Extreme Campus Controller User Guide Version 5.46.
Copyright © 2021 Extreme Networks, Inc. All rights reserved. Legal Notice Extreme Networks, Inc. reserves the right to make changes in specifications and other information contained in this document and its website without prior notice. The reader should in all cases consult representatives of Extreme Networks to determine whether any such changes have been made. The hardware, firmware, software or any specifications described or referred to in this document are subject to change without notice.
Table of Contents Preface......................................................................................................................................................................................vii Conventions.................................................................................................................................................................. vii Text Conventions...........................................................................................................
Table of Contents Venue Dashboard..............................................................................................................................................47 Network Snapshot: Sites............................................................................................................................... 48 Floor Plan View..................................................................................................................................................50 Device List....
Table of Contents ExtremeGuest Server Settings.................................................................................................................287 Callback Manager...........................................................................................................................................288 AAA RADIUS Authentication............................................................................................................................288 Configure AAA Policy................
Table of Contents System Configuration.............................................................................................................................................351 Interfaces............................................................................................................................................................. 351 Network Time................................................................................................................................................
Preface Read the following topics to learn about: • • • The meanings of text formats used in this document. Where you can find additional information and help. How to reach us with questions and comments. Conventions To help you better understand the information presented in this guide, the following topics describe the formatting conventions used for notes, text, and other elements.
Preface Documentation and Training Table 2: Text Convention Description screen displays This typeface indicates command syntax, or represents information as it is displayed on the screen. The words enter and type When you see the word enter in this guide, you must type something, and then press the Return or Enter key. Do not press the Return or Enter key when an instruction simply says type. Key names Key names are written in boldface, for example Ctrl or Esc.
Send Feedback Preface Send Feedback The Information Development team at Extreme Networks has made every effort to ensure that this document is accurate, complete, and easy to use. We strive to improve our documentation to help you in your work, so we want to hear from you. We welcome all feedback, but we especially want to know about: • • • Content errors, or confusing or conflicting information. Improvements that would help you find relevant information. Broken links or usability issues.
Subscribe to Product Announcements Preface Subscribe to Product Announcements You can subscribe to email notifications for product and software release announcements, Field Notices, and Vulnerability Notices. 1. 2. 3. 4. 5. Go to The Hub. In the list of categories, expand the Product Announcements list. Select a product for which you would like to receive notifications. Select Subscribe. To select additional products, return to the Product Announcements list and repeat steps 3 and 4.
Welcome to Extreme Campus Controller The Appliance on page 12 Wireless AP Overview on page 13 Support for AP4000 with Wi-Fi 6 Technology on page 14 Universal AP Operational Modes on page 16 AP Client Bridge on page 16 Cloud Visibility on page 19 Sites Overview on page 19 Navigate the User Interface on page 27 ExtremeCloud Appliance has been branded Extreme Campus Controller. Extreme Campus Controller supports Campus/Centralized sites only. Support for Distributed sites remains in ExtremeCloud Appliance v4.
Welcome to Extreme Campus Controller The Appliance Note The SSH/CLI interface of Extreme Campus Controller is intended for diagnostics and internal use only. This interface is not supported for system configurations. All configuration is to be executed using the provided user interface or through the available and documented REST API. For more information about the REST API documentation, see https:// extremenetworks.com/documentation/extreme-campus-controller.
Wireless AP Overview Welcome to Extreme Campus Controller Wireless AP Overview Extreme Networks APs use the 802.11 wireless standards (802.11a/b/g/n/ac/ax) for network communications, and bridge network traffic to an Ethernet LAN. In addition to the wireless APs that run proprietary software and communicate with an appliance only, Extreme Networks offers cloud-enabled APs.
Support for AP4000 with Wi-Fi 6 Technology • • • Welcome to Extreme Campus Controller AP4000 AP410C AP460C/S6C/S12C For more information about the Universal APs, see Universal AP Operational Modes on page 16. Related Topics Universal AP Operational Modes on page 16 NEW! Support for AP4000 with Wi-Fi 6 Technology AP4000 access points are high-performance 802.11ax 6 GHz tri-band access points designed for highdensity, indoor environments. They operate simultaneously across the 6 GHz, 5 GHz, and 2.
6 GHz Channel Allocation and Notation Welcome to Extreme Campus Controller NEW! AP4000 Radios and 6 GHz Support The AP4000 access point offers three radios: • • • Radio 1 — WLAN Service (2.4 GHz) supports g/n/ax and bg/bgn Radio 2 — WLAN Service (5.0 GHz) Radio 3 — 6.0 GHz WLAN Service and sensor. AP4000 access points support the following: • • IEEE 802.11ax Orthogonal Frequency-Division Multiple Access (OFDMA) multi-user access. • • Supports AirDefense Services Platform (ADSP) on 2.
Universal AP Operational Modes • Welcome to Extreme Campus Controller /160 — Channel bonded to 160 MHz Related Topics Understanding Smart RF and Channel Width on page 166 Configuring a Channel Plan on page 166 Channel Select Dialog on page 193 Universal AP Operational Modes The following access points can operate in either ExtremeCloud™ IQ or in an on-premise environment — one configured operating mode at a time: • • • • • AP302W AP305C/CX AP4000 AP410C AP460C/S6C/S12C Note Ports on the Universal APs
AP Client Bridge Welcome to Extreme Campus Controller The deployment includes one or more infrastructure APs. After provisioning, the Client AP connects to normal infrastructure services. The infrastructure AP is essentially any AP deployed for standard service offering. The infrastructure APs communicate with the Extreme Campus Controller supporting the usual traffic flow.
Managing Client Bridge in Extreme Campus Controller Welcome to Extreme Campus Controller The role assignment for each AP is defined in its unique configuration Profile. When using Bridged@AP and Fabric Attach topologies, ensure that the Client Bridge role assignment is synchronized with the infrastructure AP role assignment. Note For a Client Bridge path, policy enforcement for clients is handled at the Client Bridged AP, including any adjustments to topology assignment (VLAN Tagging).
Cloud Visibility Welcome to Extreme Campus Controller Configure Client Bridge on page 130 Cloud Visibility You can view a stream of data coming from Extreme Campus Controller managed access points in ExtremeCloud™ IQ. Cloud Visibility provides a data stream of information to ExtremeCloud IQ for consolidated reporting. The feature facilitates reporting of wired and wireless metrics, including client application metrics, into ExtremeCloud IQ. The reporting frequency is 5 minutes.
Welcome to Extreme Campus Controller Centralized Site A site can include multiple device groups all in a single RF domain, or multiple device groups, each group in a unique RF domain. A site also includes the following: • • • One or more floor plans. Floor plans are unique to each site. Site metadata used to place the site on a Google map. List of switches associated with the site.
Device Groups Welcome to Extreme Campus Controller • • • • • • • AP560i/h AP3917i/e/k AP3916ic AP3915i/e AP3912i AP3935i/e AP3965i/e Related Topics Use Case: Large Centralized Site on page 21 Use Case: Large Centralized Site Scenario: A large Centralized site is composed of two separate buildings. Each building supports a unique configuration with its own policy requirements. Clients need the ability to roam between buildings without session interruption.
Welcome to Extreme Campus Controller Profiles • An RF Management policy. Note RF Management and configuration Profiles can be shared across device groups. Note Most AP radio properties depend on a regulatory domain; which is defined at the site level. Devices that are connected to Extreme Campus Controller but not assigned to a device group have the status of In-Service Trouble. Devices that have not discovered Extreme Campus Controller have the status of Unknown.
RF Management Welcome to Extreme Campus Controller Figure 1: Site Data Model Related Topics Add or Edit a Configuration Profile on page 122 RF Management on page 23 RF Management Self Monitoring At Run Time (SMART) RF Management is designed to simplify RF configurations for new deployments, while optimizing radio performance.
Welcome to Extreme Campus Controller Floor Plans interference (noise), external Wi-Fi interference, coverage holes, and radio failures. Self-healing is used to enable a WLAN to better maintain wireless client performance and site coverage during dynamic RF environment changes, which would otherwise require manual reconfiguration to resolve. This value depends on the RF Sensitivity setting on the Basic tab.
Floor Plans Welcome to Extreme Campus Controller available as a subscribeable event. Programmers can leverage the Extreme Campus Controller Python SDK as a method to access and subscribe to such events. Each station event contains the following information: • • • • MULOG_TYPE_LOCATION AP MAC address Floor ID EID_LOCATOR_POINT_SET (This binary payload contains one set of X/Y coordinates and the probability as 32-bit integers.) Python SDK is required to access the Location Update messages.
Floor Plans Welcome to Extreme Campus Controller Figure 2: Recommended AP Placement • The maximum distance between APs depends on environmental factors such as the presence of walls and structures, but as rule of thumb, in a location-aware deployment, place the APs 10 to 20 meters apart. • • Install APs at the same height on the wall, and do not install APs behind walls or ceilings. Install APs away from metal structures like poles or racks, because metal can affect the radiated pattern.
Navigate the User Interface Welcome to Extreme Campus Controller Table 4: Floor Plan Limit per Appliance (continued) Appliance Maximum Number of Floor Plan Files Maximum Number of APs Per Floor VE6120K 200 1,000 VE6125K 400 1,000 Note There is a file size limit for Ekahau model files: • 46 MB uncompressed SVG files on appliances: ◦ E2120 ◦ E2122 ◦ E3120 • 18 MB uncompressed SVG files on appliances: ◦ ◦ ◦ ◦ ◦ ◦ E1120 VE6120 VE6125 VE6120H VE6120K VE6125K Files larger than these limits will
Navigate the User Interface Welcome to Extreme Campus Controller Extreme Campus Controller offers the following workbenches: Dashboard Monitor your network activity and performance on the Overview dashboard. Monitor Monitor the following network components: • • • • • Sites Devices Networks Clients Policy Configure Set up the following network components: • Sites. Network segmentation based on geographical location.
Search Facility Welcome to Extreme Campus Controller Figure 3: Extreme Campus Controller admin menu Additionally, select on each dialog to display Help content for that dialog. The Online Help file organization corresponds to the workbench structure of Extreme Campus Controller. The Online Help file offers a Table of Contents, Search Facility, and Index so you can find the information that you need. Also on the admin menu, you will find the Terms and Conditions and Logout options.
Understanding Date and Time Welcome to Extreme Campus Controller Understanding Date and Time The dates and times that you see displayed in the user interface represent the local time zone of your browser. This can be different from the time zone of the appliance where Extreme Campus Controller is installed.
Dashboard Overview Dashboard on page 31 System Health Best Practice Widget on page 38 Overview Dashboard Monitor your network activity and performance on the Overview dashboard. The Overview dashboard displays widgets that can help you proactively monitor and troubleshoot your network. The dashboard provides a graphical representation of information related to devices, clients, and network traffic.
Dashboard Overview Dashboard Figure 4: Default Overview Dashboard The Overview dashboard widgets are classified according to the type of data they access: • • • • Network utilization metrics including top and bottom values for clients, APs, switches, and networks • Captive Portal metrics that include details on guests associated with the network and dwell time for each guest • Application Visibility metrics categorize applications and application groups by throughput, client count, usage, and unique
Add a New Dashboard Dashboard ◦ Last 14 days • • Select to refresh the data on demand. Hover the mouse over a widget to display tool tip information. Filter by radio band. Select to display data for a specific radio band. Figure 5: Select Radio Bands — Throughput Widget Note The datasets are sampled at different intervals. Therefore, it is possible that data from the 14day dataset will not include data from the 3-day dataset or from the 3-hour dataset.
Modify a Dashboard Dashboard To add a new dashboard: 1. From the default dashboard, select the plus sign. The Layout tab displays. 2. In the Name field, enter a name for the dashboard. 3. Select a layout option for the dashboard. Each layout option has a set configuration. Choose the layout that matches the number of widgets you want to display. The last widget option enables you to display up to 10 widgets. Figure 6: Widget Layout Options 4. Select the Widgets tab.
Modify a Dashboard Dashboard To modify a dashboard: 1. From the Overview Dashboard page or from the dashboard page of a specific entity, such as a device, select Edit. The Layout and Widgets tabs display on the far right. Figure 7: Dashboard - Edit Mode 2. From the Layout tab, select a layout. 3. From the Widgets tab, expand the categories that you want to use. Select the widgets that you want included in the layout.
Utilization Stats by Network SSID Dashboard Application Visibility Provides application visibility metrics. System System metrics indicate network health. Troubleshooting Provides a packet capture list and Poll site statistics. 4. Select Save. Utilization Stats by Network SSID Extreme Campus Controller offers dashboard reports that you can use to compare network usage. 1. Go to Dashboard and select . 2. Select Widgets > Utilization.
Utilization Stats by Network SSID Dashboard Figure 9: Throughput per Network Figure 10: Utilization per Network Related Topics Modify a Dashboard on page 34 Reports on page 342 Extreme Campus Controller User Guide for version 5.46.
Dashboard Availability Link Status Availability Link Status When an availability pair is configured, the synchronization status between the paired appliances is displayed on the Dashboard Network Health chart. Table 5 describes each possible link status. Note Both client and AP statistics remain available on both sides of an availability pair.
System Health Best Practice Widget Dashboard Figure 11: System Health widget • • • A green check mark indicates that a best practice is being followed. A yellow warning icon indicates that your configuration is not optimal. A red icon indicates an error in your configuration. Fix all error conditions. You have the option to ignore warnings. They are provided to inform and encourage best practice configuration. You can accept warnings without fixing them. • Select to accept the warning.
System Health Best Practice Widget Dashboard Table 6 describes the best practice information that the widget provides. Table 6: System Health Widget Best Practices Type Field Description Configuration Assigned Entitlements Status The system must be licensed to operate. A best practice is to start the license renewal process at least 90 days before the license expiration date to avoid interruption of functionality.
Dashboard System Health Best Practice Widget Table 6: System Health Widget Best Practices (continued) Type Field Description Configuration WEP encryption for network privacy detected The Wi-Fi Alliance™ recommends against using WEP encryption. WEP encryption is easily broken, often taking less than a minute to break. If you must use WEP, apply a restrictive policy to the associated VLAN to reduce your exposure after a breach. Configuration Open networks detected.
System Health Best Practice Widget Dashboard Table 6: System Health Widget Best Practices (continued) Type Field Description Configuration APs have configured unsupported functionality The following AP models do not support IoT and the 5GHz radio does not support 160MHz operation: • AP310i-1 • AP410i-1 • AP510i-1 For more information about channel width, see Channel and Power Settings on page 165.
Dashboard System Health Best Practice Widget Table 6: System Health Widget Best Practices (continued) Type Field Description Operational AP with Dual 5 GHz and power provided is AF AP510 and AP410 support Dual 5 GHz radios and AF (low power) is provided. Therefore, Radio 2 will be shut down. Configure the AP radio for 2.4 GHz or 5 GHz, or provide AT (high power). Configuration Smart RF monitoring disabled Enable Smart RF for dynamic RF management to provide RF performance optimization.
System Health Best Practice Widget Dashboard Table 6: System Health Widget Best Practices (continued) Type Field Description Operational Service interface is not operational. Check connectivity for proper service. System functions reference specific interfaces for connectivity. For proper operation, corresponding system interfaces must be enabled and operational.
System Health Best Practice Widget Dashboard Table 6: System Health Widget Best Practices (continued) Type Field Description Operational AP connection to primary controller In the event of an unexpected release of APs, check your network connectivity between APs and the controllers for possible interruptions.
Monitor Sites List on page 46 Device List on page 61 Networks List on page 99 Clients on page 104 Policy on page 111 Sites List Go to Monitor > Sites to view a list of sites configured in Extreme Campus Controller. Select a site to view the site dashboard and related components.
Venue Dashboard Monitor Figure 13: Select Radio Bands — Throughput Widget Note The datasets are sampled at different intervals. Therefore, it is possible that data from the 14day dataset will not include data from the 3-day dataset or from the 3-hour dataset. It is possible that a new client will not appear in a dataset if the dataset has not been recently updated.
Network Snapshot: Sites • • • Monitor Download Usage by Group. Download usage by defined user group. Unique Users by Group. Number of unique users by defined user group. Concurrent Users by Group. Number of simultaneous connections by defined user group. Note Aggregate data crosses a High Availability Pair. Use the Extreme Campus Controller Report Generator to generate the same Venue reports in PDF format. Generated reports can be downloaded and scheduled using Scheduler for Extreme Campus Controller.
Monitor Network Snapshot: Sites Table 7: Tabs on the Sites Screen (continued) Tab Description Floor Plans Floor plans associated with the site. Smart RF View widgets that show information about the following: • APs per Power level. • APs per Channel • Mitigation • Mitigation History 3. You can also: Select Select to modify configuration settings. to go back to the list.
Monitor Floor Plan View Table 8: Radio Settings (continued) Field Description Channel Width Set the default channel width for the selected radio. • 20 MHz • 40 MHz • 80 MHz (supported on 5GHz only 802.11ac and 802.11ax) • 160 MHz ◦ AP5xx – Radio 1 and Radio 2 support 160 MHz ◦ AP3xx, AP4xx / AP4xxC – Radio 2 only (5 GHz band) supports 160 MHz ◦ AP4000 – Radio 2 (5 GHz band) and Radio 3 (6 GHz band) support 160 MHz Note: AP xxx-1 access point models do not support 160 MHz on the 5 GHz radio.
Monitor Floor Plan View Configuring a Floor Plan on page 174 Viewing a Floor Plan After the floor plan is configured, view it from a selected site's dashboard. The floor plan represents placed devices and associated badges that show configuration and performance data for the device. From the Floor Plans view, you can toggle between floors, filter data, and further fine-tune the map display. To access Floor Plans view, go to Monitor > Sites, select a sight and select Floor Plans.
Monitor Floor Plan View Table 9: Device Status from the Floor Plans View (continued) Status Description Camera AP displayed as circular icon. Extreme Defender Adapter Ceiling-Mounted AP Wall-Mounted AP Use Auto Refresh to automatically refresh the information presented. From the Auto Refresh dropdown field, select the refresh value. Valid values are: • • • • 30 Seconds 1 Minute 3 Minutes 5 Minutes You can also select to manually refresh the page anytime.
Floor Plan View Monitor • Filters. Click to display filter options. Filter the floor map by AP attributes to focus on network attributes that need attention. • Options. Click ◦ ◦ ◦ ◦ ◦ to display the following options: Select Badges. Opens the AP Badge Configuration window. Show/Hide Badges. Toggles the AP badge display on the active floor plan. Show/Hide Grid. Toggles grid line display on the active floor plan. Show/Hide Cameras. Display or hide camera APs.
Monitor Floor Plan View To configure badges on APs manually: 1. From the right panel, select (Options) > Select Badges. 2. In the Badge Configuration dialog, drag and drop the badges from the left panel to the AP. Figure 14: Badge Configuration Dialog The badges display around the AP and are visible when you zoom in on the map. Select 54 to display the badges legend that identifies the active badges. Extreme Campus Controller User Guide for version 5.46.
