Dell W-3600 User manual

Dell PowerConnect W-Series

ArubaOS 6.2

User Guide

0510956-01 | February 2013 2

Copyright Information

®

, Aruba

Wireless Networks

®

, the registered Aruba the Mobile Edge Company logo, and Aruba Mobility Management

System

®

. Dell™, the DELL™ logo, and PowerConnect™ are trademarks of Dell Inc.

Originated in the USA. All other trademarks are the property of their respective owners.

Open Source Code

Certain Aruba products include Open Source software code developed by third parties, including software code

subject to the GNU General Public License (GPL), GNU Lesser General Public License (LGPL), or other Open

used can be found at this site:

http://www.arubanetworks.com/open_source

Legal Notice

The use of Aruba Networks, Inc. switching platforms and software, by all individuals or corporations, to terminate

other vendors’ VPN client devices constitutes complete acceptance of liability by that individual or corporation for

this action and indemnifies, in full, Aruba Networks, Inc. from any and all legal actions that might be taken against it

with respect to infringement of copyright on behalf of those vendors

Dell PowerConnect W-Series ArubaOS 6.2 | User Guide Contents | 3

Contents

Copyright Information

2

Open Source Code

2

Legal Notice

2

Contents

3

About this Guide

61

What’s New In ArubaOS 6.2

61

Fundamentals

63

WebUI

63

CLI

63

Related Documents

64

Conventions

64

The Basic User-Centric Networks

66

Understanding Basic Deployment and Configuration Tasks

66

Deployment Scenario #1: Controller and APs on Same Subnet

66

Deployment Scenario #2: APs All on One Subnet Different from Controller Subnet

67

Deployment Scenario #3: APs on Multiple Different Subnets from Controllers

68

Configuring the Controller

69

Running Initial Setup

69

Connecting to the Controller after Initial Setup

70

Dell W-7200 Series Controller

70

New Port Numbering Scheme

70

Individual Port Behavior

70

Using the LCD Screen

70

Using the LCD and USB Drive

72

Upgrading an Image

72

Uploading a Pre-saved Configuration

72

Disabling LCD Menu Functions

73

4 | Contents Dell PowerConnect W-Series ArubaOS 6.2 | User Guide

Configuring a VLAN to Connect to the Network

73

Creating, Updating, and Viewing VLANs and Associated IDs

74

Creating, Updating, and Deleting VLAN Pools

74

Assigning and Configuring the Trunk Port

74

In the WebUI

75

In the CLI

75

Configuring the Default Gateway

75

In the WebUI

75

In the CLI

75

Configuring the Loopback IP Address for the Controller

75

In the WebUI

76

In the CLI

76

Configuring the System Clock

76

Installing Licenses

77

Connecting the Controller to the Network

77

Enabling Wireless Connectivity

77

Configuring Your User-Centric Network

77

Control Plane Security

79

Control Plane Security Overview

80

Configuring Control Plane Security

80

In the WebUI

80

In the CLI

81

Managing AP Whitelists

82

Adding APs to the Campus and Remote AP Whitelists

82

Viewing Whitelist Status

83

Modifying an AP in the Campus AP Whitelist

85

Revoking an AP via the Campus AP Whitelist

86

Deleting an AP Entry from the Campus AP Whitelist

86

Purging the Campus AP Whitelist

86

Managing Whitelists on Master and Local Controllers

87

Campus AP Whitelist Synchronization

88

Viewing and Managing the Master or Local Switch Whitelists

88

Viewing the Master or Local Switch Whitelist

