SCALANCE WLC711 User Guide, V8.
Legal Information Warning notice system This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert symbol, notices referring only to property damage have no safety alert symbol. These notices shown below are graded according to the degree of danger.
Contents About This Guide Intended Audience .............................................................................................................................................xi How to Use This Guide ......................................................................................................................................xi Formatting Conventions ...................................................................................................................................
Discovery and Registration Overview ............................................................................................................. 3-9 Wireless AP Discovery ........................................................................................................................... 3-10 Registration After Discovery ................................................................................................................... 3-12 Understanding the Wireless AP LED Status ....................
Chapter 6: Configuring WLAN Services WLAN Services Overview .............................................................................................................................. 6-1 Third-party AP WLAN Service Type ............................................................................................................... 6-2 Configuring a Basic WLAN Service ................................................................................................................ 6-2 Configuring Privacy ..
Rate Limiting ................................................................................................................................................... 8-6 Chapter 9: Configuring Sites VNS Sites Overview ....................................................................................................................................... 9-1 Configuring Sites ...........................................................................................................................................
Provisioning the WDS Wireless APs .................................................................................................... 11-11 WDS Deployment Overview ................................................................................................................. 11-11 Connecting the WDS Wireless APs to the Enterprise Network for Discovery and Registration .......... 11-12 Configuring the WDS Wireless APs Through the SCALANCE IWLAN Controller ...............................
Viewing Load Balance Group Statistics ................................................................................................. 16-6 .Viewing Wireless AP Availability ........................................................................................................... 16-6 AP Inventory Reports ............................................................................................................................. 16-7 About Radio Preference/Load Control Statistics .........................
Configuring Web Session Timeouts ........................................................................................................... 19-13 Appendix A: Glossary Networking Terms and Abbreviations .............................................................................................................A-1 Wireless Controller Terms and Abbreviations ..............................................................................................
6-11 6-12 6-13 6-14 7-1 7-2 7-3 7-4 7-5 7-6 7-7 7-8 7-9 7-10 7-11 7-12 7-13 7-14 7-15 7-16 7-17 7-18 7-19 7-20 7-21 7-22 7-23 7-24 8-1 9-1 11-1 16-1 16-2 19-1 A-1 A-2 B-1 Relationship Between Service Class and 802.1D UP ...................................................................... 6-37 Queues ............................................................................................................................................. 6-38 Traffic Prioritization ......................................
6-1 6-2 6-3 7-1 8-1 10-1 10-2 10-3 10-4 10-5 10-6 10-7 10-8 10-9 10-10 11-1 11-2 11-3 11-4 11-5 11-6 11-7 11-8 11-9 11-10 12-1 12-2 12-3 13-1 16-1 Captive Portal Page Configuration Page for Internal and Guest Splash Modes .............................. 6-27 Captive Portal Page for 802.1x Modes ............................................................................................. 6-27 Captive Portal Page for Guest Portal Mode ...........................................................................
x SCALANCE WLC711 C79000-G8976-C260-03, 07/2012, User Guide, V8.
About This Guide This guide describes how to install, configure, and manage the SCALANCE WLC711 system. This guide is also available as an online help system. To Access the Online Help System: 1. In the SCALANCE IWLAN Assistant Top Menu bar, click Help. 2. The online help system is launched. Intended Audience This guide is a reference for system administrators who install and manage the SCALANCE IWLAN Controller.
About This Guide Formatting Conventions For... Refer to... Information about configuring Classes of Service (CoS) which are a configuration entity containing QoS Marking (802.1p and ToS/DSCP), Inbound/Outbound Rate Limiting and Transmit Queue Assignments. Chapter 8, Configuring Classes of Service Information about configuring Sites which is a mechanism for grouping APs and refers to specific Policies, Classes of Service (CoS) and RADIUS servers that are grouped to form a single configuration.
About This Guide Additional Documentation For example: Click Logout. • Monospace font is used in code examples and to indicate text that you type. For example: Type https://[:mgmt-port] Additional Documentation SCALANCE IWLAN Controller documentation is available at: www.siemens.com/automation/service&support SCALANCE WLC711 User Guide, V8.
About This Guide Additional Documentation xiv SCALANCE WLC711 C79000-G8976-C260-03, 07/2012, User Guide, V8.
1 Overview of the SCALANCE WLC711 Solution This chapter describes SCALANCE WLC711 concepts, including: For information about... Refer to page... Introduction 1-1 Conventional Wireless LANs 1-2 Elements of the SCALANCE WLC711 Solution 1-3 SCALANCE WLC711 and Your Network 1-5 Introduction The next generation of Siemens wireless networking devices provides a truly scalable WLAN solution.
Overview of the SCALANCE WLC711 Solution Conventional Wireless LANs Conventional Wireless LANs Wireless communication between multiple computers requires that each computer be equipped with a receiver/transmitter—a WLAN Network Interface Card (NIC)—capable of exchanging digital information over a common radio frequency. This is called an ad hoc network configuration. An ad hoc network configuration allows wireless devices to communicate together.
Overview of the SCALANCE WLC711 Solution Elements of the SCALANCE WLC711 Solution Elements of the SCALANCE WLC711 Solution The SCALANCE WLC711 solution consists of two devices: • SCALANCE IWLAN Controller • IWLAN Controller Access Points (Wireless APs) This architecture allows a single SCALANCE IWLAN Controller to control many Wireless APs, making the administration and management of large networks much easier.
Overview of the SCALANCE WLC711 Solution Elements of the SCALANCE WLC711 Solution Figure 1-2 SCALANCE IWLAN Controller Solution RADIUS Authentication Server DHCP Server Wireless Controller Ethernet Router/Switch Ethernet Wireless AP Wireless AP Wireless Devices As illustrated in Figure 1-2, the SCALANCE IWLAN Controller appears to the existing network as if it were an access point, but in fact one SCALANCE IWLAN Controller controls many Wireless APs.
Overview of the SCALANCE WLC711 Solution SCALANCE WLC711 and Your Network The SCALANCE IWLAN system: • Scales up to Enterprise capacity — SCALANCE IWLAN Controllers are scalable: – WLC711 — Up to 32 APs In turn, each Wireless AP can handle up to 254 wireless devices, with each radio supporting a maximum of 127. With additional SCALANCE IWLAN Controllers, the number of wireless devices the solution can support can reach into the thousands.
Overview of the SCALANCE WLC711 Solution SCALANCE WLC711 and Your Network • IWLAN Controller Access Point (Wireless AP) — A wireless LAN fit access point that communicates with a SCALANCE IWLAN Controller. • RADIUS Server (Remote Access Dial-In User Service) (RFC2865), or other authentication server — An authentication server that assigns and manages ID and Password protection throughout the network. Used for authentication of the wireless users in either 802.1x or Captive Portal security modes.
Overview of the SCALANCE WLC711 Solution SCALANCE WLC711 and Your Network • Zone Integrity — The Zone integrity server enhances network security by ensuring clients accessing your network are compliant with your security policies before gaining access. Zone Integrity Release 5 is supported. Network Traffic Flow Figure 1-3 illustrates a simple configuration with a single SCALANCE IWLAN Controller and two Wireless APs, each supporting a wireless device.
Overview of the SCALANCE WLC711 Solution SCALANCE WLC711 and Your Network encapsulates the packets and forwards them to the SCALANCE IWLAN Controller. The SCALANCE IWLAN Controller decapsulates the packets and routes these to destinations on the network. In a typical configuration, access points can be configured to locally bridge traffic (to a configured VLAN) directly at their network point of attachment. The SCALANCE IWLAN Controller functions like a standard L3 router or L2 switch.
Overview of the SCALANCE WLC711 Solution SCALANCE WLC711 and Your Network produces a Pairwise Master Key which is used by the AP and the user to derive their temporal keys. (The keys change over time.) The SCALANCE WLC711 solution provide a RADIUS redundancy feature that enables you to define a failover RADIUS server in the event that the active RADIUS server becomes unresponsive. Privacy Privacy is a mechanism that protects data over wireless and wired networks, usually by encryption techniques.
Overview of the SCALANCE WLC711 Solution SCALANCE WLC711 and Your Network Figure 1-4 VNS as a Binding of Reusable Components WLAN Service components and Policy components can be configured separately and associated with a VNS when the VNS is created or modified. Alternatively, they can be configured during the process of creating a VNS.
Overview of the SCALANCE WLC711 Solution SCALANCE WLC711 and Your Network VNS Components The distinct constituent high-level configurable umbrella elements of a VNS are: • Topology • Policy • Classes of Service • WLAN Service Topology Topologies represent the networks with which the SCALANCE IWLAN Controller and its APs interact. The main configurable attributes of a topology are: • Name - a string of alphanumeric characters designated by the administrator.
Overview of the SCALANCE WLC711 Solution SCALANCE WLC711 and Your Network 2. Default authorized policy — This is a mandatory policy that applies to the traffic of authenticated stations for which no other policy was explicitly specified. It can be the same as the default non-authorized policy. 3.
Overview of the SCALANCE WLC711 Solution SCALANCE WLC711 and Your Network Routing Routing can be used on the SCALANCE IWLAN Controller to support the VNS definitions. Through the user interface you can configure routing on the SCALANCE IWLAN Controller to use one of the following routing techniques: • Static routes — Use static routes to set the default route of a SCALANCE IWLAN Controller so that legitimate wireless device traffic can be forwarded to the default gateway.
Overview of the SCALANCE WLC711 Solution SCALANCE WLC711 and Your Network If the primary SCALANCE IWLAN Controller fails, all of its associated Wireless APs can automatically switch over to another SCALANCE IWLAN Controller that has been defined as the secondary or backup controller. If an AP reboots, the primary SCALANCE IWLAN Controller is restored if it is active.
2 Configuring the SCALANCE IWLAN Controller This chapter describes the steps involved in the initial configuration and setup, of the SCALANCE IWLAN Controller, including: For information about... Refer to page...
Configuring the SCALANCE IWLAN Controller – Configure the time zone. Because changing the time zone requires restarting the SCALANCE IWLAN Controller, Siemens recommends that you configure the time zone during the initial installation and configuration of the SCALANCE IWLAN Controller to avoid network interruptions. For more information, see “Configuring Network Time” on page 2-49. – Apply an activation key file.
Configuring the SCALANCE IWLAN Controller A VNS binds a WLAN Service to a Policy that will be used for default assignment upon a user’s network attachment. You can create topologies, policies, and WLAN services first, before configuring a VNS, or you can select one of the wizards (such as the VNS wizard), or you can simply select to create new VNS.
Configuring the SCALANCE IWLAN Controller Logging on to the SCALANCE IWLAN Controller Logging on to the SCALANCE IWLAN Controller 1. Launch your Web browser (Internet Explorer version 6.0 or higher, or FireFox). See the V8.01 release notes for the supported Web browsers. 2. In the browser address bar, type the following, using the IP address of your controller: https://192.168.10.1:5825 This launches the Wireless Assistant. The login screen is displayed. 3. In the User Name box, type your user name.
Configuring the SCALANCE IWLAN Controller Wireless Assistant Home Screen Figure 2-1 Wireless Assistant Top Menu Bar Figure 2-2 shows the Wireless Assistant Home Screen. Table 2-1, describes the home screen headings and descriptions with links to support information within the User Guide. Figure 2-2 Wireless Assistant Home Screen SCALANCE WLC711 User Guide, V8.
Configuring the SCALANCE IWLAN Controller Wireless Assistant Home Screen Table 2-1 Wireless Assistant Home Screen Headings Home Screen Heading Description Network Status Includes real-time totals for the following components: • Local APs - total number of active or inactive local APs. Click the number displayed to open a separate dialog that lists the AP name, serial number, and IP address. • Foreign APs - total number of active or inactive foreign APs.
Configuring the SCALANCE IWLAN Controller Working with the Basic Installation Wizard Table 2-1 Wireless Assistant Home Screen Headings (continued) Home Screen Heading Description Licensing Displays licensing information including: • Available AP Licenses - total number of available licenses. • Days Remaining - number of days remaining on this license key. • Regulatory Domain - Domain information for this license period.
Configuring the SCALANCE IWLAN Controller Working with the Basic Installation Wizard 2. From the top menu, click Wireless Controller. The Wireless Controller Configuration screen is displayed. 3. In the left pane, click Installation Wizard. The Basic Installation Wizard screen is displayed. 4. In the Time Settings section, configure the SCALANCE IWLAN Controller timezone: 5. – Continent or Ocean — Click the appropriate large-scale geographic grouping for the time zone.
Configuring the SCALANCE IWLAN Controller Working with the Basic Installation Wizard 7. In the Topology Configuration section, click the physical interface of the SCALANCE IWLAN Controller you want to assign as a data port. The system assigns default IP Address and Netmask values for the data port. If applicable, type a different IP address and netmask for the selected physical interface. For information on how to obtain a temporary IP address from the network, click How to obtain a temporary IP address.
Configuring the SCALANCE IWLAN Controller Working with the Basic Installation Wizard If you selected V2c, do the following (these parameters do not apply to V3): – Read Community — Type the password that is used for read-only SNMP communication. – Write Community — Type the password that is used for write SNMP communication. – Trap Destination — Type the IP address of the server used as the network manager that will receive SNMP messages.
Configuring the SCALANCE IWLAN Controller Working with the Basic Installation Wizard attempts. RADIUS is a client/server authentication and authorization access protocol used by a network access server (NAS) to authenticate users attempting to connect to a network device. Do the following: – Server Alias — Type a name that you want to assign to the RADIUS server. You can type a name or IP address of the server. – IP Address — Type the RADIUS server’s hostname or IP address.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time Install Wizard, the SCALANCE W Wireless Assistant session is terminated and you will need to log back in with the new IP address. Configuring the SCALANCE IWLAN Controller for the First Time As soon as the SCALANCE IWLAN Controller is deployed, you should perform a series of configuration tasks.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time Changing the Administrator Password Siemens recommends that you change your default administrator password once your system is deployed. The SCALANCE IWLAN Controller default password is abc123. When the SCALANCE IWLAN Controller is installed and you elect to change the default password, the new password must be a minimum of eight characters.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time Installing the License Keys This section describes how to install the license key on the SCALANCE IWLAN Controller. It does not explain how to generate the license key. For information on how to generate the license key, see the SCALANCE IWLAN License Certificate, which is sent to you via traditional mail. You have to type the license keys on the SCALANCE IWLAN Assistant GUI.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time from the system but their operational status can be changed. Refer to Viewing and Changing the L2 Ports Information. Note: You can redefine a data port to function as a Third-Party AP Port. Refer to Viewing and Changing the Physical Topologies for more information. Viewing and Changing the L2 Ports Information To View and Change the L2 Port Information: 1. From the top menu, click Wireless Controller.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time – Port name, as described above. – MAC address, as per Ethernet standard. – Untagged VLAN, displays the associated untagged VLAN ID. This ID is unique among topologies. – Tagged VLAN, displays the associated tagged VLAN ID. Note: Refer to Viewing and Changing the Physical Topologies for more information about L2 port topologies. 3.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time 3. To change any of the associated parameters, click on the topology entry to be modified. An “Edit Topology” pop up window appears. For the data ports predefined in the system, Name and Mode are not configurable. 4. Optionally, configure one of the physical topologies for Third Party AP connectivity by clicking the 3rd Party AP Topology checkbox.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time If you are using OSPF, be sure that the MTU of all the interfaces in the OSPF link match. Note: If the routed connection to an AP traverses a link that imposes a lower MTU than the default 1500 bytes, the SCALANCE IWLAN Controller and AP participate in automatic MTU discovery and adjust their settings accordingly.At the SCALANCE IWLAN Controller, MTU adjustments are tracked on a per AP basis.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time c. In the Lease (seconds) max box, type the maximum time period in seconds for which the IP address will be allocated to the Wireless APs. d. In the DNS Servers box, type the DNS Server’s IP address if you have a DNS Server. e. In the WINS box, type the WINS Server’s IP address if you have a WINS Server. Note: You can type multiple entries in the DNS Servers and WINS boxes.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time i. - To exclude a single address, select the Single Address radio button and type the IP address in the adjacent box. - In the Comment box, type any relevant comment. For example, you can type the reason for which a certain IP address is excluded from the DHCP allocation. - Click on Add. The excluded IP addresses are displayed in the IP Address(es) to exclude from DHCP Address Range box.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time 2. In the left pane, click Topologies. The Topologies tab is displayed. 3. In the Internal VLAN ID box, type the internal VLAN ID. 4. From the Multicast Support drop-down list, select the desired physical topology. 5. To save your changes, click Save.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time 2. In the left pane, click Routing Protocols. The Static Routes tab is displayed. 3. To add a new route, in the Destination Address box type the destination IP address of a packet. To define a default static route for any unknown address not in the routing table, type 0.0.0.0. 4.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time Viewing the Forwarding Table You can view the defined routes, whether static or OSPF, and their current status in the forwarding table. To View the Forwarding Table on the SCALANCE IWLAN Controller: 1. From the Routing Protocols Static Routes tab, click View Forwarding Table. The Forwarding Table is displayed. 2. Alternatively, from the top menu, click Reports.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time Ensure that the OSPF parameters defined here for the SCALANCE IWLAN Controller are consistent with the adjacent routers in the OSPF area. This consistency includes the following: • If the peer router has different timer settings, the protocol timer settings in the SCALANCE IWLAN Controller must be changed to match to achieve OSPF adjacency.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time 7. – Stub — The stub area does not receive external routes. External routes are defined as routes which were distributed in OSPF via another routing protocol. Therefore, stub areas typically rely on a default route to send traffic routes outside the present domain.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time 9. – Retransmit-Interval — Specifies the time in seconds (displays OSPF default). The default setting is 5 seconds. – Transmit Delay— Specifies the time in seconds (displays OSPF default). The default setting is 1 second. To save your changes, click Save. To Confirm That Ports Are Set for OSPF: 1.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time If management traffic is explicitly enabled for any interface, access is implicitly extended to that interface through any of the other interfaces (VNS). Only traffic specifically allowed by the interface’s exception filter is allowed to reach the SCALANCE IWLAN Controller itself. All other traffic is dropped.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time Working with Administrator-defined Interface-based Exception Filters You can add specific filtering rules at the interface level in addition to the built-in rules. Such rules give you the capability of restricting access to a port, for specific reasons, such as a Denial of Service (DoS) attack.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time 4. If the topology has an L3 interface defined, an Exception Filters tab is available. Select this tab. The Exception Filter rules are displayed. SCALANCE WLC711 User Guide, V8.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time 5. Add rules by either: – Clicking the Add Predefined button, selecting a filter from the drop down list, and clicking Add. – Clicking the Add button, filling in the following fields, then clicking OK: (1) In the IP / subnet:port box, type the destination IP address. You can also specify an IP range, a port designation, or a port range on that IP address.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time If you continue to use the default certificate to secure the SCALANCE IWLAN Controller and internal Captive Portal page, your Web browser will likely produce security warnings regarding the security risks of trusting self-signed certificates. To avoid the certificate-related Web browser security warnings, you can install customized certificates on the SCALANCE IWLAN Controller.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time To Install a Certificate for a SCALANCE IWLAN Controller Data Interface: 1. From the top menu, click Wireless Controller. The Wireless Controller Configuration screen is displayed. 2. In the left pane, click Topologies. The Topologies tab is displayed. 3. Click the Certificates tab. 4.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time Table 2-3 Topologies Page: Certificates Tab Fields and Buttons Field/Button Description Interface Certificates Topology Topology name Expiry Date Date when the certificate expires CA Cert. Identifies whether or not a CA certificate has been installed on the topology. Name (CN) Note: The IP address of DNS address associated with the topology that the certificate applies to.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time Table 2-3 Topologies Page: Certificates Tab Fields and Buttons (continued) Field/Button Description Replace/Install selected Topology’s certificate and key from a single file To replace the existing port’s certificate and key using this option, do the following: 1. Click Browse next to the PKCS #12 file to install box. The Choose file dialog is displayed. 2.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time Table 2-3 Topologies Page: Certificates Tab Fields and Buttons (continued) Field/Button Description Generate Signing Request To generate a CSR for the controller, click Generate Signing Request. The Generate Certificate Signing Request window displays (Figure 2-3) Save Click to save the changes to this Topology.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time Configuring the Login Authentication Mode You can configure the following login authentication modes to authenticate administrator login attempts: • Local authentication — The SCALANCE IWLAN Controller uses locally configured login credentials and passwords. See “Configuring the Local Login Authentication Mode and Adding New Users” on page 2-36.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time 2. In the left pane, click Login Management. The Login Management screen is displayed. 3. In the Authentication mode section, click Configure. The Login Authentication Mode Configuration window is displayed. 4. Select the Local checkbox. If the RADIUS checkbox is selected, deselect it. 5. Click OK. SCALANCE WLC711 User Guide, V8.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time 6. In the Add User section, select one of the following from the Group drop-down list: – Full Administrator — Grants the administrator’s access rights to the administrator. – Read-only Administrator — Grants read-only access right to the administrator. – GuestPortal Manager — Grants the user GuestPortal manager rights. 7. In the User ID box, type the user’s ID. 8.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time page 7-3. RADIUS is a client/server authentication and authorization access protocol used by a network access server (NAS) to authenticate users attempting to connect to a network device. The NAS functions as a client, passing user information to one or more RADIUS servers. The NAS permits or denies network access to a user based on the response it receives from one or more RADIUS servers.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time 4. In the Authentication mode section, click Configure. The Login Authentication Mode Configuration window is displayed. 5. Select the RADIUS checkbox. If the Local checkbox is selected, deselect it. 6. Click OK. 7. From the drop-down list, located next to the Use button, select the RADIUS Server that you want to use for the RADIUS login authentication, and then click Use.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time 9. Click Test to test connectivity to the RADIUS server. Note: You can also test the connectivity to the RADIUS server after you save the configuration.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time If the test is not successful, the following message will be displayed: 11. If the RADIUS connectivity test displays “Successful” result, click Save on the RADIUS Authentication screen to save your configuration. The following window is displayed: 12. If you tested the RADIUS server connectivity earlier in this procedure (Step 9 and Step 10), click No.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time Configuring the Local, RADIUS Login Authentication Mode To configure the Local, RADIUS login authentication mode: 1. From the top menu, click Wireless Controller. The Wireless Controller Configuration screen is displayed. 2. In the left pane, click Login Management. The Login Management screen is displayed. 3. In the Authentication mode section, click Configure.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time 4. Select the Local and RADIUS checkbox. 5. If necessary, select Local and use the Move Up button to move Local to the top of the list. 6. Click OK. 7. On the Login Management screen, click Save. For information on setting local login authentication settings, see “Configuring the Local Login Authentication Mode and Adding New Users” on page 2-36.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time 2. In the left pane, click Login Management. The Login Management screen is displayed. 3. In the Authentication mode section, click Configure. The Login Authentication Mode Configuration window is displayed. SCALANCE WLC711 User Guide, V8.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time 4. Select the Local and RADIUS checkbox. 5. If necessary, select RADIUS and use the Move Up button to move RADIUS to the top of the list. 6. Click OK. 7. On the Login Management screen, click Save. For information on setting RADIUS login authentication settings, see “Configuring the RADIUS Login Authentication Mode” on page 2-38.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time 2. In the left pane, click SNMP. The SNMP screen is displayed. 3. In the SNMP Common Settings section, configure the following: 4. – Mode — Select SNMPv1/v2c or SNMPv3 to enable SNMP. – Contact Name — The name of the SNMP administrator. – Location — The physical location of the SCALANCE IWLAN Controller running the SNMP agent. – SNMP Port — The destination port for the SNMP traps.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time – Read/Write Community Name — The password that is used for write SNMP communication. – Manager A — The IP address of the server used as the primary network manager that will receive SNMP messages. – Manager B — The IP address of the server used as the secondary network manager that will receive SNMP messages. Note: Manager A and Manager B address fields support both IPv4 or IPv6 addresses. 2.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time Note: The Destination IP address field supports both IPv4 or IPv6 addresses. – 7. User Name — The SNMPv3 user to configure for use with SNMPv3 traps Click Save. Editing an SNMPv3 User To Edit an SNMPv3 User: 1. From the top menu, click Wireless Controller. The Wireless Controller Configuration screen is displayed. 2. In the left pane, click SNMP. The SNMP screen is displayed. 3.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time Network Time Synchronization Network time is synchronized in one of two ways: • Using the system’s time — The system’s time is the SCALANCE IWLAN Controller’s time. • Using Network Time Protocol (NTP) — The Network Time Protocol is a protocol for synchronizing the clocks of computer systems over packet-switched data networks.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time 8. Click Set Clock. 9. The WLAN network time is synchronized in accordance with the SCALANCE IWLAN Controller’s time. Configuring the Network Time Using an NTP Server To configure the network time using an NTP server: 1. From the top menu, click Wireless Controller. The Wireless Controller Configuration screen is displayed. 2. In the left pane, click Network Time.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time 9. In the Time Server 1 text box, type the IP address or FQDN (Full Qualified Domain Name) of an NTP time server that is accessible on the enterprise network. Note: The Time Server fields supports both IPv4 and IPv6 addresses. 10. Repeat for Time Server2 and Time Server3 text boxes.
