three other options associated with this option. • Clear Policy Configuration - Clears all policy configurations that you have changed. If you select this option, the Sensor and Device configurations will be automatically selected.
Legacy Content Appliance Management Configuration Restore You can restore a backup configuration that you backed up to your workstation. To do so, follow these steps: 1. Navigate to Configuration > Appliance Management > Configuration Restore. 2. Click Replace to open a window where you can select the directory (folder) where your configuration was backed up. 3. Navigate to the directory where your configuration was backed up and select the backup file. 4. Click Open to select the file.
Appliance Management Legacy Content To download a configuration, follow these steps: 1. Navigate to Configuration > Appliance Management > Download Logs. 2. Select if you want to download a backup that exists on your appliance and/or the system logs. 3. You can download all forensic logs or all appliance access logs. Alternatively, you can pick and choose the forensic logs or appliance access logs that you want to download. 4. Click Apply. A destination directory window is displayed. 5.
Legacy Content Appliance Management 8. Click Next. The configuration is downloaded to the selected directory and a status window is displayed confirming the download. 9. Click Close. Forensic and Log Backup To enable automatic forensics backup, click the Enable Automatic Forensics Backup checkbox to place a checkmark in the checkbox. To enable this automatic log backup, click the Enable Automatic Log Backup checkbox to place a checkmark in the checkbox. Fill in the fields described in the table below.
Legacy Content Appliance Management Field Description Host The name of the server where you want to back up forensics or log files. This can be an IP address or a DNS name defined by your DNS server. Port The port number to use during the backup. Protocol The file transfer protocol to use for backing up forensics or log files. Path The directory (folder) where to place the backup on the destination server. User The username used to log in on the destination server.
Legacy Content Appliance Management Interval Action Weekly Schedule Choose a frequency in days. Then, select a day or multiple days to conduct the backup by clicking the checkbox next to the day to place a checkmark in the box. Monthly Schedule Choose the months that you want to run a backup by clicking the checkbox next to the month(s) to place a checkmark in the box(es). Then, select a day of the month to conduct the backup. Last, specify a time of day.
Appliance Management Legacy Content To activate, select Enable Pre-Login Banner checkbox. The * (Please enter text) field is available to enter text that users will see before logging into AirDefense. Text can be entered in HTLM or text format. Click Apply to save the pre-login banner. Login Banner The Login Banner tab is provided for ADSP users who wish to add their own customized agreement banner which will be shown each time users log into the system. To activate, select Enable Login Banner field.
Appliance Management Legacy Content SSH Banner The SSH Banner tab is provided for AirDefense users who wish to add their own customized text for users accessing the AirDefense appliance through SSH. To activate, select Enable SSH Banner field. The following configuration option is available for customizing the SSH Banner. The At initial login... field is available to enter text that users will see when accessing the AirDefense appliance through SSH. Text can be entered in HTLM or text format.
Appliance Management Legacy Content • NEVER back up to the desktop from the standby server, because that process overwrites the existing file in /usr/local/smx/backups. • As the second part of synchronization, the standby server runs a restore to itself using the file found in its own /usr/local/smx/backups directory. This should be the only file ever copied over from the primary server. Synchronization Rules • You should only back up the primary server.
Legacy Content Appliance Management Automatic Synchronization Follow these steps to set up automatic synchronization of your primary and secondary ADSP appliances: Note Do not configure the automatic backup time and the automatic synchronization time with the same values. 1. Enable automatic synchronization by selecting the Designate this as a Secondary (redundant) appliance checkbox to place a checkmark in the box. 2.
Account Management Legacy Content connect to the appliance and your network tree will not be set up. Once connected to a lab network, you can either restore the primary's configuration file, or restore the configuration from a secondary appliance to the primary appliance. If the configuration is restored from the secondary appliance, you should then change the IP address of the new appliance to the one for the old appliance, reboot, and install the new appliance on the network.
Account Management Legacy Content View User Information From the left frame of the user account screen, you can view the following information about existing user accounts: • • • • • • • Username Full Name Description Authentication Method Functional Area Access Functional Role Scope Permissions. Add or Edit User Accounts Click the New User Account button to access the New User Account overlay. 1236 Extreme AirDefense User Guide for version 10.5.
Legacy Content Account Management Use the following table to configure the user account: Field Description Username The account name of the user. Full Name Enter a formal name of the user, if desired. Description Enter a description of the user account, if desired. Extreme AirDefense User Guide for version 10.5.
Account Management Legacy Content Field Description Authentication Select Local if the user will use Local Authentication. Select Remote if the user will use Remote Authentication. Select Remote with local fall back if the user will use Remote Authentication with local fall back. Note: At least one Administrator should be set to Local Authentication to avoid getting locked out of the system if a WLAN link is disconnected. When adding a remote user, Remote Authentication must be set up first.
Account Management Legacy Content Field Description Lock after x days inactivity Check this checkbox if you want to lock the account after x amount of days of no use. Select the Show Passwords checkbox to reveal passwords. Change password at next logon Check this checkbox if you want to force the user to change password at the next logon. Select the Show Passwords checkbox to reveal passwords. Feature Permissions Limits users to specific functions within ADSP.
Legacy Content Account Management Field Description Functional Roles Gives access to the following Functional Roles: • Security - Manage security alarms • Platform Monitoring - Manage the alarms that monitor the platform (system) • Locationing - Manage the alarms triggered by Location Based Services • Performance Monitoring and Troubleshooting - Manage the alarms that monitor platform (system) performance and alarms generated by troubleshooting features such as AP Test • Infrastructure Management - Man
Legacy Content Account Management AirDefense has four default role types with different levels of access to its functionality. • • Admin - Gives users read/write permission to all functional areas. Guest - Gives users read permission to Alarm Management, Reporting, Analysis Tools, and Connection Troubleshooting. No access is provided for the other functional areas. • Helpdesk - Gives users read/write permission to Connection Troubleshooting. No access is provided for all other function areas.
Account Management Legacy Content Capabilities for the individual functional areas are: Functional Area Capabilities (use of) Device Tuning • Setting annotations • Device profile configuration (existing) Alarm Management • • • • • • Appliance Management Access to all settings under current appliance management, with the exception of functional areas covered by System Configuration Alarm Criticality Configure the scale of an alarm's criticalness.
Legacy Content Account Management Functional Area Capabilities (use of) Vulnerability Assessment • On-demand or scheduled Vulnerability Assessment • Vulnerability Assessment profiles Connection Troubleshooting Troubleshooting tools AirDefense also tracks some functionality by account, regardless of role, such as keeping track of private vs shared reports and logging appliance activity. Functional Roles There are four functional roles for users: • • • • • Security - Manage security alarms.
Legacy Content Account Management Use the following table to configure the user account: Field Description Group Name Enter the name of the group account. Description Enter a description of the group account, if desired. Disable group login Disable the current login group. Test Authentication Test remote user authentication using LDAP or RADIUS. Enter a user's username and password. Then, click the Test button. If the credentials are valid, you will receive a pass message.
Account Management Legacy Content is briefly displayed (top-right area if overlay) to confirm the account addition. AirDefense will alert you to any errors. You can display more information about the error by clicking on the error message. Click the X in the top-right corner to close the New Group Account overlay panel. Edit, Copy, or Delete User Accounts Roll over the account and click the copy link (shown below) to copy an account.
Legacy Content Account Management Note You must have a Central Management license in order to use the Check Synchronization feature. With a Central Management license, you can use the Check Synchronization feature to check all the accounts on all your managed appliances and list the differences. You then have the option of synchronizing selected appliances or synchronizing all appliances. Click Check Synchronization to see if all accounts on all appliances in your system are in sync.
Account Management Legacy Content Field Description Max Login Attempts The maximum amount of login attempts before a user is locked out of an account. You must also specify if the account is locked within a time limit or no time limit. Password must be changed after The number of days a password can be used before it expires. Once x days expired, users are required to change passwords.
Legacy Content Account Management Field Description Old Password Enter your current password here. New Password Enter your new user password here. Verify Password Enter your new password here again. After entering your password information, click the Apply button to save your changes. Click the Reset button to discard any changes. Remote Authentication Remote Authentication is used authenticate users by using the password stored on a RADIUS or LDAP server.
Legacy Content Account Management Note If you encounter problems, contact your LDAP administrator. He/she can advise you on how to fill in the fields. If you can, use an LDAP browser (https://www.ldapadministrator.com/ download.htm) to login and browse. This will allow you to test your settings to see if they are right. There should also be errors in the LDAP server log that give more details on the problem.
Account Management Legacy Content Field Description Shared Secret Enter the shared secret password for the RADIUS server. You can make passwords viewable by selecting the Display Passwords checkbox. This option only displays for RADIUS servers. Timeout Enter a timeout value for authentication. This option only displays for RADIUS servers. Retries Enter the number of times to retry authentication. This option only displays for RADIUS servers.
Legacy Content Account Management Field Description Use LDAP for ... This field is displayed if LDAP is chosen for the Type field. Select this checkbox if you are using external group based authentication. If checked, more fields are displayed. • Server type - For now, Active Directory is the only option. The information supplied in the other four fields are used in group identification for the Active Directory server type. • Search Base - Enter a string to find your domain name in the directory.
Legacy Content Account Management After the entering the Remote Authentication data, click the Apply button to save the configuration. The configuration name is now displayed in the list on your left. If you highlight (click) a name in the list you can edit the fields for that configuration. You may also delete any highlighted configuration by clicking the Delete button. You can change the order of configuration preference using the Move Up or Move Down button.