88

Deleting an Entry from the Master or Local Switch Whitelist

89

Purging the Master or Local Switch Whitelist

90

Working in Environments with Multiple Master Controllers

90

Configuring Networks with a Backup Master Controller

90

Configuring Networks with Clusters of Master Controllers

90

Creating a Cluster Root

91

Creating a Cluster Member

92

Viewing Controller Cluster Settings

92

Replacing a Controller on a Multi-Controller Network

93

Replacing Controllers in a Single Master Network

93

Replacing a Local Controller

93

Replacing a Master Controllerwith No Backup

94

Replacing a Redundant Master Controller

94

Replacing Controllers in a Multi-Master Network

95

Replacing a Local Controller in a Multi-Master Network

95

Replacing a Cluster Member Controller with no Backup

95

Replacing a Redundant Cluster Member Controller

95

Replacing a Cluster Root Controller with no Backup Controller

96

Replacing a Redundant Cluster Root Controller

96

Configuring Control Plane Security after Upgrading

97

Troubleshooting Control Plane Security

97

Identifying Certificate Problems

97

Verifying Certificates

98

Disabling Control Plane Security

98

Verifying Whitelist Synchronization

98

Supported APs

99

Rogue APs

99

Software Licenses

100

Understanding License Terminology

100

Working with Licenses

101

Working with Licenses on a Multiple Controller Network

102

Dell PowerConnect W-Series ArubaOS 6.2 | User Guide Contents | 5

6 | Contents Dell PowerConnect W-Series ArubaOS 6.2 | User Guide

Using Licenses

102

Understanding License Interaction

103

License Installation Best Practices and Exceptions

104

Installing a License

104

Enabling a new license on your controller

104

Requesting a Software License in Email

105

Locating the System Serial Number

105

Obtaining a Software License Key

105

Creating a Software License Key

105

Applying the Software License Key in the WebUI

106

Applying the Software License Key in the License Wizard

106

Deleting a License

106

Moving Licenses

106

Resetting the Controller

106

Network Configuration Parameters

108

Configuring VLANs

108

Creating and Updating VLANs

108

In the WebUI

108

In the CLI

109

Creating Bulk VLANs In the WebUI

109

In the CLI

109

Creating Named VLANs

109

Creating a Named VLAN not in a Pool

109

In the WebUI

109

In the CLI

110

Creating a VLAN Pool

110

Using the WebUI

110

Distinguishing Between Even and Hash Assignment Types

111

Updating a VLAN Pool

112

Deleting a VLAN Pool

112

Creating a VLAN Pool Using the CLI

112

Viewing and Adding VLAN IDs Using the CLI

112

Adding a Bandwidth Contract to the VLAN

113

Optimizing VLAN Broadcast and Multicast Traffic

113

Using the CLI

114

Using the WebUI

114

Configuring Ports

114

Classifying Traffic as Trusted or Untrusted

115

About Trusted and Untrusted Physical Ports

115

About Trusted and Untrusted VLANs

115

Configuring Trusted/Untrusted Ports and VLANs

115

In the WebUI

115

In the CLI

116

Configuring Trusted and Untrusted Ports and VLANs in Trunk Mode

116

In the WebUI

116

In the CLI

117

Understanding VLAN Assignments

117

How a VLAN Obtains an IP Address

117

Assigning a Static Address to a VLAN

117

In the WebUI

118

In the CLI

118

Configuring a VLAN to Receive a Dynamic Address

118

Configuring Multiple Wired Uplink Interfaces (Active-Standby)