Configuring the SCALANCE IWLAN Controller Configuring the SCALANCE IWLAN Controller for the First Time 2. In the left pane, click Secure Connections. The Secure Connections screen is displayed. 3. Enter the Server IP address of the other end of the secure protocol tunnel and the shared secret to use. 4. Click Add/Update. 5. Click Save.
Configuring the SCALANCE IWLAN Controller Using an AeroScout/Ekahau Location-based Solution If the second DNS server is also not reachable, the query is sent to the third DNS server in the stack. To configure DNS servers for resolving host names of NTP and RADIUS servers: 1. From the top menu, click Wireless Controller. The Wireless Controller Configuration screen is displayed. 2. In the left pane, click Host Attributes. The Host Attributes screen is displayed. 3.
Configuring the SCALANCE IWLAN Controller Using an AeroScout/Ekahau Location-based Solution Note: Participating Wireless APs must use the 2.4 GHz band. Once you have enabled the location-based service on the SCALANCE IWLAN Controller and the participating Wireless APs, at least one of the participating Wireless APs will receive reports from an AeroScout/Ekahau Wi-Fi RFID tag in the 2.4GHZ band.
Configuring the SCALANCE IWLAN Controller Using an AeroScout/Ekahau Location-based Solution 2. In the left pane, click Location-based Service. The Location-based Service screen is displayed. 3. From the Location-based Service drop-down list, click the desired location-based service for the SCALANCE IWLAN Controller. 4. If Aeroscout is selected, enter the Server IP Address of the AeroScout server in the Aeroscout Address field. 5.
Configuring the SCALANCE IWLAN Controller Using an AeroScout/Ekahau Location-based Solution 7. From the top menu, click Wireless APs. The All APs screen is displayed. 8. Select an AP. 9. Click Advanced. The Advanced window displays. 10. Select the Enable location-based service field. 11. Click Close. The Advanced window closes. 12. Repeats steps 7 through 10 for each additional AP that you want to participate in the locationbased service. 13. Click Save. SCALANCE WLC711 User Guide, V8.
Configuring the SCALANCE IWLAN Controller Additional Ongoing Operations of the System Note: You can also enable location based service on APs through the Location-based service field on the AP Multi-edit screen and the Advanced window of the AP Default Settings screen.
3 Configuring the Wireless AP This chapter describes the Wireless Access Point (AP) and the SCALANCE WLC711 solution, including: For information about... Refer to page...
Configuring the Wireless AP Deploying a Wireless AP with External Antennas Some Wireless AP models support external antennas. The external antennas are individually certified and determine the available channel list and the maximum transmitting power for the country in which the Wireless AP is deployed. For more details refer to the manuals of the respective antennas. The following table shows which Wireless AP models have external or internal antennas.
Configuring the Wireless AP Figure 3-1 SCALANCE W786-2 HPW Outdoor Wireless AP Figure 3-1 illustrates the following: • The SCALANCE Outdoor Wireless AP has two radios — Radio 1 and Radio 2. • Radio 1 supports the 5 GHz radio, with radio mode a. • Radio 2 supports the 2.4 GHz radio, with radio modes b, g, and b/g. • Radio 1 and Radio 2 are connected to external antennas — 1A, 1B and 2A, 2B. 5 GHz radio supporting the 802.11a standard — The 802.11a standard is an extension to 802.
Configuring the Wireless AP The Unlicensed National Information Infrastructure (U-NII) bands all lie within the 5-GHz band, designed for short-range, high-speed, wireless networking communication. The Wireless AP supports the full range of 802.11a: • 5.15 to 5.25 GHz — U-NII Low Band • 5.25 to 5.35 GHz — U-NII Middle Band • 5.47 to 5.725 GHz — UNII 2+ • 5.725 to 5.825 GHz — U-NII High Band Siemens Wireless 802.11n AP The SCALANCE IWLAN 802.
Configuring the Wireless AP Figure 3-2 MIMO in SCALANCE IWLAN 802.11n AP Note: MIMO should not be confused with the Diversity feature. While Diversity is the use of two antennas to increase the odds that a better radio stream is received on either of the antennas, MIMO antennas radiate and receive multi-streams of the same packet to achieve the increased throughput.
Configuring the Wireless AP Shortened Guard Interval The purpose of the guard interval is to introduce immunity to propagation delays, echoes and reflections of symbols in orthogonal frequency division multiplexing (OFDM) — a method by which information is transmitted via a radio signal in Wireless APs. In OFDM, the beginning of each symbol is preceded by a guard interval.
Configuring the Wireless AP Figure 3-3 SCALANCE IWLAN 802.11n AP’s Baseband Figure 3-3 illustrates the following: • The SCALANCE IWLAN 802.11n AP has two radios — Radio 1 and Radio 2. • Radio 1 supports the 5 GHz radio, with radio modes a, a/n, and n-strict. • Radio 2 supports the 2.4 GHz radio, with radio modes b, g, b/g, b/n, b/g/n, and n-strict. • Radio 1 is connected to external antennas R1A1, R1A2, R1A3, and Radio 2 is connected to external antennas R2A1, R2A2, R2A3.
Configuring the Wireless AP The radios are enabled or disabled through the SCALANCE W Wireless Assistant. For more information, see “Modifying Wireless 802.11n AP W786C/W788C Radio Properties” on page 3-27. The Unlicensed National Information Infrastructure (U-NII) bands all lie within the 5-GHz band, designed for short-range, high-speed, wireless networking communication. The 802.
Configuring the Wireless AP Discovery and Registration Overview Note: You can establish a telnet or SSH session with the Wireless AP during the time window of 30 seconds when the Wireless AP returns to its default IP address mode. If a static IP address is assigned during this period, you must reboot the Wireless AP for the configuration to take effect. For more information, see “Assigning a Static IP Address to the Wireless AP” on page 3-9.
Configuring the Wireless AP Discovery and Registration Overview Figure 3-4 Wireless AP Discovery Process Wireless AP Discovery Wireless APs discover the IP address of a SCALANCE IWLAN Controller using a sequence of mechanisms that allow for the possible services available on the enterprise network. The discovery process is successful when the Wireless AP successfully locates a SCALANCE IWLAN Controller to which it can register. 3-10 SCALANCE WLC711 C79000-G8976-C260-03, 07/2012, User Guide, V8.
Configuring the Wireless AP Discovery and Registration Overview Ensure that the appropriate services on your enterprise network are prepared to support the discovery process. The following steps summarize the discovery process: 1. Use the IP address of the SCALANCE IWLAN Controller to which the AP last connected successfully Once a Wireless AP has successfully registered with a SCALANCE IWLAN Controller, it recalls that controller's IP address, and uses that address on subsequent reboots.
Configuring the Wireless AP Discovery and Registration Overview – SLP — A means of allowing client applications to discover network services without knowing their location beforehand. Devices advertise their services using a Service Agent (SA). In larger installations, a Directory Agent (DA) collects information from SAs and creates a central repository (SLP RFC2608).
Configuring the Wireless AP Discovery and Registration Overview Table 3-4 provides a composite view of the R1, R2 and F LEDs: Table 3-4 Siemens Wireless AP LED Status R1 LED R2 LED F LED SCALANCE IWLAN Outdoor AP’s detailed status Off Off Blinking Red Initialization: Power-on-self test (POST) Blinking Green Blinking Red Initialization: Random delay Solid Green Blinking Red Initialization: Vulnerable Period Solid Red Reset to factory defaults Solid Green Blinking Red WDS scanning Off B
Configuring the Wireless AP Discovery and Registration Overview Table 3-5 LEDs Indicating Signal Strength RSS (dBm) LED L1 PoE P1 R1 R2 F RSS < -84 Off Off Off Off Off Blinking red -84 < RSS < -77 Off Off Off Off Off Fast Blinking red -77 < RSS < -70 Off Off Off Off Blinking green Solid red -70 < RSS < -63 Off Off Off Blinking green Solid green Solid red -63 < RSS < -56 Off Off Blinking green Solid green Solid green Solid red -56 < RSS < -49 Off Blinking green
Configuring the Wireless AP Discovery and Registration Overview To Configure the AP LED Operational Mode When Configuring an Individual Wireless AP: 1. From the top menu, click Wireless APs. The Wireless AP screen displays. 2. In the left-hand pane, click All APs. The AP Configuration page displays with the AP Properties tab exposed. 3. In the second column from the left, select the appropriate AP. 4. On the AP Properties tab, click the Advanced button. The Advanced window displays. 5.
Configuring the Wireless AP Discovery and Registration Overview 2. Connect the Wireless AP to a power source to initiate the discovery and registration process. For more information, see “Methods of Connecting and Powering a Wireless AP” on page 3-18. Adding a Wireless AP Manually Option You can manually add a Wireless AP to the SCALANCE IWLAN Controller, however, the AP must still go through the automatic discovery and registration process to locate the controller.
Configuring the Wireless AP Discovery and Registration Overview Note: During the initial setup of the network, Siemens recommends that you select the Allow all Wireless APs to connect option. This option is the most efficient way to get a large number of Wireless APs registered with the SCALANCE IWLAN Controller. Once the initial setup is complete, Siemens recommends that you reset the security mode to the Allow only approved Wireless APs to connect option.
Configuring the Wireless AP Adding and Registering a Wireless AP Manually The number of retries is limited to 255 for the discovery. The default number of retries is 3, and the default delay between retries is 3 seconds. 5. To save your changes, click Save. Once the discovery parameters are defined, you can connect the Wireless AP to a power source.
Configuring the Wireless AP Configuring Wireless AP Settings Table 3-7 Add Wireless AP window (continued) Field Description Name Type a unique name for the Wireless AP that identifies the access point. The default value is the Wireless AP’s serial number. Description Enter a description of this AP. Add Wireless AP Click to add the Wireless AP with default settings. You can later modify these settings.
Configuring the Wireless AP Configuring Wireless AP Settings 2. In the left pane, click Access Approval. The Access Approval screen is displayed, along with the registered Wireless APs and their status. 3. To select the Wireless APs for status change, do one of the following: – For a specific Wireless AP, select the corresponding checkbox. – For Wireless APs by category, click one of the Select Wireless APs options. To clear your Wireless AP selections, click Deselect All. 4.
Configuring the Wireless AP Configuring Wireless AP Settings Configuring a Wireless AP’s Properties Once a Wireless AP has successfully registered, you can then continue to configure its properties. Configuring Wireless AP properties includes working with the following Wireless AP tabs: • AP Properties • WLAN Assignment • Radio 1 • Radio 2 • Static Configuration • 802.1x AP Properties Tab Configuration Use the AP Properties tab to view and configure basic Wireless AP properties.
Configuring the Wireless AP Configuring Wireless AP Settings Table 3-8 AP Properties (continued) Field Description Host Name Read-only. This value, which is based on AP Name, cannot be directly edited. This value depicts the AP Host-Name value. If the AP Name value does begin with a number, for example when it is the AP's serial number, the AP's model is prepended to the value. This value is used for tracking purposes on the DHCP server.
Configuring the Wireless AP Configuring Wireless AP Settings Table 3-8 AP Properties (continued) Field Description Right Antenna Type Click to select No Antenna or choose an antenna type from the drop-down list. Advanced Dialog Poll Timeout Type the timeout value, in seconds, for the Wireless AP to reestablish the link with the SCALANCE IWLAN Controller if it (Wireless AP) does not get an answer to its polling. The default value is 10 seconds.
Configuring the Wireless AP Configuring Wireless AP Settings Table 3-8 AP Properties (continued) Field Description Enable LLDP Click to enable or disable the Wireless AP from broadcasting LLDP information. This option is disabled by default. If SNMP is enabled on the SCALANCE IWLAN Controller and you enable LLDP, the LLDP Confirmation dialog is displayed. Select one of the following: Proceed (not recommended) — Select this option to enable LLDP and keep SNMP running, and then click OK.
Configuring the Wireless AP Configuring Wireless AP Settings Assigning Wireless AP Radios to a VNS There are three methods of assigning Wireless AP radios to a VNS: • VNS configuration — When a VNS is configured, you can assign Wireless AP radios to the VNS through its associated WLAN Service. For more information, see “Configuring WLAN Services” on page 6-1. Note: To configure foreign Wireless AP radios to a VNS, use the VNS configuration method.
Configuring the Wireless AP Configuring Wireless AP Settings Configuring Wireless AP Radio Properties Modifying Wireless AP radio properties can vary significantly depending on the model of the Wireless AP your are configuring: • For specific information on modifying a Wireless 802.11n AP, see “Modifying Wireless 802.11n AP W786C/W788C Radio Properties” on page 3-27. • For specific information on modifying a W786-2HPW, see “Modifying Wireless AP W7862HPW Radio Properties” on page 3-39.
Configuring the Wireless AP Configuring Wireless AP Settings If using half of the available channels is not an option for your environment, do not configure a channel plan. Instead, allow ACS to select from all available channels. This alternate solution may contribute to increased congestion on the extension channels. Note: ACS in the 2.4GHz radio band with 40MHz channels is not recommended due to severe co-channel interference.
Configuring the Wireless AP Configuring Wireless AP Settings • Radio 2 — Channels can bond up or down as long as the band edge is not exceeded, but some channels have predefined bonding directions. Channel bonding is enabled by selecting the Channel Width on the Radio tabs. When selecting Channel Width, the following options are available: • • • 20MHz — Channel bonding is not enabled: – 802.11n clients use the primary channel (20MHz) – Non-802.
Configuring the Wireless AP Configuring Wireless AP Settings The Wireless 802.11n AP is configured, by default, to transmit on all three antennas. Depending on your deployment requirements, you can configure the Wireless 802.11n AP to transmit on specific antennas. You can configure the Wireless 802.11n AP to transmit on specific antennas for both radios, including all the available modes: • Radio 1 — a, a/n modes • Radio 2 — b, b/g, b/g/n modes When you configure the Wireless 802.
Configuring the Wireless AP Configuring Wireless AP Settings Table 3-9 Radio Properties Field Description Base Settings BSS Info BSS Info is read-only. After WLAN Service configuration, the Basic Service Set (BSS) section displays the MAC address on the Wireless AP for each WLAN Service and the SSIDs of the WLAN Services to which this radio has been assigned. Admin Mode Select On to enable the radio; select Off to disable the radio.
Configuring the Wireless AP Configuring Wireless AP Settings Table 3-9 Radio Properties (continued) Field Description Current Channel Read-only. The actual channel the ACS has assigned to the Wireless AP radio. The Current Channel value and the Last Requested Channel value may be different because the ACS automatically assigns the best available channel to the Wireless AP, ensuring that a Wireless AP’s radio is always operating on the best available channel. Last Requested Channel Read-only.
Configuring the Wireless AP Configuring Wireless AP Settings Table 3-9 Radio Properties (continued) Field Description Auto Tx Power Ctrl Adjust If ATPC is enabled, click the Tx power level that can be used to adjust the ATPC power levels that the system has assigned. Siemens recommends that you to use 0 dB during your initial configuration.
Configuring the Wireless AP Configuring Wireless AP Settings Table 3-9 Radio Properties (continued) Field Description Antenna Selection Click the antenna, or antenna combination, you want to configure on this radio. Note: When you configure the Wireless 802.11n AP to use specific antennas, the transmission power is recalculated; the Current Tx Power Level value for the radio is automatically adjusted to reflect the recent antenna configuration.
Configuring the Wireless AP Configuring Wireless AP Settings Table 3-9 Radio Properties (continued) Field Description Advanced Dialog - Basic Radio Settings Dynamic Channel Selection To enable Dynamic Channel Selection, click one of the following: Off — Disables the feature Monitor Mode — If enabled, a selection of DCS Interference Events appears in a separate dialog. If traffic or noise levels exceed the configured DCS thresholds, an alarm is triggered and an information log is generated.
Configuring the Wireless AP Configuring Wireless AP Settings Table 3-9 Radio Properties (continued) Field Description Max Basic Rate Click the maximum data rate that must be supported by all stations in a BSS: 6, 12, or 24 Mbps. If necessary, the Max Basic Rate choices adjust automatically to be higher or equal to the Min Basic Rate. Max Operational Rate Click the maximum data rate that clients can operate at while associated with the Wireless AP: 24, 36, 48, or 54 Mbps.
Configuring the Wireless AP Configuring Wireless AP Settings Table 3-9 Radio Properties (continued) Field Description 40MHz Channel Busy Threshold Type the extension channel threshold percentage, which if exceeded, will disable transmissions on the extension channel (40MHz). 40MHz Prot.
Configuring the Wireless AP Configuring Wireless AP Settings Table 3-9 Radio Properties (continued) Field Description Protection Type Click a protection type: CTS Only or RTS CTS. The default and recommended setting is CTS Only. Click RTS CTS only if an 11b AP that operates on the same channel is detected in the neighborhood, or if there are many 11b-only clients in the environment.
Configuring the Wireless AP Configuring Wireless AP Settings Note: Do not disable 802.11g protection mode if you have 802.11b or 802.11g client devices using this Wireless AP; instead, configure only Radio 1 for high throughput unless it is acceptable to achieve less than maximum 802.11n throughput on Radio 2. – If only 802.11n devices are present, you must disable 11n protection and 40MHz protection: - Protection Mode — Click None. - Protection Type — Click CTS only or RTS CTS.
Configuring the Wireless AP Configuring Wireless AP Settings – Select WPA-PSK, and then clear the WPA v.1 option: - Select WPA v.2. - In the Encryption drop-down list, click AES only. Note: To achieve the strongest encryption protection for your VNS, Siemens recommends that you use WPA v.1 or WPA v.2. 8. Click the QoS Policy tab. 9. In the Wireless QoS section, select the WMM option. Some 802.11n client devices will remain at 54Mbps unless WMM is enabled.
Configuring the Wireless AP Configuring Wireless AP Settings NOTICE Caution should be exercised when using this feature. For more information, see “Configuring VLAN Tags for Wireless APs” on page 3-44. If the Wireless AP VLAN is not configured properly (wrong tag), connecting to the Wireless AP may not be possible. To recover from this situation, you will need to reset the Wireless AP to its factory default settings. For more information, see the SCALANCE WLC711 Maintenance Guide.
Configuring the Wireless AP Configuring Wireless AP Settings Table 3-10 Static Configuration Properties Field/Button Description VLAN Settings Tagged Select if you want to assign this AP to a specific VLAN and type the value in the box. Untagged Select if you want this AP to be untagged. This option is selected by default. VLAN ID Enter a VLAN ID. Valid values are 1 to 4094 IP Address Assignment Use DHCP Select to enable Dynamic Host Configuration Protocol (DHCP).
Configuring the Wireless AP Configuring Wireless AP Settings Table 3-10 Static Configuration Properties (continued) Field/Button Description Tunnel MTU Enter a static MTU value, from 600 to 1500, in the Tunnel MTU box. If the Siemens wireless software cannot discover the MTU size, it enforces the static MTU size. Set the MTU size to allow the source to reduce the packet size and avoid the need to fragment data packets in the tunnel.