Floor Plan View Monitor Figure 15: Badges Legend displays active badges Related Topics Filtering Floor Plan By Badge Information on page 55 Device Context Menu Right-click a device icon to view the following information: • • • A link to the device configuration page. A link to the device details page. A link to the list of clients associated to the AP. Select the Exclude check box to exclude a device from simulations. If excluded, data from this device will not be considered when generating heat maps.
Monitor Floor Plan View To filter by AP statistics: 1. From the panel on the right side of the screen, select the Filters icon Figure 17: Map Filters Panel 56 Extreme Campus Controller User Guide for version 5.46.03 .
Floor Plan View Monitor 2. Use the slide bar on each filter to set criteria for the map display. The AP badges that meet the filter criteria appear on the map. Figure 18: Badges that meet filter criteria appear on map Understanding Readiness Maps Extreme Campus Controller Floor Plans view offers heat maps to illustrate network readiness, performance, and optimum positioning. The following readiness maps are available: • • Heat map. RSS signal strength. • • • Channels map.
Monitor Floor Plan View strength of the clients connected to them and the retry rates. If there are no clients, there is no measurement. In addition, see Positioning for details about heat maps that indicate optimal positioning of an AP. To access the maps: 1. From the right panel, select Maps to display a list of map types. 2. To activate a map, select the ball and drag to the right.
Floor Plan View Monitor Figure 20: Push-Pin Reading for Heatmap Values You also have the option to Select All APs or Deselect All APs. Use these options in addition to individual AP selection to more easily control which APs are selected. Use Cases: If you want all but one AP selected: 1. Select Select All APs. 2. Right-click on the AP that you don't want. 3. Select Exclude AP from Simulations. If you only want one AP selected: 1. Select Deselect All APs. 2. Right-click the AP that you do want selected.
Monitor Floor Plan View Positioning Heatmaps Extreme Campus Controller Floor Plans view offers Positioning heat maps to illustrate optimal device location and client foot traffic. The following Positioning maps are available: • • Location Readiness. Predicted location quality. Foot Traffic (Supported on AP39xx only). To access the Positioning maps from the floor plan view: 1. Display an available floor plan. 2. From the right panel, click Positioning. 3.
Device List Monitor Device List View access points (APs) and switches from Monitor > Devices. • • • See Access Points List on page 61 for a list of supported APs. See the Extreme Campus Controller Release Notes for a list of supported switches. Extreme Campus Controller supports Extreme Defender Adapter SA201 for the Defender for IoT solution. For more information on Extreme Defender for IoT, refer to documentation located in the Extreme Networks documentation portal.
Monitor Access Points List • The Overrides column indicates that the AP has overrides. To view which override settings are enabled, select the AP and go to Advanced > Overrides. • The Ethernet Port Speed and Ethernet Port Mode are available for each port on a selected device: ◦ When the interface is connected, port speed and mode display. ◦ When an available port is disconnected, the value is NC (Not Connected). ◦ For single port AP models, the value for the second port is NA (Not Available).
Access Points List Monitor • • • • • • • • • • AP505i AP510i/e AP510i-1 AP560i/h AP3917i/e/k AP3916ic AP3915i/e AP3912i AP3935i/e AP3965i/e The Extreme Networks Defender Adapter SA201 is supported. For documentation on each AP model type: 1. Go to Extreme Networks documentation. 2. Scroll down to Wireless & Mobility. 3. Select the AP model type. Note Most AP radio properties depend on a regulatory domain; which is defined at the site level.
Access Points List Monitor Understanding Access Point States The following describes access point states on the Access Points Device List. Table 10: AP State from the Device List State Description In-Service. Device has discovered Extreme Campus Controller and is providing service. Indicates which AP in a Distributed site acts as the domain manager (RFDM). The RFDM communicates directly with Extreme Campus Controller collecting statistics, access point upgrade information, and Smart-RF activities.
Access Points List Monitor The queries for each grid can be named, edited, and deleted, up to 10 queries per grid. Related Topics Build a Query for Devices or Clients on page 65 Build a Query for Logs on page 336 Build a Query for Devices or Clients Take the following steps to build a customized query, filtering data on the AP List and Client List pages, and viewing results in pie chart format: 1. To access the AP List page: Go to Monitor > Devices > Access Points.
Monitor Access Points List 10. To run the query, select Execute. The query is automatically saved. AP List queries are saved separately from Client List queries. The filter icon is highlighted to indicate that a query is in effect. Note Query Builder generates a Pandas query syntax. The syntax preview is displayed at the top of the Query Builder dialog. For saved queries: • • Select to view the Pandas query. Select to copy the Pandas query to the clipboard.
Access Points List Monitor Query Builder actions: • New. Provide a name, and add a blank dialog so you can create a new query. There is a limit of 10 saved queries per user, per grid. After the 10-query limit has been reached, the New button is unavailable. • • • Rename. Rename an existing query. Delete. Delete the query that is currently displayed. Close. Close the Query Builder dialog. If you close Query Builder without running the query, your query details are deleted. • Reset.
Access Points List Monitor Figure 23: Channel Assignment for AP410i-CAN associated with Site Thornhill The pie chart in Figure 23 shows selected APs by channel assignment. The query filters all AP410i-CAN access points that are associated with site Thornhill. This column selection is preserved after you log out. You can access this information again when you log in. For results with more than 10 items, the chart includes pages, and the percentage calculation reflects the global total.
Access Points List Monitor Figure 24: AP count by model number Related Topics Build a Query for Devices or Clients on page 65 Query Builder on page 64 Extreme Campus Controller User Guide for version 5.46.
Access Points List Monitor Support for ExtremeWireless AP3xx Access Points Extreme Campus Controller supports the ExtremeWireless™ AP302W, AP305C, AP310i/e, AP310i-1 indoor access points and the AP305CX and AP360i/e outdoor access points. Table 11: Radio Configuration and support for AP3xx 70 AP Model Radio Configuration AP302W • Universal AP with two operating modes: on premise and cloud-enabled. For more information, see Universal AP Operational Modes on page 16.
Access Points List Monitor Table 11: Radio Configuration and support for AP3xx (continued) AP Model Radio Configuration Mode 3 — 5GHz lower band service radio and 5GHz upper band service radio • Internet of things (IoT) devices are supported. ◦ Note: The AP310i-1 does not support IoT and the 5GHz radio does not support 160MHz operation.
Monitor Access Points List Support for ExtremeWireless AP5xx Access Points Extreme Campus Controller supports ExtremeWireless™ AP505i, AP510i/e, AP510i-1, AP560i/h/m/t/u access points. These access points support more users and internet of things (IoT) devices. In addition to both internal and external antennas, these APs support a Bluetooth Low Energy (BLE) antenna. • AP510i/e indoor, one dual band 2.4GHz/5GHz radio and one 5GHz radio. ◦ Mode 1 — 2.
Monitor Access Points List ▪ MODE 3 • Radio 1 will be limited to 2x2 and max power 18dBm • Radio 2 will be limited to 2x2 and max power 0dBm (providing no service). Note When both ports on a dual-port AP are powered, the port with the lowest power determines the power result. The AP Override setting Force Normal Operation can be enabled, indicating that the AP is configured to operate with the normal, full-power capacity regardless of a detected AP power restriction.
Access Points List Monitor The AP560 is offered in a product bundle that targets the installation environment. Refer to Table 12 and Table 13 on page 74 for descriptions of each product bundle. Table 12: AP560i portfolio AP Model Number Description AP560m-FCC The AP560m is a pole-mount bundle that includes the AP560i access point and the following brackets: ◦ KT-147407-02 bracket kit ◦ KT-150173-01-ExtArm Features include: ◦ Outdoor, one 2.
Monitor Access Points List Table 13: AP560h portfolio (continued) AP Model Number Description For more information, see the AP560h documentation.
Monitor Access Points List Table 14: Tabs on the AP Details Screen (continued) Tab Description Troubleshooting Offers packet capture at the AP, remote console access to the AP, and Smart Poll reporting. Smart RF View widgets that show information about the following: • Mitigation • Occupancy and neighbor channels • Peer AP visibility. Certificate Current credentials in use by the AP. 3. You can also: Select Select to modify configuration settings. to go back to the list.
Access Points List Monitor Figure 25: 6 GHz Band Throughput Note The datasets are sampled at different intervals. Therefore, it is possible that data from the 14day dataset will not include data from the 3-day dataset or from the 3-hour dataset. It is possible that a new client will not appear in a dataset if the dataset has not been recently updated.
Access Points List Figure 26: Topology Map representing LLDP Port Connectivity Figure 27: Extreme Switch data Figure 28 describes each Topology Map icon with status. 78 Extreme Campus Controller User Guide for version 5.46.
Access Points List Monitor Figure 28: Topology Map Legend Note If the Link Layer Discovery Protocol (LLDP) is not enabled on the switch, LLDP data is not available. Figure 29: LLDP data not available The AP reports switch port connection details to Extreme Campus Controller. Reported properties include the following: AP Extreme Campus Controller User Guide for version 5.46.
Access Points List Monitor The AP reports the AP Name and Power Source. Power Source values include normal and restricted levels for the following: • • AF AT Switch When both LLDP (Link Layer Discovery Protocol) and TLV (Type Length Value) advertisement are enabled, the switch reports the Switch Port and System Name. If only the LLDP is enabled, the switch Port Number displays. If the LLDP is not enabled on the switch, the switch is a gray icon.
Access Points List Monitor Related Topics Access Points List on page 61 Network Snapshot: Switch Details on page 95 Floor Plan View on page 50 AP Tunnel Information The VLANS tab for a selected device provides status information on the AP tunnel between the AP and the appliance, both for single deployments and for an availability pair. For devices configured with a VxLAN topology, it displays status information for the VxLAN tunnel. Note Supported on AP3xx, AP4xx, and AP5xx models.
Monitor Access Points List Name Topology Name Mode Topology type. Valid values are: • • • • Bridged@AP Bridged@AC Fabric Attach VxLAN Tagged A check mark indicates that VLAN is tagged. If you have more than one VLAN on a port, enable tagging to identify to which VLAN the traffic belongs. Ensure that the tagged vs. untagged state is consistent with the switch port configuration. Fabric Attach topologies are always tagged. VLAN ID Identifies the VLAN. I-SID For Fabric Attach.
Access Points List Monitor To access the Troubleshooting tools go to: • • Monitor > Devices > Access Points. Select an AP and select Troubleshooting, or Monitor > Sites. Select a site and select Troubleshooting.
Monitor Access Points List Continuous packet capture is supported. If an AP must restart after a capture has started, the capture will continue after the AP restart. If the appliance must restart, the capture parameters are not preserved. After packet capture has started, you can change the capture parameters and refresh the capture, continuing to capture without interruption. This feature enables you to modify parameters as you monitor the capture process.
Monitor Access Points List Packet Capture Parameters Field Name Field Description In the Capture Locations pane, configure the following settings: Appliance Data Ports Select this option to capture packets to and from the appliance. When capturing appliance data ports, you must configure at least one filter. From the Add Filters field, select either IP address or MAC address for the appliance. Only one capture task can apply to the Appliance Data Ports at a time.
Monitor Access Points List Field Name Field Description In the Filter pane, filter packets by MAC address, IP address, IP Protocol, or Port. The filters are mutually exclusive and are applied in the order in which they are listed. Enter at least one MAC address or IP address. Note: Excessive packet capture degrades network performance. If you are going to enable packet capture on all APs, specify at least one MAC address filter and one IP address filter to avoid performance degradation.
Access Points List Monitor Overview Dashboard on page 31 Add or Edit a Configuration Profile on page 122 Dashboard Widget — Packet Capture Instances Extreme Campus Controller offers a dashboard widget to help manage multiple packet captures. Extreme Campus Controller supports up to 10 packet capture instances. To start a packet capture, go to the Troubleshooting tab for each selected AP or site. A summary of all currently active packet capture instances is provided on the Default dashboard.
Access Points List Monitor 3. Select Troubleshooting > AP Remote Console > Connect. The selected AP's SSH console appears. 4. To terminate the SSH console session, select Disconnect. Smart Poll Smart Poll provides reports that help you determine the health of the connection between an access point and any valid IP address target or valid Fully-Qualified Domain Name (FQDN). Link stability is determined by Round Trip Time ( RTT) and packet loss statistics.
Access Points List Monitor Figure 32 compares Round Trip Times for selected targets within a site. The grayed area indicates the baseline values for the site. Figure 32: RTT in the Site Context Figure 33 compares Packet Loss for selected targets within a site. The grayed area indicates the baseline values for the site. Figure 33: Packet Loss in the Site Context Extreme Campus Controller User Guide for version 5.46.
Monitor Access Points List • From the AP page: 1. Go to Monitor > Devices > Access Points. 2. Select an AP. 3. Select Troubleshooting > Smart Poll. The following reports are available: • Round Trip Time ( RTT) and Packet Loss statistics for a Smart Poll enabled AP. The RTT and Packet Loss table summarizes the average RTT and Packet Loss across targets configured for the selected AP. Figure 34: RTT and Packet Loss for Selected AP • RTT and Packet Loss for a specific target.
Smart RF Widgets Monitor • Hover the mouse over a widget to display tool tip information. Configure Smart Poll from the device group Advanced Settings dialog. You can also override Smart Poll configuration for a selected AP.
Monitor Smart RF Widgets know to avoid each other; however, the more traffic on the channel the greater the chance of collisions. Throughput slows but all packets get through. ◦ Adjacent. Number of APs on adjacent channels. Adjacent APs are close enough to interfere, but not close enough to know they are interfering. They do not have the benefit of DCF. To display more details for a specific channel, select a row in the widget. The Channel Inspector Interference Report displays. • Neighbor List.
Monitor Smart RF Widgets Network Snapshot: Sites on page 48 Channel Inspector Interference Report The Channel Inspector Interference Report enhances Smart RF on the controller by providing details about channel interference for each radio. To access the Channel Inspector Interference Report, select a row on the Channel Inspector widget from the AP Smart RF dashboard. The channel data generated from Smart RF populates the report. The report is generated from the last channel scan.
Monitor Switches List Table 16: Channel Inspector Interference Report (continued) Field Description SSID Service Set Identifier. Identifies the network. AP Name Name of the AP provided at network setup. Related Topics Smart RF Widgets on page 91 Basic RF Management Settings on page 163 Scan Settings for Smart RF on page 170 Channel and Power Settings on page 165 Switches List Extreme Campus Controller can manage a maximum of 1000 switches.
Monitor Switches List Understanding Switch States The following describes switch states on the Switches Device List. Table 17: Switch State from the Device List State Description In-service: • Switch acknowledges the sent configuration • Switch sends statistics every 5 minutes. In-Service Trouble: • Switch in process of connecting to Extreme Campus Controller • Configuration is pending acknowledgment from switch • Switch reset pending • Switch reboot pending • Switch upgrade pending Unknown.
Monitor Switches List Table 18: Tabs on the Switch Details Screen (continued) Tab Description LAG Ports Link Aggregation Group (LAG) Ports organized as a list of master ports and the LAG members that are associated with the master port. All ports assigned to a LAG must have the same port function. The configuration of the master port is shared with its LAG members. When a port is added to a LAG, its previous unique configuration is removed and the port inherits the group configuration.
Switches List Monitor • Port usage distribution showing the proportion of ports assigned to each of the possible port functions: ◦ ◦ ◦ ◦ • Serve an Access Point Serve a Host (other than an access point) Link to another bridge/switch Other Port PoE states NEW! PoE Budget AP Estimator The PoE Budget AP Estimator outlines PoE budget data per AP model number for the selected switch model. Use this information to effectively plan your AP/Switch topology.
Monitor Switches List • • Port Speed Neighbor Related Topics Switch Port Configuration on page 215 LAG Ports Link Aggregation Group (LAG) Ports organized as a list of master ports and the LAG members that are associated with the master port. All ports assigned to a LAG must have the same port function. The configuration of the master port is shared with its LAG members. When a port is added to a LAG, its previous unique configuration is removed and the port inherits the group configuration.
Monitor Networks List • • • Read-only users of Extreme Campus Controller cannot access the Troubleshooting tab. Modifications made during the CLI diagnostics session are not preserved on Extreme Campus Controller. After you leave the Troubleshooting tab, the remote session is terminated. There is no history or current status of a connection. For information on ExtremeXOS CLI commands, see ExtremeXOS documentation.
Monitor Mesh Point Network Diagram Table 19: Tabs on the Network Service Screen (continued) Tab Description Switches List of switches associated with the network service. Clients List of clients associated with the network service. Use the search facility to find a specific client. Add or remove clients from Allow list or Deny list directly from the client list. 3. You can also: Select Select to modify configuration settings. to go back to the list.
Mesh Point Network Diagram Monitor Figure 37: Mesh Node Information Name AP Name Serial Number AP Serial Number IP Address IP Address of the AP Nexthop Change Count (Displayed for non-root APs with an active link.) Indicates how often the uplink has changed. This value indicates link stability. A stable value that does not increment during the service period is preferred. • To display Link Information, select the line connecting the nodes. Bi-directional link information is displayed.
Mesh Point Network Diagram Monitor Figure 38: Mesh Link Information Table 20: Mesh Link Information Fields Field Range Directional Notes AP1 AP2 RSS (dBm) -1 to -127 dBm Received Signal Strength Packets from AP1, detected at AP2 Packets from AP2, detected at AP1 SNR 0 to 127 Signal-to-Noise Ratio Packets from AP1, detected at AP2 Packets from AP2, detected at AP1 Moving Average of Tx PHY Tx Rate of Rate packets from AP1, detected at AP2 Tx Rate of packets from AP2, detected at AP1 Tx Rate
Mesh Point Network Diagram Monitor Table 20: Mesh Link Information Fields (continued) Field Range Description Directional Notes AP1 AP2 Tx Retries 0 to 4294967295 Count of Tx retried packets Number of Tx packet retries from AP1 to AP2 Number of Tx packet retries from AP2 to AP1 Lmet 0 to 8191 Cost Metric of Link to neighbor AP. Lower value is better.
Monitor Clients Figure 40: Navigation Buttons • Zoom in and out using the zoom buttons. Figure 41: Zoom Buttons • • • To center the diagram, select . To refresh the diagram, select . To jump to the Mesh Point Network Configuration Settings, select .
Understanding Client Status Monitor ◦ WPA1/WPA2/WPA3 — Wi-Fi Protected Access (versions 1-3) • DL Lost Retries Packets — Indicates the number of packets lost between the AP and the client (downlink). This value indicates the health of the RF environment. Possible reasons for packet transmission failure are channel noise or co-channel interference. • DL Lost Retries Bytes — Indicates the number of bytes lost in packet transmission between the AP and its clients (downlink).