Account Management Legacy Content Default View Select the default view when logging into AirDefense. The following views are available: • • • • Dashboard tab Network tab Alarms tab Configuration tab. Auto Refresh AirDefense application data is automatically refreshed according to the refresh rate that you specify. The following rates are available: • • • • No auto refresh - Turn off automatic refresh. 10 minute refresh - Automatically refresh AirDefense data every 10 minutes.
Legacy Content Account Management When viewing devices in the Network tab, the row of any device that is considered inactive will have lighter text than active devices. Copy MAC Formats Copy MAC Formats allows you to specify the formats you can use when copying a MAC address for a device in ADSP. You may select any or all of the following formats: • • • • ff:ff:ff:ff:ff:ff ff-ff-ff-ff-ff-ff ffff.ffff.ffff ffffffffffff Once set, when you copy a device's MAC address, you will have a choice of formats.
Account Management Legacy Content Click OK to save your changes. Show Job Initiation Message Dialogs You have option of displaying a message dialog when initiating certain jobs.
Account Management • Legacy Content Show Backup Download Job Initiation Message Dialog - Displays the following dialog window when a backup download job is manually initiated: In all four cases, you are given the option of not showing the message again. You can also view the job status by clicking the OK, Go to Job Status button, or by navigating to Configuration > Operational Management > Job Status if you wish to view the job status later.
Account Management Legacy Content The Auto-Connect feature is specifically designed to get un-configured APs into AirDefense as Sensors. After a successful DNS lookup, the un-configured AP attaches to AirDefense. AirDefense must then have the correct RF-domain setting for the final placement location of the newly added AP and a Sensor-only policy configured before it will automatically re-configure the AP device to work as a Sensor.
Account Management Legacy Content ◦ SFTP or FTP traffic between the device and the Relay server (can be same system as the AirDefense appliance) ◦ SFTP or FTP traffic between AirDefense and the external relay server when one is used. Setup Prerequisites 1. Enable SNMP Trap reception on the ADSP appliance: a. From the ADSPadmin utility on the appliance console, select C for Config then SNMP for Enable/ Disable SNMP trap reception. b.
Account Management Legacy Content d. Add a new profile which uses the non default production credentials that the infrastructure will have after completion of the zero touch configuration. Once complete, profile assignment should look like below: 4. Setup network device configuration action: a. The system must be enabled to allow configuration push to the new infrastructure devices. To set this up, go to Configuration > Appliance Platform > Polling. b.
Legacy Content Account Management • • Device Configuration Management Template Based Configuration Management 5. Set up Relay Server: • Configure the relay server for use with configuration management. The relay server setup is not specific to the zero touch feature, instructions for setup can be found in Menu > Help > Search for Relay. 6. Configure non default device credentials: a. Some infrastructure devices require changing the administrator password at first login.
Account Management Legacy Content Note For devices which require password change at first login, this is the password the system shall use when rotating the password. Also, it should match the console and the "http" password for the production communication profile. d. Specify the interfaces to be used. If using SNMP access, specify read and write community passwords. e. Click Apply to save changes. Extreme AirDefense User Guide for version 10.5.
Legacy Content Account Management 7. Set up CLI configuration push. a. Set up a CLI template to push the configuration to the device. This template can include just a few lines of code to set the device as a sensor or can include a complete configuration to set and configure all parameters on the device. To create a configuration template, go to Configuration > Infrastructure Management > CLI Configuration and select the specific device type of interest. b.
Legacy Content Account Management 5. Add a CLI profile using the default AP7131 device type (or other device type) as a template and apply the profile to the floor the device is located on. a. Go to Configuration > Infrastructure Management > CLI Configuration. b. Select WiNG v5.x from the CLI Configuration drop-down menu. c. Select a floor for the device. Note The floor should already exist. If it does not, use tree setup to create it (Configuration > Appliance Platform > Tree Setup). d.
Legacy Content Account Management h. Click Apply. 8. Ensure that the device firmware is current. (Configuration > Infrastructure Management > Device Firmware). If firmware is not current, update it. 9. Create a Radio Settings configuration for the AP-7131 and apply it to the floor the device is placed. You must include some data rates. Note ADSP automatically sets up a default Radio Settings profile. Only follow these steps, if you want to use your own settings. a.
Account Management Legacy Content the General tab, enable data collection and enable configuration. For SNMP, set version to v2c with proper read/write community information. Under Console tab, add the same user you have for device access and enable password information so that ADSP can talk to the AP-7131 . Now ADSP can communicate with the AP-7131. a. Go to Configuration > Appliance Platform > Communication Settings. b. Select the floor. c. Select Override settings. d. Enter SNMP information. e.
Legacy Content Account Management 6. Enable SNMP on the device and verify that you can execute snmpwalk from the server. You will need the IP address and community string for the device. To verify SNMP connectivity, from the server, run the following command against your target device: snmpwalk -v2c -c . 7. Add a CLI profile using the default Cisco Autonomous 12x0/11x0 device type (or other device type) as a template. a. b. c. d. e. f. g.
Account Management Legacy Content h. Enable SNMP and enter passwords for the Read/Write community. Then, enter password for a Trap Destination including your server IP address. Note You must also add the Trap Community and destination to get traps on your server. This can be done from the server CLI: ADSPadmin > Config > SNMP Enable. i. Click Apply. 10. Ensure that the device firmware is current. (Configuration > Infrastructure Management > Device Firmware). If firmware is not current, update it. 11.
Account Management Legacy Content 16. If necessary, configure the Communication Settings so what ADSP can communicate with the device. HTTP is only used for Airwave and WLSE devices so this is not needed for Cisco devices. On the General tab, enable data collection and enable configuration. For SNMP, set version to v2c with proper read/write community information. Under Console tab, add the same user you have for device access and enable password information so that ADSP can talk to the CISCO device.
Legacy Content Account Management If the properties page of a device that inherits this folder level is accessed, the defined variables are displayed from the folder level. In this case, the CLI profile (ProfileX) is not merged with the CLIVars Profile since there is no CLIVars. The result of this scenario is that these settings are defined at the CLI Profile level and inherited straight from their definition at the folder level. Scenario B Extreme AirDefense User Guide for version 10.5.
Account Management Legacy Content ProfileX is defined at the folder level but modified at the device level (override a named profile) or (inherit profile but edit variables) as follows: 1. Information is inherited from ProfileX. a. HOSTNAME=Test-Hostname b. GATEWAY=172.17.1.1 2. Make some changes. a. HOSTNAME=TestDevice b. GATEWAY is cleared to null After the modification, the variables that are not null (empty string) are saved and applied at the device level.
Account Management Legacy Content The result of this combination will result in the HOSTNAME coming from the CLIVars and the GATEWAY coming from the CLI Profile (ProfileX) Scenario C ProfileX and ProfileY are defined at the folder level but modified at the device level (override a named profile) or (inherit profile but edit variables) as follows: 1. Information is inherited from ProfileX. a. HOSTNAME=Test-Hostname b. GATEWAY=172.17.1.1 2. Set override and make some changes. a. HOSTNAME=TestB-Hostname b.
Account Management Legacy Content 3. Save changes. 4. Now set back to inherit either ProfileX or ProfileY (any other profile). In this case (as in Scenario B), these values were set at the device level. Override was removed and the device was set to inherit again. You might expect Step 2 of this example to be reset to Step 1. This is not the case.
Account Management Legacy Content Custom CLI Example This example shows how to use custom CLI variables. Note Customization of device values from ADSP requires expert knowledge of what each configuration parameter does and how making changes to those values will affect the device being modified. The following conditions are assumed: • • • A non-default CISCO VLAN configuration is used.
Account Management Legacy Content 3. The following screen shot shows how it is used: a. The variable $[CustomVLAN] is inserted directly into the CLI profile that is applied to a device. b. When $[CustomVLAN] is first entered into the profile, it becomes available for use in the Variables section as CustomVLAN. This is where you enter the custom VLAN value. 4. To complete this VLAN customization example for the Cisco 1230 AP, the following modifications need to be made: a. interface Dot11Radio0.
Legacy Content Drop-down Menu Access 6. As with all customizations, you should test it in a lab environment before putting it into production. Configuration Notes AirDefense 9.x WS2000 upgrade will only occur if the relay server is accessible from subnet1. Drop-down Menu Access Drop-down menus are located throughout AirDefense. Whenever a device or network level is displayed, it has an associated drop-down menu. You can access the drop-down menu to get details on functions and properties.
Legacy Content Drop-down Menu Access The drop-down menu for APs contains the following functions: Function Description Alarms Accesses the Alarms tab where you can view the alarms for the selected AP. See Alarms Properties Opens the Properties overlay for the selected AP. Upgrade Upgrades the firmware for the selected AP. (For more information, see Upgrade Devices.) Rename Opens a dialog window to rename the selected AP. Move Moves the selected AP to another network level (floor).
Drop-down Menu Access Legacy Content You can view the properties of an AP by clicking the drop-down menu button and clicking Properties. The following information is displayed: Field Description Name The name of the AP. Description A description of the AP. Last Audit The date and time of the last audit. Host Address IP address of the AP. Flagged Flag an AP that you want to bring attention to. In compliance / Not in compliance Status of the last compliance audit.
Drop-down Menu Access Legacy Content You can view and/or override the AP configuration by selecting: • • • • • • • • • CLI Configuration on page 580 Channel Settings on page 569 Device Access on page 563 Radio Settings on page 571 RF-Domain on page 567 Relay Server on page 529 Communication Settings Profile on page 520 WLAN Profiles on page 575 WLAN Profiles on page 575—Display valid licenses for APs. These configuration settings (or profiles) are all located in the Configuration Tab on page 493.
Drop-down Menu Access Legacy Content The drop-down menu for BSSs contains the following functions: Function Description Alarms Accesses the Alarms tab where you can view the alarms for the selected BSS. See WLAN Profiles on page 575 Properties Opens the Properties overlay for the selected BSS. Rename Opens a dialog window to rename the selected BSS. Remove Removes the selected BSS from your network. (See WLAN Profiles on page 575 for more information.
