Users Guide

ManualsBrandsDell ManualsTVs & monitorsW-620

211

212

213

214

215

216

217

218

219

220

Table Of Contents

Dell PowerConnect ArubaOS 5.0
Contents
About this Guide
- Audience
- Fundamentals
  - WebUI
  - CLI
- Related Documents
- Conventions
- Contacting Support
The Basic User-Centric Networks
- Configuring the User-Centric Network
- Deployment and Configuration Tasks
- Configuring the Controller
  - Running the Initial Setup
  - Connecting to the Controller after Initial Setup
- Configuring a VLAN for Network Connection
- Deploying APs
- Additional Configuration
Network Parameters
- Configuring VLANs
  - Creating and Updating VLANs
  - Creating, Updating and Deleting VLAN Pools
- Configuring Ports
- About VLAN Assignments
- Configuring Static Routes
  - Using the WebUI
  - Using CLI
- Configuring the Loopback IP Address
- Configuring the Controller IP Address
  - Using CLI
- Configuring GRE Tunnels
  - Creating a Tunnel Interface
    - Using the WebUI
    - Using CLI
  - Directing Traffic into the Tunnel
RF Plan
- Supported Planning
- Before You Begin
  - Task Overview
  - Planning Requirements
- Launching the RF Plan
- Using the FQLN Mapper in the AP Provision Page
  - Using the WebUI
  - Using CLI
- RF Plan Example
Access Points
- Remote AP vs Campus AP
- Basic Configuration
- AP Names and Groups
- Virtual APs
- Configuring Profiles
- Profile Hierarchy
  - Applying Profiles
    - Excluding a virtual AP profile from an AP in the WebUI
    - Excluding a virtual AP profile from an AP in the CLI
  - Viewing Profile Errors
- Virtual AP Configurations
- Configuring High-throughput on Virtual APs
- Advanced Configuration Options
- Automatic Channel and Transmit Power Selection Using ARM
- APs Over Low-Speed Links
  - Best Practices
- AP Redundancy
  - AP failback
    - Configuring in the WebUI
    - Configuring in the CLI
- AP Maintenance Mode
  - Configuring in the WebUI
  - Configuring in the CLI
- Managing AP LEDs
Adaptive Radio Management (ARM)
- ARM Overview
  - ARM Support for 802.11n
  - Monitoring Your Network with ARM
    - Noise and Error Monitoring
    - Application Awareness
- ARM Profiles
- Assigning an ARM Profile to an AP Group
  - Assigning a Profile via the WebUI
  - Assigning a Profile via the CLI
- Multi-Band ARM and 802.11a/802.11g Traffic
- Band Steering
  - Enabling Band Steering via the WebUI
  - Enabling Band Steering via the CLI
- Traffic Shaping
  - Enabling Traffic Shaping via the WebUI
- Spectrum Load Balancing
- RX Sensitivity Tuning Based Channel Reuse
- Non-802.11 Noise Interference Immunity
- ARM Metrics
- ARM Troubleshooting
Remote Access Points
- Overview
- Configuring the Secure Remote Access Point Service
- Deploying a Branch Office/Home Office Solution
  - Configuring the branch office AP
  - Troubleshooting Remote AP
- Enabling Double Encryption
  - Using the WebUI
  - Using CLI
- Advanced Configuration Options
- Wi-Fi Multimedia
- Uplink Bandwidth Reservation
  - Bandwidth Reservation for Uplink Voice Traffic
  - Configuring Bandwidth Reservation
    - Using the WebUI
    - Using CLI
Secure Enterprise Mesh
- Mesh Access Points
- Mesh Links
  - Link Metrics
  - Optimizing Links
- Mesh Profiles
- Mesh Solutions
- Before You Begin
- Mesh Radio Profiles
  - Managing Mesh Profiles via the WebUI
  - Managing Mesh Profiles using the CLI
- RF Management (802.11a and 802.11g) Profiles
  - Managing 802.11a/802.11g Profiles Via the WebUI
  - Managing 802.11a/802.11g Profiles using the CLI
- Mesh High-Throughput SSID Profiles
  - Managing Profiles via the WebUI
  - Managing high-throughput SSID profiles using the CLI
- Mesh Cluster Profiles
- Ethernet Ports for Mesh
- Provisioning Mesh Nodes
- AP Boot Sequence
- Verifying the Network
- Remote Mesh Portals
Authentication Servers
- Important Points to Remember
- Servers and Server Groups