Configuring the Wireless AP Configuring Wireless AP Settings 2. In the Wireless AP list, click the Wireless AP for which you want to enable or disable telnet. 3. Click Advanced. The Advanced dialog is displayed. 4.
Configuring the Wireless AP Configuring VLAN Tags for Wireless APs Configuring VLAN Tags for Wireless APs NOTICE You must exercise caution while configuring a VLAN ID tag. If a VLAN tag is not configured properly, the connectivity between the SCALANCE IWLAN Controller and the Wireless AP will be lost. To configure the VLAN tag for the Wireless AP, you must connect the Wireless AP to a point on the central office network that does not require VLAN tagging.
Configuring the Wireless AP Configuring VLAN Tags for Wireless APs 802.1x authentication credentials can be updated at any time, whether or not the Wireless AP is connected with an active session. If the Wireless AP is connected, the new credentials are sent immediately. If the Wireless AP is not connected, the new credentials are delivered the next time the Wireless AP connects to the SCALANCE IWLAN Controller. There are two main aspects to the 802.
Configuring the Wireless AP Configuring VLAN Tags for Wireless APs 3. Click the 802.1x tab. 4. In the Username drop-down list, click the value you want to assign as the user name credential: 5. 6. – Name — The name of the Wireless AP, which is assigned on the AP Properties tab. The Wireless AP name can be edited. – Serial — The serial number of the Wireless AP. This setting cannot be edited. – MAC — The MAC address of the Wireless AP. The setting cannot be edited.
Configuring the Wireless AP Configuring VLAN Tags for Wireless APs Configuring 802.1x EAP-TLS Authentication EAP-TLS authentication uses certificates for authentication. A third-party Certificate Authentication application is required to configure EAP-TLS authentication. Certificates can be overwritten with new ones at any time. With EAP-TLS authentication, the SCALANCE IWLAN Controller can operate in the following modes: • Proxy Mode • Pass Through Mode Note: When a Wireless AP configured with 802.
Configuring the Wireless AP Configuring VLAN Tags for Wireless APs 5. Type the criteria to be used to create the certificate request.
Configuring the Wireless AP Configuring VLAN Tags for Wireless APs 2. In the Wireless AP list, click the Wireless AP for which you want to configure 802.1x EAP-TLS authentication. 3. Click the 802.1x tab. 4. Click Browse. The Choose file window is displayed. 5. Navigate to the location of the certificate file (.pfx) and click Open. The name of the certificate file is displayed in the X509 DER / PKCS#12 file box. 6. In the Password box, type the password that was used to protect the private key.
Configuring the Wireless AP Configuring VLAN Tags for Wireless APs 3. Do the following: – To delete EAP-TLS credentials, click Delete EAP-TLS credentials. – To delete PEAP credentials, click Delete PEAP credentials. The credentials are deleted and the Wireless AP settings are updated. Note: If you attempt to delete the 802.
Configuring the Wireless AP Configuring VLAN Tags for Wireless APs 3. In the Wireless APs list, click one or more Wireless APs to configure. To select multiple Wireless APs, click the Wireless APs from the list while pressing the CTRL key. 4.
Configuring the Wireless AP Configuring VLAN Tags for Wireless APs Configuring 802.1x EAP-TLS Authentication in Pass Through Mode Using Multiedit: When you configure 802.1x EAP-TLS authentication in pass through mode using Multi-edit, do one of the following: • • Generate a certificate for each Wireless AP using the third-party Certificate Authentication application.
Configuring the Wireless AP Configuring VLAN Tags for Wireless APs – 5. MAC — The MAC address of the Wireless AP. The Wireless AP MAC address cannot be edited. In the Password drop-down list, click the value you want to assign as the password credential: - Name — The name of the Wireless AP, which is assigned on the AP Properties tab. The Wireless AP name can be edited. - Serial — The serial number of the Wireless AP. The Wireless AP serial number cannot be edited.
Configuring the Wireless AP Configuring VLAN Tags for Wireless APs 2. In the left pane, click AP Default Settings. The Common Configuration tab is displayed. 3. In the Static Configuration section, do one of the following: – To allow each Wireless AP to provide its own WLC Search List, select the Learn WLC Search List from AP checkbox. – To specify a common WLC Search List for all Wireless APs, clear the Learn WLC Search List from AP checkbox.
Configuring the Wireless AP Configuring VLAN Tags for Wireless APs Configure AP36xx Default AP Settings To Configure AP36xx Default AP Settings: 1. From the top menu, click Wireless APs. The Wireless AP screen is displayed. 2. In the left pane, click AP Default Settings. The Common Configuration tab is displayed. 3. Click the AP36xx tab. Table 3-11 AP Default Settings Field Description AP Properties LLDP Click to Enable or Disable the Wireless AP from broadcasting LLDP information.
Configuring the Wireless AP Configuring VLAN Tags for Wireless APs Table 3-11 AP Default Settings (continued) Field Description Announcement Interval If LLDP is enabled, type how often the Wireless AP advertises its information by sending a new LLDP packet. This value is measured in seconds. If there are no changes to the Wireless AP configuration that impact the LLDP information, the Wireless AP sends a new LLDP packet according to this schedule.
Configuring the Wireless AP Configuring VLAN Tags for Wireless APs Table 3-11 AP Default Settings (continued) Field Description Auto Tx Power Ctrl Click to either enable or disable ATPC from the Auto Tx Power Ctrl drop-down list. ATPC automatically adapts transmission power signals according to the coverage provided by the Wireless APs. After a period of time, the system will stabilize itself based on the RF coverage of your Wireless APs.
Configuring the Wireless AP Configuring VLAN Tags for Wireless APs Table 3-11 AP Default Settings (continued) Field Description Channel Plan If ACS is enabled you can define a channel plan for the Wireless AP. Defining a channel plan allows you to limit which channels are available for use during an ACS scan. For example, you may want to avoid using specific channels because of low power, regulatory domain, or radar interference.
Configuring the Wireless AP Configuring VLAN Tags for Wireless APs Table 3-11 AP Default Settings (continued) Field Description Advanced dialog - AP Properties Poll Timeout Type the timeout value, in seconds. The Wireless AP uses this value to trigger re-establishing the link with the SCALANCE IWLAN Controller if the Wireless AP does not get an answer to its polling. The default value is 10 seconds. Note: If you are configuring session availability, the Poll Timeout value should be 1.
Configuring the Wireless AP Configuring VLAN Tags for Wireless APs Table 3-11 AP Default Settings (continued) Field Description Real Capture Click Start to start real capture server on the AP. This feature can be enabled for each AP individually. Statistics are captured using an external connection to a Windows WireShark client. In Wireshark, by selecting the remote APs’ IP address and null authentication, the wired and enabled wireless interfaces are listed as available for capture.
Configuring the Wireless AP Configuring VLAN Tags for Wireless APs Table 3-11 AP Default Settings (continued) Field Description Dynamic Channel Selection Click one of the following: Off — Disables DCS. Monitor Mode — If traffic or noise levels exceed the configured DCS thresholds, an alarm is triggered and an information log is generated. Active Mode — If traffic or noise levels exceed the configured DCS thresholds, an alarm is triggered and an information log is generated.
Configuring the Wireless AP Configuring VLAN Tags for Wireless APs Table 3-11 AP Default Settings (continued) Field Description Protection Rate Click a protection rate: 1, 2, 5.5, or 11 Mbps. The default and recommended setting is 11. Only reduce the rate if there are many 11b clients in the environment or if the deployment has areas with poor coverage. For example, rates lower than 11 Mbps are required to ensure coverage. Protection Type Click a protection type: CTS Only or RTS CTS.
Configuring the Wireless AP Configuring VLAN Tags for Wireless APs Table 3-11 AP Default Settings (continued) Field Description Video VI For each radio, click the number of retries for the Video transmission queue. The default value is adaptive (multi-rate). The recommended setting is adaptive (multi-rate). Voice VO For each radio, click the number of retries for the Voice transmission queue. The default value is adaptive (multi-rate). The recommended setting is adaptive (multi-rate).
Configuring the Wireless AP Configuring VLAN Tags for Wireless APs Table 3-11 AP Default Settings (continued) Field Description STBC Click an STBC mode: Enabled or Disabled. STBC is a simple open loop transmit diversity scheme. When enabled, STBC configuration is 2x1 (one spatial stream split into two space-time streams). TXBF will override STBC if both are enabled for single stream rates. (Available for W78xC APs.) TxBF (Available for W78xC APs.) Click a TxBF mode: Enabled or Disabled.
Configuring the Wireless AP Configuring VLAN Tags for Wireless APs For detailed information, see Table 3-11 on page 3-55. 5. To save your changes, click Save Settings. Configure W78xC Default AP Settings To Configure W78xC Default AP Settings: 1. From the top menu, click Wireless APs. The Wireless AP screen is displayed. 2. In the left pane, click AP Default Settings. The Common Configuration tab is displayed. 3. Click the W78xC tab. 4.
Configuring the Wireless AP Modifying a Wireless AP’s Properties Based on a Default AP Configuration Modifying a Wireless AP’s Properties Based on a Default AP Configuration If you have a Wireless AP that is already configured with its own settings, but would like the Wireless AP to be reset to use the system’s default AP settings, use the Reset to Defaults feature on the AP Properties tab. To Configure a Wireless AP with the System’s Default AP Settings: 1. From the top menu, click Wireless APs.
Configuring the Wireless AP Configuring Multiple Wireless APs Simultaneously • Select the Wireless APs individually You can select multiple hardware types and individual Wireless APs by pressing the Ctrl key and selecting the hardware types and specific Wireless APs. When you configure multiple Wireless APs using the AP Multi-edit screen, it is important to note that for some Wireless AP settings to be available for configuration, other Wireless AP settings must be enabled or configured first.
Configuring the Wireless AP Configuring Multiple Wireless APs Simultaneously – In the Wireless APs list, click one or more Wireless APs to edit. To click multiple Wireless APs, click the APs from the list while pressing the CTRL key. The AP profile page displays. Note: When using the Multi-edit function, any box or option that is not explicitly modified will not be changed by the update. The Wireless APs shown in the Wireless APs list can be from any version of the software.
Configuring the Wireless AP Configuring Co-located APs in Load Balance Groups Table 3-12 AP Multi-edit Properties (continued) Field/Button Description WLC Search List Click one of the following: • Clear search list — Click to clear previously assigned SCALANCE IWLAN Controllers that were configured to control this Wireless AP. • Re-configure search list — Click to assign SCALANCE IWLAN Controllers to control this Wireless AP. This causes the Add box to become available.
Configuring the Wireless AP Configuring Co-located APs in Load Balance Groups You must assign an AP’s radio to the load balance group for the client distribution to occur. Load balancing occurs only among the assigned AP radios of the load balance group. Each radio can be assigned only to one load balance group. Multiple radios on the same AP do not have to be in the same load balance group.
Configuring the Wireless AP Configuring Co-located APs in Load Balance Groups To Create a Load Balance Group 1. From the top menu, click Wireless APs. The Wireless AP screen is displayed. 2. In the left pane, click Load Groups. The Wireless AP Load Groups page displays. 3. Click New. The Add Load Group window displays. SCALANCE WLC711 User Guide, V8.
Configuring the Wireless AP Configuring Co-located APs in Load Balance Groups If you are adding a Radio Preference load balancing group, the Radio Preference tab becomes available. Table 3-14 AP Load Groups Field/Button Description Load Group ID Enter a unique name for the load group. You can create load groups with the same name on different SCALANCE IWLAN Controllers; however, the groups will be treated as separate groups according to the home controller where the group was originally created.
Configuring the Wireless AP Configuring Co-located APs in Load Balance Groups Table 3-14 AP Load Groups (continued) Field/Button Description Radio Assignment tab - this tab is available only for load groups assigned the Client Balancing type Select AP Radios From the drop-down menu, select the AP radios that you want to assign to the load group. Options include: • All radios • Radio 1 • Radio 2 • Clear all radios You can assign a radio to only one load balance group.
Configuring the Wireless AP Configuring Co-located APs in Load Balance Groups Table 3-14 AP Load Groups (continued) Field/Button Description WLAN Assignment tab WLAN Name Click the checkbox of the one or more WLAN services that you want to assign to all member radios of the load balance group. You can select up to the radio limit of eight VNSs. When you assign a radio to a load group, WLAN service assignment can only be done from the WLAN Assignment tab on the Wireless AP Load Groups screen.
Configuring the Wireless AP Configuring an AP Cluster If you have not configured synchronization, you must configure the foreign controller to ensure that all AP radios in the load balance group have the same WLAN services assigned before the AP fails over, as originally configured for the load group. If the WLAN services assigned do not match when an AP fails over, the affected AP radios will be removed from the load group.
Configuring the Wireless AP Performing Wireless AP Software Maintenance To Change an AP Cluster’s Configuration: 1. From the top menu, click Wireless APs. The Wireless AP screen is displayed. 2. In the left pane, click AP Registration. The AP Registration screen is displayed. 3. In the Secure Cluster section, enter a cluster shared secret. 4. Enable cluster encryption by clicking on the User Cluster Encryption checkbox.
Configuring the Wireless AP Performing Wireless AP Software Maintenance To Maintain the List of Current Wireless AP Software Images: 1. From the top menu, click Wireless APs. The Wireless APs screen is displayed. 2. In the left pane, click AP Maintenance. The AP Software Maintenance tab is displayed. 3. In the AP Images for Platform drop-down list, click the appropriate platform. 4.
Configuring the Wireless AP Performing Wireless AP Software Maintenance 4. In the AP Images list, click the image you want to delete. 5. Click Delete. The image is deleted. To Download a New Wireless AP Software Image: 1. From the top menu, click Wireless APs. The Wireless AP Configuration screen is displayed. 2. In the left pane, click AP Maintenance. The AP Software Maintenance tab is displayed. 3. In the Download AP Images list, type the following: 4.
Configuring the Wireless AP Performing Wireless AP Software Maintenance 3. Click the Controlled Upgrade tab. Note: The Controlled Upgrade tab is displayed only when the Upgrade Behavior is set to Upgrade when AP connects using settings from Controlled Upgrade on the AP Software Maintenance tab. 4. In the Select AP Platform drop-down list, click the type of AP you want to upgrade. 5. In the Select an image to use drop-down list, click the software image you want to use for the upgrade. 6.
Configuring the Wireless AP Performing Wireless AP Software Maintenance 3-80 SCALANCE WLC711 C79000-G8976-C260-03, 07/2012, User Guide, V8.
4 Configuring Topologies This chapter describes topology configuration, including: For information about... Refer to page... Topology Overview 4-1 Configuring the Admin Port 4-2 Configuring a Basic Data Port Topology 4-4 Enabling Management Traffic 4-5 Layer 3 Configuration 4-6 Exception Filtering 4-11 Multicast Filtering 4-15 Topology Overview There are two types of topologies: Admin port and data port.
Configuring Topologies Configuring the Admin Port • Selection of an interface for AP registration • Multicast filter definition • Exception filter definition “Physical Ports” refers to the data plane physical ports. The attributes of a physical port are: • Administrative status (read-write) • Name (read-only) • MAC address (read-only) • MTU size • Multicast Support for Routed VNS At most, one physical topology can be enabled for the multicast support for Routed VNS.
Configuring Topologies Configuring the Admin Port 3. To change any of the associated Admin parameters, click on the Admin topology entry. An “Edit Topology” pop up window appears. 4. Under Core, the Admin port Name and Mode are not configurable. 5. Under Layer 3 - IPv4, the following settings are available: 6. • The Static IP Address specifies the address assigned by the administrator. • In the Mask field, type the appropriate subnet mask for the IP address (typically, 255.255.255.0).
Configuring Topologies Configuring a Basic Data Port Topology Note: IPv6 supports multiple addresses on the same port including auto-generated addresses such as a link-local address, or an address created by combining the Router Advertisement prefix with the interface ID. Autogenerated addresses generated via the Router Advertisement prefix are dynamic and their availability depends on the existence of the prefix (or lack of) in the Router Advertisement.
Configuring Topologies Enabling Management Traffic 4. 5. Select a mode of operation from the Mode drop-down list. Choices are: – Physical – Routed — Routed topologies do not need any Layer 2 configuration, but do require Layer 3 configuration. See “Layer 3 Configuration” on page 4-6 for more information. – Bridge Traffic Locally at AP — Requires Layer 2 configuration. Does not require Layer 3 configuration.
Configuring Topologies Layer 3 Configuration Layer 3 Configuration This section describes configuring IP addresses, DHCP options, Next Hop and OSPF parameters, for Physical port, Routed, and Bridge Traffic Locally at WLC topologies. IP Address Configuration The L3 (IP) address definition is only required for Physical port and Routed topologies. For Bridge Traffic Locally at WLC topologies, L3 configuration is optional.
Configuring Topologies Layer 3 Configuration a. In the Gateway field, type the SCALANCE IWLAN Controller's own IP address in that VNS. This IP address is the default gateway for the VNS. The SCALANCE IWLAN Controller advertises this address to the wireless devices when they sign on. For routed VNSs, it corresponds to the IP address that is communicated to MUs (in the VNS) as the default gateway for the VNS subnet.
Configuring Topologies Layer 3 Configuration DHCP Configuration You can configure DHCP settings for all modes except Bridge Traffic Locally at AP mode since all traffic for users in that VNS will be directly bridged by the Wireless AP at the local network point of attachment (VLAN at AP port). DHCP assignment is disabled by default for Bridged to VLAN mode. However, you can enable DHCP server/relay functionality to have the controller service the IP addresses for the VLAN (and wireless users).
Configuring Topologies Layer 3 Configuration e. Check the Enable DLS DHCP Option checkbox if you expect optiPoint WL2 wireless phone traffic on the VNS. DLS is a Siemens application that provides configuration management and software deployment and licensing for optiPoint WL2 phones. f. In the Gateway field, type the SCALANCE IWLAN Controller’s own IP address in that topology. This IP address is the default gateway for the topology.
Configuring Topologies Layer 3 Configuration i. 5. Click Close. If you selected Use Relay, a DHCP window displays. a. in the DHCP Servers box, type the IP address of the DHCP server to which DHCP discover and request messages will be forwarded for clients on this VNS. The SCALANCE IWLAN Controller does not handle DHCP requests from users, but instead forwards the requests to the indicated DHCP server. Note: The DHCP Server must be configured to match the topology settings.
Configuring Topologies Exception Filtering 3. In the Layer 3 area, click the Configure button. The DHCP configuration dialog window displays. 4. In the Next Hop Address box, type the IP address of the next hop router on the network through which you wish all traffic on the VNS using this Topology to be directed. 5. In the OSPF Route Cost box, type the OSPF cost of reaching the VNS subnet.
Configuring Topologies Exception Filtering Note: An interface for which Allow Management is enabled, can be reached by any other interface. By default, Allow Management is disabled and shipped interface filters will only permit the interface to be visible directly from it's own subnet. The visible exception filter definitions, both in physical ports and topology definitions, allow administrators to define a set of rules to be prepended to the system's dynamically updated exception filter protection rules.
Configuring Topologies Exception Filtering The Exceptions Filter page displays. 2. Select an existing topology from the right hand pane to edit an existing topology, or click New. to create a new topology. The Topologies configuration page displays. The Exception Filters tab is available only if Layer 3 (L3) configuration is enabled. 3. Click the Exception Filters tab to display the Exception Filters page.
Configuring Topologies Exception Filtering Table 4-1 Exception Filters page - Fields and Buttons (continued) Field/Button Description Allow Select the Allow checkbox to allow this rule. Otherwise the rule is denied. IP:Port Identifies the IP address and port to which this filter rule applies. Protocol In the Protocol drop-down list, click the applicable protocol. The default is N/A. Up, Down Select a filter rule and click to either move the rule up or down in the list.
Configuring Topologies Multicast Filtering Multicast Filtering A mechanism that supports multicast traffic can be enabled as part of a topology definition. This mechanism is provided to support the demands of VoIP and IPTV network traffic, while still providing the network access control. Note: To use the mobility feature with this topology, you must select the Enable Multicast Support checkbox for the data port.
Configuring Topologies Multicast Filtering 4. Click Add. The group is added to the list above. 5. To enable the wireless multicast replication for this group, select the corresponding Wireless Replication checkbox. 6. To modify the priority of the multicast groups, click the group row, and then click the Up or Down buttons. A Deny All rule is automatically added as the last rule, IP = *.*.*.* and the Wireless Replication checkbox is not selected. This rule ensures that all other traffic is dropped.
5 Configuring Policies This chapter describes policy configuration, including: For information about... Refer to page... Policy Overview 5-1 Configuring VLAN and Class of Service for a Policy 5-1 Filtering Rules 5-3 Policy Overview Policy configuration defines the binding of a topology (VLAN), ingress and egress rate profiles applied to the traffic of a station, and filter rules.
Configuring Policies Figure 5-1 Table 5-1 VLAN & Class of Service Tab VLAN & Class of Service Tab - Fields and Buttons Field/Button Description Core Policy Name Enter a name to assign to this policy. Topology Assigned Topology Select an existing topology from the Assigned Topology dropdown list, or click the New button to create a new topology. To edit an existing topology, select the topology and then click the Edit button. The Edit Topology page displays.
Configuring Policies Filtering Rules Table 5-1 VLAN & Class of Service Tab - Fields and Buttons (continued) Field/Button Description Status Synchronize Click to enable synchronize configuration. For more information about rate control profiles, go to “Working with Bandwidth Control Profiles” on page 7-15 for more information. Filtering Rules Optionally, you can define filter rules for the policy. The policy name should match filter ID values set up on the RADIUS servers.
Configuring Policies Filtering Rules Redirection and Captive Portal credentials apply to HTTP traffic only. A wireless device user attempting to reach Websites other than those specifically allowed in the non-authenticated filter will be redirected to the allowed destinations. Most HTTP traffic outside of that defined in the non-authenticated filter will be redirected.