Monitor Client Access Lists Related Topics Overview Dashboard on page 31 Client Access Lists Clients on a Deny list are denied network access. Clients on an Allow list are granted network access. Use these lists to create a subcategory of users that are set apart from the larger group by their access privileges. The client MAC address is used to add the client to a specific list.
Monitor Client Actions 4. Select the Mode: Allow List or Deny List. 5. To add MAC addresses to the list, select Add and enter a MAC address for the client. 6. To delete a MAC address from the list, select the MAC address from the list, then select Delete. To select the entire list, select the MAC Address check box. Related Topics Client Access Lists on page 106 Global Client Access Lists on page 106 Client Actions The following describes actions you can take on clients in the Clients list.
Network Snapshot: Clients Dashboard Monitor Table 21: Client Actions (continued) Field Description Add to group Adds selected clients to a group. Check Force Reauthentication to automatically reauthenticate the client to the network. Remove from group Removes selected clients from the group. Check Force Reauthentication to automatically reauthenticate the client to the network.
Monitor Network Snapshot: Clients Dashboard The Client Details displays a chart of client association with an AP. Table 23: Tabs on the Client Screen Tab Description Dashboard Network charts provide throughput, volume, and speed information for each client. Use this information to understand network traffic and load. Sites Lists sites associated with the client. Networks Lists the network services associated with the client. Select a network to display network details.
Monitor Network Snapshot: Clients Dashboard Table 24: End-System Event Fields (continued) Field Description Extended State Details about the action that triggered the event. Valid values are: • Authentication • State Change • De-registration • Registration • No Error Location MAC addresses and network identifiers that the client has been associated with. Indicates client position on the network.
Policy Monitor Client Widgets The following widget reports are available from the Client dashboard: • • • Client Utilization. Provides metrics on client throughput and data usage. • • Expert: Client metrics for the expert user related to RFQI, RTT, RSS, and RX and TX Rates. RF Management. Provides metrics on radio frequency quality. Clients. Provides metrics on Transmission Control Protocol (TCP) and Return Trip Time (RTT) per client. Application Visibility.
Roles List Monitor Extreme Campus Controller is shipped with a default policy configuration that includes the following default roles: • • • • • • • Enterprise User Quarantine Unregistered Guest Access Deny Access Assessing Failsafe The Enterprise User access policy is intended for admin users with full access. The Quarantine access policy is used to restrict network access to end-systems that have failed assessment.
Roles List Monitor Table 25: Preconfigured Policy Roles (continued) Role Description Assessing The Assessment access policy temporarily allocates a set of network resources to end-systems while they are being assessed. Typically, the Assessment access policy allows access to basic network services (e.g. ARP, DHCP, and DNS), permits all IP communication to the Assessment servers so the assessment can be successfully completed, and HTTP to redirect web traffic for Assisted Remediation.
Monitor Roles List To view widgets for an individual role: 1. Go to Monitor > Policy > Roles. 2. Select a role from the list and review the widgets on the Dashboard page. The widgets on the Roles dashboard relate to Application Visibility. Possible widgets include: • • • • Application Categories by Client Count Top Rules by Hit Count Rule Hit Count Bottom Application Groups by Client Count.
Monitor Roles List Figure 44: Top Rules by Hit Count on the Roles Dashboard Figure 45: Rule Hit Count on the Roles Dashboard Rule-level statistics are saved per role, per rule, as an aggregate of all mobile user clients. Hit count is collected separately for From User Traffic and To User Traffic, and hits to the default policy are included. When the policy configuration changes, only statistics for the latest configuration are displayed, but data is saved for up to 14 days.
Configure Network Configuration Steps on page 116 Sites on page 117 Devices on page 184 Networks on page 220 Policy on page 258 Automatic Adoption on page 279 ExtremeGuest Integration on page 286 AAA RADIUS Authentication on page 288 Network Configuration Steps The following is the basic workflow for setting up your network using Extreme Campus Controller: Note To ensure the devices discover Extreme Campus Controller, configure DHCP, NPS, and DNS Services for Extreme Campus Controller discovery.
Sites Configure 6. Go back to each device group and associate the configured networks and the defined roles by editing the assigned configuration Profile. Alternatively, you can associate the Profile with the network or policy definition during the initial configuration of the network or role. For more information, see Associated Profiles on page 124. 7. Install and add devices.
Configure Add a Site Configuring RF Management on page 163 Configuring Column Display on page 29 Configuring a Floor Plan on page 174 Site Client Access Lists on page 106 Add a Site To add a site to Extreme Campus Controller, take the following steps: 1. Go to Configure > Sites > Add. 2. Configure the site parameters. Related Topics Site Parameters on page 118 Site Parameters Configure the following parameters for site configuration.
Modifying Site Configuration Configure 4. To delete a site, select Delete. A delete confirmation message displays. Select OK. Related Topics Site Parameters on page 118 Floor Plans on page 24 Site Location on page 120 Device Groups on page 21 RADIUS Configuration for Switches Per Site on page 119 Advanced Tab on page 183 RADIUS Configuration for Switches Per Site Extreme Campus Controller supports direct access from a switch to an external RADIUS server within the site configuration.
Configure Site Location Site Location To display your site location on a physical map from the Site workbench, provide site metadata including map coordinates. To access Site metadata: 1. Go to Configure > Sites. 2. Select a site and select the Location tab. 3. Provide the following optional information: • • • Site Manager Name Site Manager Email Site Manager Contact ◦ ◦ ◦ ◦ • Region City Postal Code Campus Map Coordinates.
Adding Device Groups to a Site Configure Device Group Parameters Configure the following parameters: Table 27: Device Group Settings Field Description Name Device Group name. Profile The configuration profile associated with the device group. Each AP platform has a default configuration profile. Select the default profile from the list or take one of the following actions: • To add a new profile, select platform. • To edit a profile, select . Then, provide a name and .
Add or Edit a Configuration Profile Configure Add or Edit a Configuration Profile Extreme Campus Controller is installed with a default configuration Profile for each AP platform. You can modify the default Profile or create a new Profile, but default Profiles cannot be deleted. New Profiles display the configuration settings that were delivered with your initial Extreme Campus Controller installation.
Configure Add or Edit a Configuration Profile Table 28: Profile Configuration Parameters (continued) Field Description Radios Configure radio mode and advanced radio settings: • Admin Mode - Determines the radio mode. Select On to enable the radio. Select Off to disable the radio. • Mode - Radio mode. Values depend on the AP model and radio band: For more information, see Understand Radio Mode on page 134. • Client Bridge Network - Network associated with the Client Bridge.
Add or Edit a Configuration Profile Configure Table 28: Profile Configuration Parameters (continued) Field Description Positioning Select a configured Positioning Profile. Or, Select Select to add a new Profile. to edit the selected Profile. Note: Supported on AP39xx, AP3xx, AP4xx, and AP5xx. Analytics Select a configured ExtremeAnalytics Profile. Or, Select Select to add a new Profile. to edit the selected Profile. Note: Supported on AP39xx, AP3xx, AP4xx, and AP5xx.
Add or Edit a Configuration Profile Configure Extreme Campus Controller simplifies this procedure. After saving a network configuration or policy definition, Extreme Campus Controller prompts you to select the configuration Profile for association. The defined VLAN is automatically associated with the network or role. To associate a different VLAN to a specific Profile, select from the Profile VLANS tab or from the Add VLAN dialog, select Associated Profiles.
Add or Edit a Configuration Profile Configure assigned to the device group, but this setting can be overridden from the AP Override settings for each AP. Differentiate the AP Root behavior setting one of two ways: • (Best Practice) Configure two device groups: One device group for the root AP, one device group for the non-root APs. Configure separate Profiles with the appropriate Root behavior setting for each device group.
Add or Edit a Configuration Profile Configure Figure 46: Mesh Point Profile Configuration, Multiple Radios Non-root APs are configured with Mesh ACS (Automatic Channel Selection). This allows the non-root AP to follow the channel and width of the uplink AP. The non-root AP scans channels to find the best path to a root AP. Preferred Root and Preferred Neighbor settings influence the path to the root AP.
Add or Edit a Configuration Profile Configure 3. Configure the following parameters: Note Most of the configuration settings apply to non-root APs only. Table 29: Mesh Device Settings AP Model Option AP Behavior • AP3xx • AP4xx • AP5xx Root A root mesh point is defined as a mesh point that is connected to the WAN and provides a wired backhaul to the network. Select the root behavior of this mesh point. • Yes — Mesh point is root node for this mesh network.
Configure Add or Edit a Configuration Profile Table 29: Mesh Device Settings (continued) AP Model Option AP Behavior • AP3xx • AP4xx • AP5xx Channel Plan Non-root APs are configured with Mesh ACS (Automatic Channel Selection). This allows the non-root AP to follow the channel and width of the uplink AP. The non-root AP scans channels to find the best path to a root AP. Preferred Root and Preferred Neighbor settings influence the path to the root AP.
Add or Edit a Configuration Profile Configure Table 29: Mesh Device Settings (continued) AP Model Option AP Behavior AP39xx Root • Yes - Mesh point is root node for this mesh network. • No - Mesh point is not a root node for this mesh network. Note: When using an AP39xx: • When the AP39xx is a root AP, the Wireless Distribution System (WDS) service is the parent. • When the Path Selection Method is snr-leaf or mobile-snr-leaf, the WDS service is a child.
Add or Edit a Configuration Profile Configure 2. For RF Management, select Default Smart RF. 3. Edit the default configuration Profile for the AP model, specifying the client bridge settings. To edit the configuration Profile, select . 4. From the Radios tab, select Client Bridge as the Radio Mode value for either radio. Note Consider the following when configuring a radio as a Client Bridge: • Only one radio can be configured as a Client Bridge. This can be either radio.
Add or Edit a Configuration Profile Configure Figure 47: Configuration Profile with Client Bridge Configuration Note A Client Bridge AP will not associate to the infrastructure network with authentication types Open or WPA2-Personal (PSK) in combination with captive portal. These scenarios require user interaction. Note The Client Bridge network and the infrastructure AP network must match on the same radio. On the Client Bridge AP, if the 2.
Add or Edit a Configuration Profile Configure 9. On the Networks tab, the Client Bridge network is indicated with a black highlight. Note The Client Bridge is always assigned the primary BSSID (Basic Service Set Identifier). If you change the Client Bridge network assignment, the radio is reset, resulting in a service interruption. 10. On the Networks tab, select GE2 port. Only allow one network assignment to Client Bridge and GE2 interfaces respectively.
Add or Edit a Configuration Profile Configure Figure 49: Configuration Profile Network Configuration – Client Bridge on a single interface AP The wired port speed is configured on the Wired Ports tab.
Configure Add or Edit a Configuration Profile Note Configure only one radio for Client Bridge. When selecting Client Bridge on Radio 2, Radio 1 forwards traffic on a 2.4 GHz band only. Table 30: Radio Modes AP Model Radio 1 Radio 2 AP302W 2.4GHz /5GHz (dual band) • Sensor • b/g • g/n • b/g/n • a/n/ac • g/n/ax • a/n/ac/ax • Client Bridge 5GHz • a/n/ac • a/n/ac/ax • Client Bridge AP305C/CX 2.4GHz /5GHz (dual band) • Sensor • b/g • g/n • b/g/n • a/n/ac • g/n/ax • a/n/ac/ax • Client Bridge.
Add or Edit a Configuration Profile Configure Table 30: Radio Modes (continued) 136 AP Model Radio 1 Radio 2 AP310i-1 2.4GHz /5GHz (dual band) • sensor • b/g • g/n • b/g/n • a/n/ac • g/n/ax • a/n/ac/ax • Client Bridge • 160 MHz channel width not supported. 5GHz • sensor • a/n/ac • a/n/ac/ax • Client Bridge • 160 MHz channel width not supported. AP360i/e 2.
Configure Add or Edit a Configuration Profile Table 30: Radio Modes (continued) AP Model Radio 1 Radio 2 Radio 3 (Sensor) AP410C 2.4GHz /5GHz • b/g • g/n • b/g/n • g/n/ax • a/n/ac • a/n/ac/ax • Client Bridge 5GHz • a/n/ac • a/n/ac/ax • Client Bridge 2.4GHz /5GHz (dual band) • Sensor wireless capture limited to one stream of data (1x1) • sensor (nonconfigurable) • a/n/ac • a/n/ac/ax • Client Bridge AP460e 2.
Add or Edit a Configuration Profile Configure Table 30: Radio Modes (continued) AP Model Radio 1 Radio 2 AP510i-1 2.4GHz /5GHz (dual band) • sensor • b/g • g/n • b/g/n • a/n/ac • g/n/ax • a/n/ac/ax • Client Bridge • 160 MHz channel width not supported. 5GHz • sensor • a/n/ac • a/n/ac/ax • Client Bridge • 160 MHz channel width not supported. AP560i/h 2.
Configure Add or Edit a Configuration Profile • On the AP3xx and AP5xx, the sensor can be set per radio — one radio can be configured as a sensor, and the other one can be configured to pass wireless traffic. The AP310 and AP510 are dual-band APs. A white LED indicates sensor selection. • On AP39xx, both radios must be configured as sensors at the same time. After the radio mode is set to Sensor on the configuration Profile, define the scan list under Advanced Profile settings.
Add or Edit a Configuration Profile Configure Radio settings are dependent on the access point model. Table 31: Advanced Radio Settings Field OCS Channels Description Note: Supported on AP3xx, AP4xx, and AP5xx models. Define custom channel list: • Channels for Radio 1 are all 2.4 GHz or both 2.4 and 5 GHz lower band channels. Channel width is selectable. • Channels for Radio 2 are 5GHz channels or 5GHz upper band channels. Channel width is selectable.
Configure Add or Edit a Configuration Profile Table 31: Advanced Radio Settings (continued) Field Description Guard Interval Mode The guard interval is the space between characters being transmitted (not the space between packets). The default value is Auto, which is sufficient for most indoor deployments. Consider Long or Quadruple for outdoor deployments where devices are installed more than 100 meters away.
Add or Edit a Configuration Profile Configure Table 31: Advanced Radio Settings (continued) Field Description Radio Share Mode Radio operates as a sensor and a traffic forwarder. Valid values are: • Off. When the radio mode is set to Off, the Radio Share capability is disabled. • Inline. AP reports to the ADSP server only multicast / broadcast traffic such as beacons and probe requests.
Configure Add or Edit a Configuration Profile Table 31: Advanced Radio Settings (continued) Field Description 802.11g protection mode Enable this rate limit to prioritize 802.11g (ERP-OFDM) transmission allowing the 802.11g device to transmit unhindered. Protection is used when the packet rate is greater than the configured protection limit rate. For example, if the protection rate is set to 11Mbps, protection will be used when sending at rates greater than 11Mbps, which means 802.11g rates.
Add or Edit a Configuration Profile Configure Table 31: Advanced Radio Settings (continued) Field Description OFDMA Specify the direction to use Orthogonal Frequency-Division Multiple Access (OFDMA). Valid values are: • Off • DL— downlink • UL— uplink • Both 802.11ax APs use OFDMA technology to partition a channel into resource units, allowing users with varying bandwidth needs to be served simultaneously. OFDMA is ideal for low bandwidth applications.
Configure Add or Edit a Configuration Profile Table 31: Advanced Radio Settings (continued) Field Description BSS Color Configures support for 802.11ax BSS coloring and assigns the BSS color associated with the radio. BSS coloring is a means by which 802.11ax radios differentiate between overlapping Basic Service Sets (BSSs) in multi-path channels. A BSS represents a set of communicating devices consisting of one AP radio and one or more client stations. In an 802.
Add or Edit a Configuration Profile Configure Table 31: Advanced Radio Settings (continued) Field Description Probe Suppression RSS Threshold (dBm) This setting is available when Probe Suppression on Low RSS is enabled. This setting determines the RSS threshold for forced disassociation and probe suppression. The default threshold is -90 dBm. Valid value range is -50dBm to -100dBm. Best Practice: Probe Suppression Threshold should not be greater than -70dB.
Add or Edit a Configuration Profile Configure AirDefense Profile Settings The AP integrates with the Extreme AirDefense (AirDefense), offering an additional profile option that allows the AP to function as an AirDefense sensor or to act as a sensor and retain the ability to forward traffic. When the AP is configured with an AirDefense dedicated sensor profile, the functionality of the AP is controlled by the AirDefense server.
Add or Edit a Configuration Profile • • • Configure Termination under Sensor and Radio Share Modes. Rogue AP on the Wired interface. Threat detection and alarms are supported. Note AP Test is not supported on ExtremeWireless AP39xx. Related Topics AirDefense Profile Settings on page 147 ExtremeLocation Profile Settings Configure the AP to integrate with ExtremeLocation. ExtremeLocation is a premier location tracking and analytics solution by Extreme Networks.
Configure Add or Edit a Configuration Profile IoT Profile Settings Extreme Campus Controller supports the IoT applications listed in Table 34.
Add or Edit a Configuration Profile Configure Table 34: IoT Application Support (continued) Application AP Models Supported • AP410i-1 • AP510i-1 Eddystone-url Beacon • • • • • • • • AP310i/e AP360i/e AP4000 AP410i/e AP460i/e AP505i AP510i/e AP560i/h • • • • • AP302W AP305C/CX AP4000 AP410C AP460C/S6C/S12C • AP391x The following AP models do not support IoT: • AP3935 • AP3965 • AP310i-1 • AP410i-1 • AP510i-1 Eddystone-url Scan • • • • • • • • AP310i/e AP360i/e AP4000 AP410i/e AP460i/e AP505i AP51
Configure Add or Edit a Configuration Profile Configure a separate IoT profile for each IoT application: 1. Specify a profile name. 2. Select the IoT application. The resulting parameters depend on the application you select.
Add or Edit a Configuration Profile Configure Table 35: iBeacon IoT Settings (continued) Parameter Description Minor Identifies an individual beacon. Used to more precisely pinpoint beacon location. This value complements the UUID and Major values to provide more granular identification of a specific location, such as a particular shelf, door-way, or item. Valid values are 0 to 65635. Specify 0 for Random Minor. Extreme Campus Controller generates the Minor value.
Configure Add or Edit a Configuration Profile Table 36: iBeacon Scan Settings (continued) Field Description UUID Identifier used to differentiate a large group of related beacons. A company can have a network of beacons with the same UUID. Used for filtering data. Extreme Campus Controller forwards data with matching UUID to the Application Server and filters out all other UUID data. If UUID configured value is all zeros, no filtering occurs.
Add or Edit a Configuration Profile Configure Related Topics iBeacon Settings on page 151 iBeacon Scan Settings on page 152 Eddystone-url Scan Settings on page 154 Eddystone-url Scan Settings Table 38: Eddystone-url Scan Settings Parameter Description Application Determines application type. Select Eddystone URL Scan. Destination IP Address IP address of the customer Application Server that receives the beacon report.