- Configuring Servers
- Internal Database
- Server Groups
- Assigning Server Groups
- Configuring Authentication Timers
  - Setting an Authentication Timer
    - In the WebUI
    - In the CLI
802.1x Authentication
- Overview of 802.1x Authentication
- Configuring 802.1x Authentication
- Example Configurations
- Advanced Configuration Options for 802.1x
  - Configuring reauthentication with Unicast Key Rotation
    - Using the WebUI
    - Using the CLI
Roles and Policies
- Policies
- User Roles
  - Creating a User Role
    - In the WebUI
    - In the CLI
  - Bandwidth Contracts
- User Role Assignments
- Global Firewall Parameters
Stateful and WISPr Authentication
- Stateful Authentication Overview
- WISPr Authentication Overview
- Important Points to Remember
- Stateful 802.1x Authentication
  - Configure Authentication via the WebUI
  - Configure Authentication via the CLI
- Stateful NTLM Authentication
  - Configure Authentication via the WebUI
  - Configure Authentication via the CLI
- Configuring WISPr Authentication
  - Configure WISPr Authentication via the WebUI
  - Configure WISPr Authentication via the CLI
Captive Portal
- Captive Portal Overview
  - Policy Enforcement Firewall Next Generation (PEFNG) License
  - Controller Server Certificate
- Captive Portal in the Base ArubaOS
  - Configuring Captive Portal via the WebUI
  - Configuring Captive Portal via the CLI
- Captive Portal with the PEFNG License
  - Configuring Captive Portal via the WebUI
  - Configuring Captive Portal via the CLI
- Example Authentication with Captive Portal
- Guest VLANs
  - Configuring the guest VLAN via the WebUI
  - Configuring the guest VLAN via the CLI
- Captive Portal Authentication
- Optional Captive Portal Configurations
- Personalizing the Captive Portal Page
- Securing Client Traffic
- Securing Controller-to-Controller Communication
  - Configuring Controllers for xSec
    - In the WebUI
    - In the CLI
- Configuring the Odyssey Client on Client Machines
  - Installing the Odyssey Client
Advanced Security
Virtual Intranet Access
- VIA
- Configuring the VIA Controller
- VPN Configuration
  - VPN authentication
  - Supported VPN AAA Deployments
- Remote Access VPN for L2TP IPsec
- Remote Access VPNs for XAuth
- Remote Access VPN for PPTP
  - Configuring a VPN with PPTP via the WebUI
  - Configuring a VPN with PPTP via the CLI
- Site-to-Site VPNs
- Dell Dialer
Virtual Private Networks
- Configuring MAC-Based Authentication
  - Configuring the MAC Authentication Profile
    - Using the WebUI to configure a MAC authentication profile
    - Using the CLI to configure a MAC authentication profile
- Configuring Clients
  - Using the WebUI to configure clients in the internal database
  - Using the CLI to configure clients in the internal database
MAC-based Authentication
Control Plane Security
- Control Plane Security Overview
- Configuring Control Plane Security
- Whitelists on Master and Local Controllers
  - Campus AP Whitelist Synchronization
  - Viewing and Managing the Master or Local controller Whitelists
- Environments with Multiple Master Controllers
  - Configuring Networks with a Backup Master Controller
  - Configuring Networks with Clusters of Master Controllers
- Replacing a Controller on a Multi-Controller Network
  - Replacing Controllers in a Single Master Network
  - Replacing Controllers in a Multi-Master Network
- Troubleshooting Control Plane Security
Adding Local Controllers
- Moving to a Multi-Controller Environment
- Configuring Local Controllers
IP Mobility
- Dell Mobility Architecture
- Configuring Mobility Domains
- Tracking Mobile Users
- Advanced Mobility Functions
- Mobility Multicast
  - Proxy IGMP and Proxy Remote Subscription
  - Inter-controller Mobility
VRRP
- Redundancy Parameters
RSTP
- Migration and Interoperability
- Rapid Convergence