Legacy Content Drop-down Menu Access The following information is displayed: Field Description Name The name of the BSS. Description A description of the BSS. Classification The classification of the BSS: Sanctioned, Unsanctioned, or Neighboring. Annotations The annotations specified for the BSS: Flagged or Bridged. Observed Data Data that AirDefense observed about the BSS. You can filter the observed data by entering significant text in the Search field.
Legacy Content Drop-down Menu Access The drop-down menu for Wireless Clients contains the following functions: Function Description Alarms Accesses the Alarms tab where you can view the alarms for the selected Wireless Client. See Alarms on page 477 for more information. Properties Opens the Properties overlay for the selected Wireless Client. Rename Opens a dialog window to rename the selected Wireless Client. Remove Removes the selected Wireless Client from your network.
Drop-down Menu Access Legacy Content Function Description Client Type Client Type appears in the menu only when a Wireless Client is sanctioned. As default, Wireless Clients are assumed to be laptops, displaying a laptop icon. This menu item allows you to differentiate phones and hand-held devices from laptops in ADSP.
Drop-down Menu Access Legacy Content Wireless Clients - Properties You can view the properties of a Wireless Client by clicking the drop-down menu button Properties. and clicking The following information is displayed: Field Description Name The name of the Wireless Client. Description A description of the Wireless Client. Classification The classification of the Wireless Client: Sanctioned, Unsanctioned, or Neighboring.
Drop-down Menu Access Legacy Content If you make changes, click Save to save them. Click the Delete Device button to delete a device from your network. Click the Close button - X to close the Properties overlay. Sensors Menu The Sensors drop-down menu contains functions that you can apply to the selected Sensor. Click the drop-down menu button next to the Sensor name to display the drop-down menu.
Legacy Content Drop-down Menu Access Function Description Action Details Displays a table listing specific actions that are occurring to devices seen on your WLAN. Port Lookup This feature is disabled unless you have a WIPS license. Forensic Analysis Opens the Forensic Analysis-Basic on page 370 window for the specified Sensor. Live View Opens the Live View on page 764 window for the selected Sensor; allows you to analyze current WLAN activity on the device.
Legacy Content Drop-down Menu Access Field Description Flagged Flag a Sensor that you want to bring attention to. Observed Data Data that AirDefense Services Platform observed about the Sensor. You can filter the observed data by entering significant text in the Search field. The scope of the Sensor is shown under the Scope tab. The Autoplace button can be used to place the Sensor in a network folder using Auto-Placement rules. Alarms related to the Sensor are shown in the Alarms tab.
Drop-down Menu Access Legacy Content • DNS on page 751 IPv4 Field Description Use DHCP Select the checkbox to enable DHCP, short for Dynamic Host Configuration Protocol, which is a protocol for assigning dynamic IP addresses to devices in a network. IP Address Manually enter a static IP address for the Sensor. Net Mask Manually enter the subnet to which the Sensor belongs. Gateway Manually assign a valid Gateway IP address to the Sensor.
Drop-down Menu Access Legacy Content The drop-down menu for Wireless Switches contains the following functions: Function Description Alarms Accesses the Alarms tab where you can view the alarms for the selected Wireless Switch. See Alarms on page 477 for more information. Properties Opens the Properties overlay for the selected Wireless Switch. Upgrade Upgrades the firmware for the selected Wireless Switch. (For more information, see Upgrade Devices.
Legacy Content Drop-down Menu Access Function Description Direct Connect Accesses the user interface (UI) for the selected Wireless Switch. Copy MAC Copies the MAC address of the selected Wireless Switch for later use. Wireless Switch - Properties You can view the properties of a Wireless Switch by clicking the drop-down menu button clicking Properties. and The following information is displayed: Field Description Name The name of the Wireless Switch.
Legacy Content Drop-down Menu Access Field Description In compliance / Not in compliance Status of the last compliance audit. Click the Managed Configuration button to display the Wireless Switch configuration. Click the Generated Configuration button to display a generated configuration for a Wireless Switch. The generated configuration is the same configuration sent to a relay server to configure a Wireless Switch.
Drop-down Menu Access Legacy Content The drop-down menu for Wired Switches contains the following functions: Function Description Alarms Accesses the Alarms tab where you can view the alarms for the selected Wired Switch. See Alarms on page 477 for more information. Properties Opens the Properties overlay for the selected Wired Switch. Upgrade Upgrades the firmware for the selected Wired Switch. See Upgrade Devices for more information.
Legacy Content Drop-down Menu Access You can view the properties of a Wired Switch by clicking the drop-down menu button and clicking Properties. The following information is displayed: Field Description Name The name of the Wired Switch. Description A description of the Wired Switch. Host Address The IP address of the Wired Switch. Flagged Flag a Wired Switch that you want to bring attention to. Observed Data Data that AirDefense Services Platform observed about the Wired Switch.
Legacy Content Drop-down Menu Access Click the Delete Device button to delete a device from your network. Click the Close button—X to close the Properties overlay. Unknown Devices Drop-down Menu The Unknown Devices drop-down menu contains functions that you can apply to the selected Unknown Device. Click the drop-down menu button next to the Unknown Device name to display the dropdown menu.
Legacy Content Drop-down Menu Access Function Description Port Lookup Opens the Port Lookup window where you can locate the physical port where the Unknown Device is accessing your network. Terminate Accesses the Terminate options so that you can terminate the connection of the Unknown Device to your network. Copy MAC Copies the MAC address of the selected unknown device for later use.
Legacy Content Drop-down Menu Access You can view and/or override a Unknown Device's configuration by selecting: • • Performance Profiles Assignments Security Profiles Assignments. These configuration settings (or profiles) are all located in the Configuration Tab on page 493. If you make changes, Save to save them. Click the Delete Device button to delete a device from your network. Click the Close button X to close the Properties overlay.
Legacy Content Drop-down Menu Access Function Description Readiness Test Validates that the WLSE device is management ready (that is, it can be manage through ASDP). You are alerted of problem areas. (See Readiness Test on page 787 for more information.) Action Details Displays a table listing specific actions that are occurring to devices seen on your WLAN. Direct Connect Accesses the user interface (UI) for the selected WLSE device.
Legacy Content Drop-down Menu Access Alarms related to the WLSE are shown in the Alarms tab. The Actions button can be used to perform one of the listed functions on a selected (highlighted) alarm. You can view and/or override an WLSE's configuration by selecting Communication Settings. These configuration settings are all located in the Configuration Tab on page 493. You can display valid licenses for a WLSE by selecting License. If you make changes, click Save to save them.
Legacy Content Drop-down Menu Access Function Description Move Moves the selected AirWave device to another network level (floor). See Move Devices on page 466 for more information. Remove Removes the selected AirWave device from your network. See Remove Devices on page 466 for more information. Readiness Test Validates that the AirWave device is management ready (that is, it can be manage through ASDP). You are alerted of problem areas. See Readiness Test on page 787 for more information.
Drop-down Menu Access Legacy Content The following information is displayed: Field Description Name The name of the AirWave Switch. Description A description of the AirWave Switch. Last Audit The date and time of the last audit. Host Address The IP address of the AirWave Switch. Flagged Flag a AirWave Switch that you want to bring attention to. In compliance / Not in compliance Status of the last compliance audit.
Drop-down Menu Access Legacy Content Device Functions Requiring More Explanation The device functions discussed here are drop-down menu functions that operate on devices and require more details on how to use them. Depending on the device, these functions may or may not appear in the drop-down menu. They are: • • • • • • Live View Locate Port Lookup Readiness Test Spectrum Analysis Terminate. Live View AirDefense gives you a Live View of the devices operating in your wireless LAN.
Legacy Content Drop-down Menu Access You can either start the monitoring session and suspend the Spectrum Analysis, or cancel the Live View session. Live View consists of four main categories of information: • • • • Data Connections Devices Frames. Common Area The common area holds the menus and buttons that are common to the Live View window. It is located at the top of the window.
Drop-down Menu Access Menu Legacy Content Option Description Settings Opens the Live View Settings popup window where you can set options for your Live View sessions. (See Live View Settings on page 767 for more information.) Edit Filters Opens the Live View Filter popup window where you can set options to filter data. (See Live View Filters on page 768 for more information.) Schedule Frame Capture Schedule a Frame Capture session using the scheduler.
Legacy Content Drop-down Menu Access Buttons Button Description Starts a Live View session. Stops a Live View session. Freezes a Live View session. The data in the window freezes but Live View keeps collecting data to display later after you unfreeze the session. Click the Freeze button again to unfreeze the session. Opens the Live View Filter popup window. where you can set options to filter data. (See Live View Filters on page 768 for more information.
Legacy Content Drop-down Menu Access Setting Description Capture Control Frames Sets the Live Monitoring sessions to capture control frames. If selected, you can also truncate control frames to a specific number of bytes or have no truncation. Capture Data Frames Sets the Live Monitoring sessions to capture data frames. If selected, you can also truncate data frames to a specific number of bytes or have no truncation.
Legacy Content Drop-down Menu Access Frames may be filtered by any of the following methods: Method Description Devices To filter Live View frames by devices, go to the Devices tab and check Filter frames by device. Select any of the following conditions: • Any Address • Source • Destination • BSSID • A1 (RX) • A2 (TX) • A3 • A4 For every condition that you select, you must specify a MAC address.
Legacy Content Drop-down Menu Access Method Description Channel Filters To filter by channels, go to the Channels tab and check Filter frames by channel. Deselect the channels that you do not want to display. You may filter out a whole category of channels or individual channels. Rates Filters To filter by transmission rate, go to the Rates tab and check Filter frames by rate. Deselect any rate that you do not want to display.