Add or Edit a Configuration Profile Configure Determines the level of client data collection. Valid values are: • Off. Disable Positioning Services. Setting to Off stops all RSS collection from the APs, including Location Events. • Active Clients. Track associated clients to the selected AP. When you select this option, you will not be able to view un-associated clients on a floor plan. • All Clients. Track both associated and unassociated clients. 2. Select Save.
Add or Edit a Configuration Profile Configure Configure the AP to integrate with a Real-Time Location System (RTLS). 1. Select the plus sign to create a new profile ( 2. Configure the following parameters: ). Table 40: RTLS Parameters Field Description Name Provide a name for the RTLS profile. Application Select a supported RTLS application. Valid values are: • AeroScout • Ekahau • Centrak. Supported on AP39xx only. • Sonitor Server IP Address The IP address of the RTLS application server.
Add or Edit a Configuration Profile Configure Advanced Configuration Profile Settings From the Edit Profile page, select Advanced and configure the following parameters: Table 41: Advanced Configuration Profile Settings Field Description Client Balancing Enable Client Balancing to distribute client traffic evenly between APs in the same device group. In an availability pair, create a device group on each appliance. The APs within each group will manage the user traffic within that group.
Add or Edit a Configuration Profile Configure Table 41: Advanced Configuration Profile Settings (continued) 158 Field Description Enable SSH Determines if the Secure Shell (SSH) protocol is enabled. Enable SSH for direct access to an AP. When enabling SSH, configure a password. To configure an SSH password, go to Admin > System > Maintenance. You can enable SSH for each AP profile. By default, this setting is disabled. Session Persistence Determines if session persistence is enabled.
Configure Add or Edit a Configuration Profile Table 41: Advanced Configuration Profile Settings (continued) Field Scan Mode Description Note: Supported on AP3xx, AP4xx, and AP5xx models. Determines which channels are scanned. Valid values are: • Default Scan. — Scans all supported channels. Optimized to scan widest possible channel. • Channel Lock — Scans on single channel. • Custom Scan — Scan is based on a selected custom list. Define a custom channel list including channel width.
Add or Edit a Configuration Profile Configure Table 41: Advanced Configuration Profile Settings (continued) Field GE2 Port Function Description Note: Ports on the Universal APs are labeled with the prefix ETH. Specify the function of the second AP Ethernet port: • Client. Indicates that the client port is enabled on the AP. The client option is used in the following scenarios: ◦ When an AP radio is configured as a Client Bridge.
Add or Edit a Configuration Profile Configure Table 41: Advanced Configuration Profile Settings (continued) Field Description Poll Timeout (Seconds) Specifies the amount of time, in seconds, to wait for a response from the appliance before rebooting. The value range is from 3 to 600 unless the controller is in an availability pair without fast failover enabled. The default value is 3. Note: When configuring a Mesh network, we recommend a value of at least 60 for the non-root AP configuration.
Add or Edit a Configuration Profile Configure Table 41: Advanced Configuration Profile Settings (continued) Field Description PEAP User Name and Password Ability to configure the PEAP (Protected Extensible Authentication Protocol) user name and password for all devices in a device group or for a specific device override. Used to pre-provision devices for authorization to connect to the network.
Configure Configuring RF Management Session Persistence Session Persistence applies to the session state on the AP. RADIUS authentication is always handled through the appliance — this can be the local Extreme Campus Controller or a third-party appliance. Associated clients remain unaffected by a lack of connectivity to the appliance. When using MBA or 802.1x, the authenticating appliance must be visible.
Configuring RF Management Configure Table 42: Basic RF Management Settings (continued) Field Description Sensitivity Determines pre-defined thresholds for Smart RF. Valid values are: • Low — Interference recovery 30 dBm. Coverage Hole Recovery 20 dBm • Medium — Interference recovery 20 dBm. Coverage Hole Recovery 20 dBm • High — Interference recovery 5 dBm. Coverage Hole Recovery 20 dBm • Custom. Select Custom to modify Smart RF settings. Note: Available for Smart RF policy only.
Configuring RF Management Configure Channel and Power Settings Modify Channel and Power settings to fine-tune channel selection within an RF Management policy. Channel and Power settings are available on all APs that are supported by Extreme Campus Controller. Note APs retain the last known channel and power settings after a connection loss or reboot. Table 43: Channel and Power Settings Field Description Channel Width Represents the desired channel width.
Configuring RF Management Configure Basic RF Management Settings on page 163 Scan Settings for Smart RF on page 170 Neighbor Recovery Settings for Smart RF on page 171 Interference Recovery Settings for Smart RF on page 172 NEW! Understanding Smart RF and Channel Width Extreme Campus Controller Smart RF can ensure that the operating channel width does not conflict with radio band compliance limitations.
Configuring RF Management Configure individual channels you want to add to the channel plan while pressing the CTRL key, and then select OK. • For 5 GHz Radio nodes, select one of the following: ◦ All channels — ACS or Smart RF scans all channels for an operating channel and, when ACS or Smart RF is triggered, the optimal channel is selected from all available channels.
Configuring RF Management Configure Configuring ACS RF Policy The Extreme Campus Controller RF Management policy depends on your AP model. AP39xx access points support Automatic Channel Selection (ACS) as the RF Management policy. Extreme Campus Controller is installed with a default ACS policy. A Centralized site can support multiple ACS RF policies. Different AP device groups can use different ACS RF policies. You can modify the default policy or create a new policy.
Configuring RF Management Configure Select Interference Recovery and configure the following parameters. Table 44: ACS Interference Recovery Settings Field Description Channel Occupancy Threshold % Defines the channel utilization level, measured as a percentage. If the threshold is exceeded, ACS scans for a new operating channel for the AP. Noise Threshold (dBm) Defines the noise interference limit, measured in dBm.
Configuring RF Management Configure Extreme Campus Controller is installed with a default Smart RF policy. You can modify the default policy or create a new policy, but you cannot delete a Smart RF policy. Note After modifying the default RF policy settings, if you need to return to the Extreme Campus Controller initial settings, create a new Smart RF policy. New policies are comprised of the Smart RF settings that are delivered with the initial Extreme Campus Controller installation.
Configuring RF Management Configure Table 45: AP Scan Settings (continued) Field Description Scan Duration [Milliseconds] The length of time the scan occurs in milliseconds. Valid values are 20-150. Scan Period [Seconds] The scan frequency interval in seconds. Valid values are 1-120. The default value is 6 seconds. Extended Scan Frequency The frequency that radios scan on channels other than their peer radios. Valid values are 0 — 50. The default setting is 5 for all radio bands.
Configuring RF Management Configure default Smart RF policy enables Neighbor Recovery for AP4xx and AP5xx. It requires a minimum of four APs to function. Note Before you can edit these parameters, select Custom Sensitivity from the Basic Smart RF configuration tab. Select Recovery > Neighbor Recovery and configure the following parameters.
Configuring RF Management Configure Select Recovery > Interference Recovery and configure the following parameters. Table 47: Smart RF Interference Recovery Settings Field Description Noise When enabled, Smart RF policy scans for excess noise from wireless devices. When noise is detected, Smart RF-supported devices can move to a cleaner channel. Decision to move is based on Noise Factor setting. This feature is enabled in the default Smart RF policy.
Configuring a Floor Plan Configure Select Shutdown Settings Select Shutdown is intended for high-density deployment designs focused on 5GHz coverage. It identifies and hides redundant 2.4GHz radios, thus reducing the overall CCI (Co-Channel Interference ). Hidden radios are still on and will send Neighbor Reports. Select Shutdown is disabled by default. From Select Shutdown configure parameters that will maintain CCI levels within specified limits.
Configuring a Floor Plan Configure A site can have multiple floor plans, usually a plan for each floor of a building. The devices represented in the map must come from the same site. Note Floor plan limits depend on the appliance. See Table 4 on page 26. Badges provide real-time statistics for APs. (APs can also be excluded from a simulation.) To use the floor plan feature for the first time, follow this process: 1. 2. 3. 4. 5. 6. 7. Select the plus sign to add a new floor plan.
Configuring a Floor Plan Configure Setting Floor Plan Scale on page 179 Drawing Boundary Walls on page 180 Drawing Inner Walls on page 181 Placing Devices on page 181 Assigning Badges on page 53 Floor Plans on page 24 Floor Plan View on page 50 Use Case: Device Group Filtering View your devices on a floor plan to gain information about network readiness. Floor plans are associated with the site. Each site can have one or more floor plans — typically, one plan per floor.
Configuring a Floor Plan Configure Use Case: Importing A Floor Plan with Unknown APs You have the option to create a floor plan map with a third-party tool and import the map to Extreme Campus Controller. Upon import, the AP place holder icon displays ( ). You may want to create a floor plan before you have the APs installed. Or you may be reusing a floor plan that incorporated different APs from those that you are using now. In either case, the APs are unknown to Extreme Campus Controller.
Configuring a Floor Plan Configure Importing or Exporting a Floor Plan on page 178 Floor Plan Settings 1. Configure the following parameters for a floor plan. Table 49: New Floor Plan Settings Field Description Floor Name Unique name for the floor plan. Floor Height Floor height in meters. 2. Select OK.
Configuring a Floor Plan Configure 4. Navigate to the background image file. Extreme Campus Controller supports the following: • File formats: .jpg, .png. svg. Note .svg is not supported with Internet Explorer version 11. • Image resolution up to 2592x1456 pixels. 5. Click Open. The background image is displayed. 6. Click Save to save the floor plan. To remove the image: display the image on the map and click the Floor Image delete icon click OK. .
Configuring a Floor Plan Configure Figure 50: Setting Floor Plan Scale • Click to draw a doorway. a. Draw a line to represent a doorway. b. Click Apply. • Click to draw the floor length. Draw a line on the map that represents an actual physical distance. On the map, double-click the beginning and ending points of the line. The length of the wall (based on the set scale) is displayed on the map. Drawing Boundary Walls Draw the outside boundary of the building.
Configuring a Floor Plan Configure Drawing Inner Walls Wall materials affect the propagation of the signal and estimation models. An accurate representation of the walls is essential to the accuracy of the model. We recommend that you draw inner walls for a custom environment and choose material types, such as concrete around stairwells. It is important that you draw inner walls that are made of concrete or brick because these materials have a strong effect on the propagation.
Configuring a Floor Plan Configure 4. Select the device from the list. The cursor changes to a device icon . 5. Select on the floor plan to place the device. 6. If you need to move the device on the floor plan, first select the selector tool, then select the device icon and move it on the map. 7. To save the floor map, select Save. 8. Select to display the floor plan View page. Next, go to Assigning Badges on page 53. Configuring AP Orientation APs can be mounted on a wall or ceiling.
Advanced Tab Configure Define up to 16 specific zones per floor to determine whether a client position is inside or outside of each zone. Additionally, you can create areas located inside of other areas. A client can only be located in one area at a time. Note You must have a floor plan displayed to enable the Draw Zones feature. To draw a zone on the floor plan map: 1. Go to Configure > Sites. Add a new site or select a site and select Floor Plans tab. 2. Select Draw Tools to display floor plan tools. 3.
Configure Devices Use Global Settings The global settings are dependent on the Availability setting Auto AP Balancing (which is located under Administration > System > Availability). • When Auto AP Balancing is Active - Active, which spreads the load across the availability pair, the Use Global Settings field displays Load Balance. • When the Auto AP Balancing is Active - Passive, which uses the secondary appliance for failover only, the Use Global Settings field displays Primary Appliance.
Access Points Configure The model and licensing domain of the AP determines the site configuration type and site licensing domain. The configuration Profile and RF Management for a device group are specific to the AP platform. Use Auto Refresh to automatically refresh the information presented. From the Auto Refresh dropdown field, select the refresh value. Valid values are: • • • • 30 Seconds 1 Minute 3 Minutes 5 Minutes You can also select to manually refresh the page anytime.
Access Points Configure AP Actions Take the following actions from the AP Actions button. Table 50: AP Actions Field Description Manage Certificates Manage certificates for selected APs. Possible values are: • Generate CSR — Enter the attributes for a Certificate Signing Request that is downloaded after the form is complete. See Generate CSR on page 189. Then, send the .csr file to the certificate authority to be signed and returned as a .cer file.
Access Points Configure Table 50: AP Actions (continued) Field Description Image Upgrade Select from the list of AP version images and apply to selected APs. If more than one AP is selected, the upgrade image must be common between the selected APs. If not, a message displays indicating that there is no common image. Download appropriate image or select different APs. For information on downloading an upgrade image, see Software Upgrade on page 357. Minimize service impact.
Configure Access Points AP Certificates Access points can establish a secure tunnel with Extreme Campus Controller using a self-signed or manufacturing certificate. This feature is supported on the Extreme Campus Controller version 5.x licensing model. AP certificates are not used when the connection does not use a secure tunnel, and certificates are not supported with Extreme Campus Controller licenses prior to v5.x. On Extreme Campus Controller you can generate a unique .csr file for each AP.
Access Points Configure Related Topics AP Actions on page 186 Generate CSR on page 189 Apply Signed Certificate on page 189 Access Points List on page 61 Generate CSR Complete the following attribute fields to generate a Certificate Signing Request (CSR). Country Name Two-letter ISO abbreviation for country name. State or Province Name Name of the state or province. Locality Name Name of the city or locality. Organization Name Name of the organization.
Configure Access Points To apply a Signed Certificate: 1. (.PFX Only) Provide the password that was used when exporting a .pfx signed certificate from the certificate authority. 2. From the Upload Signed Certificate field, drop the certificate file. Or, select the field to navigate to the certificate file. Valid file types are: • • • .pfx .cer (DER Format) .zip Note Uploading a single zipped certificate to multiple APs is not supported.
Configure Access Points Unique number that identifies the AP. Provide this number for new and cloned APs. This number is on the AP. Note When manually onboarding AP models AP300, AP400, and AP500, pad the registration serial number with five trailing zeros. For example, the serial number format for these AP models is 00000, and must be entered as 2120W-2123400000. Model Select an AP model number from the drop-down list. The model number is on the AP. Name Unique name for the AP.
Access Points Configure Table 51: Radio Properties Field Description Radio Band Title The title indicates the radio band and if the radio is configured for Mesh or Client Bridge. Note: Mesh and Client Bridge cannot be configured on the same AP. Use RF Management Policy Indicates if settings from the RF Management policy that is associated with the device group are used. If you select Yes, links to the RF Management Policy and the site are present.
Access Points Configure Table 51: Radio Properties (continued) Field Description Max Tx Power Determines the maximum power level that can be used by the radio in dBm. The values are governed by compliance requirements based on the country, radio, and antenna selected, and will vary by AP. DFS Fallback Channels Specify a 5GHz channel that the radio will adopt if DFS (Dynamic Frequency Selection) fails. ExtremeWireless APs support up to 9 channels.
Configure Access Points Figure 51: Channel Select dialog displaying 5 GHz band available channels Note The Channel Select dialog displays only channels that match the compliance for the selected AP. The following details describe the Channel Select dialog: • • The selected channel number is displayed in a bold font with a lighter background. Select a different channel cell to change the channel selection.
Access Points Configure Figure 52: Channel Select dialog displaying 6 GHz band available channels Related Topics 6 GHz Channel Allocation and Notation on page 15 Configuring RF Management RF Management profiles are AP model dependent and reusable. Default profiles are intended to make RF Management easy, getting you up and running without having to configure an RF policy. However, you can always create additional profiles based off of default RF Management profiles.
Access Points Configure Advanced Setting Overrides Many AP properties are configured from the device group configuration Profile, where they apply to all APs in the device group. Override the following settings for a specific AP from the Advanced > Overrides tab. Best Practice: For a consistent configuration, a best practice is to configure the APs through the configuration Profile. Overrides are available for unique configuration.
Configure Access Points Table 53: Advanced AP Setting Overrides (continued) Field Description GE2 Client Port Specify the function of the second AP Ethernet port: • Client. Indicates that the client port is enabled on the AP. The client option is used in the following scenarios: ◦ When an AP radio is configured as a Client Bridge. Extreme Campus Controller automatically sets the GE2 port to Client when Client Bridge is configured.
Access Points Configure Table 53: Advanced AP Setting Overrides (continued) Field Description Poll Timeout Specifies the amount of time, in seconds, to wait for a response from the appliance before rebooting. The value range is from 3 to 600 unless the controller is in an availability pair without fast failover enabled. The default value is 3. You can configure this setting for all APs in a device group from the device group Advanced Settings dialog.
Access Points Configure Table 53: Advanced AP Setting Overrides (continued) Field Description PEAP User Name and Password Ability to configure the PEAP (Protected Extensible Authentication Protocol) user name and password for all devices in a device group or for a specific device override. Used to pre-provision devices for authorization to connect to the network. Credential and Certificate installation procedures are supported for Wi-Fi 6 APs, AP39xx series APs, and the SA201 Adapter.
Access Points Configure Table 53: Advanced AP Setting Overrides (continued) Field Description Client Bridge Client Bridge Override — Select to enable override settings. Roaming RSS Threshold — Determines when the client bridge AP scans to find a better infrastructure AP. Valid range: from -128 to -40. Default value is -70. A scan is triggered when one or more of the following criteria is met: • When the infrastructure AP RSS value is less than the configured RSS Threshold.
Access Points Configure Table 53: Advanced AP Setting Overrides (continued) Field Description Mesh Points The mesh point settings on an AP radio can be overwritten here. Mesh point configuration is handled from the device group configuration Profile. If you want to modify configuration for a mesh point, check the mesh point check box to display the edit button ( ). Select to display the Edit Mesh Device Settings dialog. To override a setting, select the check box and provide an override value.
Configure Access Points order to enable or disable a selected network. This can be useful for testing and troubleshooting purposes. Note Extreme Campus Controller will display a warning if the network reassignment affects the primary BSSID on the radios, resulting in a radio reset. You will have the opportunity to consider the impact of network reassignment before overriding a WLAN.
Configure Access Points disable Band Steering at either the AP override or on the Networks tab of the configuration Profile, to regain control over the WLAN assignment per radio band. Note The Band Steering feature steers 5 GHz clients toward the 5 GHz band. 6E clients can self steer into the 6 GHz band for service. On the AP List, a check mark in the Override column indicates that the AP is associated with an Override.
Configure Access Points Table 54: Cell Size Control Settings (continued) Field Description Probe Response Retry Limit The default Probe Response Retry Limit is 4. If devices are having a problem connecting to the network, due to congestion or due to the quality of the device, consider increasing the retry limit. Maximum value is 10. Rx Sensitivity Reduction (dB) New APs are very sensitive and can pick up unwanted channel interference.
