Users Guide
Table Of Contents
- Dell PowerConnect ArubaOS 5.0
- Contents
- About this Guide
- The Basic User-Centric Networks
- Configuring the User-Centric Network
- Deployment and Configuration Tasks
- Configuring the Controller
- Configuring a VLAN for Network Connection
- Deploying APs
- Additional Configuration
- Network Parameters
- Configuring VLANs
- Configuring Ports
- About VLAN Assignments
- Assigning a Static Address to a VLAN
- Using CLI
- Configuring a VLAN to Receive a Dynamic Address
- Enabling the DHCP Client
- Enabling the PPPoE Client
- Default Gateway from DHCP/PPPoE
- Configuring DNS/WINS Server from DHPC/PPPoE
- Using the WebUI
- Configuring Source NAT to Dynamic VLAN Address
- Configuring Source NAT for VLAN Interfaces
- Inter-VLAN Routing
- Configuring Static Routes
- Configuring the Loopback IP Address
- Configuring the Controller IP Address
- Configuring GRE Tunnels
- RF Plan
- Supported Planning
- Before You Begin
- Launching the RF Plan
- Using the FQLN Mapper in the AP Provision Page
- RF Plan Example
- Sample Building
- Create a Building
- Model the Access Points
- Model the Air Monitors
- Add and Edit a Floor
- Adding the background image and naming the first floor
- Adding the background image and naming the second floor
- Defining Areas
- Creating a Don’t Care Area
- Creating a Don’t Deploy Area
- Running the AP Plan
- Running the AM Plan
- Access Points
- Remote AP vs Campus AP
- Basic Configuration
- AP Names and Groups
- Virtual APs
- Configuring Profiles
- Profile Hierarchy
- Virtual AP Configurations
- Configuring High-throughput on Virtual APs
- Advanced Configuration Options
- Automatic Channel and Transmit Power Selection Using ARM
- APs Over Low-Speed Links
- AP Redundancy
- AP Maintenance Mode
- Managing AP LEDs
- Adaptive Radio Management (ARM)
- Remote Access Points
- Overview
- Configuring the Secure Remote Access Point Service
- Deploying a Branch Office/Home Office Solution
- Enabling Double Encryption
- Advanced Configuration Options
- Understanding Remote AP Modes of Operation
- Fallback Mode
- Configuring the fallback mode
- Configuring the DHCP Server on the Remote AP
- Advanced Backup Configuration Options
- DNS Controller Setting
- Backup Controller List
- Remote AP Failback
- RAP Local Network Access
- Remote AP Authorization Profiles
- Access Control Lists and Firewall Policies
- Split Tunneling
- Configuring the Session ACL
- Configuring ACL for restricted LD homepage access
- Configuring the AAA Profile and the Virtual AP Profile
- Wi-Fi Multimedia
- Uplink Bandwidth Reservation
- Secure Enterprise Mesh
- Mesh Access Points
- Mesh Links
- Mesh Profiles
- Mesh Solutions
- Before You Begin
- Mesh Radio Profiles
- RF Management (802.11a and 802.11g) Profiles
- Mesh High-Throughput SSID Profiles
- Mesh Cluster Profiles
- Ethernet Ports for Mesh
- Provisioning Mesh Nodes
- AP Boot Sequence
- Verifying the Network
- Remote Mesh Portals
- Authentication Servers
- Important Points to Remember
- Servers and Server Groups
- Configuring Servers
- Internal Database
- Server Groups
- Assigning Server Groups
- Configuring Authentication Timers
- 802.1x Authentication
- Overview of 802.1x Authentication
- Configuring 802.1x Authentication
- Example Configurations
- Authentication with an 802.1x RADIUS Server
- Configuring Roles and Policies
- Configuring the RADIUS Authentication Server
- Configure 802.1x Authentication
- Configure VLANs
- Configuring the WLANs
- Configuring the Guest WLAN
- Configuring the Non-Guest WLANs
- Authentication with the Controller’s Internal Database
- Configuring the Internal Database
- Configure 802.1x Authentication
- Configure VLANs
- Configuring the WLANs
- Configuring the Guest WLAN
- Configuring the Non-Guest WLANs
- Advanced Configuration Options for 802.1x
- Roles and Policies
- Stateful and WISPr Authentication
- Captive Portal
- Captive Portal Overview
- Captive Portal in the Base ArubaOS
- Captive Portal with the PEFNG License
- Example Authentication with Captive Portal
- Creating a Guest-logon User Role
- Creating an Auth-guest User Role
- Configure Policies and Roles via the WebUI
- Time Range
- Auth-Guest-Access Policy
- Block-Internal-Access Policy
- Drop-and-Log Policy
- Guest-logon Role
- Guest-Logon Role
- Configure Policies and Roles via the CLI
- Time Range
- Create Aliases
- Guest-Logon-Access Policy
- Auth-Guest-Access Policy
- Block-Internal-Access Policy
- Drop-and-Log Policy
- Guest-Logon Role
- Auth-Guest Role
- Guest VLANs
- Captive Portal Authentication
- Optional Captive Portal Configurations
- Personalizing the Captive Portal Page
- Securing Client Traffic
- Securing Controller-to-Controller Communication
- Configuring the Odyssey Client on Client Machines
- Advanced Security
- Virtual Intranet Access
- VIA
- Configuring the VIA Controller
- VPN Configuration
- Remote Access VPN for L2TP IPsec
- Remote Access VPNs for XAuth
- Remote Access VPN for PPTP
- Site-to-Site VPNs
- Dell Dialer
- Virtual Private Networks
- MAC-based Authentication
- Control Plane Security
- Control Plane Security Overview
- Configuring Control Plane Security
- Whitelists on Master and Local Controllers
- Environments with Multiple Master Controllers
- Replacing a Controller on a Multi-Controller Network
- Troubleshooting Control Plane Security
- Adding Local Controllers
- IP Mobility
- VRRP
- RSTP
- W-600 Series Controller
- OSPFv2
- Wireless Intrusion Prevention
- IDS Features
- IDS Configuration
- WLAN Management System
- Client Blacklisting
- Link Aggregation Control Protocol
- Management Access
- Certificate Authentication for WebUI Access
- Public Key Authentication for SSH Access