Configuring Policies Filtering Rules Table 5-4 Non-authenticated Filter Example B (continued) In Out Allow IP / Port Description x x x IP address of the DNS Server Allow all incoming wireless devices access to the DNS server of the VNS. x x [a specific IP address, or address plus range] Deny all traffic to a specific IP address, or to a specific IP address range (such as:0/24). x x *.*.*.*:80 Allow all port 80 (HTTP) traffic. x x *.*.*.* Deny everything else.
Configuring Policies Filtering Rules Filtering Rules for a Default Filter After authentication of the wireless device user, the default filter will apply only after: • No filter ID attribute value is returned by the authentication server for this user. • No Policy match is found on the SCALANCE IWLAN Controller for the filter ID value. The final rule in the default filter should be a catch-all rule for any traffic that did not match a filter.
Configuring Policies Filtering Rules Table 5-9 In Out x x x x Rules Between Two Wireless Devices (continued) Allow x IP / Port Description [Intranet IP, range] Deny all access to the VNS subnet range (such as 0/24) *.*.*.*. Allow everything else Note: You can also prevent the two wireless devices from communicating with each other by setting Block Mu to MU traffic. See “Configuring a Basic WLAN Service” on page 6-2.
Configuring Policies Filtering Rules To configure filter rules for the wireless AP: 1. Select the AP Filtering checkbox to enable the filter rules defined on the WLC Filters tab to be applied by Wireless APs. The Custom AP Filters checkbox becomes available. 2. Select the Custom AP Filters checkbox to configure additional filters for the APs. An AP Filters tab is added to the window. 3. Click the AP Filters tab. The AP Filters tab displays. See Figure 5-3 on page 5-9. 4.
Configuring Policies Filtering Rules Figure 5-3 Filter Rules Page - AP Filters Tab Table 5-10 WLC and AP Filters Tabs - Fields and Buttons Field/Button Description Inherit filter rules from currently applied policy Select if you do not want to apply new filter settings. If you do not apply new filter settings, the wireless client uses filter settings from a previously applied policy. If filters were never defined, then the system enforces the filters from the Global Default Policy.
Configuring Policies Filtering Rules Table 5-10 WLC and AP Filters Tabs - Fields and Buttons (continued) Field/Button Description In Identifies the rule that applies to traffic from the wireless device that is trying to get on the network. You can change this setting using the drop-down menu.
Configuring Policies Filtering Rules Table 5-10 WLC and AP Filters Tabs - Fields and Buttons (continued) Field/Button Description Port From the Port drop-down list, select one of the following: User Defined, then type the port number. Use this option to explicitly specify the port number. A specific port type. The appropriate port number or numbers are added to the Port text field. Protocol In the Protocol drop-down list, click the applicable protocol. The default is N/A.
Configuring Policies Filtering Rules 5-12 SCALANCE WLC711 C79000-G8976-C260-03, 07/2012, User Guide, V8.
6 Configuring WLAN Services This chapter describes WLAN service configuration, including: For information about... Refer to page... WLAN Services Overview 6-1 Third-party AP WLAN Service Type 6-2 Configuring a Basic WLAN Service 6-2 Configuring Privacy 6-8 Configuring Accounting and Authentication 6-14 Configuring the QoS Policy 6-35 WLAN Services Overview A WLAN Service represents all the RF, authentication and QoS attributes of a wireless access service.
Configuring WLAN Services Third-party AP WLAN Service Type The WLAN Service remoteable property is synchronized with the availability peer, making the WLAN service published by both the home and foreign controllers. The following types of authentication are supported for remote WLAN services: – None – Internal Captive Portal – Guest Portal – Guest Splash – AAA/802.1x Third-party AP WLAN Service Type For more information, see Chapter 14, Working with Third-party APs.
Configuring WLAN Services Configuring a Basic WLAN Service 2. To create a new service, click the New button. The New WLAN Services configuration window displays. a. Enter a name for the WLAN service. b. Select the service type. c. Change the SSID (optional). d. Click Save. The WLAN Services Configuration page displays. SCALANCE WLC711 User Guide, V8.
Configuring WLAN Services Configuring a Basic WLAN Service 3. To edit an existing service, select the desired service from the left pane. The WLAN Services Configuration page displays. Table 6-1 describes the WLAN services configuration page fields and buttons. Table 6-1 WLAN Services Configuration Page Field/Button Description Core Name Enter a name for this WLAN service Service Type Select the type of service to apply to this WLAN service.
Configuring WLAN Services Configuring a Basic WLAN Service Table 6-1 WLAN Services Configuration Page (continued) Field/Button Description Default Topology From the drop-down list, select a preconfigured topology or click New Topology to create a new one. Refer to “Configuring a Basic Data Port Topology” on page 4-4 for information about how to create a new topology. A WLAN service uses the topology of the policy assigned to the VNS, if such a topology is defined.
Configuring WLAN Services Configuring a Basic WLAN Service Table 6-1 WLAN Services Configuration Page (continued) Field/Button Description Wireless APs Select APs Select APs and their radios by grouping. Options include: • all radios — Click to assign all of the APs’ radios. • radio 1 — Click to assign only the APs’ Radio 1. • radio 2— Click to assign only the APs’ Radio 2. • local APs - all radios — Click to assign only the local APs.
Configuring WLAN Services Configuring a Basic WLAN Service Table 6-2 Advanced WLAN Service Configuration Page Field/Button Description Timeout Idle (pre) Specify the amount of time in minutes that a Mobile user can have a session on the controller in pre-authenticated state during which no active traffic is passed. The session will be terminated if no active traffic is passed within this time. The default value is 5 minutes.
Configuring WLAN Services Configuring Privacy Table 6-2 Advanced WLAN Service Configuration Page (continued) Field/Button Description 802.1D 8021D Base Port: xxx The 802.1D Base Port number is read-only. Remote Service Remoteable Select the checkbox if you want to pair this service with a remote service.
Configuring WLAN Services Configuring Privacy • Static Wired Equivalent Privacy (WEP) — Keys for a selected VNS, so that it matches the WEP mechanism used on the rest of the network. Each AP can participate in up to 50 VNSs. For each VNS, only one WEP key can be specified. It is treated as the first key in a list of WEP keys. • Dynamic Keys — The dynamic key WEP mechanism changes the key for each user and each session.
Configuring WLAN Services Configuring Privacy • A per-packet key mixing function that shares a starting key between devices, and then changes their encryption key for every packet or after the specified re-key time interval expires. • The Counter-Mode/CBC-MAC Protocol (CCMP), a new mode of operation for a block cipher that enables a single key to be used for both encryption and authentication.
Configuring WLAN Services Configuring Privacy WPA Key Management Options Wi-Fi Protected Access (WPA v1 and WPA v2) privacy offers you the following key management options: • None — The wireless client device performs a complete 802.1x authentication each time it associates or tries to connect to a Wireless AP. • Opportunistic Keying — Opportunistic Keying or opportunistic key caching (OKC) enables the client devices to roam fast and securely from one Wireless AP to another in 802.
Configuring WLAN Services Configuring Privacy 3. Click the Privacy tab, then select the desired privacy method. The WLAN Services Privacy tab displays. Table 6-3 describes the WLAN services privacy tab fields and buttons. . Table 6-3 WLAN Services Privacy Tab - Fields and Buttons Field/Button Description None Select to configure a WLAN service with no privacy settings. Static Keys (WEP) Select to configure static key (WEP) privacy settings.
Configuring WLAN Services Configuring Privacy Table 6-3 WLAN Services Privacy Tab - Fields and Buttons (continued) Field/Button Description Dynamic Keys (WEP) Select to configure dynamic keys (WEP) privacy settings. WPA Select to configure WPA privacy settings. WPA - PSK Select to configure dynamic keys (WEP) privacy settings. WPA v.1 Select the checkbox to enable WPA v.
Configuring WLAN Services Configuring Accounting and Authentication Table 6-3 WLAN Services Privacy Tab - Fields and Buttons (continued) Field/Button Description Group Key Power Save Retry To enable the group key power save retry The group key power save retry is only supported for W786C/ W788C Wireless APs. Input Method Select one of the following input methods: • Input Hex — If you select Input Hex, type the pre-shared key as hex characters.
Configuring WLAN Services Configuring Accounting and Authentication Table 6-4 Vendor Specific Attributes Attribute Name ID Type Messages Description Siemens-AP-Name 2 string Sent to RADIUS server The name of the AP the client is associating to. It can be used to assign policy based on AP name or location. Siemens-AP-Serial 3 string Sent to RADIUS server The AP serial number. It can be used instead of (or in addition to) the AP name.
Configuring WLAN Services Configuring Accounting and Authentication SCALANCE IWLAN Controller accounting creates Call Data Records (CDRs). If RADIUS accounting is enabled, a RADIUS accounting server needs to be specified. To Define Accounting Methods: 1. From the top menu, click VNS Configuration. The Virtual Network Configuration screen is displayed. 2. In the left pane expand the WLAN Services pane, then click the WLAN Service you want to define accounting methods for.
Configuring WLAN Services Configuring Accounting and Authentication The configured values for the selected server are displayed in the table at the top. 8. For NAS IP Address, accept the default of “Use VNS IP address” or de-select the checkbox and type the IP address of a Network Access Server (NAS). 9. For NAS Identifier, accept the default of “Use VNS name” or type the Network Access Server (NAS) identifier.
Configuring WLAN Services Configuring Accounting and Authentication – MAC authentication — RADIUS servers are configured to provide MAC-based authentication. – Accounting — RADIUS servers are configured to provide accounting services. MAC-Based Authentication for a WLAN Service • MAC-based authentication — MAC-based authentication enables network access to be restricted to specific devices by MAC address.
Configuring WLAN Services Configuring Accounting and Authentication 3. Click the Auth & Acct tab. Table 6-5 WLAN Services Auth & Acct Tab - Fields and Buttons Field/Button Description Authentication Mode Select an authentication mode from the drop-down list: • Disabled • 802.1x • Internal • Guest Portal • Guest Splash Configure Click to configure the selected mode. For more information, see “Configuring Accounting and Authentication” on page 6-14.
Configuring WLAN Services Configuring Accounting and Authentication Table 6-5 WLAN Services Auth & Acct Tab - Fields and Buttons (continued) Field/Button Description Automatically Authenticate Authorized Users Select to automatically authenticate authorized users. When set, a station that passes MAC-based authentication is treated as fully authorized. For example, its authentication state is set to fully authenticated. This can trigger a change to the policy applied to the station.
Configuring WLAN Services Configuring Accounting and Authentication Table 6-5 WLAN Services Auth & Acct Tab - Fields and Buttons (continued) Field/Button Description Collect Accounting Information of Wireless Controller Select this checkbox to enable Controller accounting. 4. To save your changes, click Save.
Configuring WLAN Services Configuring Accounting and Authentication 4. In the Common RADIUS Settings section, select the appropriate checkboxes to include the Vendor Specific Attributes in the message to the RADIUS server: – AP’s – VNS’s – SSID – Policy – Topology – Ingress Rate Control – Egress Rate Control – Replace Called Station ID with Zone The Vendor Specific Attributes must be defined on the RADIUS server. 5. To save your changes, click Save.
Configuring WLAN Services Configuring Accounting and Authentication 8. To save your changes, click Save. Testing RADIUS Server Connections To Test RADIUS Server Connections: 1. From the top menu, click VNS Configuration. The Virtual Network Configuration screen is displayed. 2. In the left pane expand the WLAN Services pane, then click the WLAN Service. The WLAN Services configuration page is displayed. 3. Click the Auth & Acct tab. 4.
Configuring WLAN Services Configuring Accounting and Authentication 3. Click the Auth & Acct tab. 4. In the Server table, click a RADIUS server whose configuration summary you want to view, and then click Summary. The RADIUS Summary screen is displayed. 5. Click Close. 6. To save your changes, click Save. Removing an Assigned RADIUS Server from a WLAN Service To Remove an Assigned RADIUS Server from a WLAN Service: 1. From the top menu, click VNS Configuration.
Configuring WLAN Services Configuring Accounting and Authentication 6. To save your changes, click Save. Configuring Captive Portal for Internal Authentication Captive Portal allows you to require network users to complete a defined process, such as logging in or accepting a network usage policy, before accessing the internet. The Captive Portal options are: • 802.1x - Define the parameters of the external Captive Portal page displayed by an external server.
Configuring WLAN Services Configuring Accounting and Authentication 3. Click the Auth & Acct tab. The Auth & ACCT page displays. 4. In the Authentication Mode drop-down list, select a Captive Portal option: 5. – Disabled – 802.1x – Internal – Guest Portal – Guest Splash Click Configure. The Captive Portal configuration page displays. The page display differs depending on the mode selected. See Figure 6-1 for Internal and Splash modes,Figure 6-2 for 802.
Configuring WLAN Services Configuring Accounting and Authentication Figure 6-1 Captive Portal Page Configuration Page for Internal and Guest Splash Modes Figure 6-2 Captive Portal Page for 802.1x Modes SCALANCE WLC711 User Guide, V8.
Configuring WLAN Services Configuring Accounting and Authentication Figure 6-3 Table 6-6 Captive Portal Page for Guest Portal Mode Configure Internal Captive Portal Page - Fields and Buttons Field/Button Description Guest Portal - this section becomes available only when configuring a Guest Portal. Manage Guest Users Click to add and configure guest user accounts. The Manage Guest Users page displays.
Configuring WLAN Services Configuring Accounting and Authentication Table 6-6 Configure Internal Captive Portal Page - Fields and Buttons (continued) Field/Button Description Minimum Password Length Type a minimum password length that will be applied to all guest accounts. Message Configuration Configure Click to configure error messages that may display on the internal captive portal page. The Message Configuration page displays (Table 6-7).
Configuring WLAN Services Configuring Accounting and Authentication 1. From the top menu, click VNS Configuration. The Virtual Network Configuration screen is displayed. 2. In the left pane expand the WLAN Services pane, then click the WLAN Service. The WLAN Services configuration page is displayed. 3. Click the Auth & Acct tab. The Auth & Accounting page displays. 4. In the Authentication Mode drop-down list, select a Captive Portal option. 5. Click Configure.
Configuring WLAN Services Configuring Accounting and Authentication Table 6-7 Message Configuration Page - Fields and Buttons (continued) Field/Button Description Max RADIUS login fail Enter a message that indicates that the maximum number of simultaneous captive portal logins have been reached. Invalid Login parameters Enter a message indicating that the user entered an invalid username or password combination. General failure Enter a message indicating that a general failure has occurred.
Configuring WLAN Services Configuring Accounting and Authentication Note: The Captive Portal Editor page supports only one administrator editing a captive portal page at one time. - Table 6-8 Captive Portal Editor - Fields and Buttons Field/Button Description Login Page tab Click to view and configure the elements that will display on the Captive Portal login page. By default, widgets for a Login username and Password, as well as an Accept button are configured by default.
Configuring WLAN Services Configuring Accounting and Authentication Table 6-8 Captive Portal Editor - Fields and Buttons (continued) Field/Button Description Index Page Tab Click to view and configure the elements that will display on the Captive Portal Index page. Using the Captive Portal Editor widget management tools in the right-hand pane on this page you can: • configure the background colors and forms • add graphics • add a Logoff button.
Configuring WLAN Services Configuring Accounting and Authentication Table 6-8 Captive Portal Editor - Fields and Buttons (continued) Field/Button Description External CSS Click to identify a cascading style sheet (.CSS) that will determine the page format. Session Variables Click to configure the following VSA attributes: • AP Serial • AP Name • VNS Name • SSID • MAC Address The selections influence what URL is returned in either section.
Configuring WLAN Services Configuring the QoS Policy NOTICE If you use logos or graphics, ensure that the graphics or logos are appropriately sized. Large graphics or logos may force the login section out of view. Configuring the QoS Policy The following is an overview of the steps involved in configuring the QoS for WLAN Services.
Configuring WLAN Services Configuring the QoS Policy Table 6-9 DSCP Code-Points (continued) DSCP SC/UP DSCP SC/UP DSCP SC/UP CS1 0/1 AF12 2/0 AF41 5/5 CS2 1/2 AF13 2/0 AF42 5/5 CS3 3/3 AF21 3/3 AF43 5/5 CS4 4/4 AF22 3/3 EF 6/6 CS5 5/5 AF23 3/3 Others 0/1 CS6 6/6 AF31 4/4 CS7 7/7 AF32 4/4 Step 4 — If Preferred Instead of DSCP Classification, Enable Priority Override: • • Click the applicable service class and implicitly desired UP – Updates UP in user packet
Configuring WLAN Services Configuring the QoS Policy contradiction to the concepts in the 802.11 standard that allow for data packets to wait their turn to avoid data collisions. Regular traffic on a wireless network is an asynchronous process in which data streams are broken up by random intervals.
Configuring WLAN Services Configuring the QoS Policy Table 6-11 Relationship Between Service Class and 802.1D UP (continued) SC name SC Value 802.1d UP AC Queue Silver 3 3 BE BE Bronze 2 0 BE BE Best Effort 1 2 BK BK Background 0 1 BK BK Configuring the Priority Override Priority override allows you to define and force the traffic to a desired priority level. Priority override can be used with any combination, as displayed in Table 6-11.
Configuring WLAN Services Configuring the QoS Policy Table 6-12 Queues (continued) Queue Name Purpose AC_BE Best Effort AC_TVO Turbo Voice The SCALANCE IWLAN Controller supports the definition of 8 levels of user priority (UP). These priority levels are mapped at the AP to the best appropriate access class. Of the 8 levels of user priority, 6 are considered low priority levels and 2 are considered high priority levels. WMM clients have the same 4 AC queues.
Configuring WLAN Services Configuring the QoS Policy 3. 6-40 Click the QoS tab. SCALANCE WLC711 C79000-G8976-C260-03, 07/2012, User Guide, V8.
Configuring WLAN Services Configuring the QoS Policy Table 6-14 WLAN Services QoS Tab - Fields and Buttons Field/Button Description Wireless QoS From the Wireless QoS list, do the following: Legacy — Select if your service will support legacy devices. WMM — Select to enable the AP to accept WMM client associations, and classify and prioritize the downlink traffic for all WMM clients. Note that WMM clients will also classify and prioritize the uplink traffic. WMM is part of the 802.11e standard for QoS.
Configuring WLAN Services Configuring the QoS Policy Table 6-14 WLAN Services QoS Tab - Fields and Buttons (continued) Field/Button Description Advanced button Priority Processing Priority Override Select this checkbox to force DSCP and a service class. Note: When Priority Override is enabled, the configured service class forces queue selection in the downlink direction, the 802.1P user priority for the VLAN tagged Ethernet packets and the user priority for the wireless QoS packets (WMM or 802.
Configuring WLAN Services Configuring the QoS Policy Table 6-14 WLAN Services QoS Tab - Fields and Buttons (continued) Field/Button Description DL Policier Action If Use Global Admission Control for Voice (VO) or Use Global Admission Control for Video (VI) is enabled, click the action you want the Wireless AP to take when TSPEC violations occurring on the downlink direction are discovered: Do nothing — Click to allow TSPEC violations to continue when they are discovered.
Configuring WLAN Services Configuring the QoS Policy 6-44 SCALANCE WLC711 C79000-G8976-C260-03, 07/2012, User Guide, V8.
7 Configuring a VNS This chapter describes VNS (Virtual Network Services) configuration, including: For information about... Refer to page...
Configuring a VNS The recommended order of configuration events is: 1. Before you begin, draft out the type of services the system is expected to provide — wireless services, encryption types, infrastructure mapping (VLANs), and connectivity points (switch ports). Switch port VLAN configuration/trunks must match the controller's. 2.
Configuring a VNS VNS Global Settings These entities are simply placeholders for Policy completion, in case policies are incompletely defined. For example, a Policy may be defined as “no-change” for Topology assignment. If an incomplete Policy is assigned as the default for a VNS / WLAN Service (wireless port), the incomplete Policy needs to be fully qualified, at which point the missing values are picked from the Default Global Policy definitions, and the resulting policy is applied as default.
Configuring a VNS VNS Global Settings • Default Policy The Global Default Policy specifies: – A topology to use when a VNS is created using a policy that does not specify a topology – A set of filters The SCALANCE IWLAN Controller ships from the factory with a default “Global Default Policy” that has the following settings: – Topology is set to an Bridged at AP untagged topology. This topology will itself be defined in SCALANCE IWLAN Controllers by default. – Filters - A single “Allow All” filter.
Configuring a VNS VNS Global Settings 3. To enable changing RADIUS server settings per WLAN Service, select Strict Mode. SCALANCE WLC711 User Guide, V8.
Configuring a VNS VNS Global Settings 4. To define a new RADIUS server available on the network, click the New button. The RADIUS Settings pop up window displays. 5. In the Server Alias box, type a name that you want to assign to the RADIUS server. Note: You can also type the RADIUS server’s IP address in the Server Alias box in place of a nickname.
Configuring a VNS VNS Global Settings 9. If desired, change the pre-defined default values for Authentication and Accounting operations: a. Priority — default is 4 b. Total number of tries — default is 3 c. RADIUS Request timeout — default is 5 seconds d. Port — default Authentication port is 1812. Default Accounting port is 1813. e. For Accounting operations, the Interim Accounting Interval — default is 30 minutes. 10. To save your changes, click Save.
Configuring a VNS VNS Global Settings 3. In the MAC Address area, select the MAC Address Format from the drop down list. 4. Click Save to save your changes. Including the SERVICE-TYPE Attribute in the Client ACCESS-REQUEST Messages To Include the SERVICE-TYPE Attribute in the Client ACCESS-REQUEST Messages: 1. From the top menu, click VNS Configuration. The Virtual Network Configuration screen is displayed. 2. In the left pane, click Global, then Authentication. 3.
Configuring a VNS VNS Global Settings • Both RADIUS Filter-ID and Tunnel-Private-Group-ID attribute — Controller uses both the policy identified in the filter ID and the topology associated with the VLAN tunnel ID. Note: The selected mode of operation applies to all WLAN Services on the Wireless Controller. Defining RFC 3580 Mapping Mode for VNS Global Settings To Define RFC 3580 for VNS Global Settings: 1. From the top menu, click VNS Configuration.
