Concept Guide

ManualsBrandsDell ManualsAccess PlatformsW-Series 228 Access Points

221

222

223

224

225

226

227

228

229

230

Table Of Contents

About this Guide
- Intended Audience
- Related Documents
- Conventions
- Contacting Dell
About Instant
- Instant Overview
- What is New in this Release
Setting up a W-IAP
- Setting up Instant Network
- Provisioning a W-IAP
- Logging in to the Instant UI
- Accessing the Instant CLI
Automatic Retrieval of Configuration
- Managed Mode Operations
- Prerequisites
- Configuring Managed Mode Parameters
- Verifying the Configuration
Instant User Interface
- Login Screen
- Main Window
Initial Configuration Tasks
- Configuring System Parameters
- Changing Password
Customizing W-IAP Settings
- Modifying the W-IAP Host Name
- Configuring Zone Settings on a W-IAP
- Specifying a Method for Obtaining IP Address
- Configuring External Antenna
- Configuring Radio Profiles for a W-IAP
- Configuring Uplink VLAN for a W-IAP
- Changing the W-IAP Installation Mode
- Changing USB Port Status
- Master Election and Virtual Controller
- Adding a W-IAP to the Network
- Removing a W-IAP from the Network
VLAN Configuration
- VLAN Pooling
- Uplink VLAN Monitoring and Detection on Upstream Devices
IPv6 Support
- IPv6 Notation
- Enabling IPv6 Support for W-IAP Configuration
- Firewall Support for IPv6
- Debugging Commands
Wireless Network Profiles
- Configuring Wireless Network Profiles
- Configuring Fast Roaming for Wireless Clients
- Configuring Modulation Rates on a WLAN SSID
- Multi-User-MIMO
- Management Frame Protection
- Disabling Short Preamble for Wireless Client
- Editing Status of a WLAN SSID Profile
- Editing a WLAN SSID Profile
- Deleting a WLAN SSID Profile
Wired Profiles
- Configuring a Wired Profile
- Assigning a Profile to Ethernet Ports
- Editing a Wired Profile
- Deleting a Wired Profile
- Link Aggregation Control Protocol
- Understanding Hierarchical Deployment
Captive Portal for Guest Access
- Understanding Captive Portal
- Configuring a WLAN SSID for Guest Access
- Configuring Wired Profile for Guest Access
- Configuring Internal Captive Portal for Guest Network
- Configuring External Captive Portal for a Guest Network
- Configuring Facebook Login
- Configuring Guest Logon Role and Access Rules for Guest Users
- Configuring Captive Portal Roles for an SSID
- Configuring Walled Garden Access
Authentication and User Management
- Managing W-IAP Users
- Supported Authentication Methods
- Supported EAP Authentication Frameworks
- Configuring Authentication Servers
- Understanding Encryption Types
- Configuring Authentication Survivability
- Configuring 802.1X Authentication for a Network Profile
- Enabling 802.1X Supplicant Support
- Configuring MAC Authentication for a Network Profile
- Configuring MAC Authentication with 802.1X Authentication
- Configuring MAC Authentication with Captive Portal Authentication
- Configuring WISPr Authentication
- Blacklisting Clients
- Uploading Certificates
Roles and Policies
- Firewall Policies
- Content Filtering
- Configuring User Roles
- Configuring Derivation Rules
- Using Advanced Expressions in Role and VLAN Derivation Rules
DHCP Configuration
- Configuring DHCP Scopes
- Configuring the Default DHCP Scope for Client IP Assignment
Configuring Time-Based Services
- Time Range Profiles
- Configuring a Time Range Profile
- Applying a Time Range Profile to a WLAN SSID
- Verifying the Configuration
Dynamic DNS Registration
- Enabling Dynamic DNS
- Configuring Dynamic DNS Updates for Clients
- Verifying the Configuration
VPN Configuration
- Understanding VPN Features
- Configuring a Tunnel from a W-IAP to a Mobility Controller
- Configuring Routing Profiles
IAP-VPN Deployment
- Understanding IAP-VPN Architecture
- Configuring W-IAP and Controller for IAP-VPN Operations
Adaptive Radio Management
- ARM Overview
- Configuring ARM Features on a W-IAP
- Configuring Radio Settings
Deep Packet Inspection and Application Visibility
- Deep Packet Inspection
- Enabling Application Visibility
- Application Visibility
- Enabling URL Visibility
- Configuring ACL Rules for Application and Application Categories
- Configuring Web Policy Enforcement Service
Voice and Video
- Wi-Fi Multimedia Traffic Management
- Media Classification for Voice and Video Calls
- Enabling Enhanced Voice Call Tracking
Services
- Configuring AirGroup
- Configuring a W-IAP for RTLS Support
- Configuring a W-IAP for Analytics and Location Engine Support
- Managing BLE Beacons
- Clarity Live
- Configuring OpenDNS Credentials
- Integrating a W-IAP with Palo Alto Networks Firewall
- Integrating a W-IAP with an XML API Interface
- CALEA Integration and Lawful Intercept Compliance
Cluster Security
- Overview
- Enabling Cluster Security
- Cluster Security Debugging Logs
- Verifying the Configuration
W-IAP Management and Monitoring
- Managing a W-IAP from W-AirWave
Uplink Configuration
- Uplink Interfaces
- Uplink Preferences and Switching
Intrusion Detection
- Detecting and Classifying Rogue W-IAPs
- OS Fingerprinting
- Configuring Wireless Intrusion Protection and Detection Levels
- Configuring IDS
Mesh W-IAP Configuration
- Mesh Network Overview
- Setting up Instant Mesh Network
- Configuring Wired Bridging on Ethernet 0 for Mesh Point
Mobility and Client Management
- Layer-3 Mobility Overview
- Configuring L3-Mobility
Spectrum Monitor
- Understanding Spectrum Data
- Configuring Spectrum Monitors and Hybrid W-IAPs
W-IAP Maintenance
- Upgrading a W-IAP
- Backing up and Restoring W-IAP Configuration Data
- Converting a W-IAP to a Remote AP and Campus AP
- Resetting a Remote AP or Campus AP to a W-IAP
- Rebooting the W-IAP
Monitoring Devices and Logs
- Configuring SNMP
- Configuring a Syslog Server
- Configuring TFTP Dump Server
- Running Debug Commands
- Uplink Bandwidth Monitoring
Hotspot Profiles
- Understanding Hotspot Profiles
- Configuring Hotspot Profiles
- Sample Configuration
ClearPass Guest Setup
- Configuring ClearPass Guest
- Verifying ClearPass Guest Setup
- Troubleshooting
IAP-VPN Deployment Scenarios
- Scenario 1—IPsec: Single Datacenter Deployment with No Redundancy
- Scenario 2—IPsec: Single Datacenter with Multiple Controllers for Redundancy
- Scenario 3—IPsec: Multiple Datacenter Deployment with Primary and Backup Cont...
- Scenario 4—GRE: Single Datacenter Deployment with No Redundancy
- Glossary
Acronyms and Abbreviations
- Glossary