Access Points Configure The fields and corresponding antenna value options on the Professional Install dialog depend on the selected AP and the antenna models that are available. Select an antenna for each available port. By default, the two antennas must be identical. However, you have the option to select No Antenna for the second antenna port. Select the antenna model from the drop-down field. Choose the desired attenuation for each radio from the drop-down list. Selectable range is from 0 to 30 dBI.
Configure Access Points AP305CX Professional Install The antenna ports for the AP305CX are defined as follows: • • • • Radio 1 Port 2.4/5G-1 Radio 1 Port 2.4/5G-2 Radio 2 Port 5G-3 Radio 2 Port 5G/IoT-4 The antenna list is dependent on your regulatory domain. The default antenna is the antenna with the highest gain. Figure 55: AP305CX External Antenna Configuration AP310e/AP360e Professional Install Settings The following rules apply to AP310e and AP360e antenna installation: • • • • Group 1 (2.
Access Points Configure ◦ Radio 2 is enabled only if one or more antennas are configured in Group 2. Table 56: Radio Modes AP310e/AP360e Mode Radio 1 Radio 2 1 2.4 GHz traffic forwarder 5 GHz traffic forwarder 2 2.4 GHz/5 GHz sensor 5 GHz traffic forwarder 3 5 GHz traffic forwarder (channels 36-64) 5 GHz traffic forwarder (channels 100-165) Sensor 2.
Access Points Configure • Group 2 — Ports 5 and 6 Note To display the Professional Install dialog, the AP must be part of an AP410e device group. Figure 57: AP410e Professional Install Settings Related Topics Add APs on page 190 AP460e Professional Install Settings The AP460e is an outdoor AP with external antennas.
Access Points Configure Figure 58: AP460e Professional Install Settings Related Topics Add APs on page 190 AP510e Professional Install Settings The following rules apply to AP510e antenna installation: • • • Group 2 (5GHz) accepts identical 5G or dual band antennas. • Mode 1. Radios 1 and 2 are enabled when: Group 1 (2.4GHz/5GHz) accepts identical dual band antennas. Antennas must be configured consecutively for each group. Group 1 starts with Port 1/Group 1 and Group 2 starts with Port 5/Group 2.
Configure Access Points ◦ Radio 1 – Sensor. ▪ Radio 1 2.4GHz sensor needs Group 1 antenna. ▪ 5GHz sensor need Group 2 antenna. ▪ Or, Dual-band sensor needs one or more antennas configured in both Group 1 and Group 2. • Mode 3. Radios are configured Dual 5GHz mode. ◦ Radio 1 is enabled only if one or more antennas are configured in Group 2. ◦ Radio 2 is enabled only if one or more antennas are configured in Group 1.
Configure Switches • INTERNAL-560H-70, dual band, 8feed, 70 degree sector Note The AP must be part of an AP560 device group to display the Professional Install dialog. Figure 60: AP560h Professional Install Settings Related Topics Add APs on page 190 Switches Extreme Campus Controller can manage a maximum of 1000 switches. • • To configure a switch, go to Configure > Devices > Switches. For a list of supported switches, see the Release Notes.
Configure Switches Table 57: Switch Actions (continued) Field Description Retrieve Traces Initiates a traces routine creating a zip file that includes switch configuration, state information, and log files. Extreme Campus Controller receives the Traces zip file and presents a downloadable zip file in the Traces tab on the Monitor page for the switch. Extreme Campus Controller keeps one file and overwrites that file as subsequent files are received. Assigned to Site Assign selected switches to a site.
Switches Configure To add a switch to your network: 1. Per-configure your external DHCP and DNS servers on your network for discovery of the new switch. In order for the to communicate to the Extreme Campus Controller: • The DHCP Server (that will be serving an IP to the switch) needs to return a DNS Server and Domain Name to the switch. • The DNS Server needs to map the name extremecontrol. to the IP address of the Extreme Campus Controller that you plan to add the switch.
Configure Switches Configure a Switch The information that displays on the Switch Configuration page depends on the Switch Mode. By default, switches are in GUI-Mode. To configure an ExtremeXOS switch through the CLI, you can place the switch in CLI-Mode. For more information, see CLI - Mode Advanced Settings on page 219. Note CLI-Mode support is limited to ExtremeXOS switches. To access the switch configuration page: 1. Go to Configure > Devices > Switches and select a switch (not the check box).
Switches Configure LAG Configuration To configure a Link Aggregation Group (LAG): 1. To set a Master Port, select New LAG. 2. Select the Master Port number from the drop-down field. Note Dialog options display for the master port after you select a port number. 3. Select a Member Port number under Ports Eligible for LAG membership. Then, drag the port to the Master Port pane. 4. Select Save Master.
Configure Switches • • Authentication mode MAC-based Authentication (MBA) Note Configure only one untagged VLAN ID /PVID per port. PoE Enabled Indicates if the port is enabled for Power over Ethernet. PoE must be supported on the port. VLANs Select one or more configured VLANs. Click the plus sign to add the VLAN to the list. Authentication Mode Authentication Mode. 802.1x can be configured on individual ports.
Configure Switches Advanced Switch Settings Table 59: Advanced Switch Settings Field Description Bridge Priority Indicates the priority of the switch in a Spanning Tree network configuration to determine the Root Bridge Switch. All switches are assigned a Bridge Priority. The Bridge Priority plus the Mac Address determine the Switch ID. The lower the numerical value of the Switch ID, the more likely the switch is the Root Bridge (switch).
Configure Switches Table 59: Advanced Switch Settings (continued) Field Description SNMP Configuration You can configure SNMP for the individual switch or for the full Extreme Campus Controller. For more information, see SNMP Configuration on page 371. Switch Mode Toggle between Switch CLI-Mode and Switch GUI-Mode. • Select Change to GUI-Mode to provide CLI access under switch Monitoring for troubleshooting purposes. For more information, see Troubleshoot a Switch Using the CLI on page 98.
Assign to Site Configure 3. Select Change to CLI-Mode. 4. Select Activate Console. A console window opens. It can take up to 60 seconds for the switch to connect. 5. When the login prompt displays, log in with your Extreme Campus Controller credentials.
Configure Networks To add a device to a site from a device list: 1. Go to Configure > Devices. • • To assign APs or adapters, select Access Points. To assign switches, select Switches. Extreme Campus Controller displays a list of devices. 2. Select one or more devices, and then select Actions > Assign to Site. Note Selected APs and adapters must be the same model type. The Assign to Site dialog opens. 3. Select a site. To create a new site, select . 4. Select a device group.
Configure WLAN Service Settings Band Steering on page 258 WLAN Service Settings Table 60: WLAN Service Configuration Settings Field Description Network Name Enter a unique, user-friendly value that makes sense for your business. Example: Staff SSID Enter a character string to identify the wireless network. Maximum 32 characters. Upper and lowercase allowed. Example: PermanentStaff Hotspot The following values are valid for hotspot configuration: • Disabled. Hotspot functionality is not enabled.
Configure WLAN Service Settings Table 60: WLAN Service Configuration Settings (continued) Field Description AuthType Define the authorization type. Valid values are: • Open —Anyone is authorized to use the network. This authorization type has no encryption. The Default Auth role is the only supported policy role. • OWE — Opportunistic Wireless Encryption (OWE) offers security to open networks, ensuring that traffic between an AP and a client is encrypted.
Configure WLAN Service Settings Table 60: WLAN Service Configuration Settings (continued) Field Description WiNG 7.2.x or later utilize the WPA3-Personal protocol. Older AP models that are not WPA3 compatible use WPA2 AES. See Privacy Settings for WPA3 with SAE on page 225. • WPA3-Enterprise — WPA2-Enterprise with Protected Management Frames (PMF). This option requires and enforces PMF enablement. The TKIP-CCMP option is disabled.
WLAN Service Settings Configure Table 60: WLAN Service Configuration Settings (continued) Field Description Authentication Method Displayed after Captive Portal or MBA is selected. Select from the following authentication values: • Default. Select Configure Default AAA. • Proxy RADIUS (Failover). Configure up to 4 RADIUS servers for redundancy. • Proxy RADIUS (Load Balance). Configure up to 4 RADIUS servers for load balancing. • Local. Look up in the local password repository. • LDAP.
WLAN Service Settings Configure Table 60: WLAN Service Configuration Settings (continued) Field Description Default Auth Role The default network policy roles for an authenticated client. Select a role from the list. Other options: • — create a new role • — edit selected role • — delete selected role Select the policy role as the default authentication policy role. Typically, Enterprise User is the Default Auth Role. You can select any of the configured roles. To configure a new role: 1.
Configure WLAN Service Settings Configure the following privacy settings: • Protected Management Frames — Management Frames are the signaling packets used in the 802.11 wireless standard to allow a device to negotiate with an AP. PMF adds an integrity check to control packets being sent between the client and the access point. Valid values are: ◦ WPA3 - Personal (SAE). Setting is Required. Requires that all devices use PMF format. This could result in older devices not connecting.
WLAN Service Settings Configure ◦ Required. Requires all devices use PMF format. This could result in older devices not connecting. PMF is enabled by default. • Input Method. Enter the PSK in String or HEX: ◦ String value — Supports a PSK of 1-63 characters ◦ HEX value — Supports a PSK of exactly 64 characters and must contain HEX digits only. • WPA2Key. The password to access this wireless network.
Configure Mesh Point Network • Fast Transition — Provides faster roaming by authenticating the device before roaming occurs. This setting is enabled by default. • Mobility Domain ID — Used by 802.11r, this setting defines a network scope that supports 11r fast roaming. Master keys are shared within the Mobility Domain, allowing clients to support fast roaming.
Mesh Point Network Configure Consider the following about a mesh network: • The Mesh APs use wireless beacons to advertise their capabilities. Mesh APs connect to each other using the information in the beacons. A single mesh point is supported on multiple radios for a single AP. • Mesh points forward all traffic into the wired network through mesh point root APs. A root AP is an AP connected to the wired network. Mesh points find the optimum path to a mesh point root AP.
Configure Mesh Point Network When a non-root AP is incorrectly configured in a mesh network, it can become stranded. To recover a stranded AP, reconnect to the Management Port through the wired Ethernet. Note Mesh device settings are supported at the Profile level or configured as an override for a specific AP.
Hotspot Configure Mesh Point Name Name that identifies the mesh point. Mesh ID Identifies the mesh network. APs must have the same Mesh ID in order to form mesh links. APs with configured mesh points exchange beacons and the Mesh ID is checked. If a Mesh ID does not match that of the network, the beacon is dropped. If the Mesh ID does match that of the network, the AP adds an entry in the Mesh Point Neighbor Table. The SSID is used as the Mesh ID for networks that support AP39xx access points.
Hotspot Configure With pre-association, a mobile device uses ANQP to perform network discovery. The mobile device's connection manager uses hotspot information, such as the service provider policy and user preferences, to automatically select a hotspot network. A mobile device queries the hotspot for key service provider identification and authentication information and selects a network. The ANQP response is generated using parameters configured by the hotspot operator.
Configure Hotspot Related Topics Hotspot Identification on page 233 SP Identification on page 234 Network Characteristics on page 238 Online Signup on page 239 Hotspot Identification From the Hotspot Identification tab, configure the following parameters: Domain FQDN specified by the user. Default value is empty string. This is a list of one or more domain names of the entity operating the hotspot network. Domain names in the domain name list may contain sub-domains.
Configure Hotspot Figure 61: Hotspot Identification Tab Related Topics Configure Hotspot on page 232 SP Identification on page 234 Network Characteristics on page 238 Online Signup on page 239 SP Identification The hotspot SP Identification tab displays hotspot properties for service provider identification and authentication. To configure SP Identification for the hotspot: 1. Configure a WLAN Services Hotspot. For more information, see Configure Hotspot on page 232.
Hotspot Configure 2. Select the SP Identification tab. Figure 62: Service Provider Identification Extreme Campus Controller User Guide for version 5.46.
Configure Hotspot 3. Configure the following parameters: Realm. The NAI (Network Access Identification) Realms list is a FQDN (Fully-Qualified Domain Name) of the service provider. This is a list of realms that can be successfully authenticated. Each realm may have up to four supported EAP methods. Note Wildcards are supported. For example, for realm, you can enter *.extreme.area120.com, instead of entering specific realms. To add realms: a. Select New. b. Enter a value in the Realm field.
Hotspot Configure If the device has been provisioned with the home service provider, the device does not need to use the EAP methods in the NAI Realm List. The mobile device knows the EAP method required to authenticate against its home service provider and automatically uses it. Note Keep your DNS server records up to date so that mobile devices can resolve the server domain names (FQDN). Mobile devices with a SIM or USIM credential, can obtain a realm from the hotspot NAI Realm list.
Configure Hotspot Network Characteristics The hotspot Network Characteristics tab displays network parameters for the hotspot. To configure Network Characteristics for the hotspot: 1. Configure a WLAN Services Hotspot. For more information, see Configure Hotspot on page 232. 2. Select the Network Characteristics tab. Figure 64: Configuring Network Characteristics 3. Configure the following parameters: IP Address Type Availability.
Hotspot Configure • • • • • Single NAT Double NAT Port Restricted Single NAT Port Restricted Double NAT Unknown IPV6 valid values are: • • • Not Available Available Unknown WLAN Metrics. Enter the values for maximum Uplink and Downlink speed and load parameters for the WLAN service. The mobile device uses information from the WAN Metrics configured here to make network selection decisions. The mobile device can determine if necessary throughput is available from the hotspot before connecting.
Configure Hotspot 2. From the Hotspot field, select OSU. 3. From the Auth Type field, select Open or WPA2-Enterprise (802.1x/EAP). Note You must specify a AAA policy when configuring OSU for Hotspot. Note You will specify this OSU WLAN in the Online Signup configuration. To configure Online Signup for the hotspot: 1. Configure a WLAN Services Hotspot. For more information, see Configure Hotspot on page 232. 2. Select the Online Signup tab. Figure 65: Configuring Online Signup 3.
Hotspot Configure Server Provider Setting. This is service provider configuration settings. • To add a provider to the list, select New and configure the provider settings. For more information, see Configuring the OSU Service Provider on page 241. • • To remove a provider from the list, select the list row, then select To edit provider information, select the list row, then select Configuring the OSU Service Provider on page 241. 4. Select OK to save the Online Signup configuration. . .
Configure Hotspot 3. In the Service Provider Setting pane, select New. The OSU SP Configuration dialog appears. Figure 66: Configuring the OSU Service Provider 4. Configure the following parameters: Server URI 242 Extreme Campus Controller User Guide for version 5.46.
Captive Portal Settings Configure The OSU server URI. Methods OSU Method is the preferred list of encoding methods that the OSU server supports in order of priority. Select the connection method used by the provider. Select Change Order to reorder the method priority. Icon Add an icon that is associated with Online Signup: • • To add or change the icon, select Change. Then, navigate to a .png file. To remove the icon, select Remove.
Configure Captive Portal Settings Internal Captive Portal Settings An internal captive portal resides on Extreme Campus Controller. Configure the following parameters for an internal captive portal. Table 61: Internal Captive Portal Settings Field Description Portal name Select an icon to add, edit, or delete a captive portal. When you add or edit a captive portal, the portal configuration dialog displays. Portal Connection Indicates the Interface/Topology that is used for the portal communication.
Captive Portal Settings Configure External Captive Portal Settings An external captive portal resides on a separate server. Configure the following settings for an external captive portal. Table 62: External Captive Portal Settings Field Description ECP URL URL address for the external captive portal. When integrating with ExtremeCloud™ A3, the URL format is: https:///Extreme::XCC Walled Garden Rules Select Walled Garden Rules to configure policy rules for the external captive portal.
Configure Captive Portal Settings From Extreme Campus Controller, configure the following: • AAA Policy defining the RADIUS server, then specify that AAA Policy on the CWA captive portal network configuration. • Policy role that includes a redirect rule. The redirect rule must use the TCP protocol and redirect the client based on the domain name or IP address that is specified in the URL message that is sent from the RADIUS server.
Configure Captive Portal Settings Figure 67: CWA Network on Extreme Campus Controller 2. Configure the following settings: Table 63: Centralized Web Authentication Network Settings Field Description Network Name Enter a unique, user-friendly value that makes sense for your business. Example: Staff SSID Enter a character string to identify the wireless network. Maximum 32 characters. Upper and lowercase allowed. Example: PermanentStaff Status Enable or disable the network service.
Captive Portal Settings Configure Table 63: Centralized Web Authentication Network Settings (continued) Field Description MAC-Based Authentication (Optional) Select this option to enable MBA. When selected, multi-factor authentication is enabled. The following parameter displays when MAC-based Authentication is enabled: • MBA Timeout Role. Select the role that will be assigned to a wireless client during MAC-based authentication (MBA) if the RADIUS server access request times out.
Captive Portal Settings Configure Figure 68: AAA Policy for CWA — RADIUS Server definition Related Topics Configure AAA Policy on page 289 CWA Policy Redirection Role on page 249 Add Policy Roles on page 260 Configuring VLANS on page 270 CWA Policy Redirection Role To configure a policy role with at least one redirection rule: 1. Go to Configure > Policy > Role > Add. 2. Create a new role. 3. Select Layer 3/Layer4 and configure the parameters for a redirect rule that works with CWA captive portal.
Captive Portal Settings Configure Figure 69: Example Redirection Role on Extreme Campus Controller that includes six L3/L4 rules 250 Extreme Campus Controller User Guide for version 5.46.
Captive Portal Settings Configure Figure 70: Redirect-80 rule redirects HTTP traffic from Port 80 Table 64: Rule Configuration for Layer3/Layer4 Redirection Rules Field Description Name Provide a name for the rule. Example: Redirect-80 that redirects traffic on HTTP port 80. Action Redirect Protocol TCP IP/Subnet User-Defined. Then specify the IP address of the captive portal.
Configure Captive Portal Settings make allowances for third-party servers). The Portal Configuration must have the specific site registration enabled and include the Application ID and Secret for the third-party site. Third-party registration for networks redirecting HTTP traffic to the captive portal using DNS Proxy requires additional configuration. Create a unique application to the third-party software. Refer to the following developer sites: • • • • • Facebook Developers page at https://developers.
Captive Portal Settings Configure 5. Configure the rule parameters. The following is an example of a DNS-based Layer 3 rule that allows access through Facebook. Figure 71: Layer 3 Rule Each application site requires specific rules to access their site domains. Table 66 lists the rule configuration parameters needed for each application site. Note The domain information for each application site is subject to change. Refer to specific application site documentation if necessary.
Configure Advanced Network Settings Captive Portal Redirect Port List Configure a port on the Extreme Campus Controller interface to which the client is redirected after the ECP response. If ECP support is configured for HTTP then the port is typically 80, otherwise it is typically 443. It is possible to configure a different port. The hw_port attribute appears in the redirection response from Extreme Campus Controller. 1. Go to Configure > Networks > WLANS. 2. Select Enable Captive Portal. 3.