Drop-down Menu Access Legacy Content The Data tab focus can be changed by changing the view. Depending on the view that is selected different charts are displayed. There are four available views: View Description Summary Provides a summary of frame data using the following charts: • Traffic By Transmitter Authorization • Retry • Traffic By Rate • Traffic By Channel • Devices By Authorization. This is the default view. Device Analysis Changes the frame data focus to device information.
Legacy Content Drop-down Menu Access To remove a chart, click the Remove button associated with the chart. Once you have customized the display to fit your needs, click the Save Changes button to save your arrangement. The customized view is saved on your ADSP server. Now, whenever you access Live View, you can access your customized arrangement. This is true even if you are accessing the GUI on another workstation. You can change the name of a view by clicking the Rename button.
Legacy Content Drop-down Menu Access Options are provided to display devices with broadcast frames, devices with multicast frames, or both. Just select the checkbox for the option you want. The Data Frames and Bytes fields display the count of data frames and bytes. If more than 50,000 frames have been captured during the Live View session, only the most recent 50,000 frames are displayed. Devices are listed in three columns: Wireless (wireless devices), APs and Wired (wired devices).
Drop-down Menu Access Legacy Content Options are provided to show all devices, only BSSs, Wireless Clients, or Wired Clients. If more than 50,000 frames have been captured during the live monitoring session, only the most recent 50,000 frames are displayed. The Export button can be used to export device data to a CSV file. Just browse to a folder (directory) to save the file in, type in a name, and click the Select button. The name of the file is displayed in the File field.
Drop-down Menu Access Legacy Content Column Description SSID Lists the Service Set Identifiers. An SSID is a 32-character unique identifier attached to the header of packets sent over a WLAN. The SSID acts as a password when a mobile device tries to connect to the BSS (Basic Service Set.) Channel Lists the WLAN channel that the device is operating on. Channel Extension Lists the WLAN channel extension that the device is operating on.
Legacy Content Drop-down Menu Access The captured file is stored in either/or, at times, both of the following directories: /usr/local/smx/pcaptiures OR /usr/local/smx/pcaptures/saved. You can switch to the frames view by clicking the Frames View 1312 Extreme AirDefense User Guide for version 10.5. button.
Drop-down Menu Access Legacy Content Click the Data Table button to switch back to the table view. If more than 50,000 frames have been captured during the live monitoring session, only the most recent 50,000 frames are displayed. Frames data is displayed as follows: • • • Frames table (located on top) Hex values for a selected frame (located on bottom left) Decodes for a selected frame (located on bottom right).
Drop-down Menu Access • Legacy Content Rearrange columns by clicking on a column heading and dragging it to a new position. When a frame is selected (highlighted), the frame data is shown in the hex values and decodes areas. The decodes area shows the 802.11 interpretation of the frame data in a tree structure. The hex values area and decodes area are linked so that selections in one area will follow the selections in the other.
Drop-down Menu Access Legacy Content Live View automatically saves session frame data in a temporary file on your ADSP server. You can save the temporary file to a permanent file on the server or to a file on your workstation. To save a file, first stop the session (click Stop button or select Session > Stop) and then select File > Save to display the Save Frame Capture popup window. To save the file on your workstation: 1. Select the Save locally radio button. 2. 3. 4. 5.
Legacy Content Drop-down Menu Access To schedule automatic frame captures, follow these steps: 1. Decide how often you want to run the frame capture by selecting One Time Schedule, IntraDay Schedule, Daily Schedule, Weekly Schedule, or Monthly Schedule from the drop-down menu. 2.
Drop-down Menu Access Legacy Content There are four additional fields in the Advance Schedule Frame Capture window. The steps to set a schedule are the same except you need to set the additional fields. There is a Capture Size Limit (frames) field where you can set a limit on how large the captured frame file can grow. The three other fields are used to truncate the captured frame file for captured: • • • Capture Management Frames Capture Control Frames Capture Data Frames.
Legacy Content Drop-down Menu Access ◦ Three (minimum) AirDefense compatible sensors per map loaded. Importing Maps To use the built-in Location Tracking feature, you will need to import a map first and place the sensors at their specific locations. Note Each map can be loaded by floor. You may have to re-arrange the sensors to accommodate a map for each floor. You will also need a minimum of three sensors per map. Note A map can only be linked to sensors on the same floor.
Drop-down Menu Access Legacy Content desired floor plan and select Open. The map is then displayed. Scale the image as directed and click Next: Add to floor when you are satisfied with the image. Important The Floor Plan single dimension limit (width or height) is 8192 pixels while the total pixel count (width x height) limit is 8,000,000 pixels. If the appliance has at least 2GB of memory, the total pixel count may be as high as 16,777,215 pixels but the single dimension limit is still 8192 pixels.
Drop-down Menu Access Legacy Content Clicking the Refresh button will refresh the Floor Plan. If the device has moved, you will see its new position in the Floor Plan. The Floor Plan is also refreshed automatically (unless turned off) using Menu > Auto Refresh. The available refresh rates are: • • • 30 seconds 1 minute 5 minutes. You can place your cursor over the tracked device to display statistics and information about the device.
Legacy Content Drop-down Menu Access If the device you select is a Wireless Client, the following window displays: The following table provides detail on the Switch Port Lookup window's functions and features. Function/Feature Description Search Scope A drop-down menu that allows you to limit the scope of your search. Selected Device A read-only field that displays the MAC address of the selected device. Extreme AirDefense User Guide for version 10.5.
Legacy Content Drop-down Menu Access Function/Feature Description Similar MACs offset by This function appears only if selected device is a BSS. If checked, the search includes other BSSs with a MAC address similar to the selected station. The other stations are listed in the sub-window. Use this function to search for a range of MAC addresses. The range is set by the offset value that you select.
Drop-down Menu Access Legacy Content 5. Click Next. The following window showing the search results displays. From this window, you can disable or enable a selected (highlighted) interface by clicking the appropriate button. 6. Click Close to exit. Readiness Test The Readiness Test checks the connections and the communication settings between AirDefense and devices in your network. The devices may be an AP, a Sensor, or a Switch.
Drop-down Menu Access Legacy Content If you are running the Readiness Test from a device, it is run only on that device. If you are running the Readiness Test from a network folder (level), the test is run on all the devices included in that folder. There are four categories of tests: Appliance Configuration, Management Modes, Device Communication Verification, and Relay Server Communication Verification. Each category can be expanded to review individual tests for that category by clicking the category.
Drop-down Menu Access Legacy Content There are eight tests for Management Modes: • License Assigned—validates that the number of licenses do not exceed the number of configured devices. • Polling Configuration—validates that the folder or device selected inherits a configured polling profile. • • Data Collection—validates that data collection is enabled when polling. SNMP Credentials—validates that the SNMP credentials are supplied for the communications settings.
Drop-down Menu Access Legacy Content There are five tests for Relay Server Communication Verification: • Relay server settings—validates that the folder or device selected inherits a configured relay server profile. • • • • Relay Server Connection Test— validates that the relay server can be reached. Relay Server Upload Test—validates that the relay server can upload CLI profiles. Relay Server Download Test—validates that the relay server can download CLI profiles.
Drop-down Menu Access Legacy Content This usually will happen if you only have one radio turned on. If you continue, your wireless application may be disrupted but Spectrum Analysis will run. To access the Spectrum View window, click the drop-down menu button Spectrum Analysis from the drop-down menu. for a Sensor and then select Select File > Close to exit the Spectrum View window. You will be prompted to save the scan to an ADSP file.
Legacy Content Drop-down Menu Access You must click OK to continue. You can turn the warning off by selecting the checkbox next to Don't show this warning again. There are three conditions that may prevent a scan from starting. They are: • • • The Sensor is already running a dedicated RF scan for any user Another user is running Live View on the Sensor Ten scans are already running (maximum supported).
Drop-down Menu Access Legacy Content There are two scanning modes: • • Full Scan Interference Scan Full Scan scans the entire 2.4GHz bandwidth (in 5MHz steps) and 5GHz bandwidth (in 20MHz steps) with a short dwell time (around 50 ms). It supports limited classification of interference sources. Interference Scan scans three frequencies in the 2.4GHz band and three frequencies in the 5GHz band with a longer dwell time (around 500 ms). It supports classification for all interference sources.
Drop-down Menu Access Legacy Content Note A Spectrum Analysis license is required to access this feature. Advanced Spectrum Analysis is the next generation of Spectrum Analysis. Advanced Spectrum Analysis will only run on devices with the MB92 or newer chipsets. Currently, only the models AP621, AP622, AP6511, AP6521, AP6522, and AP8132 can run this enhanced version of Spectrum Analysis.
Drop-down Menu Access Legacy Content To continue, you will have to click OK to suspend the activity. Clicking Cancel will stop Advanced Spectrum Analysis from running. You can stop a scan by click the Stop Scan be started by clicking the Start Scan button or selecting Scan > Stop Scan. A new scan can button or selecting Scan > Start Scan. A counter is displayed next to the Stop Scan button to show how long the scan has been running. The default scanning time is 10 minutes.
Drop-down Menu Access Legacy Content Advanced Spectrum Analysis supports two types of scans: • • Dedicated Scan—Conducts a full detailed spectrum scan (default). In-Line Scan—Conducts a spectrum scan of all channels minus 802.11 details. Note To conduct an In-Line Scan, you must enable location tracking RSSI scan under Configuration > Operational Management > Sensor Operation and set the refresh rate to 1 second. You can change the scan type by selecting the appropriate radio button.