118

Enabling the DHCP Client

118

In the WebUI

118

In the CLI

119

Enabling the PPPoE Client

119

In the WebUI

119

In the CLI

120

Default Gateway from DHCP/PPPoE

120

In the WebUI

120

In the CLI

120

Configuring DNS/WINS Server from DHPC/PPPoE

120

In the WebUI

120

Dell PowerConnect W-Series ArubaOS 6.2 | User Guide Contents | 7

8 | Contents Dell PowerConnect W-Series ArubaOS 6.2 | User Guide

In the CLI

120

Configuring Source NAT to Dynamic VLAN Address

121

In the WebUI

121

In the CLI

121

Configuring Source NAT for VLAN Interfaces

121

Example Configuration

122

In the WebUI

122

In the CLI

122

Inter-VLAN Routing

122

Using the WebUI to restrict VLAN routing

123

Using the CLI

123

Configuring Static Routes

123

In the WebUI

123

In the CLI

124

Configuring the Loopback IP Address

124

In the WebUI

124

In the CLI

124

Configuring the Controller IP Address

125

Using the CLI

125

Configuring GRE Tunnels

125

Creating a Tunnel Interface

126

In the WebUI

126

In the CLI

126

Directing Traffic into the Tunnel

126

Static Routes

126

Firewall Policy

126

In the WebUI

127

In the CLI

127

Tunnel Keepalives

127

In the WebUI

127

In the CLI

127

IPv6 Support

128

Understanding IPv6 Notation

128

Understanding IPv6 Topology

128

Enabling IPv6

129

Enabling IPv6 Support for Controller and APs

129

Configuring IPv6 Addresses

131

In the WebUI

131

To Configure Link Local Address

131

To Configure Global Unicast Address

131

To Configure Loopback Interface Address

132

In the CLI

132

Configuring IPv6 Static Neighbors

132

In the WebUI

132

In the CLI

132

Configuring IPv6 Default Gateway and Static IPv6 Routes

133

In the WebUI

133

To Configure IPv6 Default Gateway

133

To Configure Static IPv6 Routes

133

In the CLI

133

Managing Controller IP Addresses

133

In the WebUI

133

In the CLI

133

Configuring Multicast Listener Discovery (MLD)

134

In the WebUI

134

To Modify IPv6 MLD Parameters

134

In the CLI

134

Debugging an IPv6 Controller

135

In the WebUI

135

In the CLI

135

Provisioning an IPv6 AP

135

In the WebUI

135

In the CLI

135

Filtering an IPv6 Extension Header (EH)

136

Dell PowerConnect W-Series ArubaOS 6.2 | User Guide Contents | 9

10 | Contents Dell PowerConnect W-Series ArubaOS 6.2 | User Guide

Configuring a Captive Portal over IPv6

136

Working with IPv6 Router Advertisements (RAs)

136

Configuring an IPv6 RA on a VLAN

137

Using WebUI

137

Using CLI

138

Configuring Optional Parameters for RAs

138

In the WebUI

139

In the CLI

139

Viewing IPv6 RA Status

140

Understanding ArubaOS Supported Network Configuration for IPv6 Clients

140

Supported Network Configuration

140

Understanding the Network Connection Sequence for Windows IPv6 Clients

141

Understanding ArubaOS Authentication and Firewall Features that Support IPv6

141

Understanding Authentication

141

Working with Firewall Features

142

Understanding Firewall Policies

143

Creating an IPv6 Firewall Policy

145

Assigning an IPv6 Policy to a User Role

145

Understanding DHCPv6 Passthrough/Relay

146

Managing IPv6 User Addresses

146

Viewing or Deleting User Entries

146

Understanding User Roles

146

Viewing Datapath Statistics for IPv6 Sessions

146

Understanding IPv6 Exceptions and Best Practices

146

Link Aggregation Control Protocol (LACP)