Configuring a VNS VNS Global Settings 5. 6. 7-10 Select RADIUS Tunnel-Private-Group-ID attribute to assign both policy and topology (based on the VLAN ID to Policy Mapping table selection) when the controller receives a RADIUS ACCESS-ACCEPT message. – In the VLAN ID Policy Mapping table, select an existing VLAN ID and Policy. – Click New to create a new mapping entry. In the Add VLAN Policy dialog, enter a VLAN ID, and select a Policy from the drop-down list. – Click Add.
Configuring a VNS VNS Global Settings Policy Mapping table selection), when the controller receives a RADIUS ACCESS-ACCEPT message. – In the VLAN ID Policy Mapping table, select an existing VLAN ID and Policy. – Click New to create a new mapping entry. In the Add VLAN Policy dialog, enter a VLAN ID, and select a Policy from the drop-down list. – Click Add. – To save your changes, click Save.
Configuring a VNS VNS Global Settings DAS support is available to all physical interfaces of the SCALANCE IWLAN Controller, and by default DAS listens to the standard-specified UDP port 3799. To Configure Dynamic Authorization Server Support: 1. From the top menu, click VNS Configuration. The Virtual Network Configuration screen is displayed. 2. In the left pane, click Global, then click DAS. 3. In the Port box, type the UDP port you want DAS to monitor.
Configuring a VNS VNS Global Settings Configuring QoS Admission Control Thresholds To Define Admission Control Thresholds for VNS Global Settings: 1. From the top menu, click VNS Configuration. The Virtual Network Configuration screen is displayed. 2. In the left pane, click Global, then click Wireless QoS. 3.
Configuring a VNS VNS Global Settings Configuring QoS Flexible Client Access This feature allows you to adjust client access policy in multiple steps between “packet fairness” and “airtime fairness.” • Packet fairness is the default 802.11 access policy. Each WLAN participant gets the same (equal) opportunity to send packets. All WLAN clients will show the same throughput, regardless of their PHY rate. • Airtime fairness gives each WLAN participant the same (equal) time access.
Configuring a VNS VNS Global Settings Working with Bandwidth Control Profiles Bandwidth control limits the amount of bidirectional traffic from a mobile device. A bandwidth control profile provides a generic definition for the limit applied to certain wireless clients' traffic. A bandwidth control profile is assigned on a per policy basis. A bandwidth control profile is not applied to multicast traffic.
Configuring a VNS VNS Global Settings 6. To save your changes, click Save. Configuring the Global Default Policy The SCALANCE IWLAN Controller ships with a Global Default Policy that can be configured. The Global Default Policy specifies: • A topology to use when a VNS is created using a policy that does not specify a topology. The default assigned topology is named Bridged at AP untagged.
Configuring a VNS VNS Global Settings – Click the New button. The New Topology window displays. Edit or create the selected topology as described in “Configuring a Basic Data Port Topology” on page 4-4. Configuring the Filters To Configure the Filters: 1. Click the Filter Rules tab. The WLC Filters tab displays, allowing you to create filter rules that will be applied by the controller when default non-authentication policy does not specify filters. 2. To add a rule, click Add.
Configuring a VNS VNS Global Settings replaced with rules in which the source and destination addresses of the inbound filters are swapped. The same policy can be assigned to stations on WLAN services that have egress filtering mode enabled and on WLAN services that have it disabled. • For stations that are on WLAN services with egress filtering mode enabled, the policies outbound filters will be replaced by ones derived from the inbound filter rules.
Configuring a VNS VNS Global Settings 2. In the left pane, click Global, then Egress Filtering Mode. The Egress Filtering Mode Configuration screen displays. 3. In the Egress Filtering Mode Configuration area select an egress filtering mode: – When egress filtering mode is set to All WLAN Services enforce explicitly defined “Out” rules, all WLAN services will enforce outbound filters on egress traffic, exactly as they are defined in the policy.
Configuring a VNS VNS Global Settings If Synchronization of an object is not enabled, then there is a button in the Status field which says “Synchronize Now”, which performs a single synchronization of the object, pushing the object from local controller to the peer.
Configuring a VNS Methods for Configuring a VNS Methods for Configuring a VNS To configure a VNS, you can use one of the following methods: • Manual configuration — Allows you to create a new VNS by first configuring the topology, policy, and WLAN services and then configuring any remaining individual VNS tabs that are necessary to complete the process.
Configuring a VNS Manually Creating a VNS 2. In the left pane, expand the Virtual Networks pane and select an existing VNS to edit, or click the New button. 3. Enter a name for the VNS. 4. Select an existing WLAN Service for the VNS, or create a new WLAN Service, or edit an existing one. For more information, see “Configuring a Basic WLAN Service” on page 6-2. 5. Configure the Default Policies for the VNS. Select existing policies, or create new policies, or edit existing ones.
Configuring a VNS Creating a VNS Using the Wizard 7. Click Save to save your changes. Also, as with creating a new VNS, you can: • Configure a topology for the VNS • Configure a policy for the VNS • Configure WLAN services for the VNS • Configure additional policies for the VNS Creating a VNS Using the Wizard The VNS wizard helps create and configure a new VNS by prompting you for a minimum amount of configuration information during the sequential configuration process.
Configuring a VNS Creating a VNS Using the Wizard When you create a new voice VNS using the VNS wizard, you configure the VNS in the following stages: • Basic settings • Authentication settings, if applicable • DHCP settings • Privacy settings • Radio assignment settings • Summary To Configure a Voice VNS Using the VNS Wizard: 7-24 1. From the top menu, click VNS Configuration. The Virtual Network Configuration screen is displayed. 2.
Configuring a VNS Creating a VNS Using the Wizard 5. In the Category drop-down list, click Voice, and then click Next. The Basic Settings screen is displayed. Table 7-1 Voice VNS Basic Settings Page - Fields and Buttons Field/Button Description Enabled By default, the Enabled checkbox for the new VNS is enabled. A VNS must be enabled for it to be able to provide service for mobile user traffic. Synchronize By default, the Synchronize checkbox for the new VNS is disabled.
Configuring a VNS Creating a VNS Using the Wizard Table 7-1 Voice VNS Basic Settings Page - Fields and Buttons (continued) Field/Button Description Mode Click the VNS Mode you want to assign: Routed is a VNS type where user traffic is tunneled to the SCALANCE IWLAN Controller. Bridge Traffic Locally at WLC is a VNS type that has associated with it a Topology with a mode of Bridge Traffic Locally at WLC.
Configuring a VNS Creating a VNS Using the Wizard Table 7-1 Voice VNS Basic Settings Page - Fields and Buttons (continued) Field/Button Description Gateway/SVP If the voice VNS is to support Spectralink wireless phones, type the IP address of the SpectraLink Voice Protocol (SVP) gateway. Vocera Server If the voice VNS is to support Vocera wireless phones, type the IP address of the Vocera server.
Configuring a VNS Creating a VNS Using the Wizard Table 7-2 Voice VNS Authorization Page - Fields and Buttons (continued) Field/Button Description Server Alias Type a name you want to assign to the new RADIUS server. Hostname/IP Type either the RADIUS server’s FQDN (fully qualified domain name) or IP address. Shared Secret Type the password that will be used to validate the connection between the SCALANCE IWLAN Controller and the RADIUS server.
Configuring a VNS Creating a VNS Using the Wizard Table 7-3 Voice VNS DHCP Page - Fields and Buttons Field/Button Description DHCP Option From the drop-down list, click one of the following: Use DHCP Relay — Using DHCP relay forces the SCALANCE IWLAN Controller to forward DHCP requests to an external DHCP server on the enterprise network.
Configuring a VNS Creating a VNS Using the Wizard 10. On the Privacy screen, do the following: – Pre-shared key — Type the shared secret key to be used between the wireless device and Wireless AP. The shared secret key is used to generate the 256-bit key. – Mask/Unmask — Click to display or hide your shared secret key. 11. Click Next. The Radio Assignment screen is displayed.
Configuring a VNS Creating a VNS Using the Wizard Table 7-4 Voice VNS Radio Assignment Page - Fields and Buttons (continued) Field/Button Description AP Selection Select APs Select the group of APs that will broadcast the voice VNS: • all radios — Click to assign all of the APs’ radios. • radio 1 — Click to assign only the APs’ Radio 1. • radio 2— Click to assign only the APs’ Radio 2. • local APs - all radios — Click to assign only the local APs.
Configuring a VNS Creating a VNS Using the Wizard 12. Click Next. The Summary screen is displayed. 13. Confirm your voice VNS configuration. To revise your configuration, click Back. 14. To create your VNS, click Finish, and then click Close. 15. If applicable, you can continue to configure or edit the new VNS by clicking the individual VNS configuration tabs.
Configuring a VNS Creating a VNS Using the Wizard To configure a data VNS using the VNS wizard: 1. From the top menu, click VNS Configuration. The Virtual Network Configuration screen is displayed. 2. In the left pane, expand the New pane, then click START VNS WIZARD. The VNS Creation Wizard screen is displayed. 3. Click Start VNS Wizard. The VNS Creation Wizard screen is displayed. 4. In the Name box, type a name for the data VNS. 5.
Configuring a VNS Creating a VNS Using the Wizard Table 7-5 Data VNS Basic Settings Page - Fields and Buttons (continued) Field/Button Description Mode Click the VNS mode you want to assign: • Routed is a VNS type where user traffic is tunneled to the SCALANCE IWLAN Controller. • Bridge Traffic Locally at WLC is a VNS type where user traffic is tunneled to the SCALANCE IWLAN Controller and is directly bridged at the controller to a specific VLAN.
Configuring a VNS Creating a VNS Using the Wizard Table 7-5 Data VNS Basic Settings Page - Fields and Buttons (continued) Field/Button Description Mask Type the appropriate subnet mask for this IP address to separate the network portion from the host portion of the address (typically 255.255.255.0). VLAN ID Type the VLAN tag to which the SCALANCE IWLAN Controller will be bridged for the VNS. Enable Authentication If applicable, select this checkbox to enable authentication for the new data VNS.
Configuring a VNS Creating a VNS Using the Wizard Table 7-6 Data VNS Authentication Page - Fields and Buttons (continued) Field/Button Description Shared Secret Type the password that will be used to validate the connection between the SCALANCE IWLAN Controller and the RADIUS server. Mask/Unmask Click to display or hide your shared secret key.
Configuring a VNS Creating a VNS Using the Wizard Table 7-7 Data VNS DHCP Page - Fields and Buttons Field/Button Description DHCP Option In the DHCP Option drop-down list, click one of the following: Use DHCP Relay — Using DHCP relay forces the SCALANCE IWLAN Controller to forward DHCP requests to an external DHCP server on the enterprise network.
Configuring a VNS Creating a VNS Using the Wizard 11. Click Next. The Privacy screen is displayed. Table 7-8 Data VNS Privacy Page - Fields and Buttons Field/Button Description Static Keys (WEP) Select to configure static keys. Then enter: WEP Key Index — Click the WEP encryption key index: 1, 2, 3, or 4. Note: Specifying the WEP key index is supported only for W78xC Wireless APs. WEP Key Length — Click the WEP encryption key length: 64 bit, 128 bit, or 152 bit.
Configuring a VNS Creating a VNS Using the Wizard Table 7-8 Data VNS Privacy Page - Fields and Buttons (continued) Field/Button Description WPA Select to configure Wi-Fi Protected Access (WPA v1 and WPA v2), a security solution that adds authentication to enhanced WEP encryption and key management. To enable WPA v1 encryption, select WPA v.1.
Configuring a VNS Creating a VNS Using the Wizard 12. Click Next. The Radio Assignment screen is displayed. Table 7-9 Data VNS Radio Assignment Page - Fields and Buttons Field/Button Description AP Default Settings Radio 1 / Radio 2 Select the radios of the AP default settings profile that you want to broadcast the data VNS. AP Selection Select APs Select the group of APs that will broadcast the data VNS: • all radios — Click to assign all of the APs’ radios.
Configuring a VNS Creating a VNS Using the Wizard 13. Click Next. The Summary screen is displayed. 14. Confirm your data VNS configuration. To revise your configuration, click Back. 15. To create your VNS, click Finish, and then click Close. The data VNS is created and saved. 16. If applicable, you can continue to configure or edit the new VNS by clicking the individual VNS configuration tabs.
Configuring a VNS Creating a VNS Using the Wizard request forms and performing user authentication procedures. The external Web server location must be explicitly listed as an allowed destination in the non-authenticated filter. • GuestPortal — A GuestPortal VNS provides wireless device users with temporary guest network services.
Configuring a VNS Creating a VNS Using the Wizard 4. In the Category drop-down list, click Captive Portal, and then click Next. The Basic Settings screen is displayed. Table 7-10 Captive Portal Basic Settings Page - Fields and Buttons Field/Button Description Enabled By default, the Enabled checkbox for the new VNS is enabled. A VNS must be enabled for it to be able to provide service for mobile user traffic. Name Identifies the name of the VNS. Category Identifies the VNS category.
Configuring a VNS Creating a VNS Using the Wizard Table 7-10 Captive Portal Basic Settings Page - Fields and Buttons (continued) Field/Button Description Gateway Gateway — Type the SCALANCE IWLAN Controller's own IP address in that VNS. This IP address is the default gateway for the VNS. The SCALANCE IWLAN Controller advertises this address to the wireless devices when they sign on.
Configuring a VNS Creating a VNS Using the Wizard 5. Click Next. The Authentication screen is displayed. Table 7-11 Captive Portal Authentication Page - Fields and Buttons Field/Button Description Radius Server Click the RADIUS server you want to assign to the new Captive Portal VNS, or click Add New Server and then do the following Server Alias Type a name you want to assign to the new RADIUS server. Hostname/IP Type either the RADIUS server’s FQDN (fully qualified domain name) or IP address.
Configuring a VNS Creating a VNS Using the Wizard 6. Click Next. The DHCP screen is displayed. Table 7-12 Captive Portal DHCP Page - Fields and Buttons Field/Button Description DHCP Option In the DHCP Option drop-down list, click one of the following: Use DHCP Relay — Using DHCP relay forces the SCALANCE IWLAN Controller to forward DHCP requests to an external DHCP server on the enterprise network.
Configuring a VNS Creating a VNS Using the Wizard Table 7-12 Captive Portal DHCP Page - Fields and Buttons Field/Button Description WINS Type the IP address if the DHCP server uses Windows Internet Naming Service (WINS). 7. Click Next. The Filtering screen is displayed. 8. On the Filtering screen, do the following: – 9. In the Filter ID drop-down list, click one of the following: - Default — Controls access if there is no matching filter ID for a user.
Configuring a VNS Creating a VNS Using the Wizard 10. Click Next. The Privacy screen is displayed. Table 7-13 Captive Portal Privacy Page - Fields and Buttons Field/Button Description None Select if you do not want to assign any privacy mechanism. Static Keys (WEP) Select to configure static keys. Then enter: WEP Key Index — Click the WEP encryption key index: 1, 2, 3, or 4. Note: Specifying the WEP key index is supported only for W78xC Wireless APs.
Configuring a VNS Creating a VNS Using the Wizard Table 7-13 Captive Portal Privacy Page - Fields and Buttons (continued) Field/Button Description WPA-PSK Select to use a Pre-Shared Key (PSK), or shared secret for authentication. WPA-PSK (Wi-Fi Protected Access Pre-Shared key) is a security solution that adds authentication to enhanced WEP encryption and key management. WPA-PSK mode does not require an authentication server. It is suitable for home or small office.
Configuring a VNS Creating a VNS Using the Wizard 11. Click Next. The Radio Assignment screen is displayed. Table 7-14 Captive Portal Radio Assignment Page - Fields and Buttons Field/Button Description AP Default Settings Radio 1 / Radio 2 Select the radios of the AP default settings profile that you want to broadcast the Captive Portal VNS. AP Selection Select APs Select the group of APs that will broadcast the Captive Portal VNS: • all radios — Click to assign all of the APs’ radios.
Configuring a VNS Creating a VNS Using the Wizard 12. Click Next. The Summary screen is displayed. 13. Confirm your data VNS configuration. To revise your configuration, click Back. 14. To create your VNS, click Finish, and then click Close. 15. If applicable, you can continue to configure or edit the new VNS by clicking the individual VNS configuration tabs. Creating an External Captive Portal VNS To configure an external Captive Portal VNS using the VNS wizard: 1.
Configuring a VNS Creating a VNS Using the Wizard 4. In the Category drop-down list, click Captive Portal, and then click Next. The Basic Settings screen is displayed. Table 7-15 External Captive Portal Basic Settings Page - Fields and Buttons Field/Button Description Enabled By default, the Enabled checkbox for the new VNS is enabled. A VNS must be enabled for it to be able to provide service for mobile user traffic. Name Identifies the name of the VNS. Category Identifies the VNS category.
Configuring a VNS Creating a VNS Using the Wizard Table 7-15 External Captive Portal Basic Settings Page - Fields and Buttons (continued) Field/Button Description Routed External Captive Portal Gateway Gateway — Type the SCALANCE IWLAN Controller's own IP address in that VNS. This IP address is the default gateway for the VNS. The SCALANCE IWLAN Controller advertises this address to the wireless devices when they sign on.
Configuring a VNS Creating a VNS Using the Wizard Table 7-15 External Captive Portal Basic Settings Page - Fields and Buttons (continued) Field/Button Description HWC Connection Click the SCALANCE IWLAN Controller IP address. Also type the port of the SCALANCE IWLAN Controller in the accompanying box.
Configuring a VNS Creating a VNS Using the Wizard Table 7-16 External Captive Portal Authentication Page - Fields and Buttons Field/Button Description Radius Server Click the RADIUS server you want to assign to the new Captive Portal VNS, or click Add New Server and then do the following Server Alias Type a name you want to assign to the new RADIUS server. Hostname/IP Type either the RADIUS server’s FQDN (fully qualified domain name) or IP address.
Configuring a VNS Creating a VNS Using the Wizard Table 7-17 External Captive Portal DHCP Page - Fields and Buttons Field/Button Description DHCP Option In the DHCP Option drop-down list, click one of the following: Use DHCP Relay — Using DHCP relay forces the SCALANCE IWLAN Controller to forward DHCP requests to an external DHCP server on the enterprise network.
Configuring a VNS Creating a VNS Using the Wizard 7. Click Next. The Filtering screen is displayed. 8. On the Filtering screen, do the following: – 9. In the Filter ID drop-down list, click one of the following: - Default — Controls access if there is no matching filter ID for a user. - Exception — Protects access to the SCALANCE IWLAN Controller’s own interfaces, including the VNSs own interface.
Configuring a VNS Creating a VNS Using the Wizard 10. Click Next. The Privacy screen is displayed. Table 7-18 External Captive Portal Privacy Page - Fields and Buttons Field/Button Description None Select if you do not want to assign any privacy mechanism. Static Keys (WEP) Select to configure static keys. Then enter: WEP Key Index — Click the WEP encryption key index: 1, 2, 3, or 4. Note: Specifying the WEP key index is supported only for W78xC Wireless APs.
Configuring a VNS Creating a VNS Using the Wizard Table 7-18 External Captive Portal Privacy Page - Fields and Buttons (continued) Field/Button Description WPA-PSK Select to use a Pre-Shared Key (PSK), or shared secret for authentication. WPA-PSK (Wi-Fi Protected Access Pre-Shared key) is a security solution that adds authentication to enhanced WEP encryption and key management. WPA-PSK mode does not require an authentication server. It is suitable for home or small office.
Configuring a VNS Creating a VNS Using the Wizard 11. Click Next. The Radio Assignment screen is displayed. Table 7-19 External Captive Portal Radio Assignment Page - Fields and Buttons Field/Button Description AP Default Settings Radio 1 / Radio 2 Select the radios of the AP default settings profile that you want to broadcast the Captive Portal VNS. AP Selection Select APs Select the group of APs that will broadcast the Captive Portal VNS: • all radios — Click to assign all of the APs’ radios.
Configuring a VNS Creating a VNS Using the Wizard Table 7-19 External Captive Portal Radio Assignment Page - Fields and Buttons Field/Button Description WMM (Wi-Fi Multimedia), if enabled on an individual VNS, provides multimedia enhancements that improve the user experience for audio, video, and voice applications. WMM is part of the 802.11e standard for QoS. If enabled, the AP will accept WMM client associations, and will classify and prioritize the downlink traffic for all WMM clients.
Configuring a VNS Creating a VNS Using the Wizard The GuestPortal VNS can be a Routed or a Bridge Traffic Locally at the WLC VNS, with SSIDbased network assignment. The GuestPortal VNS is a simplified VNS. It does not support the following: • RADIUS authentication or accounting • MAC-based authorization • Child VNS support The GuestPortal VNS can be created as a new VNS or can be configured from an already existing VNS.
Configuring a VNS Creating a VNS Using the Wizard 5. In the Edit WLAN Service window, click the Auth & Acct tab. 6. In the Authentication Mode drop-down list, click GuestPortal. 7. To save your changes, click Save. To Create a New GuestPortal VNS Using the VNS Wizard: 1. From the top menu, click VNS Configuration. The Virtual Network Configuration screen is displayed. 2. In the left pane, expand the New pane, then click START VNS WIZARD. The VNS Creation Wizard screen is displayed. 3.
Configuring a VNS Creating a VNS Using the Wizard Table 7-20 Guest Portal Basic Settings Page - Fields and Buttons (continued) Field/Button Description SSID Identifies the SSID assigned to the VNS. Authentication Mode Click Guest Portal Mode Click the VNS Mode you want to assign: Routed is a VNS type where user traffic is tunneled to the SCALANCE IWLAN Controller.
Configuring a VNS Creating a VNS Using the Wizard 5. Click Next. The DHCP screen is displayed. If DHCP is disabled, continue with step 6 on page 7-66 Table 7-21 Guest Portal DHCP Page - Fields and Buttons Field/Button Description DHCP Option In the DHCP Option drop-down list, click one of the following: Use DHCP Relay — Using DHCP relay forces the SCALANCE IWLAN Controller to forward DHCP requests to an external DHCP server on the enterprise network.