Drop-down Menu Access Legacy Content Selecting the Highlight channels with sanctioned BSSs checkbox highlights the channels with sanction BSSs in all the charts. Chart Manipulation The following chart manipulations are available: • You can display a maximum of 3 charts. If only one or two charts are displayed, click the Add New Chart button to add another chart. If three charts are displayed the Add New Chart button is inactive.
Legacy Content Drop-down Menu Access The fields used to schedule a Spectrum Analysis are: Field Description Schedule There are five options to schedule an assessment. Depending on the option you select, you must fill in the related fields as follows: • One Time Schedule—Choose a time for the assessment by selecting a time from the Time drop-down menu. Then, select a day for the assessment by clicking the Calendar button in the Date field and selecting a date.
Drop-down Menu Access Legacy Content When searching, you can supply additional information such as: • • • • • • • • • Select the scope from the network tree The MAC address of the device The name of the device The IP address of the device The 802.1x username used for authentication The vendor name of the device The DNS name used by the device The SSID of the device Select whether or not the device supports the 802.11a, b, g, or n protocols.
Drop-down Menu Access Legacy Content Network Level Drop-down Menus Each network level has a drop-down menu containing functions that operate on the selected network level. You can configure the following network levels: • • • • • • • Appliance Country Region City Campus Building Floor. Appliance Level Drop-down Menu The Appliance level drop-down menu contains functions that you can apply to the selected Appliance as well as the features included in the Menu.
Legacy Content Drop-down Menu Access The drop-down menu for appliances contains the following functions: Function Description Alarms Accesses the Alarms tab where you can view the alarms for the selected Appliance. See Alarms on page 477 for more information. Properties Opens the Properties overlay for the selected Appliance. Readiness Test Validates that devices in the appliance scope are management ready (that is, devices can be manage through ASDP). You are alerted of problem areas.
Legacy Content Drop-down Menu Access Function Description Action Rules on Demand Runs an on demand test on your alarm action rules and/or device action rules. You can run the test and view the results later in Job Status on page 643, or you can run the test now and view the results now. There are two options for each type of test: • Only enabled rules-run test on the enabled rules. • All rules-run test on all rules (enabled or not). This option is deactivated on run now tests.
Legacy Content Drop-down Menu Access The drop-down menu for countries contains the following functions: Function Description Alarms Accesses the Alarms tab where you can view the alarms for the selected Country. See Frame Capture Analysis on page 368 for more information. Properties Opens the Properties overlay for the selected Country. Readiness Test Validates that devices in the country scope are management ready (that is, devices can be manage through ASDP). You are alerted of problem areas.
Legacy Content Drop-down Menu Access Function Description Add Folder Adds a new folder to the network tree by selecting one of the available network levels. The added folder is given a generic name. You should rename the new folder. Copy Folder Copies the network scope of a Country. Enter a name for the country, select if you want the to include the floor plans or not, and click OK. Rename Opens a dialog window to rename the selected Country. Remove Removes the selected Country from your network.
Legacy Content Drop-down Menu Access The drop-down menu for regions contains the following functions: Function Description Alarms Accesses the Alarms tab where you can view the alarms for the selected Region. See Alarms on page 477 for more information. Properties Opens the Properties overlay for the selected Region. Readiness Test Validates that devices in the region scope are management ready of problem areas. You are alerted of problem areas. (See Readiness Test on page 787 for more information.
Legacy Content Drop-down Menu Access Function Description Add Folder Adds a new folder to the network tree by selecting one of the available network levels. The added folder is given a generic name. You should rename the new folder. Copy Folder Copies the network scope of a Region. Enter a name for the region, select if you want the to include the floor plans or not, and click OK. Rename Opens a dialog window to rename the selected Region. Remove Removes the selected Region from your network.
Legacy Content Drop-down Menu Access The drop-down menu for cities contains the following functions: Function Description Alarms Accesses the Alarms tab where you can view the alarms for the selected City. See Alarms on page 477 for more information. Properties Opens the Properties overlay for the selected City. Readiness Test Validates that devices in the city scope are management ready (that is, devices can be manage through ASDP). You are alerted of problem areas.
Drop-down Menu Access Legacy Content Function Description Forensic Analysis Accesses Forensic Analysis—Basic. See Forensic Analysis-Basic on page 370 for more information. AP Test Accesses AP Test (Scheduled AP Tests). See Scheduled AP Test for more information. Wireless Vulnerability Assessment Accesses Wireless Vulnerability Assessment. See Scheduled Vulnerability Assessment on page 853 for more information.
Legacy Content Drop-down Menu Access Function Description Action Rules on Demand Runs an on demand test on your alarm action rules and/or device action rules. You can run the test and view the results later in Job Status on page 643, or you can run the test now and view the results now. There are two options for each type of test: • Only enabled rules-run test on the enabled rules. • All rules-run test on all rules (enabled or not). This option is deactivated on run now tests.
Drop-down Menu Access Legacy Content Area (Building) Level Drop-down Menu The Area (Building) level drop-down menu contains functions that you can apply to the selected Area level. Click the drop-down menu button next to the Area name to display the drop-down menu. The drop-down menu for buildings contain the following functions: Function Description Alarms Accesses the Alarms tab where you can view the alarms for the selected Area. See Alarms on page 477 for more information.
Legacy Content Drop-down Menu Access Function Description Action Rules on Demand Runs an on demand test on your alarm action rules and/or device action rules. You can run the test and view the results later in Job Status on page 643, or you can run the test now and view the results now. There are two options for each type of test: • Only enabled rules-run test on the enabled rules. • All rules-run test on all rules (enabled or not). This option is deactivated on run now tests.
Drop-down Menu Access Legacy Content Live RF/Floor Plan Level Drop-down Menu The Live RF/Floor Plan level drop-down menu contains functions that you can apply to the selected floor level. Click the drop-down menu button next to the Floor name to display the drop-down menu. The drop-down menu for floors contain the following functions: Function Description Alarms Accesses the Alarms tab where you can view the alarms for the selected Floor. See Alarms on page 477 for more information.
Drop-down Menu Access Legacy Content Function Description Live RF / Floor Plan Views the floor plan for a building where you can manipulate the floor plan, add devices, and track devices. Upgrade Upgrades the firmware for devices in the selected Floor. See Upgrade Devices for more information. Rename Opens a dialog window to rename the selected Floor. Forensic Analysis Accesses Forensic Analysis-Basic. See Forensic Analysis-Basic on page 370 for more information.
Drop-down Menu Access Legacy Content When the floor plan is complete, you will need to click the Close button X to save and close. The Floor Plan can then be viewed throughout AirDefense, and can be used to locate devices in your network and display Live RF data. To upload a background image, click the Continue floor configuration button or the Design Floorplan link to get started.
Legacy Content Drop-down Menu Access 1. Click the Browse button. Extreme AirDefense User Guide for version 10.5.
Drop-down Menu Access Legacy Content 2. Browse to the location of the image, select it (usually a BMP, GIF, or JPG file), and then click Open. The Upload button is now active. Click it. This is the Floor Plan wizard. You can use it to guide you through adding a floor to your Floor Plan. 3. You can crop the image to only show the area you are concerned with. Draw a rectangle around the area you want to crop by: a. Clicking on a point in the image. b. Dragging your mouse to draw the rectangle. c.
Legacy Content Drop-down Menu Access 5. Click the Next: Scale Image button. 6. Scale your image by clicking on a point in the image, draw a line, and then click an end point. Enter the distance of the line which represents the actual length of the physical space in feet or meters. The Set scale button is activated. Click it to complete scaling. Extreme AirDefense User Guide for version 10.5.
Drop-down Menu Access Legacy Content 7. The Next: Add to floor button is activated. Click it to add the floor to your floor plan. Note You can undo any changes by clicking the Cancel button. You can remove an image by clicking the Replace floor plan button. Your uploaded floor plan will look similar to the following one: You can now use the editing tools to add walls, cubicles, doors, elevators, etc.
Drop-down Menu Access Legacy Content 2. Click the Add or Remove Floors link. The following dialog box is displayed: 3. Click OK to continue to the following dialog box: Extreme AirDefense User Guide for version 10.5.
Legacy Content Drop-down Menu Access 4. Click the New Floor Count drop-down and select a floor number. If you increase the floor count, floors are added accordingly. You can have as many as 100 floors in a building. If you decrease the floor count, floors are removed starting at the top floor. Click OK to make the change. 5. After you add a floor, you will need to upload a background image for your floor or design a new floor plan. The following floor plan shows a building with two floors: 6.
Drop-down Menu Access Legacy Content The first time you enter the Edit Mode the How to wizard is accessed. The How to wizard guides you step-by-step through the editing process to set up your Floor Plan. You can hide the How to wizard by clicking its Close (X) button and edit your Floor Plan as you like using the Tools, Devices, and Advanced tabs. If the How to wizard is hidden, you can access it by clicking the Show me how link.
Drop-down Menu Access Legacy Content Context Label The Context Label, located near the top-center of the Floor Plan, controls the context of the Floor Plan. The Context Label shows you the following information: Field Description Manage Designs When this field is clicked, a list of existing designs is displayed: You can edit or add to the list using the following actions: • Click the Primary field for a design to make it the primary design. • Click on the Edit name link to change the name.
Legacy Content Drop-down Menu Access Field Description RF Settings RF Settings includes: • RF Mode setting • Protocol setting • AP Load View setting • Network Association Filter. RF Mode Setting The RF Mode setting determines if your heat maps display no RF data (deselected), Live RF data (selected), or Predicted RF data (selected). Protocol Setting The Protocol setting allows you to filter RF data according to the selected protocol.
Drop-down Menu Access Legacy Content Field Description Network Association Filter Setting The Network Association Filter is where the network device association is shown in a network tree. You may select an entire SSID or individual devices. RF Coverage This field lets you select the coverage visualization or application coverage for your heat maps. If you click the field, you can select another visualization or application.
