Users Guide
Table Of Contents
- Dell PowerConnect ArubaOS 5.0
- Contents
- About this Guide
- The Basic User-Centric Networks
- Configuring the User-Centric Network
- Deployment and Configuration Tasks
- Configuring the Controller
- Configuring a VLAN for Network Connection
- Deploying APs
- Additional Configuration
- Network Parameters
- Configuring VLANs
- Configuring Ports
- About VLAN Assignments
- Assigning a Static Address to a VLAN
- Using CLI
- Configuring a VLAN to Receive a Dynamic Address
- Enabling the DHCP Client
- Enabling the PPPoE Client
- Default Gateway from DHCP/PPPoE
- Configuring DNS/WINS Server from DHPC/PPPoE
- Using the WebUI
- Configuring Source NAT to Dynamic VLAN Address
- Configuring Source NAT for VLAN Interfaces
- Inter-VLAN Routing
- Configuring Static Routes
- Configuring the Loopback IP Address
- Configuring the Controller IP Address
- Configuring GRE Tunnels
- RF Plan
- Supported Planning
- Before You Begin
- Launching the RF Plan
- Using the FQLN Mapper in the AP Provision Page
- RF Plan Example
- Sample Building
- Create a Building
- Model the Access Points
- Model the Air Monitors
- Add and Edit a Floor
- Adding the background image and naming the first floor
- Adding the background image and naming the second floor
- Defining Areas
- Creating a Don’t Care Area
- Creating a Don’t Deploy Area
- Running the AP Plan
- Running the AM Plan
- Access Points
- Remote AP vs Campus AP
- Basic Configuration
- AP Names and Groups
- Virtual APs
- Configuring Profiles
- Profile Hierarchy
- Virtual AP Configurations
- Configuring High-throughput on Virtual APs
- Advanced Configuration Options
- Automatic Channel and Transmit Power Selection Using ARM
- APs Over Low-Speed Links
- AP Redundancy
- AP Maintenance Mode
- Managing AP LEDs
- Adaptive Radio Management (ARM)
- Remote Access Points
- Overview
- Configuring the Secure Remote Access Point Service
- Deploying a Branch Office/Home Office Solution
- Enabling Double Encryption
- Advanced Configuration Options
- Understanding Remote AP Modes of Operation
- Fallback Mode
- Configuring the fallback mode
- Configuring the DHCP Server on the Remote AP
- Advanced Backup Configuration Options
- DNS Controller Setting
- Backup Controller List
- Remote AP Failback
- RAP Local Network Access
- Remote AP Authorization Profiles
- Access Control Lists and Firewall Policies
- Split Tunneling
- Configuring the Session ACL
- Configuring ACL for restricted LD homepage access
- Configuring the AAA Profile and the Virtual AP Profile
- Wi-Fi Multimedia
- Uplink Bandwidth Reservation
- Secure Enterprise Mesh
- Mesh Access Points
- Mesh Links
- Mesh Profiles
- Mesh Solutions
- Before You Begin
- Mesh Radio Profiles
- RF Management (802.11a and 802.11g) Profiles
- Mesh High-Throughput SSID Profiles
- Mesh Cluster Profiles
- Ethernet Ports for Mesh
- Provisioning Mesh Nodes
- AP Boot Sequence
- Verifying the Network
- Remote Mesh Portals
- Authentication Servers
- Important Points to Remember
- Servers and Server Groups
- Configuring Servers
- Internal Database
- Server Groups
- Assigning Server Groups
- Configuring Authentication Timers
- 802.1x Authentication
- Overview of 802.1x Authentication
- Configuring 802.1x Authentication
- Example Configurations
- Authentication with an 802.1x RADIUS Server
- Configuring Roles and Policies
- Configuring the RADIUS Authentication Server
- Configure 802.1x Authentication
- Configure VLANs
- Configuring the WLANs
- Configuring the Guest WLAN
- Configuring the Non-Guest WLANs
- Authentication with the Controller’s Internal Database
- Configuring the Internal Database
- Configure 802.1x Authentication
- Configure VLANs
- Configuring the WLANs
- Configuring the Guest WLAN
- Configuring the Non-Guest WLANs
- Advanced Configuration Options for 802.1x
- Roles and Policies
- Stateful and WISPr Authentication
- Captive Portal
- Captive Portal Overview