  - Edge Port and Point-to-Point
- Configuring RSTP
- Troubleshooting
W-600 Series Controller
- Important Points to Remember
- Internal Access Point (AP)
- USB Cellular Modems
- Configuring a Supported USB Modem
- Configuring a New USB Modem
- NAS (Network-Attached Storage)
- Print Server
  - Printer Setup
- Sample Topology and Configuration
OSPFv2
- Important Points to Remember
- WLAN Scenario
  - WLAN Topology
  - WLAN Routing Table
- Branch Office Scenario
  - Branch Office Topology
  - Branch Office Routing Table
- Configuring OSPF
- Deployment Best Practices
- Sample Topology and Configuration
Wireless Intrusion Prevention
- IDS Features
- IDS Configuration
- WLAN Management System
- Client Blacklisting
Link Aggregation Control Protocol
- Important Points to Remember
- Configuring LACP
  - In the CLI
  - In the WebUI
- Best Practices
- Sample Configuration
Management Access
- Certificate Authentication for WebUI Access
  - Configuring Certificate Authentication for WebUI Access
    - In the WebUI
    - In the CLI
- Public Key Authentication for SSH Access
  - In the WebUI
  - In the CLI
- Radius Server Authentication
- Management Password Policy
  - Defining a Management Password Policy
    - In the WebUI
- Managed RFprotect Sensors
- Managing Certificates
- Configuring SNMP
  - SNMP Parameters for the Controller
    - In the WebUI
    - In the CLI
- Configuring Logging
  - In the WebUI
  - In the CLI
- Guest Provisioning
- Managing Files on the Controller
- Setting the System Clock
  - Manually Setting the Clock
    - In the WebUI
    - In the CLI
  - Configuring an NTP Server
    - In the WebUI
    - In the CLI
Software Licenses
- Terminology
- Licenses
  - License Types
- Multi-Controller Network
- License Usage
- Interaction
- Best Practices
- Installing a License
- Deleting a License
- Moving Licenses
- Resetting the Controller
IPv6 Client Support
- About IPv6
- Support for IPv6
  - Supported Network Configuration
  - Network Connection for Windows IPv6 Clients
- Features that Support IPv6
- IPv6 User Addresses
  - Viewing or Deleting User Entries
  - Viewing Datapath Statistics for IPv6 Sessions
- Important Points to Remember
Voice and Video
- License Requirements
- Configuring Voice
- Configuring Video
- QoS
External Services Interface
- Understanding ESI
- Understanding the ESI Syslog Parser
- ESI Configuration Overview
- Example Route-mode ESI Topology
- Example NAT-mode ESI Topology
- Basic Regular Expression Syntax
DHCP with Vendor-Specific Options
- Overview
- Windows-Based DHCP Server
  - Configuring Option 60
    - To configure option 60 on the Windows DHCP server
  - Configuring Option 43
    - To configure option 43 on the Windows DHCP server:
- Linux DHCP Servers
External Firewall Configuration
- Communication Between Dell Devices
- Network Management Access
- Other Communications
Behavior and Defaults
- Mode Support
- Basic System Defaults
- Default Management User Roles
- Default Open Ports
802.1x Configuration for IAS and Windows Clients
- Configuring Microsoft IAS
- Configure Management Authentication using IAS
  - Configure the Controller to use IAS Management Authentication
  - Verify Communication between the Controller and the RADIUS Server
- Window XP Wireless Client Example Configuration
Internal Captive Portal
- Creating a New Internal Web Page
  - Basic HTML Example
- Installing a New Captive Portal Page
- Displaying Authentication Error Message
- Reverting to the Default Captive Portal
- Language Customization
- Customizing the Welcome Page
- Customizing the Pop-Up box
- Customizing the Logged Out Box
VIA End User Instructions
- Pre-requisites
- Downloading VIA
- Installing VIA
- Using VIA
Provisioning RAP at Home
- Provision the RAP using a Static IP Address
- Provision the RAP on a PPPoE Connection
- Using 3G/EVDO USB Modem
Index