Drop-down Menu Access Legacy Content Field Description Location Tracking This field displays a list of devices being tracked grouped by device type. If a device in the list is selected (highlighted) it is highlighted in the floor plan map. Location Tracking has two views: Icon location view and Heat map display. The Icon location view displays the most likely location for selected devices as an icon for each device.
Drop-down Menu Access Legacy Content Auto Refresh Auto Refresh works on both Live RF and location tracking. For Live RF, auto refresh uses the latest data (radio, power, channel, live status, etc.) AirDefense has about devices to refresh RF data. For location tracking, it refreshes the current position of the devices being tracked. There are four options for Auto Refresh: • • • • Off 30 seconds 1 Minute 5 Minutes (default).
Drop-down Menu Access Legacy Content The following fields are available: Field Description Design Selects the design to use when generating the bill of materials. Floors Selects the floors of the design to use when generating the bill of materials. A checkmark selects the floors. The top checkbox, when checked, will select or deselect all of the floors.
Drop-down Menu Access Legacy Content First select the design you want to replace (indicate with a checkmark) and then click the Select File button. Next, navigate to the file, select it, and then click Open. When the import is complete, a confirmation is displayed. Click the Close button to return to the Floor Plan. Note LAN Planner and Outdoor Planner are legacy products that are no longer available for purchase. However, If you have the application, ADSP will support it.
Drop-down Menu Access Legacy Content Basically, Import PDF works like Import ZIP / SPZ with the following exceptions: • • • • • • • • You can choose the default wall type with Import PDF as follow: Basement or foundation wall Brick, concrete, or concrete block Cubicle wall Drywall or sheetrock Elevator or metallic obstacle Glass door or window, no tint Metallic rack Wooden door. Imported PDF pages are automatically mapped to existing floors.
Drop-down Menu Access Legacy Content Export Floor Plan to ZIP File Note Before exporting a floor plan design for a newly created or edited floor plan, you must leave the Editing page first. If you do not, DWG files will not export correctly. 1. Select Export ZIP to export the selected floor plan design to a ZIP file that can be imported into LAN Planner. 2. To begin, select a design from the drop-down menu and then click Start. A checklist is generated to indicate success or not. 3.
Drop-down Menu Access Legacy Content The following tools are available: Function Description Enlarges the size (zoom in) a floor plan image. Clicking the image area will zoom into another level. Reduces the size (zoom out) a floor plan image. Clicking the image area will zoom out to another level. Fills the floor plan area with an image. Depending on the size of the image, the image will expand to fit or reduce to fit the floor plan area. Moves/re-positions the floor plan image.
Drop-down Menu Access Legacy Content tab of the Edit Mode. Once you have the planned devices in place, click the RF Selection drop-down menu (top, right of the Context Label) and select Predictive RF. Live Comparison Tab The Live Comparison tab displays two views of the floor plan side-by-side so that you can make a comparison. You have access to the Context Label where you can manipulate one or both of the images. Floor manipulation tools are available so that you can zoom in/out or pan the images.
Drop-down Menu Access Legacy Content Forensic Comparison Tab The Forensic RF tab visualizes forensic data to display coverage over a specific time range. Click the Forensic RF tab to display a historical heat map for signal coverage. Specify a beginning time and date, specify an end time and date, and then click Select Time Range button. Two heat maps are displayed: one displaying Live RF for the current date and time, and one displaying Forensic RF for the specified time range.
Drop-down Menu Access Legacy Content All sensed devices are displayed when Location Tracking (in the list of devices and the floor plan) is first accessed. You can group devices by type by selecting Filter by device type from the drop-down menu. You can search for devices by selecting Search for devices from the drop-down menu. There are two views for Location Tracking: • • Icon location view displays the devices on the map by its icon and device name.
Drop-down Menu Access Legacy Content You can enter the complete MAC address or a part of it. Note The Advanced link is used to open a search dialog that gives you more options to find devices. When you see the device listed, click on it and then click Track Device. The device is displayed in the tracked device list. Note You may select more than one device using the key or the key.
Drop-down Menu Access Legacy Content You can track more than one device by adding them as described above. Each time you add a device it is displayed in a list of tracked devices. Click the Close button or anywhere outside the Location Tracking dialog to display the devices in the Floor Plan. 1372 Extreme AirDefense User Guide for version 10.5.
Drop-down Menu Access Legacy Content AP Assisted Tracking In order to get AP assisted location tracking working with the NX and VX controllers, the WiOS controller must be enabled so that RSSI data can be passed to ADSP. There are procedures for BSSs and Wireless Clients tracking. Refer BSS Tracking and Ciient Tracking. Note This is only for the controller infrastructure. The 5.x version of APs do not require this sort of configuration.
Drop-down Menu Access Legacy Content input the MAC of each Wireless Client (MU) into the switch, and then wait until it is pushed into ADSP. Follow these steps: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. Log in to the RFSX000. Navigate to Security > Enhanced Probe/Beacon Table > Probe Table. Select the Enable Enhanced Probe Table check box. In the Preferred MUs section, click the Add button. Enter the MAC address of the MU (Wireless Client) that you want to populate the Probe Request table with data.
Drop-down Menu Access Legacy Content The drop-down menu for unplaced devices contains the following functions: Function Description Alarms Accesses the Alarms tab where you can view the alarms for the selected Unplaced Devices level. See Alarms on page 477 for more information. Properties Opens the Properties overlay for the selected Unplaced Devices level. Rename Opens a dialog window to rename the selected unplaced device.
Legacy Content Drop-down Menu Access The following information is displayed: Function Description Name The name of the appliance. Host The host name of the appliance. Port The port number of the appliance. Status The status of the appliance in your network. The Autoplace button is used to place all devices located in the selected network folder to the proper network level using Auto-Placement rules.
Drop-down Menu Access Legacy Content These configuration settings (or profiles) are equivalent to the ones described earlier in the Configuration section of this chapter. You must save any changes that you make. All Other Levels The following information is displayed: Function Description Name The name of the network level. Description A description of the network level.
Legacy Content Security • • Location Based Services on page 645 Pending State - Audit on page 659 These configuration settings (or profiles) are equivalent to the ones described earlier in the Configuration section of this chapter. You must save any changes that you make. Security AirDefense has several modules that you can install to provide security for your network.
Planning Your Sensor Deployment Legacy Content ◦ RF jamming AirDefense WIPS can mitigate wireless threats via the air by disabling wireless connections between intruders and authorized devices. A WIPS license enables the Air Termination feature which is extremely precise at ensuring that only the offending device is prohibited from operating. Port suppression is also enable to identify switch ports that have offending devices connected to them.
Physical and Electromagnetic Interference • • • • Legacy Content Desired Monitoring and Intrusion Protection Functionality Assets to be Protected Sensor Quantity and Placement Power and Data Cabling Device Density You should consider the density of 802.11a, b, g, and n devices: • • • Support of a high number of users Support of high bandwidth consumption Localization of wireless network service. The sensors should be separated by at least 10 feet from any installed APs to avoid radio defense.
Planning Your Sensor Placement Legacy Content • A common perception is that wireless devices must be detected and monitored throughout a given property. This becomes impractical in many cases. A more practical approach is one that protects the wired network while using more sane decisions for monitoring. Sensor Quantity and Placement Application choice will significantly impact the sensor density and sensor placement.
Planning Your Sensor Placement Legacy Content Sensor Placement using ADSP After you map out anticipated sensor locations, you can assess the effectiveness of coverage by correlating site survey data and assumptions discussed previously. You can also use the test procedure described here to validate sensor location.
Planning Your Sensor Placement Legacy Content 9. Move the target device to the anticipated fringe where a neighboring sensor would become primary. 10. At the fringe of coverage, signal strength should be no less than -70 dBm to assure termination ability. 11. Move AirDefense Mobile to the anticipated location of the next sensor and use the same procedure to ensure that its anticipated coverage area is valid.
Planning Your Sensor Placement Legacy Content resolution in 802.11 devices, the positioning resolution and stability tends to be better near receivers/ sensors. To achieve accurate results, follow these guidelines: • Place at least three independent sensors on the same floor plan so the system can capture the RSSI values. • Place a sensor in each area where accurate resolution is required or to increase overall sensor density to ensure high RSSI values.
Sensor Monitoring Legacy Content take advantage of the detection through the floor and ceiling. If location tracking is needed, the same 3 sensors for each floor plan would be required and the recommended placement is 3 sensors in the corners of each floor. Sensor Monitoring AirDefense allows you to define system profiles that help monitor: • • • Sensor performance Sensor security Sensor policies. You should set up profiles to assist you in monitoring your system.
Vulnerability Assessment • • Legacy Content Remotely scan for and discover wireless network vulnerabilities Generate alarms to bring attention to vulnerabilities. The assessment is accomplished by using deployed sensors as a wireless client to connect to an AP and scan network resources. Vulnerability Assessment can be run automatically or manually, providing proactive notification that network resources may be compromised.
WEP Cloaking Legacy Content The Vulnerability Assessment window allows you to configure and run the assessment. After you have configured an assessment, you can save it as a profile. A profile can be selected later to run test on a similar scope. Scheduled Vulnerability Assessment Scheduled Vulnerability Assessments must be scheduled using the Schedule Vulnerability Assessment window. Navigate to Menu > Scheduled Vulnerability Assessment.
Legacy Content WEP Cloaking effectiveness while performing regular Wireless IPS scanning on other channels. More than one sensor can cloak a single wireless device depending on spatial coverage. Once configured for cloaking, sensors intelligently analyze local traffic and insert carefully timed cloaking frames as shown in the figure below. To attackers, who do not have the secret WEP key, these cloaking frames appear as legitimate WEP traffic between sanctioned devices.