148

Understanding LACP Best Practices and Exceptions

148

Configuring LACP

149

In the CLI

149

In the WebUI

150

LACP Sample Configuration

150

OSPFv2

152

Understanding OSPF Deployment Best Practices and Exceptions

152

Understanding OSPFv2 by Example using a WLAN Scenario

153

WLAN Topology

153

WLAN Routing Table

153

Understanding OSPFv2 by Example using a Branch Office Scenario

154

Branch Office Topology

154

Branch Office Routing Table

155

Configuring OSPF

155

Sample Topology and Configuration

157

Remote Branch 1

157

Remote Branch 2

158

W-3200 Central Office Controller—Active

159

W-3200 Central Office Controller—Backup

160

Tunneled Nodes

163

Understanding Tunneled Node Configuration

163

Configuring a Wired Tunneled Node Client

164

Configuring an Access Port as a Tunneled Node Port

165

Configuring a Trunk Port as a Tunneled Node Port

165

Sample Output

166

Authentication Servers

168

Understanding Authentication Server Best Practices and Exceptions

168

Understanding Servers and Server Groups

168

Configuring Servers

169

Configuring a RADIUS Server

169

Using the WebUI

170

Using the CLI

170

RADIUS Server Authentication Codes

171

RADIUS Server Fully Qualified Domain Names

171

Set a DNS Query Interval

171

Using the WebUI

171

Using the CLI

171

Configuring an RFC-3576 RADIUS Server

171

Using the WebUI

172

Dell PowerConnect W-Series ArubaOS 6.2 | User Guide Contents | 11

12 | Contents Dell PowerConnect W-Series ArubaOS 6.2 | User Guide

Using the CLI

172

Configuring an LDAP Server

172

Using the WebUI

173

Using the CLI

173

Configuring a TACACS+ Server

173

Using the WebUI

174

Using the CLI

174

Configuring a Windows Server

174

Using the WebUI

175

Using the CLI

175

Managing the Internal Database

175

Configuring the Internal Database

175

Using the WebUI

176

Using the CLI

176

Managing Internal Database Files

176

Exporting Files in the WebUI

176

Importing Files in the WebUI

177

Exporting and Importing Files in the CLI

177

Working with Internal Database Utilities

177

Deleting All Users

177

Repairing the Internal Database

177

Configuring Server Groups

177

Configuring Server Groups

178

Using the WebUI

178

Using the CLI

178

Configuring Server List Order and Fail-Through

178

Using the WebUI

179

Using the CLI

179

Configuring Dynamic Server Selection

179

Using the WebUI

180

Using the CLI

181

Configuring Match FQDN Option

181

Using the WebUI

181

Using the CLI

181

Trimming Domain Information from Requests

181

Using the WebUI

181

Using the CLI

182

Configuring Server-Derivation Rules

182

Using the WebUI

183

Using the CLI

183

Configuring a Role Derivation Rule for the Internal Database

183

Using the WebUI

183

Using the CLI

184

Assigning Server Groups

184

User Authentication

184

Management Authentication

184

Using the WebUI

184

Using the CLI

184

Accounting

185

RADIUS Accounting

185

Using the WebUI

186

Using the CLI

187

TACACS+ Accounting

187

Configuring Authentication Timers

187

Setting an Authentication Timer

188

Using the WebUI

188

Using the CLI

188

MAC-based Authentication

189

Configuring MAC-Based Authentication

189

Configuring the MAC Authentication Profile

189

Using the WebUI to configure a MAC authentication profile

190

Using the CLI to configure a MAC authentication profile

190

Configuring Clients

190

In the WebUI

190

Dell PowerConnect W-Series ArubaOS 6.2 | User Guide Contents | 13

14 | Contents Dell PowerConnect W-Series ArubaOS 6.2 | User Guide

In the CLI

191

802.1X Authentication

192

Understanding 802.1X Authentication

192

Supported EAP Types

193

Configuring Authentication with a RADIUS Server

193

Configuring Authentication Terminated on Controller

194

Configuring 802.1X Authentication

195

In the WebUI

195

In the CLI

199

Configuring and Using Certificates with AAA FastConnect

200

In the WebUI

200

In the CLI

200