227 | VPN Configuration Dell Networking W-Series Instant 6.5.1.0-4.3.1.0 | User Guide

6. Click Next to create routing profiles. When the IPsec tunnel configuration is completed, the packets that are

sent from and received by a W-IAP are encrypted.

In the CLI

To configure an IPsec VPN tunnel:

(Instant AP)(config)# vpn primary <name>

(Instant AP)(config)# vpn backup <name>

(Instant AP)(config)# vpn fast-failover

(Instant AP)(config)# vpn hold-time <seconds>

(Instant AP)(config)# vpn preemption

(Instant AP)(config)# vpn monitor-pkt-send-freq <frequency>

(Instant AP)(config)# vpn monitor-pkt-lost-cnt <count>

(Instant AP)(config)# vpn reconnect-user-on-failover

(Instant AP)(config)# vpn reconnect-time-on-failover <down_time>

(Instant AP)(config)# end

(Instant AP)# commit apply

Example

(Instant AP)(config)# vpn primary 192.0.2.18

(Instant AP)(config)# vpn backup 192.0.2.20

(Instant AP)(config)# vpn fast-failover

(Instant AP)(config)# vpn preemption

(Instant AP)(config)# ip dhcp distl2

(Instant AP)(DHCP Profile "distL2")# server-type Distributed,L2

(Instant AP)(DHCP Profile "distL2")# server-vlan 2

(Instant AP)(DHCP Profile "distL2")# ip-range 10.15.205.0 10.15.205.255

(Instant AP)(DHCP Profile "distL2")# subnet-mask 255.255.255.0

(Instant AP)(DHCP Profile "distL2")# lease-time 86400

(Instant AP)(DHCP Profile "distL2")# default-router 10.15.205.254

(Instant AP)(DHCP Profile "distL2")# dns-server 10.13.6.110,10.1.1.50

(Instant AP)(DHCP Profile "distL2")# domain-name dell.com

(Instant AP)(DHCP Profile "distL2")# client-count 5

(Instant AP)(config)# ip dhcp local

(Instant AP)(DHCP Profile "local")# server-type Local

(Instant AP)(DHCP Profile "local")# server-vlan 200

(Instant AP)(DHCP Profile "local")# subnet 172.16.200.1

(Instant AP)(DHCP Profile "local")# subnet-mask 255.255.255.0

(Instant AP)(DHCP Profile "local")# lease-time 86400

(Instant AP)(DHCP Profile "local")# dns-server 10.13.6.110,10.1.1.50

(Instant AP)(DHCP Profile "local")# domain-name dell.com

To view the VPN configuration:

(Instant AP)# show vpn config

Configuring an L2-GRETunnel

This section describes the following procedures:

l Configuring Manual GRE Parameters

l Configuring Aruba GRE Parameters

Configuring Manual GRE Parameters

You can configure a GRE tunnel between the W-IAP and the controller using either the VC IP or the W-IAP IP,

based on the following W-IAP settings:

l If a VC IP is configured and if Per-AP tunnel is disabled, use VC IP.

l If a VC IP is not configured or if Per-AP tunnel is enabled, use the W-IAP IP.