- Captive Portal in the Base ArubaOS
- Captive Portal with the PEFNG License
- Example Authentication with Captive Portal
- Creating a Guest-logon User Role
- Creating an Auth-guest User Role
- Configure Policies and Roles via the WebUI
- Time Range
- Auth-Guest-Access Policy
- Block-Internal-Access Policy
- Drop-and-Log Policy
- Guest-logon Role
- Guest-Logon Role
- Configure Policies and Roles via the CLI
- Time Range
- Create Aliases
- Guest-Logon-Access Policy
- Auth-Guest-Access Policy
- Block-Internal-Access Policy
- Drop-and-Log Policy
- Guest-Logon Role
- Auth-Guest Role
- Guest VLANs
- Captive Portal Authentication
- Optional Captive Portal Configurations
- Personalizing the Captive Portal Page
- Securing Client Traffic
- Securing Controller-to-Controller Communication
- Configuring the Odyssey Client on Client Machines
- Advanced Security
- Virtual Intranet Access
- VIA
- Configuring the VIA Controller
- VPN Configuration
- Remote Access VPN for L2TP IPsec
- Remote Access VPNs for XAuth
- Remote Access VPN for PPTP
- Site-to-Site VPNs
- Dell Dialer
- Virtual Private Networks
- MAC-based Authentication
- Control Plane Security
- Control Plane Security Overview
- Configuring Control Plane Security
- Whitelists on Master and Local Controllers
- Environments with Multiple Master Controllers
- Replacing a Controller on a Multi-Controller Network
- Troubleshooting Control Plane Security
- Adding Local Controllers
- IP Mobility
- VRRP
- RSTP
- W-600 Series Controller
- OSPFv2
- Wireless Intrusion Prevention
- IDS Features
- IDS Configuration
- WLAN Management System
- Client Blacklisting
- Link Aggregation Control Protocol
- Management Access
- Certificate Authentication for WebUI Access
- Public Key Authentication for SSH Access
- Radius Server Authentication
- Radius Server Username/Password Authentication
- RADIUS Server Authentication with VSA
- RADIUS Server Authentication with Server-Derivation Rule
- Disabling Authentication of Local Management User Accounts
- Verifying the configuration
- Resetting the Admin or Enable Password
- Setting an Administrator Session Timeout
- Management Password Policy
- Managed RFprotect Sensors
- Managing Certificates
- Configuring SNMP
- Configuring Logging
- Guest Provisioning
- Managing Files on the Controller
- Setting the System Clock
- Software Licenses
- IPv6 Client Support
- Voice and Video
- License Requirements
- Configuring Voice
- Configuring Video
- QoS
- External Services Interface
- Understanding ESI
- Understanding the ESI Syslog Parser
- ESI Configuration Overview
- Configuring Health-Check Method, Groups, and Servers
- Defining the ESI Server
- Defining the ESI Server Group
- Redirection Policies and User Role
- ESI Syslog Parser Domains and Rules
- Managing Syslog Parser Domains in the WebUI
- Managing Syslog Parser Domains in the CLI
- Managing Syslog Parser Rules
- Monitoring Syslog Parser Statistics
- Example Route-mode ESI Topology
- ESI server configuration on controller
- IP routing configuration on Fortinet gateway
- Configuring the Example Routed ESI Topology
- Health-Check Method, Groups, and Servers
- Defining the Ping Health-Check Method
- Defining the ESI Server
- Defining the ESI Server Group
- Redirection Policies and User Role
- Syslog Parser Domain and Rules
- Example NAT-mode ESI Topology
- Basic Regular Expression Syntax
- DHCP with Vendor-Specific Options
- External Firewall Configuration
- Behavior and Defaults
- 802.1x Configuration for IAS and Windows Clients
- Internal Captive Portal
- VIA End User Instructions
- Provisioning RAP at Home
- Index
206 | Secure Enterprise Mesh Dell PowerConnect ArubaOS 5.0 | [User Guide
Spectrum Load Balancing The Spectrum Load Balancing feature helps optimize network resources by balancing clients
across channels, regardless of whether the AP or the controller is responding to the wireless
clients' probe requests.
