Users Guide
Table Of Contents
- Dell PowerConnect ArubaOS 5.0
- Contents
- About this Guide
- The Basic User-Centric Networks
- Configuring the User-Centric Network
- Deployment and Configuration Tasks
- Configuring the Controller
- Configuring a VLAN for Network Connection
- Deploying APs
- Additional Configuration
- Network Parameters
- Configuring VLANs
- Configuring Ports
- About VLAN Assignments
- Assigning a Static Address to a VLAN
- Using CLI
- Configuring a VLAN to Receive a Dynamic Address
- Enabling the DHCP Client
- Enabling the PPPoE Client
- Default Gateway from DHCP/PPPoE
- Configuring DNS/WINS Server from DHPC/PPPoE
- Using the WebUI
- Configuring Source NAT to Dynamic VLAN Address
- Configuring Source NAT for VLAN Interfaces
- Inter-VLAN Routing
- Configuring Static Routes
- Configuring the Loopback IP Address
- Configuring the Controller IP Address
- Configuring GRE Tunnels
- RF Plan
- Supported Planning
- Before You Begin
- Launching the RF Plan
- Using the FQLN Mapper in the AP Provision Page
- RF Plan Example
- Sample Building
- Create a Building
- Model the Access Points
- Model the Air Monitors
- Add and Edit a Floor
- Adding the background image and naming the first floor
- Adding the background image and naming the second floor
- Defining Areas
- Creating a Don’t Care Area
- Creating a Don’t Deploy Area
- Running the AP Plan
- Running the AM Plan
- Access Points
- Remote AP vs Campus AP
- Basic Configuration
- AP Names and Groups
- Virtual APs
- Configuring Profiles
- Profile Hierarchy
- Virtual AP Configurations
- Configuring High-throughput on Virtual APs
- Advanced Configuration Options
- Automatic Channel and Transmit Power Selection Using ARM
- APs Over Low-Speed Links
- AP Redundancy
- AP Maintenance Mode
- Managing AP LEDs
- Adaptive Radio Management (ARM)
- Remote Access Points
- Overview
- Configuring the Secure Remote Access Point Service
- Deploying a Branch Office/Home Office Solution
- Enabling Double Encryption
- Advanced Configuration Options
- Understanding Remote AP Modes of Operation
- Fallback Mode
- Configuring the fallback mode
- Configuring the DHCP Server on the Remote AP
- Advanced Backup Configuration Options
- DNS Controller Setting
- Backup Controller List
- Remote AP Failback
- RAP Local Network Access
- Remote AP Authorization Profiles
- Access Control Lists and Firewall Policies
- Split Tunneling
- Configuring the Session ACL
- Configuring ACL for restricted LD homepage access
- Configuring the AAA Profile and the Virtual AP Profile
- Wi-Fi Multimedia
- Uplink Bandwidth Reservation
- Secure Enterprise Mesh
- Mesh Access Points
- Mesh Links
- Mesh Profiles
- Mesh Solutions
- Before You Begin
- Mesh Radio Profiles
- RF Management (802.11a and 802.11g) Profiles
- Mesh High-Throughput SSID Profiles
- Mesh Cluster Profiles
- Ethernet Ports for Mesh
- Provisioning Mesh Nodes
- AP Boot Sequence
- Verifying the Network
- Remote Mesh Portals
- Authentication Servers
- Important Points to Remember
- Servers and Server Groups
- Configuring Servers
- Internal Database
- Server Groups
- Assigning Server Groups
- Configuring Authentication Timers
- 802.1x Authentication
- Overview of 802.1x Authentication
- Configuring 802.1x Authentication
- Example Configurations
- Authentication with an 802.1x RADIUS Server
- Configuring Roles and Policies
- Configuring the RADIUS Authentication Server
- Configure 802.1x Authentication
- Configure VLANs
- Configuring the WLANs
- Configuring the Guest WLAN
- Configuring the Non-Guest WLANs
- Authentication with the Controller’s Internal Database
- Configuring the Internal Database
- Configure 802.1x Authentication
- Configure VLANs
- Configuring the WLANs
- Configuring the Guest WLAN
- Configuring the Non-Guest WLANs
- Advanced Configuration Options for 802.1x
- Roles and Policies
- Stateful and WISPr Authentication
- Captive Portal
- Captive Portal Overview