Configuring a VNS Creating a VNS Using the Wizard Table 7-21 Guest Portal DHCP Page - Fields and Buttons Field/Button Description WINS Type the IP address if the DHCP server uses Windows Internet Naming Service (WINS). 6. Click Next. The Filtering screen is displayed. 7. Configure the VNS filtering settings: 8. In the Filter ID drop-down list, click one of the following: 9. – Authenticated — Controls network access after the user has been authenticated.
Configuring a VNS Creating a VNS Using the Wizard 11. Click Next. The Privacy screen is displayed. Table 7-22 Guest Portal Privacy Page - Fields and Buttons Field/Button Description None Select if you do not want to assign any privacy mechanism. Static Keys (WEP) Select to configure static keys. Then enter: WEP Key Index — Click the WEP encryption key index: 1, 2, 3, or 4. Note: Specifying the WEP key index is supported only for W78xC Wireless APs.
Configuring a VNS Creating a VNS Using the Wizard Table 7-22 Guest Portal Privacy Page - Fields and Buttons (continued) Field/Button Description WPA-PSK Select to use a Pre-Shared Key (PSK), or shared secret for authentication. WPA-PSK (Wi-Fi Protected Access Pre-Shared key) is a security solution that adds authentication to enhanced WEP encryption and key management. WPA-PSK mode does not require an authentication server. It is suitable for home or small office.
Configuring a VNS Creating a VNS Using the Wizard 12. Click Next. The Radio Assignment screen is displayed. Table 7-23 Guest Portal Radio Assignment Page - Fields and Buttons Field/Button Description AP Default Settings Radio 1 / Radio 2 Select the radios of the AP default settings profile that you want to broadcast the Captive Portal VNS. AP Selection Select APs Select the group of APs that will broadcast the Captive Portal VNS: • all radios — Click to assign all of the APs’ radios.
Configuring a VNS Enabling and Disabling a VNS Table 7-23 Guest Portal Radio Assignment Page - Fields and Buttons (continued) Field/Button Description WMM (Wi-Fi Multimedia), if enabled on an individual VNS, provides multimedia enhancements that improve the user experience for audio, video, and voice applications. WMM is part of the 802.11e standard for QoS. If enabled, the AP will accept WMM client associations, and will classify and prioritize the downlink traffic for all WMM clients.
Configuring a VNS Renaming a VNS The SCALANCE IWLAN Controller can support the following VNSs: Table 7-24 SCALANCE IWLAN Controller Active and Defined VNS Support Platform Active VNSs Defined VNSs WLC711 8 16 To Enable or Disable a VNS: 1. From the top menu, click VNS Configuration. The Virtual Network Configuration screen is displayed. 2. In the left pane, expand the Virtual Networks pane and select the VNS to enable or disable. 3.
Configuring a VNS Deleting a VNS 7-72 SCALANCE WLC711 C79000-G8976-C260-03, 07/2012, User Guide, V8.
8 Configuring Classes of Service his chapter describes classes of service configuration, including: For information about... Refer to page...
Configuring Classes of Service Configuring Classes of Service 2. In the left pane click Classes of Service. The Classes of Service screen displays. Note: "No CoS" means that the traffic to which it is assigned will not be remarked, the controller software will decide the appropriate transmit queue and no rate limits will be applied on traffic traveling to or from the station to which the CoS is applied. The "No CoS" CoS is predefined and cannot be removed. 3.
Configuring Classes of Service Configuring Classes of Service General tab displays. Table 8-1 describes the fields and buttons on the General tab. Table 8-1 General Tab - Fields and Buttons Field/Button Description Core Name Enter a name to assign to this class of service. Marking Use Legacy Priority Override defined in the WLAN Service Priority override allows you to define and force the traffic to a desired priority level. Priority override can be used with any combination.
Configuring Classes of Service CoS Rule Classification Table 8-1 General Tab - Fields and Buttons (continued) Field/Button Description ToS/DSCP Marking Select this checkbox to define how the Layer 3 ToS/DSCP will be marked. Enter a hexadecimal value in the 0x (DSCP:) field, or Click the Select button to open the ToS/DSCP Configuration dialog. For more information, see Configuring ToS/DSCP Marking. Note: This selection is not available if Legacy Priority Override is checked.
Configuring Classes of Service Priority and ToS/DSCP Marking 3. If still no CoS found, use the default CoS of the WLAN (for non-auth policy). For inbound traffic, classification is done at the AP (if AP Filtering is enabled), otherwise it is done at the controller. For outbound traffic, classification is always done at the controller. The Rule that assigns authorization (Access Control) may not be the same rule that assigns CoS.
Configuring Classes of Service Rate Limiting Note: Select either Type of Service (ToS) or Diffserv Codepoint (DSCP) from this dialog. You cannot configure both types. 3. 4. 5. Click Type of Service (ToS): • Select a Precedence value from the drop-down list, • Select a specific ToS from the following list: - Delay Sensitive - High Throughput - High Reliability - Explicit Congestion Notification Click Diffserv Codepoint (DSCP): • Select a Well-known Value or • Enter a Raw Binary Value.
Configuring Classes of Service Rate Limiting Figure 8-1 Rate Limiter Example SCALANCE WLC711 User Guide, V8.
Configuring Classes of Service Rate Limiting 8-8 SCALANCE WLC711 C79000-G8976-C260-03, 07/2012, User Guide, V8.
9 Configuring Sites This chapter describes Sites configuration, including: For information about... Refer to page... VNS Sites Overview 9-1 Configuring Sites 9-1 Recommended Deployment Guidelines 9-2 Radius Configuration 9-5 Selecting AP Assignments 9-7 Selecting WLAN Assignments 9-7 VNS Sites Overview A Site is a mechanism for grouping APs and refers to specific Policies, Classes of Service (CoS) and RADIUS servers that are grouped to form a single configuration.
Configuring Sites Recommended Deployment Guidelines • Perform all RADIUS server interactions for 802.1x authentications for all stations associated with it on any 802.1x WLAN Service assigned to it. Recommended Deployment Guidelines The Sites feature introduces new and complex interactions between hardware and software components.
Configuring Sites Recommended Deployment Guidelines 2. In the left pane, click Sites. The Sites screen displays. 3. In the left pane, click the name of the Site that you want to edit, or click the New button to create a new Site. The Site configuration page displays. By default, the Configuration tab SCALANCE WLC711 User Guide, V8.
Configuring Sites Recommended Deployment Guidelines displays. Table 9-1 describes the fields and buttons on the Configuration tab. Table 9-1 9-4 Configuration Tab - Fields and Buttons Field/Button Description Site Name Enter a name to assign to this Site.The name is unique among Sites on the controller. AP load group names and Site names are part of the same space so a load group and a Site cannot have the same name.
Configuring Sites Radius Configuration Table 9-1 Configuration Tab - Fields and Buttons (continued) Field/Button Description Status: Select this checkbox to enable automatic synchronization with an availability peer. Refer to “Using the Sync Summary” on page 7-19 for information about viewing synchronization status. If this Site is part of an availability pair, Siemens recommends that you enable this feature.
Configuring Sites Radius Configuration To Select Site RADIUS Servers: 1. From the Configuration tab, under RADIUS Server used, click Configure. The RADIUS Configuration dialog displays. 2. Select a RADIUS server from the list of available servers and click the right-arrow button. The server will be moved under the RADIUS Servers used list. 3. Click the Move UP or Move Down buttons to change the order of the RADIUS Servers used. 4. Click the Advanced button.
Configuring Sites Selecting AP Assignments Selecting AP Assignments To Select AP Assignments: 1. Click the AP Assignments tab. The tab displays, allowing you to select APs that will be applied to this Site configuration. Selecting WLAN Assignments To Select WLAN Assignments: 1. Click the WLAN Assignments tab. 2. Select Radio assignments (Radio 1 and Radio 2) for specific WLANs that will be applied to this Site configuration. SCALANCE WLC711 User Guide, V8.
Configuring Sites Selecting WLAN Assignments 3. 9-8 Click Save. SCALANCE WLC711 C79000-G8976-C260-03, 07/2012, User Guide, V8.
10 Working with a Mesh Network This chapter describes a Wireless Distribution System (Mesh), including: For information about... Refer to page...
Working with a Mesh Network Simple Mesh Configuration Simple Mesh Configuration In a typical Mesh configuration, the Wireless APs are connected to the distribution system via an Ethernet network, which provides connectivity to the SCALANCE IWLAN Controller. However, when a Wireless AP is installed in a remote location and can’t be wired to the distribution system, an intermediate Wireless AP is connected to the distribution system via the Ethernet link.
Working with a Mesh Network Wireless Bridge Configuration The following figure illustrates the Wireless Repeater configuration: Figure 10-2 Wireless Repeater Configuration Mesh Portal Mesh AP Wireless Controller Mesh AP Client Devices Note: You should restrict the number of repeater hops in a Wireless Repeater configuration to three for optimum performance.
Working with a Mesh Network Examples of Deployment Examples of Deployment The following illustration depicts a few examples of Mesh deployment. Figure 10-4 Examples of Mesh Deployment Mesh WLAN Services In a traditional WLAN deployment, each radio of the Wireless AP can interact with the client devices on a maximum of eight networks. In Mesh deployment, one of the radios of every Mesh Wireless AP establishes a Mesh link on an exclusive WLAN Service.
Working with a Mesh Network Mesh WLAN Services Figure 10-5 Deployment Example Mesh Setup with a Single Mesh WLAN Service Deploying the Mesh for the above example using a single Mesh WLAN Service results in the following structure shown in Figure 10-6 on page 10-6. The tree will operate as a single Mesh entity. It will have a single Mesh SSID and a single preshared key for Mesh links. This tree will have multiple roots. For more information, see “MultiRoot Mesh Topology” on page 10-10.
Working with a Mesh Network Mesh WLAN Services Figure 10-6 Mesh Setup with a Single Mesh WLAN Service Wireless Controller Mesh Setup with Multiple Mesh WLAN Services You can also deploy the same Mesh in Figure 10-5 using two Mesh WLAN Services. The Two Mesh WLAN Services will create two independent Mesh trees. Both the trees will operate on separate SSIDs and use separate pre-shared keys. 10-6 SCALANCE WLC711 C79000-G8976-C260-03, 07/2012, User Guide, V8.
Working with a Mesh Network Key Features of Mesh Figure 10-7 Mesh Setup with Multiple Mesh WLAN Services Wireless Controller Lancaster Minoru Ion Urso Dave Theodore Client Devices Key Features of Mesh Some key features of Mesh are: • Self-Healing Network • Tree-like Topology • Radio Channels • Multi-Root Mesh Topology • Link Security Self-Healing Network Data in a Mesh network propagates along a path, by hopping from node to node until the destination is reached.
Working with a Mesh Network Key Features of Mesh healing. The self-healing capability enables a routing based network to operate when one node breaks down or a connection goes bad. Tree-like Topology The Wireless APs in Mesh configuration can be regarded as nodes, and these nodes form a treelike structure. The tree builds in a top down manner with the Mesh Portal being the tree root, and the Mesh AP being the tree leaves. The nodes in the tree-structure have a parent-child relationship.
Working with a Mesh Network Key Features of Mesh Figure 10-8 Parent-Child Relationship Between Wireless APs in Mesh Configuration Mesh Portal Wireless Controller Mesh AP1 Mesh AP2 Mesh AP5 Mesh AP3 Mesh AP4 Client Devices Client Devices Note: Siemens recommends that you limit the number of APs participating in a Mesh tree to 50. This limit guarantees decent performance in most typical situations.
Working with a Mesh Network Deploying the Mesh System Multi-Root Mesh Topology A Mesh topology can have multiple Mesh Portals. Figure 10-9 illustrates the multiple-root Mesh topology. Figure 10-9 Multiple-Root Mesh Topology Wireless Controller Mesh Portal 2 Mesh Portal 3 Mesh Portal 1 Mesh AP 2 Mesh AP 1 Mesh AP 4 Mesh AP 3 Mesh AP 6 Mesh AP 5 Wireless Devices Wireless Devices Link Security The Mesh link is encrypted using Advance Encryption Standard (AES).
Working with a Mesh Network Deploying the Mesh System Planning the Mesh Topology You may sketch the proposed WLAN topology on paper before you start the Mesh deployment process. You should clearly identify the following in the sketch: • Mesh Wireless APs with their names • Radios that you will choose to link the Wireless APs Provisioning the Mesh Wireless APs This step is of crucial importance and involves connecting the Mesh Wireless APs to the enterprise network via the Ethernet link.
Working with a Mesh Network Deploying the Mesh System Note: Before you connect the Mesh Wireless APs to the enterprise network for discovery and registration, you must ensure that the Security mode property of the SCALANCE IWLAN Controller is defined according to your security needs. The Security mode property dictates how the SCALANCE IWLAN Controller behaves when registering new and unknown devices. For more information, see “Defining Properties for the Discovery Process” on page 3-16.
Working with a Mesh Network Deploying the Mesh System Figure 10-10 Mesh Deployment Note: With the single Mesh VNS, the tree structure for the Mesh deployment will be as depicted on the bottom right of Figure 10-10. You can also implement the same deployment using four Mesh VNSs, each for a set of Wireless APs in the four corners of the building. Each set of Wireless APs will form an isolated topology and will operate using a separate SSID and a separate Pre-shared key.
Working with a Mesh Network Deploying the Mesh System 10-14 • Configure the settings on the Radio configuration page the same for all APs in the Mesh. • Set the Poll Timeout to be at least 60 seconds. 1. From the top menu, click VNS Configuration. The Virtual Network Configuration screen is displayed. 2. In the left pane, expand the WLAN Services pane and select a Mesh service to edit or click the New button. 3. Enter a name for the service in the Name field. 4.
Working with a Mesh Network Deploying the Mesh System 6. To save your changes, click Save. The WLAN configuration window is re-displayed to show additional configuration fields. 7. In the Mesh Pre-shared Key box, type the key. Note: The pre-shared key must be 8 to 63 characters long. The Mesh Wireless APs use this pre-shared key to establish a Mesh link between them Note: Changing the pre-shared key after the Mesh is deployed can be a lengthy process.
Working with a Mesh Network Changing the Pre-shared Key in a Mesh WLAN Service Connecting the Mesh Wireless APs to the Enterprise Network for Provisioning You must connect the Mesh Wireless APs to the enterprise network once more to enable them to obtain their configuration from the SCALANCE IWLAN Controller. The configuration includes the pre-shared key, preferred parent and backup parent. For more information, see Provisioning the Mesh Wireless APs on 10-11.
11 Working with a Wireless Distribution System This chapter describes a Wireless Distribution System (WDS), including: For information about... Refer to page...
Working with a Wireless Distribution System Simple WDS Configuration Simple WDS Configuration In a typical WDS configuration, the Wireless APs are connected to the distribution system via an Ethernet network, which provides connectivity to the SCALANCE IWLAN Controller. However, when a Wireless AP is installed in a remote location and can’t be wired to the distribution system, an intermediate Wireless AP is connected to the distribution system via the Ethernet link.
Working with a Wireless Distribution System Wireless Bridge Configuration The following figure illustrates the Wireless Repeater configuration: Figure 11-2 Wireless Repeater Configuration Root Wireless AP Repeater Wireless AP Wireless Controller Satellite Wireless AP Client Devices Note: You should restrict the number of repeater hops in a Wireless Repeater configuration to three for optimum performance.
Working with a Wireless Distribution System Examples of Deployment Examples of Deployment The following illustration depicts a few examples of WDS deployment. Figure 11-4 Examples of WDS Deployment WDS WLAN Services In a traditional WLAN deployment, each radio of the Wireless AP can interact with the client devices on a maximum of eight networks. In WDS deployment, one of the radios of every WDS Wireless AP establishes a WDS link on an exclusive WLAN Service.
Working with a Wireless Distribution System WDS WLAN Services Figure 11-5 Deployment Example WDS Setup with a Single WDS WLAN Service Deploying the WDS for the above example using a single WDS WLAN Service results in the following structure. The tree will operate as a single WDS entity. It will have a single WDS SSID and a single preshared key for WDS links. This tree will have multiple roots. For more information, see “MultiRoot WDS Topology” on page 11-10. SCALANCE WLC711 User Guide, V8.
Working with a Wireless Distribution System WDS WLAN Services Figure 11-6 WDS Setup with a Single WDS WLAN Service Wireless Controller WDS Setup with Multiple WDS WLAN Services You can also deploy the same WDS in Figure 11-5 using two WDS WLAN Services. The Two WDS WLAN Services will create two independent WDS trees. Both the trees will operate on separate SSIDs and use separate pre-shared keys. 11-6 SCALANCE WLC711 C79000-G8976-C260-03, 07/2012, User Guide, V8.
Working with a Wireless Distribution System Key Features of WDS Figure 11-7 WDS Setup with Multiple WDS WLAN Services Wireless Controller Lancaster Minoru Urso Ion Dove Theodore Client Devices Key Features of WDS Some key features of WDS are: • Tree-like Topology • Radio Channels • Multi-Root WDS Topology • Automatic Discovery of Parent and Backup Parent Wireless APs • Link Security Tree-like Topology The Wireless APs in WDS configuration can be regarded as nodes, and these nodes form a
Working with a Wireless Distribution System Key Features of WDS The nodes in the tree-structure have a parent-child relationship. The Wireless AP that provides the WDS service to the other Wireless APs in the downstream direction is a parent. The Wireless APs that establish a link with the Wireless AP in the upstream direction for WDS service are children. Note: If a parent Wireless AP fails or stops to act a parent, the children Wireless APs will attempt to discover their backup parents.
Working with a Wireless Distribution System Key Features of WDS Figure 11-8 Parent-Child Relationship Between Wireless APs in WDS Configuration Root Wireless AP Wireless Controller Repeater Wireless AP 1 Repeater Wireless AP 2 Satellite Wireless AP 1 Client Devices Satellite Wireless AP 2 Satellite Wireless AP 3 Client Devices The WDS system enables you to configure the Wireless AP’s role — parent, child or both — from the SCALANCE IWLAN Controller’s interface.
Working with a Wireless Distribution System Key Features of WDS Note: When a Wireless AP is connecting to its parent Wireless AP and children APs on the same radio, it uses the same channel for both the connections. Multi-Root WDS Topology A WDS topology can have multiple Root Wireless APs. Figure 11-9 illustrates the multiple-root WDS topology.
Working with a Wireless Distribution System Deploying the WDS System Link Security The WDS link is encrypted using Advance Encryption Standard (AES). Note: The keys for AES are configured prior to deploying the Repeater or Satellite Wireless APs. Deploying the WDS System Before you start configuring the WDS Wireless APs, you must ensure the following: • The Wireless APs that are part of the wired WLAN are connected to the wired network.
Working with a Wireless Distribution System Deploying the WDS System 5. Assigning the Satellite Wireless APs’ radios to the network VNSs. 6. Connecting the WDS Wireless APs to the enterprise network via the Ethernet link for provisioning. For more information, see “Provisioning the WDS Wireless APs” on page 11-11. 7. Disconnecting the WDS Wireless APs from the enterprise network and moving them to the target location.
Working with a Wireless Distribution System Deploying the WDS System • Figure 11-10 The dotted arrows point toward Backup Parents. WDS Deployment Note: With the single WDS VNS, the tree structure for the WDS deployment will be as depicted on the bottom right of Figure 11-10. You can also implement the same deployment using four WDS VNSs, each for a set of Wireless APs in the four corners of the building.
Working with a Wireless Distribution System Deploying the WDS System 5. 11-14 For Service Type, select WDS. SCALANCE WLC711 C79000-G8976-C260-03, 07/2012, User Guide, V8.
Working with a Wireless Distribution System Deploying the WDS System 6. To save your changes, click Save. The WLAN configuration window is re-displayed to show additional configuration fields. 7. In the WDS Pre-shared Key box, type the key. Note: The pre-shared key must be 8 to 63 characters long. The WDS Wireless APs use this pre-shared key to establish a WDS link between them. Note: Changing the pre-shared key after the WDS is deployed can be a lengthy process.
Working with a Wireless Distribution System Deploying the WDS System To configure the WDS as illustrated in Figure 11-10 with a single WDS VNS, you must assign the roles, preferred parents and backup parents to the Wireless APs according to Table 11-1. Table 11-1 Wireless APs and Their Roles Wireless AP Radio b/g Radio a Preferred Parent Backup Parent Ardal Parent Parent See the note below. See the note below. Arthur Parent Parent See the note below. See the note below.
Working with a Wireless Distribution System Deploying the WDS System 9. To save your changes, click Save. Assigning the Satellite Wireless APs’ Radios to the Network WLAN Services You must assign the Satellite Wireless APs’ radios to the network WLAN Services. Note: Network WLAN Services are the typical WLAN Services on which the Wireless APs service the client devices: Routed, Bridge Traffic Locally at WLC, and Bridge Traffic Locally at AP. For more information, see “VNS Global Settings” on page 7-3.
Working with a Wireless Distribution System Deploying the WDS System 3. In the Wireless APs list, select the radios of the Satellite APs — Osborn, Oscar, Orson and Oswald. Note: If you want the Root Wireless AP and the Repeater Wireless APs to service the client devices, you must select their radios in addition to the radios of the Satellite Wireless APs. 4. To save your changes, click Save. 5. Log out from the SCALANCE IWLAN Controller.
Working with a Wireless Distribution System Changing the Pre-shared Key in a WDS WLAN Service Changing the Pre-shared Key in a WDS WLAN Service To Change the Pre-shared Key in a WDS WLAN Service 1. Create a new WDS WLAN Service with a new pre-shared key. 2. Assign the RF of the Wireless APs from the old WDS to the new WDS WLAN Service. 3. Check the WDS Wireless AP Statistics report page to ensure that all the WDS Wireless APs have connected to the SCALANCE IWLAN Controller via the new WDS VNS.
Working with a Wireless Distribution System Changing the Pre-shared Key in a WDS WLAN Service 11-20 SCALANCE WLC711 C79000-G8976-C260-03, 07/2012, User Guide, V8.