WEP Cloaking Legacy Content Ongoing Cloaking Ability In the event of a wired network outage, even if sensors lose connection with the centralized server, they will continue to cloak. In addition, WEP Cloaking is optimized to not disturb the wireless environment or impact Wireless LAN performance. The sensors use countermeasures, correlation through the server, and mutual coordination over the air to maximize the effectiveness of cloaking with nominal wired and wireless bandwidth consumption.
WLAN Management Legacy Content • Use a combination of VLANs, ACLs, and firewall rules to restrict wireless client access to wireless LANs. This adds multiple layers of security to the wired network to reduce the damaging consequences of a successful wireless breach. • • Use statically assigned wireless client IP addresses. Disable DNS. Configure WEP Cloaking Follow these steps to configure WEP Cloaking: 1. 2. 3. 4. Go to Configuration > Operational Management > Sensor Operation.
Infrastructure Management Legacy Content Infrastructure Management Infrastructure Management is used to configure devices so that they can communicate on your network. Device Firmware Device Firmware configuration allows you to upload new AP or sensor firmware from a workstation to a network server. Once the firmware is uploaded, you can upgrade your APs and/or sensors using AirDefense. Uploaded firmware images are listed by device type, version number, and image file name.
Infrastructure Management Legacy Content The configuration fields for each b/g/n Radio and the a/n Radio are: Field Description Function Defines the radio as a sensor or an infrastructure device (AP or wireless switch). You can also disable the radio. Data Rates Sets the data rates for the radios. You can set rates for 802.11 a/b/g as a group or 802.11 n. DTIM Period Specifies the supported Delivery Traffic Indication Message (DTIM) interval. The default value is 1.
Legacy Content Infrastructure Management Field Description Association Limit Specifies the number of associations allowed per device. Station Timeout Specifies the number of seconds or minutes that a device has to become a sanctioned device. Other Options Specifies which of the following options may a device perform: • Respond to all probe requests • Broadcast SSID in Beacon • Wireless Client Isolation • Locally Bridged.
Infrastructure Management Legacy Content CLI Configuration The Command Line Interface (CLI) for devices is a powerful tool that gives you direct access to APs and switches. The CLI commands can be used to configure and control how devices interface with your network. Extreme AirDefense uses the CLI to construct device profiles that can be used to control and manage devices in your network.
Infrastructure Management Legacy Content Add a CLI Profile To create a new profile, select a device from the CLI Configuration drop-down menu and then click the New Template button. The following fields are available: Field Description Name This field is used to name your new profile. Device Type This field displays the device that was selected from the CLI Configuration drop-down menu. You cannot change the device once it has been chosen.
Infrastructure Management Legacy Content To apply a CLI profile to a device type, select a device type from CLI Configuration drop-down menu. If you want to apply the CLI profile to the appliance level, select the appliance level and then select the Enable configuration checkbox. Next, select the profile from the list of profiles. If there is only one profile, it is selected automatically. Click Apply to apply the selected profile to devices in the appliance level.
Operational Management Legacy Content New user-defined variables can be added to the Variables section by adding a variable in the CLI Commands section when creating a new profile or editing an existing profile. Use the following format: $[VARIABLE_NAME] Once a variable is added to the CLI Commands section and the profile is saved, its name is displayed in the Variables section with an empty default value.
Legacy Content Appliance Platform Folders with a checkmark identifies that folder as having devices that in a pending state. Devices with a checkmark identifies that device as a device that are in a pending state. You have the option to save for the next update, update immediately or update later. If you choose to update later, you must supply a date and time. You can supply a description that will help identify the update later using Job Status under Device Monitoring.
Appliance Platform Legacy Content If different than the Device Relay, set the following values for Appliance Relay Server (upload): Note Use the Same as Device Relay Server option if the Relay Server connection address and login credentials will always be the same for both the AirDefense appliance and the device.
Central Management Console Legacy Content • If the server information is the same, you still must enter information for both servers. Also, if the information for both relay servers match, the Same as Device Relay Server checkbox is selected in the GUI after the import. • Normally, you will supply a username and password. However, when using the TFTP protocol, the username and password fields can be left blank with no blank space between the commas (i.e., ,,).
Legacy Content Configuring Master/Slave Servers Things to Remember These are the things to remember while configuring Master/Slave setup: • All the configuration is done on the Master Server.
Adding a Slave Server Adding a Slave Server To add a Slave server to be managed from the Central Management Console: 1. Use the Menu > Add Devices menu to add a new device. The Add Devices screen displays. 1402 Extreme AirDefense User Guide for version 10.5.
Adding a Slave Server Legacy Content 2. From the Device Type drop-down list, select Appliance. The Add Devices changes to display the parameters to configure an appliance. 3. Provide the following information: Field Description Name Provide a friendly name for identifying this Slave server on the CMC console. Host Provide the IPv4 IP address of the Slave server to be managed by the CMC. Port Enter the port number for the Slave server. The default port number is 8543. 4.
Legacy Content Adding a Slave Server 6. Click the Scope drop-down list and select System as the scope. If the Slave server is added successfully, you will see it's IP address in the Scope drop-down list. Note When a new Slave server is added, it cannot be accessed immediately from the Master server's Central Management Console. Hovering about the newly added Slave server entry in the Scope drop-down list displays the information that the login to the Slave server has failed.
Adding a Slave Server Legacy Content 8. From the menu, select Share Certificates. The Share Appliance Certificate with Master window displays. 9. Provide the following information for the Slave Appliance fields: Field Description User Name Provide the user Name on the Slave server used for authentication requests from the Master server. Password Provide the Password for the User name configured on the Slave server used for authentication requests from the Master server.
Legacy Content ADSPAdmin ADSPAdmin When performing initial AirDefense configuration, you have to use AirDefense's ADSPadmin utility from the command line interface (CLI). Once AirDefense is set up, use the Graphical User Interface (GUI) for ongoing configuration. The following functions are provided in ADSPadmin: • • • • Manage Dbase Software Config Accessing the ADSPadmin Console To use the ADSPadmin Config program, you must: 1. Access the Command Line Interface.
Legacy Content Manage System Manage System Use the following included utilities to perform system management tasks: ADSPadmin Utility Use this utility to... STATUS Display the process and disk status of the system. SYSLOG Display system log entries resulting from authentication and sendmail failures.You can either display the logs on screen, or write logs to a text file (syslogdata.txt). TRIMLOG Truncate system log files when they become too large.
Configure AirDefense Legacy Content Configure AirDefense The ADSPadmin Config program area provides the following utilities for configuring AirDefense: • IDS—Use this item to enable or disable SSLv3 support, Fast Termination, and MAC Spoof detection settings on the AirDefense appliance. These settings are required for AirDefense to work properly with some legacy systems. • IP—use this to change the IP address, subnet mask, and default gateway of the AirDefense appliance.
Configure AirDefense Legacy Content IP Address Configuration To configure the IP address of your AirDefense server: 1. Type ip, then press [Enter] at the prompt to change the IP address, subnet mask, and default gateway of the AirDefense appliance you are logged onto. The IP configuration screen opens, displaying the current network configuration. 2. Type a new IP address at the prompt. Press [Enter]. 3. Type a new subnet mask. Press [Enter]. 4. Type a new gateway address. Press [Enter].
Configure AirDefense Legacy Content 5. At the prompt, type yes to commit the changes, or no to cancel the operation. 6. Press [Enter]. You are returned to the Config settings screen. DNS Configuration To configure the DNS servers of your AirDefense server: 1. Type dns, then press [Enter] at the prompt to define DNS servers. This adds or deletes a DNS name server (Domain Name Server). This is the name of the server you give to your DNS server.
Configure AirDefense Legacy Content dname Configuration To configure the DNAME valule of your AirDefense server: Note If your system is set up to use DHCP, you will not be able to change the domain name using the ADSPadmin Config program. 1. At the command prompt, type dname, then press [Enter] to change the domain name. The current domain name is displayed. 2. Type in the new domain name for your AirDefense appliance, then press [Enter]. You are prompted to save your changes. 3.
Configure AirDefense Legacy Content 5. Type yes, press [Enter]. Typing yes or no reboots and clears the database on exit from ADSPadmin. NTP Configuration Instead of setting the AirDefense Time (TIME) and Timezone (TZ), you can enable automatic time synchronization with an NTP. For example, if you change the AirDefense time such as when you move the AirDefense appliances location from the east to west coast of the United States, you must also locate a new network time server in the same time zone. 1.
Configure AirDefense Legacy Content 2. At the prompt, type the community string and press [Enter]. If you want to keep the current community string, just press [Enter] again. Note The default community string is public. 3. Type yes and press [Enter] to save your change (or no to disregard your change). SNMP Trap Configuration You can enable SNMP Trap reception by following these steps: 1. Type snmpt at the command prompt.
Legacy Content Troubleshooting Troubleshooting AirDefense provides modules and solution packages to assist you in troubleshooting your network.
Legacy Content Live RF The Connection Troubleshooting topic fully explains how to use the Connection Troubleshooting tool. Live RF Live RF displays a heat map that represents signal coverage for APs placed on a floor plan. When the Floor Plan is accessed, if devices are in place, Live RF starts and a heat map is displayed. Live RF data is available on all Floor Plan pages.
Legacy Content Forensic RF The heat map can be filtered according to: • Visualization/Application—Uses the visualizations and applications that configured in Configuration > Network Assurance > Live RF Settings. • • Protocol—Uses one of the available protocols (802.11a, 802.11b, 802.11g, and 802.11n). Devices—Filters RF data by a single device, a group of devices determined by SSID, or all devices. The Live RF Settings topic in the Configuration chapter fully explains how to use Live RF.