Advanced Network Settings Configure The Hostname value is limited to 32 characters, no spaces. It can be the same as or different from the AP Name. Both the AP Name and AP Hostname are displayed on the AP List and on the AP Details dialog in Extreme Campus Controller. Shutdown on Meshpoint Loss Shut down AP on loss of mesh connection. Enabling this setting makes it clear which AP services are operational.
Configure Advanced Network Settings Client to Client Communication Control blocking traffic between wireless clients on the same SSID. Select this setting to enable blocking of client-to-client traffic per network. This setting is disabled by default. Blocked client traffic is supported. Enable this setting on your network configuration and assign the network to a configuration Profile. Assign the configuration Profile to a device group.
Configure Advanced Network Settings • • Best Effort (1) Background (0) Related Topics Advanced Network Settings on page 254 Vendor Specific Attributes Extreme Campus Controller provides the following Vendor Specific Attributes (VSAs) in the message to the RADIUS server: Table 67: Vendor Specific Attributes Attribute Name ID Type Messages Description AP-Name 2 string Sent to RADIUS server The name of the AP the client is associating to. It can be used to assign role based on AP name or location.
Managing a Network Service Configure Managing a Network Service After a network service is created, you can modify the configuration settings or delete the network. To get started: 1. Go to Configure > Networks. 2. Select WLANs or Mesh Points. 3. Select a network service from the list. The network settings display. 4. Modify configuration settings as needed and select Save. 5. To delete a network, select Delete. A delete confirmation message displays. 6. Select OK.
Configuring Roles Configure Configuring Roles on page 259 Class of Service on page 267 VLANS on page 269 Configuring Rates on page 279 Configuring Roles A role is a set of network access services that can be applied at various points in a policy-enabled network. Roles are usually named for a type of user such as Student or Engineering. Often, role names match the naming conventions that already exist in the organization. The role name should match filter ID values set up on the RADIUS servers.
Configuring Roles Configure Add Policy Roles Define policy roles to provide unique treatment of packet types when a single role is applied. Note Associate each role with a configuration Profile of a device group for each AP in the group to make use of the policy role. 1. Go to Configure > Policy > Roles > Add. 2. Configure the parameters for the role. For more information, see Policy Role Settings on page 260. 3. Select the drop-down arrow to open the appropriate OSI layer.
Configuring Roles Configure Table 68: Role Parameter Settings (continued) Field Description Default Action Determines the access control default action. If you do not define policy rules for a role, the role's default action is applied to all traffic subject to that role. However, if you require userspecific filter definitions, then the filter ID configuration identifies the specific role that is applied to the user. Valid values are: • Allow. Allow packets using the specified VLAN option.
Configuring Roles Configure ID specified at the Role. The ability to specify the VLAN ID at the Role makes configuring network policy easier. If the traffic is allowed, it can also be assigned a Class of Service (CoS) that can affect the priority and latency of that traffic. Only the rules in the policy assigned to a client are applied to a client's traffic. Note Rules in the Application Layer (L7) apply to application access and use different matching criteria.
Configuring Roles Configure Related Topics Configuring L3, L4 Rules on page 263 Policy Rules for OSI L2 to L4 on page 261 Configuring L3, L4 Rules Configure policy rules that are associated with a role from the Role Configuration page. To configure an OSI Layer 3 and 4 rule, which filters on IP Address and Port number: 1. Select the L3, L4 drop-down and select New or select the rule to edit and existing rule. 2. Configure the following parameters: Name Name the rule.
Configuring Roles Configure The port or port type associated with the defined rule. Traffic from this port is subject to the defined rule. Valid values are: • User Defined, then type the port number. Use this option to explicitly specify the port number. • A specific port type. The appropriate port number or numbers are added to the Port text field. 3. Select Save. All rule types are applied to the policy in top to bottom order. The policy is installed on the enforced APs.
Configuring Roles Configure packets have already passed through the system. For typical web traffic, the leak is minimal for a long duration flow. However, for short duration flows, the Deny filter may not be effective. Any flows that are not matched through classification are handled by the Default Action. The Redirect action is only available for IPv4 traffic, not IPv6. The Allow, Deny, and Contain actions are available for IPv6.
Configuring Roles Configure • • Deny - Any packet not matching a rule in the policy is dropped. Containment VLAN - A topology to use when a network is created using a role that does not specify a topology. (Not applicable for L7 Application Rules.) Class of Service Determines the importance of a frame while it is forwarded through the network relative to other packets. The CoS defines actions to be taken when rate limits are exceeded. Click the plus sign to configure CoS. For more information, see .
Class of Service Configure Class of Service In general, COS refers to a set of attributes that define the importance of a frame while it is forwarded through the network relative to other packets, and to the maximum throughput per time unit that a client or port assigned to the role is permitted. The CoS defines actions to be taken when rate limits are exceeded.
Configure Class of Service 6. Specify the inbound and outbound rate limits, and select OK. 7. Click to add a new bandwidth rate. 8. Select Save. Related Topics Configuring ToS/DSCP on page 268 Bandwidth Rate on page 268 Configuring ToS/DSCP You can configure ToS/DSCP from the network rules page or the Class of Service page. Define how the Layer 3 ToS/DSCP will be marked: 1. Go to Configure > Policy > Roles > Add. Or, Class of Service > Add > Configure ToS/DSCP and skip to step 5. 2. 3. 4. 5.
VLANS Configure that are used to monitor its wireless network utilization. Traffic from other clients never count against a client's rate limits. Maximum Number of Limiters per Group: 8 inbound. Outbound Rate: Outbound traffic is sent from the network towards the client. Maximum Number of Limiters per Group: 8 outbound. Configure the following parameters to configure a new Bandwidth Limit: Name The name for the rate limit.
VLANS Configure Related Topics Configuring VLANS on page 270 Configuring VLANS A VLAN defines how the user traffic is presented through the network interface. To configure a VLAN: 1. Select Configure > Policy > VLANS. 2. Select Add, or select an existing VLAN from the list. 3. Configure the following parameters: Table 70: VLAN Configuration Settings Field Description Name Provide a unique name for the VLAN.
Configure VLANS Table 70: VLAN Configuration Settings (continued) Field Description VNI For VxLAN. VxLAN Network Identifier. The VNI is a 24-bit identifier. It can be used in more than one VxLAN topology. Remote VTEP For VxLAN. The IP address of the tunnel End-Point is referred to as a VxLAN Tunnel Endpoint (or VTEP). The VTEP is the IP address of the network switch. Network switches that act as a VTEP are referred to as VxLAN gateways. There can only be one VTEP per VxLAN topology.
Configure VLANS Table 70: VLAN Configuration Settings (continued) Field Description Enable Device Registration Indicates that the wireless AP or switch can use this port for discovery and registration. Mgmt Traffic Indicates that this port will be used to manage traffic. Enable Mgmt Traffic to access the Extreme Campus Controller user interface through this port. Associated Profiles Select to display a list of configured Profiles.
VLANS Configure Pre-defined Multicast Rules 1. Go to Policy > VLANS > Add, or select a VLAN. 2. Select Advanced. 3. Select Add Pre-Defined Rule. 4. Select a value from the Multicast Group field and click Add. Related Topics Configuring a Multicast Rule on page 273 Configuring VLANS on page 270 Configuring a Multicast Rule 1. Go to Policy > VLANS > Add, or select a VLAN. 2. Select Add New Rule. 3. Configure the following parameters: IP address Enter the multicast IP address for the traffic destination.
VLANS Configure Gateway IP address. Address Range IP address range. Value is prompted by the subnet IP address that you configured. Exclusions (Available from the VLAN configuration) A range or single IP address that is excluded from the greater Address Range. Save your VLAN configuration before selecting Exclusions to configure IP address exclusions.
VLANS Configure The switch requires that the VLAN/I-SID mapping is unique per port per switch, therefore only one AP per switch port is allowed. ExtremeWireless APs connected to a Fabric-enabled switch automatically use the default management VLAN that is configured on the switch. Moving an AP from a Fabric-enabled switch to a non Fabricenabled switch requires a factory default reset to connect to the new management VLAN.
Configure VLANS VxLAN can add up to a 50-byte header to the tenant VM frame. For VxLAN to work correctly, this requires that the IP MTU be set to at least 1550 bytes on the network-side interfaces. IP MTU of 1550 should also be set on all transit nodes which carry VxLAN traffic. The point at which a tenant frame is encapsulated (or decapsulated) is referred to as a VxLAN Tunnel Endpoint (or VTEP). VTEPs are typically located on hypervisors but may also be located on physical network switches.
VLANS Configure be at least one hop away, and all devices between the AP and the ExtremeXOS switch must allow Jumbo-Frame of IP 1550 bytes. The following ExtremeXOS switches and APs support a VxLAN topology: • ExtremeXOS Switches: ◦ ◦ ◦ ◦ ◦ ◦ • X465 X590 X690 X695 X870 X670-G2 ExtremeWireless access points: AP3xx, AP4xx, and AP5xx with firmware version WiNG 7.4.0 or later. When configuring a VxLAN topology, configure only one VNI and one VTEP (switch IP address).
Configure VLAN Groups configure virtual-network IDAP add remote-endpoint vxlan ipaddress 10.47.100.108 vr VRDefault configure virtual-network IDAP add remote-endpoint vxlan ipaddress 10.47.100.109 vr VRDefault • A remote endpoint (AP) must be at least one hop away from the ExtremeXOS local endpoint. The configuration must include at least one gateway router between the AP and the switch. The gateway must enable IP MTU (Maximum Transmission Units) of 1550 bytes.
Configuring Rates Configure Mode • Bridged@AC topologies using AP39xx access points are supported. Note You cannot modify the group mode after the group is created. VLAN ID ID for the VLAN Group VLANs List of configured VLANs that can be added to the group. Select a VLAN from the list and click the plus sign to add the VLAN to the group. 4. Click Save. Related Topics VLAN Groups on page 278 Configuring Rates You can set a data transfer rate for a policy. To configure rates: 1.
Configure Adoption Rules • • • Device redirection to a different Extreme Campus Controller Site and a device group assignment based on a partial match of the FQDN or DNS suffix Event Logging of the device adoption process Related Topics Configure AP Adoption Rule on page 281 Configure Switch Adoption Rule on page 282 Pattern-Based Matching on page 282 Configure Adoption Based on FQDN or DNS Suffix on page 283 Configure Device Redirection on page 285 Adoption Rules To avoid a manual process, create adop
Adoption Rules Configure • IP Address / CIDR — Enter a single IP address for each rule. The range for CIDR is 0 to 32. If the CIDR is 0, the IP address will not be used as a matching criteria. • Serial Number — Matching criteria must be an exact string. Enter a single serial number for each rule. Note To successfully match an adoption rule, all specified parameters must match. To add or edit an adoption rule: 1. Go to Configure > Adoption. 2. To add a new rule, select Add. 3.
Configure Adoption Rules Configure Switch Adoption Rule Specify a site when creating a switch adoption rule. The device group does not apply to switches. 1. Go to Configure > Adoption > Add. The New Rule dialog displays. 2. To create a rule for switches, select Switch. 3. For Action, select one of the following values: • Allow • • Deny Redirect 4. Select a site. 5. Select a filter parameter, and then select .
Adoption Rules Configure “ap510RDU.cath.extremenetworks.com”. Based on the variable definition index [6:8], the AP is assigned to site named SITE_RDU. Because I have a site named SITE_RDU, this AP will be placed in a device group within that site. For Pattern-Based matching to work in this example, you must have a site previously configured that is named "SITE_RDU". If that site does not exist, an error is logged and the rules engine continues evaluating adoption rules.
Configure Adoption Rules 4. From the Action field, select a rule action. Valid values are: • • • Allow Deny Redirect 5. In the Site field, select Pattern-Based. An additional field displays. 6. Configure a site name using FQDN or DNS-Suffix variables (for example, Site_$FQDN[x:y] or Site_$DNS-SUFFIX[x:y]). 7. For AP adoption rules only — specify a device group. When using a Pattern-Based site, manually enter the device group name.
Adoption Rules Configure Configure Device Redirection You can configure an adoption rule that redirects devices to another appliance when matching criteria are met. Note AP39xx access points do not support adoption rule redirection where the redirected destination is defined as an FQDN. AP39xx only supports a redirected destination that is defined as an IPv4 address. 1. Go to Configure > Adoption > Add. The New Rule dialog displays. 2.
ExtremeGuest Integration Configure Model number on the device. This field matches on sub strings. The full model number is not required for a match. Serial Number Serial number on the device. Serial number requires an exact string match. Note Each filter value can only be applied once to a single rule. Related Topics Adding or Editing Adoption Rules on page 280 Adoption Rules on page 280 Deleting Adoption Rules on page 286 Deleting Adoption Rules Adoption rules can be deleted.
ExtremeGuest Server Settings Configure ExtremeGuest Captive Portal Settings on page 251 ExtremeGuest Server Settings To configure the ExtremeGuest server, take the following steps: 1. Go to Configure > ExtremeGuest and select Add. 2. Configure the following parameters: IP Address IP address of the ExtremeGuest server. Name Name of the ExtremeGuest server. FQDN Fully-qualified domain name of the ExtremeGuest server.
Configure Callback Manager Callback Manager Callback Manager is an Extreme Campus Controller component that supports the integration of Extreme Campus Controller and ExtremeGuest. Callback Manager supports a Centralized site deployment only.
Configure AAA Policy Configure The RADIUS Authorization and Accounting transactions occur between the Network Access Server (NAS) on Extreme Campus Controller and the RADIUS server without involving NAC. However, you have the option to configure Access Control Rules within the local NAC, making use of automated policy management. Access Control Rules enable you to apply network access permissions and restrictions based on defined rules.
Configure AAA Policy Configure Call Station ID Identifies a group of access points. The Call Station ID is often configured in a large network using an external NAC or RADIUS server. Possible values are: • • • • • Wired MAC: SSID BSSID (APs supported on a Centralized site only) Site Name Site Name: Device Group Name AP Serial Number Note Call Station ID allows for Zone authentication with a Centralized site.
Configure AAA Policy Configure When this setting is set to Failover, a RADIUS request is sent to one server at a time: • The RADIUS request is sent to the Primary server (based on the RADIUS server order in the AAA policy). • When the Primary server is not accessible, the request is sent to the second server (the Failover server). • When the Primary server is accessible, the request is automatically sent to the Primary server instead of the Failover server.
Configure AAA Policy Configure primary server for all new authentications. All authentications in progress continue to use the backup server. Note There is no correlation between the RADIUS server that is used for authentication and the RADIUS server that is used for accounting. Include Framed IP Select this option to include the FRAMED-IP attribute value pair in the RADIUS ACCESS-REQ message. You can include the user IP address in the RADIUS ACCESS-REQ through the FRAMED-IP attribute.
Configure AAA Policy Configure The threshold in seconds that determines if the client authentication requests are blocked. This is the window of time in which the failed authentication attempts occur. Valid values are 1 to 10 seconds. The default value is 3 seconds. Quiet Timeout (Seconds) The amount of time that authentication requests from the client are blocked before its RADIUS requests are forwarded to the RADIUS server again. Valid values are 1 to 300 seconds.
Configure AAA Policy Configure For Local Onboarding, use the Retries and Timeout values with the RADIUS Server Health Check parameters to detect RADIUS servers that are not responding and fail over to a second server if necessary. When Local Onboarding bypassed is enabled, all RADIUS requests are sent to one RADIUS server until it fails; then, the next RADIUS server is used. Port User Datagram Protocol (UDP) port number used for client authentication.
Onboard Onboard AAA Authentication on page 295 Manage Captive Portal on page 305 Manage Access Control Groups on page 317 Access Control Rules on page 320 Onboard AAA Authentication Configure network access from the Onboard menu, including AAA configuration, local password repository, LDAP, and captive portal configuration, access control groups, and a rules engine.
Onboard Managing RADIUS Servers 3. Configure the following parameters for the default configuration: Table 71: Default AAA Configuration Parameters Field Description Authentication Method Determines the method for user authentication. Additional authentication parameters depend on the method you select here. Valid values are: • RADIUS. RADIUS Server authenticates user. • Local. Extreme Campus Controller authenticates user. • LDAP. LDAP server authenticates user.
Managing RADIUS Servers Onboard 3. To add a new RADIUS server, from the RADIUS Servers tab, select Add and configure the server settings. Note To support load balancing, Extreme Campus Controller allows up to four redundant RADIUS servers for accounting and four RADIUS servers for authentication. Related Topics Setting Default AAA Config on page 295 RADIUS Settings on page 297 Advanced RADIUS Settings on page 298 RADIUS Settings Configure the following parameters and select Save.
Managing RADIUS Servers Onboard Advanced RADIUS Settings For information about advanced RADIUS configuration settings, see the following table: Table 73: RADIUS Server Advanced Settings Field Description Username Format Determines if the domain name will be included in the username when proxying a request to the backend RADIUS server. Valid values are: • Strip Domain Name (default) - Select this option unless the backend RADIUS server requires the domain name to be included.
Onboard LDAP Configurations Related Topics Managing RADIUS Servers on page 296 RADIUS Settings on page 297 LDAP Configurations LDAP (Lightweight Directory Access Protocol) is a software protocol used to locate people, organizations, or other resources in a network. LDAP can be used on a public Internet or on a corporate intranet. Configure an LDAP configuration for each LDAP server in your network. To access or add new LDAP configurations: 1. Go to Onboard > AAA and select LDAP Configurations.
LDAP Configurations Onboard Table 74: LDAP Configuration Settings (continued) Field Description Mask Check this option to mask the user entered password characters with bullets. As user password requirements become more complex, consider clearing this option so users can verify entered password characters. User Search Root The root node of the LDAP server. To improve search performance, you can specify a sub tree node to confine the search to a specific section of the directory.
LDAP Configurations Onboard Table 75: LDAP Schema Definition Settings (continued) Field Description User Authentication Type Specifies the user authentication. Valid values are: • LDAP Bind – Only works with a plain text password. It is useful for authentication from the captive portal but does not work with most 802.1x authentication types. • NTLM Auth – This option is only useful when the backend LDAP server is a Microsoft Active Directory server.
Managing The Local Password Repository Onboard Managing The Local Password Repository Extreme Campus Controller gives you the option to store user accounts in a local password repository in place of configuring one or more remote RADIUS servers or remote LDAP servers to handle network authentication. Note The Admin account that you create here, from Onboard > AAA > Local Password Repository, applies to the local captive portal.
Certificates Onboard Table 76: User Account Settings (continued) Field Description Last Name User's last name. Display Name Name that displays on the user interface for the account. This can be the User name or something else. Username User name for the account. Password Hash Type Password hash function used for password hashing. Password Password for the account. Alphanumeric value, minimum of 6 characters. The default captive portal password is Extreme@pp.