12 Availability and Session Availability This chapter describes the availability feature, including: For information about... Refer to page... Availability 12-1 Session Availability 12-9 Viewing SLP Activity 12-19 Viewing SLP Activity 12-19 Availability The SCALANCE IWLAN Controller Software system provides the availability feature to maintain service availability in the event of a SCALANCE IWLAN Controller outage.
Availability and Session Availability The availability feature provides Wireless APs with a list of local active interfaces for the active controller as well as the active interfaces for the backup controller. The list is sorted by top-down priority. If the connection with an active controller link is lost (poll failure), the Wireless AP automatically scans (pings) all addresses in its availability interface list. The Wireless AP then connects to the highest priority interface that responds to its probe.
Availability and Session Availability SCALANCE IWLAN Controller, so that they may re-register with their home SCALANCE IWLAN Controller. Foreign APs can now all be released at once by using the Foreign button on the Access Approval screen to select all foreign APs, and then clicking Release. To support the availability feature during a failover event, you need to do the following: 1.
Availability and Session Availability 3. In the Availability Wizard section, click Start. The Availability Pair Wizard screen is displayed. 4. In the Connection Details section, do the following: 5. – Select Port — Select the port and IP address of the primary controller that is to be used to establish the availability link. – Peer Controller IP — Type the IP address of the peer (secondary) controller.
Availability and Session Availability 7. If you are synchronizing topology definitions, the Topology Definitions screen is displayed. Do the following: a. In the Synchronization Settings section, complete the topology properties that are missing. Any topology that did not already exist on the peer controller will have missing properties on the Topology Definitions screen.
Availability and Session Availability – AP assignment to WLAN Services according to the AP default settings can be overwritten by manually modifying the AP assignment. (For example, select and assign each WLAN service that the AP should connect to.) – If specific foreign APs have been assigned to a WLAN service, those specific foreign AP assignments are used. An alternate method to setting up APs includes: 1. Add each Wireless AP manually to each SCALANCE IWLAN Controller. 2.
Availability and Session Availability 4. 5. Do one of the following: – For a primary controller, in the Wireless IP Address box, type the IP address of the data interface of the secondary SCALANCE IWLAN Controller. This IP address must be on a routable subnet between the two SCALANCE IWLAN Controllers. – For a secondary controller, in the Wireless IP Address box, type the IP address of the Management port or data interface of the primary SCALANCE IWLAN Controller.
Availability and Session Availability Controller's registered Wireless APs will appear as foreign on the other controller in the list of available Wireless APs when configuring a VNS topology. 11. Verify that availability is configured correctly. Verifying Availability To verify that availability is configured correctly: a. From the top menu of either of the two controllers, click Reports. The Available AP Reports screen is displayed. b. From the Reports and Displays menu, click AP Availability.
Availability and Session Availability Session Availability c. Check the statement at the top of the screen. If the statement reads Availability link is up, the availability feature is configured correctly. If the statement reads Availability link is down, check the configuration error logs. For more information on logs, see the SCALANCE WLC711 Maintenance Guide.
Availability and Session Availability Session Availability Figure 12-2 AP Fail Over to 2ndary Controller When Connectivity to Primary Fails The secondary SCALANCE IWLAN Controller does not have to detect its link failure with the primary SCALANCE IWLAN Controller for the session availability to kick in.
Availability and Session Availability Session Availability The following is the traffic flow of the topology illustrated in Figure 12-3: • The Wireless AP establishes the active tunnel to connect to the primary SCALANCE IWLAN Controller. • The SCALANCE IWLAN Controller sends the configuration to the Wireless AP. This configuration also contains the port information of the secondary SCALANCE IWLAN Controller.
Availability and Session Availability Session Availability W Wireless Assistant). 2. After recovery, on the secondary SCALANCE IWLAN Controller, select the foreign Wireless APs, and then click Release on the Access Approval screen. After the Wireless APs are released, they establish the active tunnel to their home controller and backup tunnel to the secondary controller.
Availability and Session Availability Session Availability • Time on all the network elements (both the SCALANCE IWLAN Controllers in availability pair, Wireless APs, DHCP and RADIUS servers etc.) is synchronized. For more information, see “Configuring Network Time” on page 2-49. Note: The fast failover feature works optimally in fast networks (preferably switched networks). To Configure Fast Failover and Enable Session Availability: 1.
Availability and Session Availability Session Availability 7. In the Synchronization Option area, select Synchronize System Configuration. This is a global parameter that enables synchronization of VNS configuration components (topology, policy, WLAN Service, VNS) on both controllers paired for availability and/or fast failover. For more information about synchronization, see “Using the Sync Summary” on page 7-19. 8. Click Save. 9. Set the Wireless APs’ Poll Timeout value for fast failover. a.
Availability and Session Availability Session Availability After you have configured fast failover, you can verify session availability to preserve the user session during the failover. Verifying Session Availability To have session availability, you must ensure the following: • The primary and secondary SCALANCE IWLAN Controllers are properly configured in ‘availability’ mode. For more information, see “Availability” on page 12-1. • The fast failover feature is properly configured.
Availability and Session Availability Session Availability To Verify the Session Availability Feature Is Configured Correctly: 1. 12-16 From the top menu of either of the two controllers, click Reports. The Available AP Reports screen is displayed. SCALANCE WLC711 C79000-G8976-C260-03, 07/2012, User Guide, V8.
Availability and Session Availability Session Availability 2. From the Reports and Displays menu, click Wireless AP Availability. The Wireless Availability Report is displayed. 3. Check the statement at the top of the screen. If the statement reads Availability link is up, the availability feature is configured correctly. If the statement reads Availability link is down, check the configuration error in logs. For more information on logs, see the SCALANCE WLC711 Maintenance Guide.
Availability and Session Availability Session Availability You can verify this by selecting the appropriate tabs and then inspecting the Synchronized flags or by navigating to VNS Configuration > Global > Sync Summary. Configuration synchronization: • VNS configuration related synchronization will be supported with legacy or fast failover availability configuration as long as there is an availability link established.
Availability and Session Availability Viewing SLP Activity Viewing SLP Activity In normal operations, the primary SCALANCE IWLAN Controller registers as an SLP service called ac_manager. The controller service directs the Wireless APs to the appropriate SCALANCE IWLAN Controller. During an outage, if the remaining SCALANCE IWLAN Controller is the secondary controller, it registers as the SLP service ru_manager. To View SLP Activity: 1. From the top menu, click Wireless APs.
Availability and Session Availability Viewing SLP Activity 12-20 SCALANCE WLC711 C79000-G8976-C260-03, 07/2012, User Guide, V8.
13 Configuring Mobility This chapter describes the mobility concept, including: For information about... Refer to page... Mobility Overview 13-1 Mobility Domain Topologies 13-3 Configuring a Mobility Domain 13-4 Mobility Overview The SCALANCE WLC711 system allows up to 12 SCALANCE IWLAN Controllers on a network to discover each other and exchange information about a client session.
Configuring Mobility • Defines the registration behavior for a multi-controller mobility domain set: – Open mode — A new agent is automatically able to register itself with the mobility manager and immediately becomes part of the mobility domain – Secure mode — The mobility manager does not allow a new agent to automatically register. Instead, the connection with the new agent is placed in pending state until the administrator approves the new device.
Configuring Mobility Mobility Domain Topologies Mobility Domain Topologies You can configure a mobility domain in the following scenarios: • Mobility domain without any availability • Mobility domain with availability • Mobility domain with session availability Note: If you are configuring mobility, you must synchronize time on all the SCALANCE IWLAN Controllers that are part of the mobility domain. For more information, see “Configuring Network Time” on page 2-49.
Configuring Mobility Configuring a Mobility Domain • • If a failover takes place, and the user is still associated with Wireless AP1: – The Wireless AP 1 fails over, and establishes an active session with Controller2. – In response to the heart beat message from the mobility manager (Controller3), the Controller2 sends updates to the mobility manager on the failover Wireless AP and its user.
Configuring Mobility Configuring a Mobility Domain 3. To enable mobility for this controller, select the Enable Mobility checkbox. The controller mobility options are displayed. 4. Select the This Wireless Controller is a Mobility Manager option. The mobility manager options are displayed. 5. In the Port drop-down list, select the interface on the SCALANCE IWLAN Controller to be used for the mobility manager process. Ensure that the selected interface’s IP address is routable on the network. 6.
Configuring Mobility Configuring a Mobility Domain 4. Select the This Wireless Controller is a Mobility Agent option. The mobility agent options are displayed. 5. From the Port drop-down list, select the port on the SCALANCE IWLAN Controller to be used for the mobility agent process. Ensure that the port selected is routable on the network. 6.
14 Working with Third-party APs You can set up the SCALANCE IWLAN Controller to handle wireless device traffic from thirdparty APs, while still providing policy and network access control. This process requires the following steps: For information about... Refer to page...
Working with Third-party APs Define Filtering Rules for the Third-party APs 1. Because the third-party APs are mapped to a physical topology, you must define the Exception filters on the physical topology, using the Exception Filters tab. For more information, see “Exception Filtering” on page 4-11. 2. Define filtering rules that allow access to other services and protocols on the network such as HTTP, FTP, telnet, SNMP. 3.
15 Working with the Mitigator This chapter describes Mitigator concepts, including: For information about... Refer to page... Mitigator Overview 15-1 Analysis Engine Overview 15-2 Enabling the Analysis Engine 15-2 Viewing the Mitigator Logs 15-3 Running Mitigator Scans 15-4 Working with Mitigator Scan Results 15-7 Maintaining the Mitigator List of APs 15-14 Viewing the Scanner Status Report 15-14 Mitigator Overview The Mitigator is a mechanism that assists in the detection of rogue APs.
Working with the Mitigator Analysis Engine Overview while the other controllers run data collector functionality. No more than one Analysis Engine can be running at a time. You must ensure that the controllers are all routable. Analysis Engine Overview The Analysis Engine relies on a database of known devices on the SCALANCE WLC711 system. The Analysis Engine compares the data from the RF Data Collector with the database of known devices.
Working with the Mitigator Viewing the Mitigator Logs To Enable the Analysis Engine: 1. From the top menu, click Mitigator. The Mitigator Configuration screen is displayed. 2. Enable the Mitigator Analysis Engine, by selecting the Mitigator Analysis Engine checkbox. Viewing the Mitigator Logs To View Mitigator Logs: 1. From the top menu, click Logs. The Logs & Traces screen is displayed. 2. From the Logs & Traces top menu, click Mitigator: Logs. SCALANCE WLC711 User Guide, V8.
Working with the Mitigator Running Mitigator Scans 3. The Mitigator Logs page is displayed. 4. To filter the log events by severity, Critical, Major, Minor, Info, All, and Trace, click the appropriate log severity. The log messages are displayed in chronological order. 5. To sort the events by Timestamp, Type, Component, or Log Message, click the appropriate column heading. 6. To refresh the Mitigator log screen, click Refresh. 7. To export the Mitigator log screen, click Export.
Working with the Mitigator Running Mitigator Scans To Run the Mitigator Scan Task Mechanism: 1. From the top menu, click Mitigator. The Mitigator screen is displayed. 2. From the left pane, click Scan Groups. SCALANCE WLC711 User Guide, V8.
Working with the Mitigator Running Mitigator Scans 3. Select an existing Scan Group from the list displayed, or click New to create a new scan group. 4. In the Name box, type a unique name for this scan group. 5. In the Wireless APs list, select the checkbox corresponding to the Wireless APs you want included in the new scan group, which will perform the scan function. Note: A Wireless AP can participate in only one Scan Group at a time.
Working with the Mitigator Working with Mitigator Scan Results 9. In the Channel Dwell Time box, type the time (in milliseconds) for the scanner to wait for a response from either 802.11 beacons in passive scanning, or ProbeResponse in active scanning. 10. In the Scan Time Interval box, type the time (in minutes) to define the frequency at which a Wireless AP within the Scan Group will initiate a scan of the RF space. The range is between 10 minutes and 120 minutes. 11.
Working with the Mitigator Working with Mitigator Scan Results 15-8 2. In the left pane, under Mitigator, click Mitigator Information. The Mitigator Reports screen is displayed. 3. To modify the page’s refresh rate, type a time (in seconds) in the Refresh every __ seconds box. 4. Click Apply. The new refresh rate is applied. 5. To view the Rogue Summary report, click Rogue Summary. The Rogue Summary report is displayed in a pop-up window. 6.
Working with the Mitigator Working with Mitigator Scan Results Note: To avoid the Mitigator's database becoming too large, Siemens recommends that you either delete Rogue APs or add them to the Friendly APs list, rather than leaving them in the Rogue list. To View Ad Hoc Devices Scan Results 1. From the top menu, click Reports. 2. In the left pane, under Mitigator, click Mitigator Information. 3. On the Mitigator Report page, click the Ad Hoc Devices tab. The Ad Hoc screen is displayed. 4.
Working with the Mitigator Working with Mitigator Scan Results 3. On the Mitigator Report page, click the External APs tab. The External APs screen is displayed. 4. To refresh the page, click Refresh. 5. To clear all detected rogue devices from the list, click Clear Detected Rogues. To View Interference Threats Scan Results 15-10 1. From the top menu, click Reports. 2. In the left pane, under Mitigator, click Mitigator Information. SCALANCE WLC711 C79000-G8976-C260-03, 07/2012, User Guide, V8.
Working with the Mitigator Working with Mitigator Scan Results 3. On the Mitigator Report page, click the Interference Threats tab. The Interference Threats screen is displayed. 4. To refresh the page, click Refresh. 5. To clear all detected rogue devices from the list, click Clear Detected Rogues. Adding an AP from the Scan Results to the List of Friendly APs To Add an AP from the Mitigator Scan Results to the List of Friendly APs: 1. From the top menu, click Reports. 2.
Working with the Mitigator Working with Mitigator Scan Results 5. To clear all rogue access points from the Mitigator scan results, click Clear Detected Rogues. Note: Only detected rogue APs will be cleared from the list. Other interference threats will remain. Viewing Friendly APs To View the Friendly APs: 1. From the top menu, click Mitigator. The Mitigator screen is displayed. 2. In the left pane, under Maintenance, click Friendly APs. The Friendly APs screen is displayed.
Working with the Mitigator Working with Mitigator Scan Results 3. To add friendly access points manually to the Friendly AP Definitions list, click New.The Edit Friendly AP dialog displays. 4. In the Edit Friendly AP dialog, type the following: 5.
Working with the Mitigator Maintaining the Mitigator List of APs Maintaining the Mitigator List of APs To Maintain the Wireless APs: 1. From the top menu, click Mitigator. The Mitigator screen is displayed. 2. In the left pane, under Maintenance, click Scan APs. The Scan APs screen is displayed. 3. Select the applicable APs. 4. To delete the selected APs, click Delete marked APs Note: The selected APs are deleted from the Mitigator database, not from the SCALANCE IWLAN Controller database.
Working with the Mitigator Viewing the Scanner Status Report 2. In the left pane, under Mitigator, click Data Collection Engine Status. The Mitigator Data Collection Engine Status screen is displayed. The boxes display the IP address of the Data Collector engine. The status of the Data Collector engine is indicated by one of the following colors: • Green — The Analysis Engine has connection with the Data Collector on that SCALANCE IWLAN Controller.
Working with the Mitigator Viewing the Scanner Status Report 15-16 SCALANCE WLC711 C79000-G8976-C260-03, 07/2012, User Guide, V8.
16 Working with Reports and Statistics This chapter describes the various reports and statistics available in the SCALANCE WLC711 system. For information about... Refer to page...
Working with Reports and Statistics Viewing AP Reports and Statistics Viewing AP Reports and Statistics To View AP Reports and Statistics: 1. From the top menu, click Reports. The Available AP Reports screen is displayed.
Working with Reports and Statistics Viewing AP Reports and Statistics • Active Clients by VNS • All Active Clients You can also use the Select All and Deselect All buttons for selecting the active Wireless APs on those displays. To View Active Wireless APs 1. From the top menu, click Reports. The Available AP Reports screen is displayed. 2. Click the Active APs display option. The Active Wireless APs display opens in a new browser window. Note: Statistics are expressed in respect to the AP.
Working with Reports and Statistics Viewing AP Reports and Statistics 2. Click the Wired Ethernet Statistics display option. The Wired Ethernet Statistics by Wireless APs display opens in a new browser window. 3. In the Wired Ethernet Statistics by Wireless APs display, click a registered Wireless AP to display its information. To View Wireless Statistics: 16-4 1. From the top menu, click Reports. The Available AP Reports screen is displayed. 2. Click the Wireless Statistics display option.
Working with Reports and Statistics Viewing AP Reports and Statistics 3. In the Wireless Statistics by Wireless APs display, click a registered Wireless AP to display its information. 4. Click the appropriate tab to display information for each Radio on the Wireless AP To View Admission Control Statistics by Wireless AP: 1. From the top menu, click Reports. The Available AP Reports screen is displayed. 2. Click the Admission Control Statistics display option.
Working with Reports and Statistics Viewing AP Reports and Statistics 2. From the Available AP Reports screen, click Mesh Statistics. The Mesh Statistics display opens in a new browser window. Note: The Rx RSS value on the Mesh Statistics display represents the received signal strength (in dBm). Viewing Load Balance Group Statistics The Active Wireless Load Groups report lists all load groups, and for the selected load group, all active AP radios. To View the Active Wireless Load Groups Report: 1.
Working with Reports and Statistics Viewing AP Reports and Statistics • The label, Foreign or Local, indicates whether the Wireless AP is local or foreign on the SCALANCE IWLAN Controller. • The color in the upper pane of the box represents the state of the tunnel that is established to the current SCALANCE IWLAN Controller. Note: The current SCALANCE IWLAN Controller is the one on which the Wireless AP Availability report is viewed.
Working with Reports and Statistics Viewing AP Reports and Statistics The following is an example of the Wireless AP Inventory report: Table 16-1 lists the column names and abbreviations found in the AP Inventory report: Table 16-1 16-8 AP Inventory Report Columns Column Name Description Topology Ethernet port and associated IP address of the interface on the SCALANCE IWLAN Controller through which the Wireless AP communicates. HW Hardware version of the Wireless AP.
Working with Reports and Statistics Viewing AP Reports and Statistics Table 16-1 AP Inventory Report Columns (continued) Column Name Description Ra 802.11a radio. The data entry for an Wireless AP indicates whether the a radio is on or off. Rb 802.11b protocol enabled. Possible values are on or off. Rg 802.11g protocol enabled. Possible values are on or off. Rn 802.11n protocol enabled. Possible values are on or off.
Working with Reports and Statistics Viewing AP Reports and Statistics Table 16-1 AP Inventory Report Columns (continued) Column Name Description IP Address Wireless AP's IP address if statically configured (same as the Static Values radio button on the AP Static Configuration screen). Netmask If the Wireless AP's IP address is configured statically, the net mask that is statically configured for the Wireless AP.
Working with Reports and Statistics Viewing AP Reports and Statistics About Client Balancing Statistics Reports In a client balancing/load control statistics report, the statistics reported for each client balancing load balance group are: • Members — Number of radio members • Clients — Total number of clients for all radio members • Average Load — Average load for the group The reported average load may not be correct in a failover situation.
Working with Reports and Statistics Viewing Active Clients Load balance group statistics are reported on the foreign controller when APs fail over with load groups from a different controller indicated with an “(F)” following the load group name. Viewing Active Clients 1. From the top menu, click Reports. The Available AP Reports screen is displayed. 2. In the left pane, click Clients. 3. Under Available Active Clients Reports, click By AP.
Working with Reports and Statistics Viewing Policy Filter Statistics 5. Under Available Active Clients Reports, click All Active Clients. The All Active Clients display opens in a new browser window. Viewing Policy Filter Statistics 1. From the top menu, click Reports. The Available AP Reports screen is displayed. 2. In the left pane, click Filter Statistics. 3. Under Available Filter Statistics Reports, click Policy Filter Statistics.
Working with Reports and Statistics Viewing Topology Statistics 4. – Statistics are expressed in respect to the AP. Therefore, Packets Allowed indicates the packets the AP has received from a client and Packets Denied indicates the packets the AP has rejected. – A client is displayed as soon as the client connects (or after a refresh of the screen). The client disappears as soon as it times out. Under Available Filter Statistics Reports, click Topology Filter Statistics.
Working with Reports and Statistics Viewing Topology Statistics 3. Under Available Topology Reports, click Topology Statistics. The Topology Statistics display opens in a new browser window. 4. Under Available Topology Reports, click RADIUS Statistics. The RADIUS Statistics display opens in a new browser window. SCALANCE WLC711 User Guide, V8.
Working with Reports and Statistics Viewing Mobility Reports 5. Under Available Topology Reports, click WLC Port Statistics. The WLC Port Statistics display opens in a new browser window. – Statistics are expressed in respect to the AP. Therefore, Frames Sent indicates packets sent to the AP from a client and Frames Received indicates the packets received from the AP.
Working with Reports and Statistics Viewing Mobility Reports Note: The Client Location in Mobility Zone and Mobility Tunnel Matrix displays only appear if the mobility manager function has been enabled for the controller. Otherwise, the Agent Mobility Tunnel Matrix display is listed. To View Mobility Manager Displays: 1. From the top menu, click Reports. The Available AP Reports screen is displayed. 2. In the left pane, click Mobility. 3.
Working with Reports and Statistics Viewing Mobility Reports Client Location in Mobility Zone You can do the following: • Sort this display by home or foreign controller • Search for a client by MAC address, user name, or IP address, and typing the search criteria in the box • Define the refresh rates for this display • Export this information as an xml file Mobility Tunnel Matrix • Provides connectivity matrix of mobility state • Provides a view of: – Tunnel state – If a tunnel between contr
Working with Reports and Statistics Viewing Controller Status Information Viewing Controller Status Information External Connection Statistics— Displays connection information including security level. System Information — Displays system information including memory usage and CPU and board temperatures. Manufacturing Information — Displays manufacturing information including the card serial number and CPU type and frequency. To View System Information: 1. From the top menu, click Reports.