If enabled, the controller compares whether or not an AP has more clients than its neighboring APs
on other channels. If an AP’s client load is at or over a predetermined threshold as compared to its
immediate neighbors, or if a neighboring Dell AP on another channel does not have any clients, load
balancing will be enabled on that AP. This feature is disabled by default. For details, see “Spectrum
Load Balancing” on page 149.
RX Sensitivity Tuning
Based Channel Reuse
In some dense deployments, it is possible for APs to hear other APs on the same channel. This
creates co-channel interference and reduces the overall utilization of the channel in a given area.
Channel reuse enables dynamic control over the receive (Rx) sensitivity in order to improve spatial
reuse of the channel.
This feature is disabled by default. To enable this feature, click the RX Sensitivity Tuning Based
Channel Reuse drop-down list and select either static or dynamic. To disable this feature, click the
RX Sensitivity Tuning Based Channel Reuse drop-down list and select disable. For details on each of
these modes, see “RX Sensitivity Tuning Based Channel Reuse” on page 149.
NOTE: Do not enable the Channel Reuse feature if Non 802.11 Interference Immunity is set to level 3
or higher. A level-3 to level-4 Noise Immunity setting is not compatible with the Channel Reuse
feature.
RX Sensitivity Threshold RX sensitivity tuning based channel reuse threshold, in - dBm.
If the Rx Sensitivity Tuning Based Channel reuse feature is set to static mode, this parameter
manually sets the AP’s Rx sensitivity threshold
(in -dBm). The AP will filter out and ignore weak signals that are below the channel threshold signal
strength.
If the value for this parameter is set to zero, the feature will automatically determine an appropriate
threshold.
Non 802.11 Interference
Immunity
(for 802.11g profiles only)
Set a value for 802.11 Interference Immunity. This parameter sets the interference immunity on the
2.4 Ghz band.
The default setting for this parameter is level 2. When performance drops due to interference from
non-802.11 interferers (such as DECT or Bluetooth devices), the level can be increased up to level 5
for improved performance. However, increasing the level makes the AP slightly “deaf” to its
surroundings, causing the AP to lose a small amount of range.
The levels for this parameter are:
z Level 0: no ANI adaptation.
z Level 1: noise immunity only.
z Level 2: noise and spur immunity.
z Level 3: level 2 and weak OFDM immunity.
z Level 4: level 3 and FIR immunity.
z Level 5: disable PHY reporting.
NOTE: Do not raise the noise immunity feature’s default setting if the RX Sensitivity Tuning Based
Channel Reuse feature is also enabled. A level-3 to level-5 Noise Immunity setting is not compatible
with the Channel Reuse feature.
Enable CSA Channel Switch Announcements (CSAs), as defined by IEEE 802.11h, enable an AP to announce that
it is switching to a new channel before it begins transmitting on that channel. This allows clients that
support CSA to transition to the new channel with minimal downtime.
CSA Count Number of channel switch announcements that must be sent prior to switching to a new channel.
The default CSA count is 4 announcements.
Management Frame
Throttle Interval
Averaging interval for rate limiting mgmt frames from this radio, in seconds. A management frame
throttle interval of 0 seconds disables rate limiting.
Management Frame
Throttle Limit
Maximum number of management frames that can come in from this radio in each throttle interval.
Table 40 802.11a/802.11g RF Management Configuration Parameters (Continued)
Parameter Description