Configuring User and Machine Authentication

201

Working with Role Assignment with Machine Authentication Enabled

201

Enabling 802.1x Supplicant Support on an AP

202

Prerequisites

203

Provisioning an AP as a 802.1X Supplicant

203

In the WebUI

203

In the CLI

203

Sample Configurations

204

Configuring Authentication with an 802.1X RADIUS Server

204

Configuring Roles and Policies

204

Creating the Student Role and Policy

204

In the WebUI

205

In the CLI

205

Creating the Faculty Role and Policy

206

Using the WebUI

206

In the CLI

206

Creating the Guest Role and Policy

206

In the WebUI

206

In the CLI

207

Creating Roles and Policies for Sysadmin and Computer

208

In the WebUI

208

In the CLI

208

Using the WebUI to create the computer role

208

Creating an Alias for the Internal Network Using the CLI

208

Configuring the RADIUS Authentication Server

208

In the WebUI

209

In the CLI

209

Configuring 802.1X Authentication

209

In the WebUI

209

In the CLI

210

Configuring VLANs

210

In the WebUI

210

In the CLI

211

Configuring the WLANs

211

Configuring the Guest WLAN

211

In the WebUI

211

In the CLI

212

Configuring the Non-Guest WLANs

212

In the WebUI

212

In the CLI

213

Configuring Authentication with the Controller’s Internal Database

214

Configuring the Internal Database

214

In the WebUI

214

In the CLI

214

Configuring a Server Rule Using the WebUI

214

Configuring a Server Rule Using the CLI

214

Configuring 802.1x Authentication

215

In the WebUI

215

In the CLI

215

Configuring VLANs

215

In the WebUI

216

In the CLI

216

Dell PowerConnect W-Series ArubaOS 6.2 | User Guide Contents | 15

16 | Contents Dell PowerConnect W-Series ArubaOS 6.2 | User Guide

Configuring WLANs

216

Configuring the Guest WLAN

217

In the WebUI

217

In the CLI

217

Configuring the Non-Guest WLANs

218

In the WebUI

218

In the CLI

219

Configuring Mixed Authentication Modes

219

In the CLI

219

Performing Advanced Configuration Options for 802.1X

220

Configuring Reauthentication with Unicast Key Rotation

220

In the WebUI

220

In the CLI

220

Stateful and WISPr Authentication

221

Working With Stateful Authentication

221

Working With WISPr Authentication

222

Understanding Stateful Authentication Best Practices

222

Configuring Stateful 802.1x Authentication

222

In the WebUI

223

In the CLI

223

Configuring Stateful NTLM Authentication

223

In the WebUI

223

In the CLI

224

Configuring Stateful Kerberos Authentication

224

In the WebUI

224

In the CLI

225

Configuring WISPr Authentication

225

In the WebUI

225

In the CLI

226

Certificate Revocation

228

Understanding OCSP and CRL

228

Configuring a Controller as OCSP and CRL Clients

228

Configuring an OCSP Controller as a Responder

228

Configuring the Controller as an OCSP Client

229

In the WebUI

229

In the CLI

230

Configuring the Controller as a CRL Client

230

In the WebUI

231

In the CLI

231

Configuring the Controller as an OCSP Responder

231

In the WebUI

231

In the CLI

232

Captive Portal Authentication

233

Understanding Captive Portal

233

Policy Enforcement Firewall Next Generation (PEFNG) License

234

Controller Server Certificate

234

Configuring Captive Portal in the Base Operating System

234

In the WebUI

235

In the CLI

236

Using Captive Portal with a PEFNG License

237

Configuring Captive Portal in the WebUI

238

Configuring Captive Portal in the CLI

239

Sample Authentication with Captive Portal

239

Creating a Guest User Role

239

Creating an Auth-guest User Role

240

Configuring Policies and Roles in the WebUI

240

Creating a Time Range

240

Creating Aliases

241

Creating an Auth-Guest-Access Policy

241

Creating an Block-Internal-Access Policy

242

Creating a Drop-and-Log Policy

243

Creating a Guest Role

243

Creating an Auth-Guest Role

244

Configuring Policies and Roles in the CLI

244

Dell PowerConnect W-Series ArubaOS 6.2 | User Guide Contents | 17