- Radius Server Authentication
- Radius Server Username/Password Authentication
- RADIUS Server Authentication with VSA
- RADIUS Server Authentication with Server-Derivation Rule
- Disabling Authentication of Local Management User Accounts
- Verifying the configuration
- Resetting the Admin or Enable Password
- Setting an Administrator Session Timeout
- Management Password Policy
- Managed RFprotect Sensors
- Managing Certificates
- Configuring SNMP
- Configuring Logging
- Guest Provisioning
- Managing Files on the Controller
- Setting the System Clock
- Software Licenses
- IPv6 Client Support
- Voice and Video
- License Requirements
- Configuring Voice
- Configuring Video
- QoS
- External Services Interface
- Understanding ESI
- Understanding the ESI Syslog Parser
- ESI Configuration Overview
- Configuring Health-Check Method, Groups, and Servers
- Defining the ESI Server
- Defining the ESI Server Group
- Redirection Policies and User Role
- ESI Syslog Parser Domains and Rules
- Managing Syslog Parser Domains in the WebUI
- Managing Syslog Parser Domains in the CLI
- Managing Syslog Parser Rules
- Monitoring Syslog Parser Statistics
- Example Route-mode ESI Topology
- ESI server configuration on controller
- IP routing configuration on Fortinet gateway
- Configuring the Example Routed ESI Topology
- Health-Check Method, Groups, and Servers
- Defining the Ping Health-Check Method
- Defining the ESI Server
- Defining the ESI Server Group
- Redirection Policies and User Role
- Syslog Parser Domain and Rules
- Example NAT-mode ESI Topology
- Basic Regular Expression Syntax
- DHCP with Vendor-Specific Options
- External Firewall Configuration
- Behavior and Defaults
- 802.1x Configuration for IAS and Windows Clients
- Internal Captive Portal
- VIA End User Instructions
- Provisioning RAP at Home
- Index
192 | Secure Enterprise Mesh Dell PowerConnect ArubaOS 5.0 | [User Guide
z Using a new mesh link if the current mesh link goes down
If an uplink goes down, the affected mesh nodes re-establish a connection with the mesh portal by re-scanning
to choose a new path to the mesh portal. If a mesh portal goes down, and a redundant mesh portal is available,
the affected mesh nodes update their forwarding tables to reflect the path to the new mesh portal.
Link Metrics
Mesh points use the configured algorithm to compute a metric value, or “path cost,” for each potential uplink
and select the one with the lowest value as the optimal path to the mesh portal.Table 38 describes the
components that make up the metric value: node cost, hop count, link cost and 802.11 capacity.
The link metrics indicate the relative cost of a path to the mesh portal. The best path (lowest metric value) is
used to create the uplink. The mesh portal advertises a cost of 0, while all other mesh nodes advertise a
cumulative cost based on the parent mesh node.
Optimizing Links
You can configure and optimize operation of the link metric algorithm via the mesh radio profile. These
configurable mesh link trigger thresholds can determine when the uplink or mesh path is dropped and another is
chosen, provide enhanced network reliability, and contain flapping links. Although you can modify the behavior
of the link metric algorithm, Dell recommends the default values for most deployments. For information, see
“Metric algorithm” on page200.
Mesh Profiles
Mesh profiles help define and bring-up the mesh network. The following sections describe the mesh cluster, mesh
radio, and mesh recovery profiles in more detail.
The complete mesh profile consists of a mesh radio profile, RF management (802.11a and 802.11g) radio profiles,
a high-througput SSID profile (if your deployment includes 802.11n-capable APs), a mesh cluster profile, and a
read-only recovery profile. The recovery profile is dynamically generated by the master controller; you do not
explicitly configure the recovery profile.
Dell provides a “default” version of the mesh radio, RF management, high-througput SSID and cluster profiles
with default values for most parameters. You can use the “default” version of a profile or create a new instance of
a profile which you can then edit as you need. You can change the values of any parameter in a profile. You have
Table 38 Mesh Link Metric Computation
Metric Description
Node cost Indicates the amount of traffic expected to traverse the mesh node. The more traffic, the higher the node cost.
When establishing a mesh link, nodes with less traffic take precedence. The node cost is dependent on the
number of children a mesh node supports. It can change as the mesh network topology changes, for example
if new children are added to the network or old children disconnect from the network.
Hop count Indicates the number of hops it takes the mesh node to get to the mesh portal.
The mesh portal advertises a hop count of 0, while all other mesh nodes advertise a cumulative count based
on the parent mesh node.
Link quality Represents the quality of the link to an active neighbor. The higher the Received Signal Strength Indication
(RSSI), the better the path to the neighbor and the mesh portal. If the RSSI value is below the configured
threshold, the link cost is penalized to filter marginal links. A less direct, higher quality link may be preferred
over the marginal link.
802.11 capacity High-throughput APs can send 802.11 information elements (IEs) in their management frames, allowing high-
througput mesh nodes to identify other mesh nodes with a high-througput capacity. High-throughput mesh
points prefer to select other 802.11-capable mesh points in their path to the mesh portal, but will use a legacy
path if no high-throughput path is available.