212 | Secure Enterprise Mesh Dell PowerConnect ArubaOS 5.0 | [User Guide

Assigning a Profile to an AP Group

1. Navigate to the Configuration > Wireless > AP Configuration window. Select either the AP Group or AP

Specific tab.

 If you selected AP Group, click the Edit button by the AP group name to which you want to assign a new

high-throughput SSID profile.

 If you selected AP Specific, click the Edit button by the AP to which you want to assign a new high-

throughput SSID profile

2. Under the Profiles list, expand the Mesh menu, then select Mesh High-throughput SSID profile.

3. In the Profile Details window pane, click the Mesh High-throughput SSID profile drop-down list and select

the desired profile from the list.

4. Click Apply. The profile name appears in the Mesh High-throughput SSID Profile list with your configured

settings. If you configure this for the AP group, this profile also becomes the selected high-throughput SSID

profile used by the mesh portal for your mesh network.

Editing a Profile

1. Navigate to the Configuration > Wireless > AP Configuration window. Select either the AP Group or AP

Specific tab.

 If you selected the AP Group tab, click the Edit button by the AP group name with the profile you want to

edit.

 If you selected the AP Specific tab, click the Edit button by the AP with the profile you want to edit.

2. In the Profiles list, expand the Mesh menu, then select Mesh High-throughput SSID profile.

Min MPDU start spacing Minimum time between the start of adjacent MPDUs within an aggregate MPDU, in

microseconds. Allowed values: 0 (No restriction on MDPU start spacing), .25 μsec, .5 μsec, 1

μsec, 2 μsec, 4 μsec.

Supported MCS set A list of Modulation Coding Scheme (MCS) values or ranges of values to be supported on this

SSID. The MCS you choose determines the channel width (20MHz vs. 40MHz) and the

number of spatial streams used by the mesh node.

The default value is 1–15; the complete set of supported values. To specify a smaller range of

values, enter a hyphen between the lower and upper values. To specify a series of different

values, separate each value with a comma.

Examples:

2–10

1,3,6,9,12

Range: 0–15.

Legacy stations Allow or disallow associations from legacy (non-HT) stations. By default, this parameter is

enabled (legacy stations are allowed).

40 MHz channel usage Enable or disable the use of 40 MHz channels. This parameter is enabled by default.

Short guard interval in 40 MHz

mode

Enable or disable use of short (400ns) guard interval in 40 MHz mode. This parameter is

enabled by default.

A guard interval is a period of time between transmissions that allows reflections from the

previous data transmission to settle before an AP transmits data again. An AP identifies any

signal content received inside this interval as unwanted inter-symbol interference, and

rejects that data. The 802.11n standard specifies two guard intervals: 400ns (short) and 800ns

(long). Enabling a short guard interval can decrease network overhead by reducing

unnecessary idle time on each AP. Some outdoor deployments, may, however require a

longer guard interval. If the short guard interval does not allow enough time for reflections to

settle in your mesh deployment, inter-symbol interference values may increase and degrade

throughput.

Table 41 Mesh High-Throughput SSID Profile Configuration Parameters (Continued)

Parameter Description