Working with Reports and Statistics Viewing Routing Protocol Reports 3. Click the Manufacturing Information display option. The Manufacturing Information display opens in a new browser window. Viewing Routing Protocol Reports The following reports are available in the SCALANCE WLC711 system: • Forwarding Table — Displays the defined routes, whether static or OSPF, and their current status. • OSPF Neighbor — Displays the current neighbors for OSPF (routers that have interfaces to a common network).
Working with Reports and Statistics Call Detail Records (CDRs) 3. Click the appropriate Routing Protocol Report: The following is an example of a Forwarding Table report: Note: If you open only automatically refreshed reports, the Web management session timer will not be updated or reset. Your session will eventually time out. To Export and Save a Report in XML: 1. On the report screen, click Export. A Windows File Download dialog is displayed. 2. Click Save. A Windows Save As dialog is displayed.
Working with Reports and Statistics Call Detail Records (CDRs) the CDR file is uploaded to a remote server, you can work with the file to view CDRs or import the records to a reporting tool. You can back up and upload the file on the remote server either via the SCALANCE IWLAN Assistant (GUI) or CLI. CDR File Naming Convention CDRs are written to a file on the SCALANCE IWLAN Controller. The filename is based on the creation time of the CDR file with the following format: YYYYMMDDhhmmss.
Working with Reports and Statistics Call Detail Records (CDRs) Table 16-2 CDR Records and Their Description CDR Records Description Acct-Session-ID A unique CDR ID User-Name The name of the user, who was authenticated. Filter-ID The name of the filter list for the user. Acct-Interim-Interval The number of seconds between interim accounting updates. Session-Timeout The maximum number of seconds of service to be provided to the user before termination of the session.
Working with Reports and Statistics Call Detail Records (CDRs) Table 16-2 CDR Records and Their Description (continued) CDR Records Description Acct-Terminate-Cause Indicates how the session was terminated. The field displays one of the following values: • 1 — User Request 4 — Idle Timeout • 5 — Session Timeout • 6 — Admin Reset • 11 — NAS Reboot • 16 — Callback • 17 — User Error Authenticated_time Indicates the time at which the client was authenticated.
Working with Reports and Statistics Call Detail Records (CDRs) 3. Click the Backup tab. 4. From the Select what to backup drop-down menu, click CDRs only, and then click Backup Now. The following window displays the backup status. 5. To close the window, click Close. The backed up file is displayed in the Available Backups box. Note: The .work and .dat files are zipped into a single file. SCALANCE WLC711 User Guide, V8.
Working with Reports and Statistics Call Detail Records (CDRs) 6. To upload a backup, in the Upload Backup section, do the following: – Protocol — Select the file transfer protocol you want to use to upload the backup file, SCP or FTP. – Server — Type the IP address of the server where the backup will be stored. Note: The Server Address field supports both IPv4 and IPv6 addresses. – User ID — Type the user ID to log in to the server. – Password — The password to log in to the server.
17 Performing System Administration This chapter describes system administration processes, including: For information about... Refer to page... Performing Wireless AP Client Management 17-1 Defining SCALANCE W Wireless Assistant Administrators and Login Groups 17-5 Performing Wireless AP Client Management There are times when for business, service, or security reasons you want to cut the connection with a particular wireless device.
Performing System Administration 2. In the left pane, click Client Management. The Disassociate tab is displayed. 3. In the Select AP list, click the AP that is connected to the client that you want to disassociate. 4. In the Select Client(s) list, select the checkbox next to the client you want to disassociate.
Performing System Administration 2. In the left pane, click Client Management. The Disassociate tab is displayed. 3. In the Select AP list, click the AP that is connected to the client that you want to blacklist. 4. In the Select Client(s) list, select the checkbox next to the client you want to blacklist, if applicable.
Performing System Administration 3. Click the Whitelist/Blacklist tab. 4. To add a new MAC address to the blacklist, in the MAC Address box type the client’s MAC address. 5. Click Add. The client is displayed in the MAC Addresses list. Note: You can use the Select All or Clear All buttons to help you select multiple clients. 6. To save your changes, click Save. To Clear an Address from the Blacklist: 1. From the top menu, click Wireless APs. The Wireless AP Configuration screen is displayed. 2.
Performing System Administration Defining SCALANCE W Wireless Assistant Administrators and Login Groups 2. In the left pane, click Client Management. The Disassociate tab is displayed. 3. Click the Whitelist/Blacklist tab. 4. Click Browse and navigate to the file of MAC addresses you want to import and add to the blacklist. 5. Click the file, and then click Import. The list of MAC addresses is imported. To Export a List of MAC Addresses for the Blacklist: 1. From the top menu, click Wireless APs.
Performing System Administration Defining SCALANCE W Wireless Assistant Administrators and Login Groups 2. In the left pane, click Login Management. The Local Authentication tab is displayed. 3. In the Group drop-down list, click one of the following: – Full Administrator — Users assigned to this login group have full administrator access rights on the SCALANCE IWLAN Controller. Full administrators can manage GuestPortal user accounts.
Performing System Administration Defining SCALANCE W Wireless Assistant Administrators and Login Groups 2. In the left pane, click Login Management. The Local Authentication tab is displayed. 3. Click the user whose password you want to modify. 4. In the Password box, type the new password for the user. 5. In the Confirm Password, re-type the new password. 6. To change the password, click Change Password. To Remove a SCALANCE IWLAN Controller Administrator: 1.
Performing System Administration Defining SCALANCE W Wireless Assistant Administrators and Login Groups 17-8 SCALANCE WLC711 C79000-G8976-C260-03, 07/2012, User Guide, V8.
18 Logs, Traces, Audits and DHCP Messages This chapter describes SCALANCE IWLAN Controller logs, traces, audits, and DHCP messages, including: For information about... Refer to page...
Logs, Traces, Audits and DHCP Messages Working with Logs Working with Logs The log messages contain the time of event, severity, source component, and any details generated by the source component.
Logs, Traces, Audits and DHCP Messages Working with Logs 2. Click the WLC: Events tab. The SCALANCE IWLAN Controller log screen is displayed and the events are displayed in chronological order. 3. To sort the events by Timestamp, Type, or Component, click the appropriate column heading. 4. To filter the events by severity, Critical, Major, Minor, Info, and All, click the appropriate log severity. 5. To refresh the SCALANCE IWLAN Controller log screen, click Refresh. 6.
Logs, Traces, Audits and DHCP Messages Working with Logs 3. In the Wireless AP list, click a Wireless AP to view the log events for that particular Wireless AP. 4. To sort the events by WLC time or Sev (Severity), click the appropriate column heading. 5. To filter the events by severity, Critical, Major, Minor, Information, and All, click the appropriate log severity. 6. To refresh the SCALANCE IWLAN Controller log screen, click Refresh. 7.
Logs, Traces, Audits and DHCP Messages Working with Logs 2. Click the Login tab. The Login screen is displayed and the login events are displayed in chronological order. 3. To refresh the Login screen, click Refresh. Working with GuestPortal Login Logs To View GuestPortal Login Logs: 1. From the top menu, click Logs. The Logs & Traces screen is displayed. 2. Click the Login tab. The Login screen is displayed and the login events are displayed in chronological order. SCALANCE WLC711 User Guide, V8.
Logs, Traces, Audits and DHCP Messages Working with Logs 3. Click GuestPortal. The GuestPortal login events are displayed in chronological order. 4. To export the GuestPortal log information, click Export. The File Download dialog is displayed. 5. Do one of the following: – To open the log file, click Open. – To save the log file, click Save, and then navigate to the directory location you want to save the file. Click Save.
Logs, Traces, Audits and DHCP Messages Working with Logs 3. Click the Tech Support button at the bottom of the page. The Generate Tech Support File screen is displayed. 4. Select the parameters for the tech support file: – Wireless Controller – Wireless AP – Logs – All – No Stats – If Wireless AP is selected, select this checkbox to include or exclude Wireless AP statistics in the tech support file. 5. Click Generate New Tech Support File.
Logs, Traces, Audits and DHCP Messages Viewing Wireless AP Traces 4. Click List All Tech Support Files. 5. In the drop-down list, click the tech support file you want to delete. The tech support file is deleted. 6. Click Close. Viewing Wireless AP Traces To View Wireless AP Traces: 1. From the top menu, click Logs. The Logs & Traces screen is displayed. 2. Click the AP: Traces tab. The Wireless AP trace screen is displayed.
Logs, Traces, Audits and DHCP Messages Viewing Audit Messages - Retrieve Traces – Click to view the available configuration traces in the Trace Log Output section. b. Collect traces for: Debug info – Select to collect trace debug information. c. - Start/Stop Tracing – Click to start or stop the collection of traces. - Retrieve Traces – Click to view the available debug traces in the Trace Log Output section. Collect traces for: Reports – Select to view available crash files.
Logs, Traces, Audits and DHCP Messages Viewing the DHCP Messages 2. Click the Audit: UI tab. The audit screen is displayed and the events are displayed in chronological order. 3. To sort the events by Timestamp, User, Section, or Page, click the appropriate column heading. 4. To refresh the audit screen, click Refresh. 5. To export the audit screen, click Export. The File Download dialog is displayed. 6. Do one of the following: – To open the audit file, click Open.
Logs, Traces, Audits and DHCP Messages Viewing the NTP Messages 2. Click the Service: DHCP tab. The DHCP message screen is displayed and the events are displayed in chronological order. 3. To sort the events by timestamp, click Timestamp. 4. To refresh the DHCP message screen, click Refresh. Viewing the NTP Messages To View NTP Messages: 1. From the top menu, click Logs. The Logs & Traces screen is displayed. SCALANCE WLC711 User Guide, V8.
Logs, Traces, Audits and DHCP Messages Viewing Software Upgrade Messages 2. Click the Service: NTP tab. The NTP message screen is displayed and the events are displayed in chronological order. 3. To sort the events by timestamp, click Timestamp. 4. To refresh the NTP message screen, click Refresh. Viewing Software Upgrade Messages The S/W Upgrade tab displays the most recent upgrade actions, either success or failure, and the operating system patch history.
Logs, Traces, Audits and DHCP Messages Viewing Configuration Restore/Import Messages 2. Click the S/W Upgrade tab. The software upgrade message screen is displayed. 3. Do the following: – To view software upgrade messages, click Detail. – To view the operating system history, click History. 4. To refresh the screen, click Refresh. 5. To export the software upgrade messages or operating system history, click Export. The File Download dialog is displayed. 6.
Logs, Traces, Audits and DHCP Messages Viewing Configuration Restore/Import Messages 18-14 2. Click the Restore/Import tab. The restore/import message screen is displayed. 3. To refresh the restore/import message screen, click Refresh. 4. To export the restore/import message screen, click Export. The File Download dialog is displayed. 5. Do one of the following: – To open the file, click Open. – To save the file, click Save, and then navigate to the directory location you want to save the file.
19 Working with GuestPortal Administration This chapter describes GuestPortal administration, including: For information about... Refer to page...
Working with GuestPortal Administration Adding New Guest Accounts Adding New Guest Accounts To Add a New Guest Account: 1. Do one of the following: – If you have GuestPortal Manager rights, log onto the SCALANCE IWLAN Controller. – If you have full administrator rights: (1) From the top menu, click VNS Configuration. The Virtual Network Configuration screen is displayed.
Working with GuestPortal Administration Adding New Guest Accounts 2. In the Account Management section, click Add Guest Account. The Add Guest User screen is displayed. 3. To enable the new guest account, select the Enabled checkbox. For more information, see “Enabling or Disabling Guest Accounts” on page 19-4. 4. In the Credentials section, do the following: – User Name — Type a user name for the person who will use this guest account.
Working with GuestPortal Administration Enabling or Disabling Guest Accounts Enabling or Disabling Guest Accounts A guest account must be enabled in order for a wireless device user to use the guest account to obtain guest network services. When a guest account is disabled, it remains in the database. A disabled guest account cannot provide access to the network. To Enable or Disable Guest Accounts: 1.
Working with GuestPortal Administration Editing Guest Accounts 3. In the Account Enable/Disable section, click Enable Selected Accounts or Disable Selected Accounts accordingly. A dialog is displayed requesting you to confirm your selection. 4. Click Ok. A confirmation message is displayed in the GuestPortal Guest Administration screen footer. Editing Guest Accounts An already existing guest account can be edited. To Edit a Guest Account: 1.
Working with GuestPortal Administration Removing Guest Accounts 2. In the guest account list, select the checkbox next to the user name of the guest account that you want to edit. 3. In the Account Management section, click Edit Selected Accounts. The Edit Guest User screen is displayed. 4. Edit the guest account accordingly. For more information on guest account properties, see “Adding New Guest Accounts” on page 19-2. 5. To save your changes, click OK.
Working with GuestPortal Administration Importing and Exporting a Guest File The GuestPortal Guest Administration screen is displayed. 2. In the guest account list, select the checkbox next to the user name of the guest account that you want to remove. 3. In the Account Management section, click Remove Selected Accounts. A dialog is displayed requesting you to confirm your removal. 4. Click OK. A confirmation message is displayed in the GuestPortal Guest Administration screen footer.
Working with GuestPortal Administration Importing and Exporting a Guest File Table 19-1 Guest Account Import and Export .
Working with GuestPortal Administration Importing and Exporting a Guest File The GuestPortal Guest Administration screen is displayed. 2. In the File Management section, click Export Guest File. A File Download dialog is displayed. 3. Click Save. The Save As dialog is displayed. 4. Name the guest file, and then navigate to the location where you want to save the file. By default, the exported guest file is named exportguest.csv. 5. Click Save.
Working with GuestPortal Administration Viewing and Printing a GuestPortal Account Ticket The GuestPortal Guest Administration screen is displayed. 2. In the File Management section, click Import Guest File. The Import Guest File dialog is displayed. 3. Click Browse to navigate to the location of the .csv guest file that you want to import, and then click Open. 4. Click Import. The file is imported and a confirmation message is displayed in the Import Guest File dialog. 5. Click Close.
Working with GuestPortal Administration Viewing and Printing a GuestPortal Account Ticket To View Print a GuestPortal Account Ticket: 1. Do one of the following: – If you have GuestPortal Manager rights, log onto the SCALANCE IWLAN Controller. – If you have full administrator rights: (1) From the top menu, click VNS Configuration. The Virtual Network Configuration screen is displayed.
Working with GuestPortal Administration Working with the GuestPortal Ticket Page 3. Click Print. The Print dialog is displayed. 4. Click Print. Note: The default GuestPortal ticket page uses placeholder tags. For more information, see Appendix B, Default GuestPortal Source Code.
Working with GuestPortal Administration Configuring Web Session Timeouts Activating a GuestPortal Ticket Page To Activate a GuestPortal Ticket Page: 1. From the top menu, click VNS Configuration. The Virtual Network Configuration screen is displayed. 2. In the left pane, expand the WLAN Services pane, click the dedicated WLAN Service that provides the temporary guest network services. The WLAN Services configuration window for that service displays. 3.
Working with GuestPortal Administration Configuring Web Session Timeouts 2. In the left pane, click Web Settings The Wireless Controller Web Management Settings screen is displayed. 3. In the Web Session Timeout box, type the time period to allow the Web session to remain inactive before it times out. This can be entered as hour:minutes, or as minutes. The range is 1 minute to 168 hours. 4.
A Glossary For information about... Refer to page... Networking Terms and Abbreviations A-1 Wireless Controller Terms and Abbreviations A-15 Networking Terms and Abbreviations Table A-1 Networking Terms and Abbreviations Term Explanation AAA Authentication, Authorization and Accounting. A system in IP-based networking to control what computer resources users have access to and to keep track of the activity of users over a network.
Glossary Table A-1 Networking Terms and Abbreviations (continued) Term Explanation asynchronous Asynchronous transmission mode (ATM). A start/stop transmission in which each character is preceded by a start signal and followed by one or more stop signals. A variable time interval can exist between characters. ATM is the preferred technology for the transfer of images. BSS Basic Service Set. A wireless topology consisting of one Access Point connected to a wired network and a set of wireless devices.
Glossary Table A-1 Networking Terms and Abbreviations (continued) Term Explanation DHCP Dynamic Host Configuration Protocol. A protocol for assigning dynamic IP addresses to devices on a network. With dynamic addressing, a device can have a different IP address every time it connects to the network. In some systems, the device's IP address can even change while it is still connected. DHCP also supports a mix of static and dynamic IP addresses.
Glossary Table A-1 Networking Terms and Abbreviations (continued) Term Explanation EAP-TLS EAP-TTLS EAP-TLS Extensible Authentication Protocol - Transport Layer Security. A general protocol for authentication that also supports multiple authentication methods, such as token cards, Kerberos, one-time passwords, certificates, public key authentication and smart cards. IEEE 802.1x specifies how EAP should be encapsulated in LAN frames.
Glossary Table A-1 Networking Terms and Abbreviations (continued) Term Explanation Gigabit Ethernet The high data rate of the Ethernet standard, supporting data rates of 1 gigabit (1,000 megabits) per second. GUI Graphical User Interface Heartbeat message A heartbeat message is a UDP data packet used to monitor a data connection, polling to see if the connection is still alive. In general terms, a heartbeat is a signal emitted at regular intervals by software to demonstrate that it is still alive.
Glossary Table A-1 Networking Terms and Abbreviations (continued) Term Explanation IP Internet Protocol is the method or protocol by which data is sent from one computer to another on the Internet. Each computer (host) on the Internet has at least one IP address that uniquely identifies it. Internet Protocol specifies the format of packets, also called datagrams, and the addressing scheme.
Glossary Table A-1 Networking Terms and Abbreviations (continued) Term Explanation MIB Management Information Base is a formal description of a set of network objects that can be managed using the Simple Network Management Protocol (SNMP). The format of the MIB is defined as part of the SNMP. A MIB is a collection of definitions defining the properties of a managed object within a device. Every managed device keeps a database of values for each of the definitions written in the MIB.
Glossary Table A-1 Networking Terms and Abbreviations (continued) Term Explanation OFDM Orthogonal frequency division multiplexing, a method of digital modulation in which a signal is split into several narrowband channels at different frequencies. OFDM is similar to conventional frequency division multiplexing (FDM). The difference lies in the way in which the signals are modulated and demodulated.
Glossary Table A-1 Networking Terms and Abbreviations (continued) Term Explanation PDU Protocol Data Unit. A data object exchanged by protocol machines (such as management stations, SMUX peers, and SNMP agents) and consisting of both protocol control information and user data. PDU is sometimes used as a synonym for “packet''. PEAP PEAP (Protected Extensible Authentication Protocol) is an IETF draft standard to authenticate wireless LAN clients without requiring them to have certificates.
Glossary Table A-1 Networking Terms and Abbreviations (continued) Term Explanation Roaming In 802.11, roaming occurs when a wireless device (a station) moves from one Access Point to another (or BSS to another) in the same Extended Service Set (ESS) -identified by its SSID. RP-SMA Reverse Polarity-Subminiature version A, a type of connector used with wireless antennas RSN Robust Security Network. A new standard within IEEE 802.11 to provide security and privacy mechanisms.
Glossary Table A-1 Networking Terms and Abbreviations (continued) Term Explanation SSH Secure Shell, sometimes known as Secure Socket Shell, is a Unix-based command interface and protocol for securely getting access to a remote computer. SSH is a suite of three utilities - slogin, ssh, and scp - secure versions of the earlier UNIX utilities, rlogin, rsh, and rcp.
Glossary Table A-1 Networking Terms and Abbreviations (continued) Term Explanation TCP / IP Transmission Control Protocol. TCP, together with IP (Internet Protocol), is the basic communication language or protocol of the Internet. Transmission Control Protocol manages the assembling of a message or file into smaller packets that are transmitted over the Internet and received by a TCP layer that reassembles the packets into the original message.
Glossary Table A-1 Networking Terms and Abbreviations (continued) Term Explanation URL Uniform Resource Locator. the unique global address of resources or files on the World Wide Web. The URL contains the name of the protocol to be used to access the file resource, the IP address or the domain name of the computer where the resource is located, and a pathname -- a hierarchical description that specifies the location of a file in that computer. VLAN Virtual Local Area Network.
Glossary Table A-1 Networking Terms and Abbreviations (continued) Term Explanation WMM Wi-Fi Multimedia (WMM), a Wi-Fi Alliance certified standard that provides multimedia enhancements for Wi-Fi networks that improve the user experience for audio, video, and voice applications. This standard is compliant with the IEEE 802.11e Quality of Service (QoS) extensions for 802.11 networks. WMM provides prioritized media access by shortening the time between transmitting packets for higher priority traffic.
Glossary Wireless Controller Terms and Abbreviations Wireless Controller Terms and Abbreviations Table A-2 Wireless Controller Terms and Abbreviations Term Explanation DRM (dynamic radio/RF management) Dynamic Radio Management (DRM) functionality of the SCALANCE IWLAN Controller is used to help establish the optimum radio configuration for your Wireless APs. DRM is enabled by default.
Glossary Wireless Controller Terms and Abbreviations Table A-2 Wireless Controller Terms and Abbreviations (continued) Term Explanation Virtual Network Services (VNS) The Virtual Network Services (VNS) technique is Siemenss means of mapping wireless networks to the topology of an existing wired network. When you set up Virtual Network Services (VNS) on the SCALANCE IWLAN Controller, you are defining subnets for groups of wireless users.
B Default GuestPortal Source Code For information about... Refer to page...
Default GuestPortal Source Code Table B-1 Default GuestPortal Ticket Page Template Placeholders (continued) Placeholder tag Description !UserID User ID for the guest !Password Password for the guest !SSID SSID to connect to !AccountActivationTime Account available time !AccountLifeTime Account life time Default GuestPortal Ticket Page Source Code Note: The GuestPortal account information placeholders used in the html code are preceded by the ! character.
Default GuestPortal Source Code
| Account Start: | !AccountActivationTime |
| Duration: | !AccountLifeTime |
| Valid Daily Login Time: | !TimeOfDayStart -- !TimeOfDayDuration |
| Comment: | !GuestComment |
System RDefault GuestPortal Source Code GuestPortal Sample Header Page