Onboard Certificates After an interface or topology is created, the Certificates button displays. Take the following steps: 1. Select Certificates. The Certificates dialog displays. 2. Select the Certificate option: • Install or Replace Certificate Select this option and select Generate CSR. Complete the online form, then generate and download the certificate that can be presented to a public certificate authority.
Manage Captive Portal Onboard 4. Select Save to save your changes and close the dialog. Related Topics Certificates on page 303 AAA Certificate Authorities To manage a list of Trusted Certificate Authorities for AAA certificates, do the following: 1. Go to Onboard > AAA and select Manage Certificates. 2. Under AAA Trusted Certificate Authorities, select Update Certificate. 3. To add trusted certificates to Extreme Campus Controller, select Add CA Certificates and navigate to the certificate file.
Portal Website Configuration Onboard 2. Select an existing portal or select Add. When adding a new portal, enter a name for the portal, save it, then select that portal from the list. 3. Configure the following parameters: • Guest Portal. Intended for temporary access through guest accounts. Valid values are: ◦ Guest Web Access Allows unauthenticated access to the network for the duration of the client's session. Allows the optional presentation of an Acceptable Use Policy.
Portal Website Configuration Onboard Guest Portal: Guest Web Access Table 77: Guest Portal — Guest Web Access Field Description Introduction Message The message displayed to a user when they register or gain web access as an authenticated user of the network. Message string parameters include Locale and a Text field for a Terms of Use Statement. The Introduction Message is shared by Guest Web Access and Guest Registration. Modifications affect both access types.
Portal Website Configuration Onboard Guest Portal: Guest Registration Table 78: Guest Portal — Guest Registration Field Description Guest Portal — Guest Registration Introduction Message See Introduction Message. Custom Fields See Custom Fields. Redirection See Redirection. Default Expiration Indicates registration window before expiration, measured in days, minutes, or hours. Default expiration is 30 days after initial registration.
Portal Website Configuration Onboard Authenticated Portal: Authenticated Registration Settings on page 310 Look and Feel Settings on page 312 Default Rules for Captive Portal on page 323 Authentication with Third-party Credentials Guest Registration using a third-party application has the following advantages: • It provides Extreme Campus Controller with a higher level of user information by obtaining information from the end user's third-party application account instead of relying on information ente
Portal Website Configuration Onboard Authenticated Portal: Authenticated Web Access Table 79: Authenticated Portal — Authenticated Web Access Field Description Login or Register Message See Introduction Message. Introduction Message See Introduction Message. Failed Authentication Message The message displayed to the end-user upon failed authentication. By default, this message advises the end user to contact their network administrator for assistance. Customize Fields See Custom Fields.
Onboard Portal Website Configuration Table 80: Authenticated Portal — Authenticated Registration Settings (continued) Field Description Default Max Registered Devices Indicates the maximum number of MAC addresses each authenticated end user may register on the network. If a user attempts to exceed this count, an error message is displayed in the Registration web page. The default value for this field is 2. Default Expiration See Default Expiration.
Portal Website Configuration Onboard Related Topics Portal Website Configuration on page 305 Guest Portal: Guest Web Access on page 307 Guest Portal: Guest Registration on page 308 Authenticated Portal: Authenticated Web Access on page 310 Look and Feel Settings on page 312 Default Rules for Captive Portal on page 323 Look and Feel Settings Use Table 81 to customize your captive portal.
Portal Website Configuration Onboard Table 81: Captive Portal Website Look and Feel Settings (continued) Setting Description Edit Colors Select the Background or Text color box corresponding to each item to open the Choose Color window. Define the colors used in the portal web pages: • Page — Define the background color and the color of all primary text on the web pages. • Header Background Color — Define the background color displayed behind the header image.
Portal Network Configuration Onboard Table 81: Captive Portal Website Look and Feel Settings (continued) Setting Description Edit Style Sheets Create a style sheet that adds to or overwrites the formatting styles for the portal, or mobile version of the portal web pages, respectively. Edit Locales Define the default locale (language), displayed to any captive portal user unless the client locale detected from their browser matches one of the defined supplemental locales.
Portal Administration Configuration Onboard 3. Configure the following parameters on the Network Configuration tab. Table 82: Network Configuration Settings Field Description Use Mobile Captive Portal Allows mobile devices to access the network via captive portal registration and remediation. It also allows Help desk and IT administrators to track the status of registered end-systems, as well as add, modify, and delete registered end-systems on the network using a mobile device.
Portal Administration Configuration Onboard track the status of registered end-systems, as well as add, modify, and delete registered end-systems on the network. 1. Go to Onboard > Portal. 2. Select an existing portal or select Add. 3. Configure the following parameters on the Administration tab. Table 83: Admin Portal Configuration Settings Setting Description Welcome Message Message displayed to users when they log into the administration portal.
Onboard Manage Access Control Groups User Account Settings on page 302 Message String Settings From this dialog, select the message Locale and edit the Description text for the registration verification message displayed during the user verification process. Manage Access Control Groups An access control group is used to organize mobile clients by various group types, including device type or end system characteristics such as IP address, hostname, or user group.
Onboard Working with Group Entries Table 85: Access Control Group Settings (continued) Field Description Group Type Criteria by which the accounts are grouped.
Cloning Groups Onboard Cloning Groups To easily create new groups, use the cloning feature, then modify the group entries and settings as necessary. 1. 2. 3. 4. Go to Onboard > Groups. Select a group from the list. Select Clone. Provide a name for the new group. Extreme Campus Controller prompts you to open the new group. 5. Add, remove, or edit group entries and settings as necessary.
Access Control Rules Onboard Related Topics Manage Access Control Groups on page 317 Access Control Group Settings on page 317 Access Control Rules Access Control Rules enable you to apply network access permissions and restrictions based on defined rules. The rules can address network resources, a user's role or purpose in the organization, or the device type that is used to access the network. Network access control is dynamic.
Configuring Network Policy Roles and Dynamic Access Control Onboard • Basic Student Access 1. Configure a policy role named Learning Student Access: The member has full access to the network but is denied access to social media apps. • • One network policy rule that provides full access to the network. • One network policy rule that limits students to TCP access on ports: HTTP/S, DNS, and DHCPServer. One application policy rule that denies access to social media apps. 2.
Onboard Managing Access Control Rules b. Check Invert check box. This indicates a match if student is not using a school computer. Policy Role: Select Basic Student Access as the Policy Role. Results: • If the student is a member of the student body using a school computer, the student has full network access and is denied access to social media applications.
Default Rules for Captive Portal Onboard Related Topics Access Control Rules on page 320 Configuring Network Policy Roles and Dynamic Access Control on page 320 Default Rules for Captive Portal on page 323 Rule Settings on page 323 Default Rules for Captive Portal The following Access Control Rules are added when you enable an internal captive portal. The rules are removed when you disable the captive portal. • Blacklist. This rule quarantines any MAC address that is part of the Blacklist group.
Onboard Rule Settings Associate rules to a group type. Configure groups under Access Control > Groups. Table 86: Access Control Rule Settings Field Description Name Rule name. You cannot change the name of default rules that are provided with Extreme Campus Controller. Rule Enabled Indicates if the rule is enabled. You cannot disable default rules that are provided with Extreme Campus Controller. Conditions Note: • If you select Any, then the criteria is ignored during the rule match process.
Tools Workflow on page 325 AP Upgrade Report on page 334 Logs on page 335 Diagnostics on page 341 Reports on page 342 Workflow Use Workflow to understand the relationships between the Extreme Campus Controller components and to more easily navigate Extreme Campus Controller. The following is a relationship diagram illustrating the Extreme Campus Controller components. You can easily navigate to any of these components using Workflow. Go to Tools > Workflow to begin.
Navigating Extreme Campus Controller Using Workflow Tools Figure 74: Extreme Campus Controller Component Relationship Related Topics Navigating Extreme Campus Controller Using Workflow on page 326 Modifying a Component on page 333 Navigating Extreme Campus Controller Using Workflow The following component types are displayed when you access Tools > Workflow: Site, Profile, Role, and Network. Alternatively, you can use the Search field to search for any component.
Tools Navigating Extreme Campus Controller Using Workflow Figure 75: Workflow Main Page Related Topics How to Navigate Using Workflow on page 327 Workflow on page 325 Modifying a Component on page 333 Adding Components from Workflow on page 331 Deleting Components from Workflow on page 332 How to Navigate Using Workflow Go to Tools > Workflow to navigate Extreme Campus Controller accessing components.
Navigating Extreme Campus Controller Using Workflow Tools 2. Select a specific site from the Site list. A site has the following associated components: Access Point, Device Group, and Switch. Figure 76: Site with associated components Figure 76 illustrates possible icon colors on the Workflow page: • • • Black Icon — The center icon surrounded by associated icons. This icon has the focus. White Icon — This icon indicates a configured component that is associated with the center icon.
Navigating Extreme Campus Controller Using Workflow Tools Figure 77: Device Group with associated components • A device group has the following associated components: ◦ ◦ ◦ ◦ RF Management Site Access Point Profile 5. In this example, there are no APs configured for Device Group 7532; therefore, Access Points appears grey. Click beside Access Points to open the Edit Device Group page and add one or more APs to Device Group 7532. For more information, see Add APs on page 190.
Navigating Extreme Campus Controller Using Workflow Tools 6. Each device group has a single profile. Click the Profile icon to display the configuration items associated with that profile. Figure 78: Profile with associated components Note Grey icons indicate components that are not configured. Click page and configure the component. to display the Edit Profile 7. Continue navigating through the component hierarchy to view any component within Extreme Campus Controller.
Adding Components from Workflow Tools Add or Edit a Configuration Profile on page 122 Add APs on page 190 Navigating Extreme Campus Controller Using Workflow on page 326 Workflow on page 325 Adding Components from Workflow The Workflow pane lists all available components and indicates how many components you have configured for each component type. To add components directly from the Workflow pane: • • Click the drop-down arrow under a component type and select the plus sign.
Deleting Components from Workflow Tools Figure 81: Add AP dialog 3. Configure the following parameters, then click OK. • • • • Serial Number Model Name (Optional) Description The Access Points configuration page for the specific AP displays. See Configure AP Radio Settings on page 191 for instructions on configuring the AP radio settings.
Tools Modifying a Component 2. Click . A confirmation dialog displays. Figure 82: Delete AP in Workflow 3. Click OK to delete the component. Related Topics How to Navigate Using Workflow on page 327 Adding Components from Workflow on page 331 Modifying a Component You can easily modify any component that has focus at the center of the Workflow page. 1. Select the component that has the focus.
AP Upgrade Report Tools Example: Network Modification 1. Go to Tools > Workflow and select the Network icon. 2. If there is more than one network available, select a specific network from the list. (If there is only one network, the network configuration settings display.) The specific network gains focus at the center of the Workflow page. 3. Select the specific network that has the focus to display the network configuration settings.
Logs Tools The AP Upgrade Status Report is available on the following workbenches: • Administration — Go to Administration > System > Software Upgrade. Scroll down to AP Images and select Upgrade Status. • Tools — Go to Tools > Logs > AP Upgrade Reports. Note Advanced Query and filtering from the Log workbench are not available for the AP Upgrade Report. The AP Upgrade Request does not provide a history of upgrades.
Tools Advanced Filtering Related Topics Build a Query for Logs on page 336 Build a Query for Logs Take the following steps to build a customized query, filtering data in the Logs page: 1. To access the Logs page: Go to Tools > Logs. 2. To open Query Builder, select Launch Query Builder. Query Builder starts with a logical group of conditions. You can add more groups, joined with query conditions.
Advanced Filtering Tools 9. To run the query, select Execute. The query is automatically saved. Note Query Builder generates a Pandas query syntax. The syntax preview is displayed at the top of the Query Builder dialog. For saved queries: • • Select to view the Pandas query. Select to copy the Pandas query to the clipboard. Figure 84: Query Builder: Events Query Type Info Select from the list of saved queries or create a new query.
Tools View Events Log Query Builder actions: • New. Provide a name, and add a blank dialog so you can create a new query. There is a limit of 10 saved queries per user, per grid. After the 10-query limit has been reached, the New button is unavailable. • • • Rename. Rename an existing query. Delete. Delete the query that is currently displayed. Close. Close the Query Builder dialog. If you close Query Builder without running the query, your query details are deleted. • Reset.
View Station Logs Tools View Station Logs If configured to do so, Extreme Campus Controller logs all station events. You can view a record of the station event from the Tools workbench or from the Clients workbench. Note Send Station Events before viewing station logs. Station log files include the following information: • • • • • • • Date and timestamp Event Type MAC Address IP Address and IPv6 Address (if appropriate) AP Name SSID Details To view station log files: 1.
Tools View AP Logs To view audit log files: 1. 2. 3. 4. Go to Tools > Logs > Audit. (Optional) Search for a specific audit log. Set a filter or use the default filter. Press Enter to execute a search. The audit log list is updated. 5. (Optional) Select to export the data and manage which columns display.
Tools Set a Logging Filter Set a Logging Filter Create Date/Time filters to display entries that were logged within a specific window of time. To set a date and time filter for an Extreme Campus Controller: 1. 2. 3. 4. Go to Tools > Logs. To display the Start Date/Time dialog, select Change. From the Time field, specify the hour and minutes and select AM or PM. To set both the start and end dates, in the Date field, use the arrows to navigate to the month, then select the calendar day for the start date.
Tools Reports Table 87: Network Utilities (continued) Field Description Ping Initiate the Ping network utility to determine reachability of the IP address or FQDN that you specify. Trace Route Initiate the Trace route command, which traces the path of a packet from Extreme Campus Controller to the IP address or FQDN that you specify. It lists the routers it passes until it reaches its destination, or fails to. It also indicates the length of each hop.
Create Report Template Tools Templates View a list of templates. Create and work with report templates. Select a template to display the following icons: — Edit the report template. — Copy the report template. — Run a report from the template. — Delete the report template. Report Settings View a list of reports with saved settings for future use, or to schedule the report using Scheduler for Extreme Campus Controller.
Tools Create Report Template Schedule Report on page 347 Define Venue User Groups Define a user group before running a Venue Report. The site-level reports are based on a set of customer-defined user groups. Create user groups based on the SSID or client user name. The user name can contain the configured Hotspot 2.0 NAI Realm of the service provider, automatically grouping clients by their service provider.
Create Report Template Tools 5. Under Search Condition, provide the value that you are searching for. Selecting the Search Condition field displays a drop-down of existing values. The list is filtered as you type. Wildcards are not supported. To match a portion of the search condition, use the operator Contains. • • Select + to add more conditions. Select - to remove conditions. 6. To add another condition row, select +. 7.
Tools Run Report Figure 87: Venue Dashboard – Upload Usage by Group Query Builder actions: • New. Provide a name, and add a blank dialog so you can create a new query. There is a limit of 10 saved queries per user, per grid. After the 10-query limit has been reached, the New button is unavailable. • • • Rename. Rename an existing query. Delete. Delete the query that is currently displayed. Close. Close the Query Builder dialog.
Tools Schedule Report The reports are limited to a specific site. Select from the list of configured sites. Period Select a period to gather data. Valid values are: • • • 3 Hours 3 Days 14 Days Format Specify the output format for this report: PDF. 4. Before running the report, select Save Report Settings. After you save the Report Settings, the report displays on the Report Settings tab, and it displays in the Scheduler for Extreme Campus Controller. 5.
Tools Schedule Report Use Scheduler for Extreme Campus Controller to schedule reports from Extreme Campus Controller. 1. Create a report template. For more information, see Create Report Template on page 343. 2. From the Report Settings tab, select a report. Then, select . 3. Provide the report settings and select Save Report Settings. For more information, see Run Report on page 346. Note Schedule reports from the Report Settings tab. You must save the report settings before you can schedule the report.
Report Settings Tools Related Topics Scheduler for Extreme Campus Controller on page 388 Create Report Template on page 343 Reports on page 342 Report Settings View a list of reports with saved settings. The list of reports also display in the Scheduler for Extreme Campus Controller. From within the Scheduler application, select a report from the saved Reports list, creating a scheduled event to generate a report. When you run a report from a template, you have the option to Save Report Settings.
Generated Reports Related Topics Reports on page 342 350 Extreme Campus Controller User Guide for version 5.46.
Administration System Configuration on page 351 Manage Administrator Accounts on page 378 Extreme Campus Controller Applications on page 381 Product License on page 392 System Configuration System administrators can do the following from the System menu: • • • • • Configure network interfaces and network time. Manage software upgrades and system maintenance. Configure availability mode for network failover and redundancy. Configure SNMP. View system logs and information.
Interfaces Administration Use the L2 Ports information to understand the OSI Layer 2 (Data Link Layer) physical topology of the data plane. These ports represent the actual Ethernet Ports. LAG Ports are supported on physical appliances only. You can deploy Extreme Campus Controller in a redundant configuration, providing connectivity to two different switch stacks for the same port function.
Interfaces Administration Table 89: Interface Parameters (continued) Field Description VLAN ID ID for the virtual network. Tagged Indicates if the interface tags traffic. When traffic is tagged, the VLAN ID is inserted into the packet header to identify which VLAN the packet belongs to. Tagging can identify the port or interface to send a broadcast message to. Port Physical port on the Extreme Campus Controller for the interface.
Administration Network Time Multiple LAG Interface Support Extreme Campus Controller supports redundant configurations where the appliance provides connectivity to two switch stacks for one port function. On the L2 Ports pane, you can configure Extreme Campus Controller attachment through a LAG to one switch, or attached to two separate switch stacks, forming a Multiple Link Aggregation Group (MLAG). An MLAG joins two or more interfaces in the same Link Aggregation Group.
Enable Cloud Visibility Administration Manually configure time zone settings for your network. Search for a time zone, and click Save to manually change system date and time. Network Time Check NTP/SNTP to configure servers for Network Time Protocol (NTP) or Simple Network Time Protocol (SNTP). NTP and SNTP are Internet Standard Protocols that assures accurate synchronization to the millisecond of computer clock times in a network of computers.
Enable Cloud Visibility Administration Device Information Available in ExtremeCloud IQ Extreme Campus Controller now integrates with ExtremeCloud IQ to manage access points and controllers from the cloud.
Software Upgrade Administration • • • • • Last Session Time Connected to AP Channel Auth Method IPv6 address Client Per Device Details The following information is available for each client: • • • • • • • • • • Hostname IP address MAC address VLAN SSID Channel IPv6 address Connected to AP Average Received Signal Strength (RSSI) Average Signal to Noise Ratio (SNR) Software Upgrade The following processes are components of the software upgrade process: • • • • • Backup Restore Software Upgrade AP Ima
Administration Software Upgrade Upgrade Software on page 359 Performing a Backup This backup and restore procedure is limited to configuration files and, optionally, logs and audit files. A system backup is a different procedure. A system backup is a full system snapshot rescue file (*-rescueuser.tgz). Creating a full system rescue file is an option during the system upgrade process. For more information on system upgrade, see Upgrade Software on page 359.