- Captive Portal in the Base ArubaOS
- Captive Portal with the PEFNG License
- Example Authentication with Captive Portal
- Creating a Guest-logon User Role
- Creating an Auth-guest User Role
- Configure Policies and Roles via the WebUI
- Time Range
- Auth-Guest-Access Policy
- Block-Internal-Access Policy
- Drop-and-Log Policy
- Guest-logon Role
- Guest-Logon Role
- Configure Policies and Roles via the CLI
- Time Range
- Create Aliases
- Guest-Logon-Access Policy
- Auth-Guest-Access Policy
- Block-Internal-Access Policy
- Drop-and-Log Policy
- Guest-Logon Role
- Auth-Guest Role
- Guest VLANs
- Captive Portal Authentication
- Optional Captive Portal Configurations
- Personalizing the Captive Portal Page
- Securing Client Traffic
- Securing Controller-to-Controller Communication
- Configuring the Odyssey Client on Client Machines
- Advanced Security
- Virtual Intranet Access
- VIA
- Configuring the VIA Controller
- VPN Configuration
- Remote Access VPN for L2TP IPsec
- Remote Access VPNs for XAuth
- Remote Access VPN for PPTP
- Site-to-Site VPNs
- Dell Dialer
- Virtual Private Networks
- MAC-based Authentication
- Control Plane Security
- Control Plane Security Overview
- Configuring Control Plane Security
- Whitelists on Master and Local Controllers
- Environments with Multiple Master Controllers
- Replacing a Controller on a Multi-Controller Network
- Troubleshooting Control Plane Security
- Adding Local Controllers
- IP Mobility
- VRRP
- RSTP
- W-600 Series Controller
- OSPFv2
- Wireless Intrusion Prevention
- IDS Features
- IDS Configuration
- WLAN Management System
- Client Blacklisting
- Link Aggregation Control Protocol
- Management Access
- Certificate Authentication for WebUI Access
- Public Key Authentication for SSH Access
- Radius Server Authentication
- Radius Server Username/Password Authentication
- RADIUS Server Authentication with VSA
- RADIUS Server Authentication with Server-Derivation Rule
- Disabling Authentication of Local Management User Accounts
- Verifying the configuration
- Resetting the Admin or Enable Password
- Setting an Administrator Session Timeout
- Management Password Policy
- Managed RFprotect Sensors
- Managing Certificates
- Configuring SNMP
- Configuring Logging
- Guest Provisioning
- Managing Files on the Controller
- Setting the System Clock
- Software Licenses
- IPv6 Client Support
- Voice and Video
- License Requirements
- Configuring Voice
- Configuring Video
- QoS
- External Services Interface
- Understanding ESI
- Understanding the ESI Syslog Parser
- ESI Configuration Overview
- Configuring Health-Check Method, Groups, and Servers
- Defining the ESI Server
- Defining the ESI Server Group
- Redirection Policies and User Role
- ESI Syslog Parser Domains and Rules
- Managing Syslog Parser Domains in the WebUI
- Managing Syslog Parser Domains in the CLI
- Managing Syslog Parser Rules
- Monitoring Syslog Parser Statistics
- Example Route-mode ESI Topology
- ESI server configuration on controller
- IP routing configuration on Fortinet gateway
- Configuring the Example Routed ESI Topology
- Health-Check Method, Groups, and Servers
- Defining the Ping Health-Check Method
- Defining the ESI Server
- Defining the ESI Server Group
- Redirection Policies and User Role
- Syslog Parser Domain and Rules
- Example NAT-mode ESI Topology
- Basic Regular Expression Syntax
- DHCP with Vendor-Specific Options
- External Firewall Configuration
- Behavior and Defaults
- 802.1x Configuration for IAS and Windows Clients
- Internal Captive Portal
- VIA End User Instructions
- Provisioning RAP at Home
- Index
Dell PowerConnect ArubaOS 5.0 | User Guide IP Mobility | 407
Registration Requests
Retransmits
Maximum number of times the foreign agent attempts mobile IP registration message exchanges
before giving up. The range of allowed values for this option is 0-5 attempts. The default setting is
3 attempts.