Advanced Spectrum Analysis Legacy Content • Dedicated Spectrum View ◦ Sensor temporarily dedicated to Spectrum Analysis ◦ While in Spectrum View the sensor provides no protocol analysis (after user-configured time period, sensor defaults back to WIPS) ◦ Scanning options: • Full Scan Mode—scan full 2.4-2.5 GHz and 4.9-6.
Advanced Spectrum Analysis • Legacy Content Utilization—Displays charts showing how your network is being utilized. The default charts are: ◦ Device Count ◦ RF Quality Index ◦ Duty Cycle. • Physical Layer—Displays charts that highlight the physical layer of your network. The default charts are: ◦ Spectrogram ◦ Duty Cycle. • Interference—Displays charts showing interference sources in your network. The default charts are: ◦ Interference ◦ Spectral Density.
Advanced Troubleshooting Legacy Content The Advanced Spectrum Analysis topic in Configuration chapter fully explains how to confiure and use the Advanced Spectrum Analysis tool. Advanced Troubleshooting An Advanced Troubleshooting license gives you access to two modules: AP Test and Connection Troubleshooting. AP Test provides a way to remotely test connectivity to APs while Connection Troubleshooting allows you to remotely troubleshoot stations.
AirDefense Application Icons • Legacy Content Wireless Client Icons—Describes the various icons used to depict the state of wireless clients identified in the AirDefense managed network. AirDefense Application Icons The following Icons are used in the AirDefense application.
Legacy Content Symbol AirDefense Application Icons Description Associated to a network Participating in an Ad-Hoc network Wi-Fi Direct device Dashboard Icons The following icons represent the dashboard graphs and charts: Icon Description Displays Dashboard components as a pie chart. Displays Dashboard components as a column chart. Displays Dashboard components as a bar chart. Displays Dashboard components as a table. Displays Dashboard components as a line chart.
AirDefense Application Icons Icon Legacy Content Description This is the sixth highest level in the tree. It represents a campus. This is the seventh highest level in the tree. It represents an area or building. This is the lowest level in the tree. It represents a floor. This represents an unplaced device. It has not been placed in any tree level. Alarm Icons The following are the alarm icons: Icon Description Alarm—Icon for individual event.
Legacy Content AirDefense Application Icons Appliance Icons The following icons indicate the state of the AirDefense appliance. Icon Description Online AirDefense appliance. Offline AirDefense appliance. Switch Icons These icons indicate the state of the switches managed by AirDefense. Icon Description A managed online switch seen on your wired network that has been configured for polling. An online switch seen on your wired network that is not managed by ADSP.
AirDefense Application Icons Legacy Content Sensor Icons These icons indicate the state of a sensor: Icon Description A Sensor that is functioning normally and is communicating with the AirDefense Server. To be online, the Sensor must be connected to the AirDefense Server. A Sensor that is not communicating with the AirDefense Server. If you did not intentionally take a Sensor off-line, check the Sensor's configuration settings. A Sensor that is not licensed with the AirDefense Server.
Legacy Content Icon AirDefense Application Icons Description A planned as related to adding planned devices to a floor plan. An AP that has a Sensor in radio share mode. BSS Icons These icons indicate the state of the BSS: Icon Description Sanction BSS—BSS that has been sanctioned by AirDefense. Unsanctioned BSS—BSS that has not been sanctioned by AirDefense. Neighboring BSS—BSS that is on a neighboring network. Ad-Hoc BSS—An ad-hoc network with one or more Wireless Clients connected to it.
Legacy Content Wireless Client Icons Unknown Device Icons These icons depict the status of unknown devices in the network: Icon Description Unknown device detected in your wireless traffic. Non-wireless device marked as a wired resource. Manager Icons These icons depict managers in the AirDefense network: Icon Description Wired Manager Wireless Manager SSID Icon This icon depicts the SSID information: Icon Description This is the Service Set Identifier to which the BSSs belong.
Legacy Content Wireless Client Icons • Employee Devices—Describes the various icons used to represent the state of devices other than Laptops, MCDs, and Mobile Phones assigned to employees as identified by AirDefense • High Priority Visitor Devices—Describes the various icons used to represent the state of devices identified as High Priority Visitor devices • • Visitor Devices—Describes the various icons used to represent the state of visitor devices Low Priority Visitor Devices—Describes the various
Wireless Client Icons Icon Legacy Content Description A Wi-Fi Direct Wireless Client that is not sanctioned by AirDefense. A Wi-Fi Direct Wireless Client on a neighboring network. MCDs These icons display MCD status: Icon Description A MCD that is sanctioned by AirDefense and is currently probing but is not associated to a BSS. A MCD that is not sanctioned by AirDefense and is currently probing but is not associated to a BSS.
Legacy Content Icon Wireless Client Icons Description A Wi-Fi Direct MCD that is not sanctioned by AirDefense. A Wi-Fi Direct MCD on a neighboring network. VoIP Phones These icons display VOIP phone status: Icon Description A VoIP Phone that is sanctioned by AirDefense and is currently probing but is not associated to a BSS. A VoIP Phone that is not sanctioned by AirDefense and is currently probing but is not associated to a BSS.
Wireless Client Icons Icon Legacy Content Description A Wi-Fi Direct VoIP Phone that is sanctioned by AirDefense. A Wi-Fi Direct VoIP Phone that is not sanctioned by AirDefense. A Wi-Fi Direct VoIP Phone on a neighboring network. Laptops These icons display the status of laptops in your network: Icon Description A Laptop that is sanctioned by AirDefense and is currently probing but is not associated to a BSS.
Legacy Content Icon Wireless Client Icons Description A Wi-Fi Direct Laptop that is not sanctioned by AirDefense. A Wi-Fi Direct Laptop on a neighboring network. Employee Laptops These icons display the status of laptops assigned to employees: Icon Description An Employee Laptop that is sanctioned by AirDefense and is currently probing but is not associated to a BSS. An Employee Laptop that is not sanctioned by AirDefense and is currently probing but is not associated to a BSS.
Wireless Client Icons Legacy Content Employee Phones These icons display the status of mobile phones assigned to employees: Icon Description An Employee Phone that is sanctioned by AirDefense and is currently probing but is not associated to a BSS. An Employee Phone that is not sanctioned by AirDefense and is currently probing but is not associated to a BSS. An Employee Phone on a neighboring network that is currently probing but is not associated to a BSS.
Legacy Content Wireless Client Icons Employee Devices These icons display the status of other devices (other than laptops and mobile phones) assigned to employees: Icon Description An Employee Device that is sanctioned by AirDefense and is currently probing but is not associated to a BSS. An Employee Device that is not sanctioned by AirDefense and is currently probing but is not associated to a BSS. An Employee Device on a neighboring network that is currently probing but is not associated to a BSS.
Wireless Client Icons Legacy Content High Priority Visitor Devices These icons display the status of high priority visitor devices in your network. Icon Description A High Priority Visitor Device that is sanctioned by AirDefense and is currently probing but is not associated to a BSS. A High Priority Visitor Device that is not sanctioned by AirDefense and is currently probing but is not associated to a BSS.
Legacy Content Wireless Client Icons Visitor Devices These icons display the status of visitor devices in your network. Icon Description A Visitor Device that is sanctioned by AirDefense and is currently probing but is not associated to a BSS. A Visitor Device that is not sanctioned by AirDefense and is currently probing but is not associated to a BSS. A Visitor Device on a neighboring network that is currently probing but is not associated to a BSS.
Wireless Client Icons Legacy Content Low Priority Visitor Devices These icons display the status of low priority visitor devices in your network. Icon Description A Low Priority Visitor Device that is sanctioned by AirDefense and is currently probing but is not associated to a BSS. A Low Priority Visitor Device that is not sanctioned by AirDefense and is currently probing but is not associated to a BSS.
Glossary ad hoc mode An 802.11 networking framework in which devices or stations communicate directly with each other, without the use of an AP. ARP Address Resolution Protocol is part of the TCP/IP suite used to dynamically associate a device's physical address (MAC address) with its logical address (IP address). The system broadcasts an ARP request, containing the IP address, and the device with that IP address sends back its MAC address so that traffic can be transmitted.
Glossary (reducing VM sprawl). Learn more about DCC at http://www.extremenetworks.com/product/datacenter-connect/. DoS attack Denial of Service attacks occur when a critical network or computing resource is overwhelmed so that legitimate requests for service cannot succeed. In its simplest form, a DoS attack is indistinguishable from normal heavy traffic. ExtremeXOS software has configurable parameters that allow you to defeat DoS attacks.
Glossary The solution is comprised of the Extreme Defender Application Software and the Defender Adapter (SA201) or AP3912i access point. ExtremeCloud Appliance is the supported platform for the Extreme Defender Application. For more information, see https://www.extremenetworks.com/product/extreme-defender-for-iot/. Extreme Management Center Extreme Management Center (), formerly Netsight™, is a web-based control interface that provides centralized visibility into your network.
Glossary ExtremeCloud™ IQ is an industry-leading and visionary approach to cloud-managed networking, built from the ground up to take full advantage of the Extreme Networks end-to-end networking solutions. ExtremeCloud IQ delivers unified, full-stack management of wireless access points, switches, and routers and enables onboarding, configuration, monitoring, troubleshooting, reporting, and more.
Glossary Message Integrity Check (or Code), also called ‘Michael’, is part of WPA and TKIP. The MIC is an additional 8-byte code inserted before the standard 4-byte ICV appended in by standard WEP to the 802.11 message. This greatly increases the difficulty in carrying out forgery attacks. Both integrity check mechanisms are calculated by the receiver and compared against the values sent by the sender in the frame. If the values match, there is assurance that the message has not been tampered with.