Administration Software Upgrade Restoring a Backup File Local backup files are listed. Select a backup file to restore. You can copy a backup file from a remote server or select a local file. After the file is on Extreme Campus Controller, select it and take one of the following actions: Copy Backup Restore system with backup file Copy backup file to remote system. Download backup file to a local computer Delete backup file. Note The restore process checks for Distributed sites.
Administration Software Upgrade There is more than one way to put the upgrade image on Extreme Campus Controller: • • Select a local upgrade image. Or Click to display the Copy Upgrade Image dialog. For more information, see Copy Upgrade Image on page 360. To perform an upgrade: 1. Select an image file for the upgrade. 2. Select Backup System Image To, selecting a destination location to back up the current image. 3. From the Upgrade field, select Now or Schedule.
Software Upgrade Administration Due to a storage space limitation, Extreme Campus Controller limits the number of locally available upgrade archives. If necessary, you can delete an older image before you upgrade to the latest image. To delete an image from Extreme Campus Controller, from the Select Image field, select an image and click .
Administration Software Upgrade Name of the backup image file. Backup Location Indicates where to save the backup image file. Local is currently the only supported value. Save the backup image locally on Extreme Campus Controller. Time The time of the scheduled upgrade in 24-hour format, HH-MM. Date The date of the scheduled upgrade in Month-Day format (MM-DD). Note When you supply a Date and Time that is in the past, the schedule is set for the following year at the specified date and time. 4.
Software Upgrade Administration • Go to Configure > Devices > Access Points. 3. Go to the AP Upgrade Status Report to view progress of the upgrade. Consider the following when upgrading AP images: • Selected APs must support the same upgrade image file. AP39xx series and Wi-Fi 6 APs have different firmware images; therefore they cannot be selected for upgrade together. Instead, create two AP upgrade requests: ◦ The ExtremeWireless AP39xx Series Access Points support the same firmware image file.
Administration Maintenance Upgrade Software on page 359 View Upgrade Logs on page 362 Maintenance Reset Configuration Select one of the following reset options: • Remove installed license – The system reboots and restores all aspects of the system configuration to the initial settings and the Permanent license key (with Capacity Keys) is removed. However, the Management IP address is preserved. This permits administrators to remain connected through the Management interface.
Availability Administration • • Downloads Utilities External Flash Physically connect an external device to the Extreme Campus Controller and then mount the device to display memory usage and capacity. Mounting a device makes the flash device that has been inserted into the Extreme Campus Controller available for use. Flash devices must be formatted in FAT32. Only the first partition of the flash device is used by the Extreme Campus Controller. Files must reside in the root directory.
Administration Availability • Enable and configure NTP: Network Time settings on each appliance of an availability pair must be identical for the configuration update process to be successful. • Use the Network Health chart on the Extreme Campus Controller Dashboard to monitor the Availability Link Status and the Synchronization Status for an availability pair. • Switch configuration and statistics are synchronized between the primary and backup Extreme Campus Controller.
Availability Administration Figure 88: AP Fail Over When Primary Appliance Fails • The wireless AP’s network connectivity to the primary appliance fails (see Figure 89). Extreme Campus Controller User Guide for version 5.46.
Administration Availability Figure 89: AP Fail Over When Connectivity to Primary Fails The backup Extreme Campus Controller does not have to detect its link failure with the primary Extreme Campus Controller for the session availability to kick in. If the AP loses five consecutive polls to the primary Extreme Campus Controller either due to the Extreme Campus Controller outage or to connectivity failure, it fails over to the backup Extreme Campus Controller fast enough to maintain the user session.
Availability Administration The following is the traffic flow of the topology illustrated in Figure 90: • • The AP establishes the active tunnel to connect to the primary Extreme Campus Controller. The Extreme Campus Controller sends the configuration to the AP. This configuration also contains the port information of the backup Extreme Campus Controller.
Availability Administration Mobility Settings When configuring a mobility domain with availability or session availability, synchronize time on all the wireless controllers that are part of your mobility domain. For more information, see Network Time on page 354. To configure Extreme Campus Controller as a manager or agent in a mobility domain: 1. Go to Admin > System > Availability. 2.
Settings Administration Related Topics Availability on page 365 Configuration Updates with an Availability Pair After an availability pair is set up, files updated on either appliance are synchronized with the paired appliance and then updated on the NAC server that is connected to each node. Network Time settings on each appliance of an availability pair must be identical for the configuration update process to be successful.
Administration Settings Table 94 describes how to configure SNMP credentials on Extreme Campus Controller. Table 94: SNMP Configuration Parameters Field Description SNMP Select the SNMP version to enable. Valid values are: • SNMPv3 • SNMPv2c The displayed parameters depend on the SNMP version that is enabled. Communities (SNMPv2c) Select Add to add a community. Provide a community name and access level: • Private Community — Default community for read-only SNMP communication.
Settings Administration Enable Cloud Visibility on page 355 AP Transmit Power Representation on page 374 External NAT on page 375 Advanced Tab on page 183 Working with SNMPv2 Communities 1. To access SNMPv2 Communities: • • Go to Administration > System > Settings > SNMP Go to Sites and select a site. Then, select SNMP. 2. From the SNMP field, select SNMPv2. 3. To add an SNMPv2 Community: a. From the SNMPv2 field, select Add. b. Type a name and access level. • • Read. Private Community.
Administration Settings Working with SNMP Notifications on page 374 Working with SNMPv2 Communities on page 373 Working with SNMP Notifications To work with SNMP notifications: 1. Go to Administration > System > Settings > SNMP. 2. Find the SNMP Notifications field. 3. To add a notification: a. Click Add. b. Enter the following: • • • Notification name SNMP version IP address and UDP Port of the server that will receive SNMP messages. c. Click Add.
Settings Administration To configure the AP Transmit Power Representation: 1. 2. 3. 4. Go to Administration > System > Settings. Scroll down to the AP Transmit Power Representation pane. For Configure and Report Tx Power, select Per Chain or Total Per Radio. Select Save. Related Topics Settings on page 371 External NAT Extreme Campus Controller supports External Network Address Translation (NAT), providing a secure means for remote users to access a campus network.
System Logging Configuration Administration System Logging Configuration Syslog event reporting uses the syslog protocol to relay event messages to a centralized event server on the enterprise network. In the protocol, a device generates messages, a relay receives and forwards the messages, and a syslog server receives the messages. System Log Level Determines the error severity that is logged for the appliance and AP.
System Information Administration Set a Logging Filter on page 341 System Information Go to Admin > System > System Information to view the following information about your system. Figure 91: Example System Information Extreme Campus Controller User Guide for version 5.46.
Manage Administrator Accounts Administration Figure 92: Example Manufacturing Information Manage Administrator Accounts Extreme Campus Controller is shipped with a factory-set, default administrator account with full rights: • • The user ID is admin. The factory preset password for this account is abc123. These values are case sensitive. During initial configuration of Extreme Campus Controller, the CLI wizard prompts you to change the default Admin user ID and password.
Administration Manage RADIUS Servers for User Authentication 3. To edit account settings: a. Select and existing account from the list. b. Modify settings as necessary, and select Save. Note You can generate API keys that are used to access Extreme Defender Application when editing an existing user account. 4. To delete an existing account: a. Select and existing account from the list. b. Click Delete. Note All administrator accounts except the default account can be deleted.
Custom User Account Access Administration Related Topics RADIUS Settings on page 297 Advanced RADIUS Settings on page 298 Custom User Account Access You can configure separate user access to specific areas and features of Extreme Campus Controller. 1. 2. 3. 4. Go to Administration > Accounts. To display account parameters, select an account or select Add. From the Admin Role field, select Custom > Configure. Select Read-Only or Read-Write for each of the following product areas.
Extreme Campus Controller Applications Administration Adoption Monitor or configure Extreme Campus Controller Adoption rules. See Automatic Adoption on page 279. Troubleshoot Monitor or configure packet capture for sites and device groups and open a remote console. See Packet Capture on page 83 and Opening Live SSH Console to a Selected AP on page 87. Onboard AAA Monitor or configure AAA policy and add Local Accounts. See Onboard AAA Authentication on page 295.
Administration Install an Application Extreme Campus Controller supports container applications that offer custom solutions for network management. Applications are installed as .Docker files available on Extreme Networks support site or downloaded from the Docker hub. Note You can install the application from a local image file or you can download an image file from Docker Hub. Before an image file is downloaded from Docker Hub, Extreme Campus Controller checks the image version.
Install an Application Administration Before running the installed application, you must generate an API Key and associate it with the application. For more information about the API Key, see REST API Access for Docker Container Applications on page 390. Note Extreme Campus Controller supports installation of a Docker file with a specific numerical version. Applications indicating the "Latest Version" or version numbers that include alphabetic characters are not supported.
Install an Application Administration Related Topics Generate API Keys on page 390 Associate API Key File with a Docker Application on page 392 Configuration Template Details on page 384 Upgrade an Application on page 386 Uninstall an Application on page 387 Application Details on page 387 Configuration Template Details Note The following Extreme Docker applications are installed with default configuration templates.
Administration Install an Application Table 95: Container Application Configuration Template (continued) Field Description Image The application image file name that is used in the Docker Registry. Or, for local files, the application name that is tagged in the local Docker file. Entry Point Arguments Program used to start the application. The Entry Point Arguments are provided by the container application by default. Provide a value only if you must override the default Entry Point Arguments.
Administration Access an Application Related Topics Install an Application on page 382 Access an Application After an application is installed on Extreme Campus Controller, take the following steps to access the application: 1. Go to Administration > Applications. The applications that Extreme Campus Controller supports by default are listed. Applications that are installed and running are indicated by a green dot icon. 2. To open an application in a separate browser window, select the application. 3.
Uninstall an Application Administration 3. To begin the application upgrade, select . 4. Upgrade from a local File or Docker hub Registry. 5. Select Upload and select the Docker file. 6. Select Open and select OK. 7. Select to start the application. Related Topics Install an Application on page 382 Uninstall an Application on page 387 Uninstall an Application Note All application data is deleted when you uninstall an application. To uninstall an application: 1. Go to Administration > Applications. 2.
Administration Extreme Defender for IoT Extreme Defender for IoT Extreme Defender Application provides security management plus traffic and application visibility of connected end devices. It also enables the centralized creation of policies that define network and security settings for groups of IoT devices. SA201 supports enforcement for up to eight end-systems, connected through the wired client port. Extreme Defender Application is installed as a container application on Extreme Campus Controller.
AirDefense Base Application Administration Scheduler for Extreme Campus Controller is installed as a container application on the Extreme Campus Controller. The application runs and is upgraded independently from the appliance. Before accessing Scheduler application, you must generate an API key from Extreme Campus Controller and upload it to the controller. Subsequent upgrades can use the previously installed API key file.
REST API Access for Docker Container Applications Administration Generate API Keys on page 390 REST API Access for Docker Container Applications on page 390 Install an Application on page 382 Associate API Key File with a Docker Application on page 392 Access an Application on page 386 Upgrade an Application on page 386 Uninstall an Application on page 387 Application Details on page 387 REST API Access for Docker Container Applications Use an API key to allow Docker containers access to the Extreme Camp
REST API Access for Docker Container Applications Administration 3. From the API Keys field, select Generate New API Key. The key is generated. The API Key dialog displays. Figure 93: API Key dialog 4. To download the API key as a .json file, select Download. Download the key immediately. If you select Close, you will not be able to access the key. You can generate additional keys at any time. 5. After you download the key, select Close.
Administration Product License Associate API Key File with a Docker Application To upload a generated API key file: 1. Go to Administration > Applications and select . 2. Select the Configuration Files tab. 3. Select api-keys.json, and then select the upload icon 4. Upload the API key file one of the following ways: • • . Click the Choose File box and navigate to the downloaded API key file. Drag and drop the downloaded API key file onto the Choose File box.
Product License Administration activation process for each instance of Extreme Campus Controller. The activation process is required for all Extreme Campus Controller installations. Important Ensure that Extreme Campus Controller is configured with the correct Network Time Protocol (NTP) Server settings. Licensing management and several other system functions are dependent on an accurate timestamp.
Administration Licensed Devices you choose, you must generate and install an Activation Package for each instance of Extreme Campus Controller. Note Permanent capacity and subscription licensing are not supported in the same installation. Do not mix permanent capacity and subscription in one account (intended for the same controller). Extreme Campus Controller (or the availability pair) only recognize one license type at a time.
Administration Generate and Install the Activation Package The access points are manufactured with a specific domain lock. They are configured for either an FCC or ROW license domain. For a list of supported switches, see the Release Notes. Related Topics Product License on page 392 Generate and Install the Activation Package All customers must generate and install an Activation Package for Extreme Campus Controller. Regardless of whether you obtain a new license or upgrade to Extreme Campus Controller.
Administration Subscription License Install the Activation Package Stage your Extreme Campus Controller instance. Install the Activation Package to activate Extreme Campus Controller: 1. 2. 3. 4. Return to the Extreme Campus Controller instance from where you obtained the Locking ID. Go to Administration > License. Select the plus sign next to the Activation License field. Drag the Activation Package to the Upload License dialog to install the Activation Package.
Administration Subscription License For a subscription license only, Extreme Campus Controller connects once each day with the licensing server. When necessary, you can manually synchronize Extreme Campus Controller with the licensing server. You may want to manually synchronize after the following conditions: • • • A change in capacity entitlements After applying a valid license After a failover in an Availability Pair. To manually synchronize: 1. Go to Administration > License > License Details. 2.
Permanent Capacity License Administration Permanent Capacity License A Permanent Capacity License is offered with a permanent activation, and it works with a separate capacity key. The alternative to a Permanent Capacity License is a Subscription License. The activation process is the same regardless of the license model you choose. The Extreme Campus Controller Permanent Capacity License works on simple software-based key strings. A key string consists of a series of numbers and/or letters.
Permanent Capacity License Administration 2. From the Support portal, obtain your capacity keys. For more information, see Obtain and Apply a Capacity Key on page 400. There is no connection to the licensing server when an Activation Package for Permanent Licensing is installed. Therefore, the Extreme Campus Controller displays a connection failure message. This message can be ignored for Permanent Licensing. Simply select the Switch to Permanent Licensing link to clear the message.
Upgrade to Extreme Campus Controller Administration Related Topics Generate and Install the Activation Package on page 395 Obtain and Apply a Capacity Key on page 400 Licensing States on page 396 Obtain and Apply a Capacity Key 1. Obtain a voucher from the Extreme Networks Support portal. 2. Log into the Extreme Networks Support portal to redeem the voucher. The Extreme Networks Support portal presents the Capacity key. On the Extreme Campus Controller, go to Administration > License.
Entitlements Administration Entitlements The Extreme Campus Controller Entitlements page is a log of all purchased entitlements associated with the customer account. Purchase the entitlements using a Capacity key. Entitlements indicate the total number of devices you are licensed to manage per your customer account. Each entitlement has a Start and End date. To view the list of entitlements, go to Administration > License > Entitlements.
Activations Related Topics Generate and Install the Activation Package on page 395 402 Extreme Campus Controller User Guide for version 5.46.
Glossary Chalet Chalet is a web-based user interface for setting up and viewing information about a switch, removing the need to enter common commands individually in the CLI. CLI Command Line Interface. The CLI provides an environment to issue commands to monitor and manage switches and wireless appliances. Extreme Campus Controller ExtremeCloud Appliance has been rebranded to Extreme Campus Controller. The new Extreme Campus Controller supports Campus/Centralized sites only.
Glossary ExtremeAnalytics™, formerly Purview™, is a network powered application analytics and optimization solution that captures and analyzes context-based application traffic to deliver meaningful intelligence about applications, users, locations, and devices. ExtremeAnalytics provides data to show how applications are being used.
Glossary solutions includes APs, wireless appliances, and software. Learn more about ExtremeWireless at http:// www.extremenetworks.com/products/wireless/. ExtremeXOS ExtremeXOS, a modular switch operating system, is designed from the ground up to meet the needs of large cloud and private data centers, service providers, converged enterprise edge networks, and everything in between.
Index Numerics 6 GHz Radio AP4000 14, 15 channel allocation 15 channel width 15 A AAA configuration default configuration 295 network policy configuration 289 RADIUS settings 293, 297 Access Control AAA configuration 295 certificates 303 groups 317 LDAP configuration 299 RADIUS servers 296 rules 320 access control groups cloning 319 default groups 319 Access Control Rules 320 access lists allow list 106 deny list 106 access points adding 190 advanced AP radio settings 139 advanced settings 195 antenna sett
Index B D backup files performing a backup 358 scheduled backups 358 switch configuration 219 band steering 258 Bandwidth Rate 268 best practice notification 38 dashboard adding 33 Site Dashboard 19 Site Default Dashboard 46 widgets 34, 36 device assign to site 219 monitoring 61 network widgets 100 switch widgets 96 device group adding 120 advanced settings 157 DHCP local management 273 diagnostic tools 341 Docker applications AirDefense Base 389 ExtremeDefender Application 388 REST API key access 390 S
Index ExtremeWireless Access Points (continued) AP505i 72 AP510i-1 72 AP510i/e 72 AP560i/h/m/t/u 72 F feedback ix floor maps 24 floor plan configuration 174 importing 178 settings 178 viewing 50, 51 G groups, access control 317 groups, adding 317 GUI-Mode 98 H Hotspot configuring 232 identification 233 Network Characteristics 238 Online Signup 239 Online Signup Service Provider 241 I interfaces, configuring 351 IoT Profile Settings 149 IP address assignment for an AP 204 IP address exclusions 274 L LD
Index Policy enforcement 111, 258 policy rates, configuring 279 policy rules configuring OSI Layer 2 rules 262 configuring OSI Layer 3 and 4 rules 263 configuring OSI Layer 7 rules 265 Portal configuration admin 315 network 314 website 305 website look and feel 312 ports switches 97 Positioning profile settings 154 preferred connection 183 privacy settings WEP settings 228 WPA2 Enterprise 227 WPA2 with PSK 226 WPA3 Enterprise 226 privacy settings} WPA3 with SAE 225 product announcements ix, x Professional
Index Smart RF (continued) Select Shutdown settings 174 Smart RF widgets Channel Inspector Interference Report 93 SNMP 183 SNMP configuration SNMPv2 Communities 373 SNMPv3 Users 373 SNMP notifications 374 SP Identification settings 234 SSH, Live Console to AP 87 to switch 98, 218 SSID, configuring 221 static route, adding 354 Station Events 109 Subscription Licensing 396 support, see technical support switch CLI CLI-Mode 218 GUI-Mode 98 switch configuration 218 switch configuration, backup files 219 switch