Registration Requests
Interval
Retransmission interval, in milliseconds. The range of allowed values for this option is 100-10000
milliseconds, inclusive. The default setting is 1000 milliseconds.
Home Agent
Replay Time difference, in seconds, for timestamp-based replay protection, as described by RFC 3344,
“IP Mobility Support for IPv4”. 0 disables replay. The range of allowed values is 0-
5000 seconds. The default setting is 5000 seconds.
Max. Binding Allowed Maximum number of mobile IP bindings. Note that there is a license-based limit on the number of
users and a one user per binding limit in addition to unrelated users. This option is an additional
limitation to control the maximum number of roaming users. When the limit is reached,
registration requests from the foreign agent fail which causes a mobile client to set a new
session on the visited controller, which will become its home controller.
The range of allowed values is 0-300 seconds. The default setting is 7 seconds.
Proxy Mobile IP
Trigger Mobility on Station
Association
If enabled, mobility move detection is performed when the client associates with the controller
instead of when the client sends packets.
This option is enabled by default. Mobility on association can speed up roaming and improve
connectivity for devices that do not send many uplink packets out that can trigger mobility. The
downside to this option is lowered security; an association is all it takes to trigger mobility,
however, this is irrelevant unless layer-2 security is enforced.
Stand Alone AP Support Enables support for third party or standalone APs. When this is enabled, broadcast packets are
not used to trigger mobility and packets from untrusted interfaces are accepted.
If mobility is enabled, you must also enable standalone AP for the client to connect to the
controller’s untrusted port. If the controller learns wired users via the following methods, enable
standalone AP:
z Third party AP connected to the controller through the untrusted port.
z Clients connected to ENET1 on the W-AP92.
z Wired user connected directly to the controller’s untrusted port.
NOTE: When IP mobility is enabled, you must also enable the Stand Alone AP Support option so
that a Mux server can perform properly and display all wired users who are connected to a Mux
port.
Mobility Trail Logging Enables logging at the notification level for mobile client moves.
Roaming for Authenticated
Stations Only
Allows a client to roam only if has been authenticated. If a client has not been authenticated, no
mobility service is offered if it roams to a different VLAN or controller.
Blocking DHCP Release from
stations
Determines whether DHCP release packets generated from the client should be dropped or
forwarded to the DHCP server. Blocking the packets prevents the DHCP server from assigning
the same IP address to another client until the lease has expired.
Re-Homing for Voice Capable
Client
Allows on-hook phones to be assigned a new home agent. This is to load balance voice client
home agents across controllers in a mobility domain.
This parameter requires that you install the Policy Enforcement Firewall Next Generation
(PEFNG) license in the controller, and is disabled by default.
Max. Station Mobility Events
per Second
Maximum number of mobility events (events that can trigger mobility) handled per second.
Mobility events above this threshold are ignored. This helps to control frequent mobility state
changes when the client bounces back and forth on APs before settling down.
The allowed range of values is 1-65535 events, and the default value is 25 events.
Station Trail Timeout Specifies the maximum interval, in seconds, an inactive mobility trail is held. The allowed range
of values is 120-86400 seconds, and the default value is 3600 seconds.
Table 80 IP Mobility Configuration Parameters
Parameter Description