18 | Contents Dell PowerConnect W-Series ArubaOS 6.2 | User Guide

Defining a Time Range

244

Creating Aliases

244

Creating a Guest-Logon-Access Policy

245

Creating an Auth-Guest-Access Policy

245

Creating a Block-Internal-Access Policy

245

Creating a Drop-and-Log Policy

245

Creating a Guest-Logon Role

245

Creating an Auth-Guest Role

245

Configuring Guest VLANs

245

In the WebUI

246

In the CLI

246

Configuring Captive Portal Authentication Profiles

246

Modifying the Initial User Role

247

Configuring the AAA Profile

247

Configuring the WLAN

248

Managing User Accounts

248

Configuring Captive Portal Configuration Parameters

249

Enabling Optional Captive Portal Configurations

250

Uploading Captive Portal Pages by SSID Association

251

Changing the Protocol to HTTP

251

Configuring Redirection to a Proxy Server

252

Redirecting Clients on Different VLANs

253

Web Client Configuration with Proxy Script

254

Personalizing the Captive Portal Page

254

Creating and Installing an Internal Captive Portal

256

Creating a New Internal Web Page

256

Username Example

257

Password Example

257

FQDN Example

257

Basic HTML Example

258

Installing a New Captive Portal Page

258

Displaying Authentication Error Messages

258

Reverting to the Default Captive Portal

259

Configuring Localization

259

Customizing the Welcome Page

262

Customizing the Pop-Up box

263

Customizing the Logged Out Box

264

Creating Walled Garden Access

265

In the WebUI

265

In the CLI

266

Enabling Captive Portal Enhancements

266

Configuring the Redirect-URL

266

Configuring the Login URL

266

Defining Netdestination Descriptions

267

Configuring a Whitelist

267

Configuring the Netdestination for a Whitelist:

267

Associating a Whitelist to Captive Portal Profile

267

Applying a Captive Portal Profile to a User-Role

267

Verifying a Whitelist Configuration

268

Verifying a Captive Portal Profile Linked to a Whitelist

268

Verifying Dynamic ACLs for a Whitelist

268

Verifying DNS Resolved IP Addresses for Whitelisted URLs

269

Virtual Private Networks

271

Planning a VPN Configuration

271

Selecting an IKE protocol

272

Understanding Suite-B Encryption Licensing

272

Working with IKEv2 Clients

273

Understanding Supported VPN AAA Deployments

273

Working with Certificate Groups

274

Working with VPN Authentication Profiles

274

Configuring a Basic VPN for L2TP/IPsec in the WebUI

275

Defining Authentication Method and Server Addresses

276

Defining Address Pools

276

Enabling Source NAT

276

Dell PowerConnect W-Series ArubaOS 6.2 | User Guide Contents | 19

20 | Contents Dell PowerConnect W-Series ArubaOS 6.2 | User Guide

Selecting Certificates

276

Defining IKEv1 Shared Keys

277

Configuring IKE Policies

277

Setting the IPsec Dynamic Map

278

Finalizing WebUI changes

278

Configuring a VPN for L2TP/IPsec with IKEv2 in the WebUI

279

Defining Authentication Method and Server Addresses

279

Defining Address Pools

280

Enabling Source NAT

280

Selecting Certificates

280

Configuring IKE Policies

281

Setting the IPsec Dynamic Map

282

Finalizing WebUI changes

282

Configuring a VPN for Smart Card Clients

283

Working with Smart Card clients using IKEv2

283

Working with Smart Card Clients using IKEv1

284

Configuring a VPN for Clients with User Passwords

284

In the WebUI

284

In the CLI

285

Configuring Remote Access VPNs for XAuth

285

Configuring VPNs for XAuth Clients using Smart Cards

285

Configuring a VPN for XAuth Clients Using a Username and Password

287

Working with Remote Access VPNs for PPTP

287

In the WebUI

288

In the CLI

288

Working with Site-to-Site VPNs

288

Working with Third-Party Devices

288

Working with Site-to-Site VPNs with Dynamic IP Addresses

289

Understanding VPN Topologies

289

Configuring Site-to-Site VPNs

289

In the WebUI

289

In the CLI

291

Page is loading ...

Dell W-3600 User manual

Related papers

Other documents