2. Computers & electronics
  3. Software
  4. Dell
  5. W-Series Controller AOS

Dell W-Series Controller AOS User guide

  • Hello! I am an AI chatbot trained to assist you with the Dell W-Series Controller AOS User guide. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
Dell Networking W-Series
ArubaOS 6.5.x
User Guide
2| Dell Networking W-Series ArubaOS 6.5.x| User Guide
Copyright Information
© Copyright 2016 Hewlett Packard Enterprise Development LP. Dell™, the DELL™ logo, and PowerConnect
are trademarks of Dell Inc.
All rights reserved. Specifications in this manual are subject to change without notice.
Originated in the USA. All other trademarks are the property of their respective owners.
Open Source Code
This product includes code licensed under the GNU General Public License, the GNU Lesser General Public
License, and/or certain other open source licenses.
Dell Networking W-Series ArubaOS 6.5.x | User Guide Contents | 3
Contents
Contents 3
Revision History 19
About this Guide 21
What's New In ArubaOS 6.5.x 21
Fundamentals 26
Related Documents 28
Conventions 28
Contacting Dell 29
The Basic User-Centric Networks 30
Understanding Basic Deployment and Configuration Tasks 30
Controller Configuration Workflow 33
Connect the Controller to the Network 34
W-7000 Series and W-7200 Series Controllers 35
Using the LCD Screen 37
Configuring a VLAN to Connect to the Network 40
Enabling Wireless Connectivity 43
Enabling Wireless Connectivity 43
Configuring Your User-Centric Network 44
Replacing a Controller 44
Control Plane Security 50
Control Plane Security Overview 51
Configuring Control Plane Security 51
Managing AP Whitelists 53
Managing Whitelists on Master and Local Controllers 61
Working in Environments with Multiple Master Controllers 65
4| Contents Dell Networking W-Series ArubaOS 6.5.x| User Guide
Replacing a Controller on a Multi-Controller Network 68
Configuring Control Plane Security after Upgrading 72
Troubleshooting Control Plane Security 73
Software Licenses 75
Getting Started with ArubaOS Licenses 75
License Types and Usage 75
Licensing Best Practices and Limitations 78
Centralized Licensing Overview 79
Configuring Centralized Licensing 85
Installing a License 86
Deleting a License 88
Monitoring and Managing Centralized Licenses 88
Network Configuration Parameters 92
Campus WLAN Workflow 92
Understanding VLAN Assignments 93
Configuring VLANs 101
Configuring Ports 105
Configuring Static Routes 108
Configuring the Loopback IP Address 108
Configuring the Controller IP Address 109
Configuring GRE Tunnels 110
Configuring GRE Tunnel Groups 119
Jumbo Frame Support 122
IPv6 Support 125
Understanding IPv6 Notation 125
Understanding IPv6 Topology 125
Enabling IPv6 126
Enabling IPv6 Support for Controller and APs 126
Filtering an IPv6 Extension Header (EH) 134
Configuring a Captive Portal over IPv6 135
Working with IPv6 Router Advertisements (RAs) 135
RADIUS Over IPv6 138
TACACS Over IPv6 140
DHCPv6 Server 140
Understanding ArubaOS Supported Network Configuration for IPv6 Clients 143
Understanding ArubaOS Authentication and Firewall Features that Support IPv6 144
Managing IPv6 User Addresses 149
Understanding IPv6 Exceptions and Best Practices 150
Link Aggregation Control Protocol 152
Understanding LACP Best Practices and Exceptions 152
Configuring LACP 153
LACP Sample Configuration 154
OSPFv2 156
Understanding OSPF Deployment Best Practices and Exceptions 156
Understanding OSPFv2 by Example using a WLAN Scenario 157
Understanding OSPFv2 by Example using a Branch Scenario 158
Configuring OSPF 159
Sample Topology and Configuration 161
Tunneled Nodes 172
Understanding Tunneled Node Configuration 172
Configuring a Wired Tunneled Node Client 173
Limitations 174
Authentication Servers 175
Understanding Authentication Server Best Practices and Exceptions 175
Understanding Servers and Server Groups 175
Configuring Authentication Servers 176
Dell Networking W-Series ArubaOS 6.5.x | User Guide Contents | 5
6| Contents Dell Networking W-Series ArubaOS 6.5.x| User Guide
Managing the Internal Database 189
Configuring Server Groups 192
Assigning Server Groups 198
Configuring Authentication Timers 202
Authentication Server Load Balancing 203
MAC-based Authentication 204
Configuring MAC-Based Authentication 204
Configuring Clients 205
BranchController Config for Controllers 207
Branch Deployment Features 208
Scalable Site-to-Site VPN Tunnels 209
Layer-3 Redundancy for Branch Controller Masters 209
WAN Failure (Authentication) Survivability 210
WAN Health Check 216
WAN Optimization through IP Payload Compression 216
Interface Bandwidth Contracts 217
Branch Integration with a Palo Alto Networks (PAN) Portal 218
Branch Controller Routing Features 221
Cloud Management 222
Zero-Touch Provisioning 222
Using Smart Config to create a Branch Config Group 225
PortFast and BPDU Guard 249
Preventing WANLink Failure on Virtual APs 251
Branch WAN Dashboard 252
802.1X Authentication 255
Understanding 802.1X Authentication 255
Configuring 802.1X Authentication 258
Enabling 802.1X Supplicant Support on an AP 266
Sample Configurations 267
Performing Advanced Configuration Options for 802.1X 283
Application Single Sign-On Using L2 Authentication 284
Device Name as User Name for Non-802.1X Authentication 286
Stateful and WISPr Authentication 287
Working With Stateful Authentication 287
Working With WISPr Authentication 288
Understanding Stateful Authentication Best Practices 288
Configuring Stateful 802.1X Authentication 288
Configuring Stateful NTLM Authentication 289
Configuring Stateful Kerberos Authentication 290
Configuring WISPr Authentication 291
Certificate Revocation 294
Understanding OCSP and CRL 294
Configuring the Controller as an OCSP Client 295
Configuring the Controller as a CRL Client 297
Configuring the Controller as an OCSP Responder 298
Certificate Revocation Checking for SSH Pubkey Authentication 299
OCSPConfiguration for VIA 300
Captive Portal Authentication 302
Understanding Captive Portal 302
Configuring Captive Portal in the Base Operating System 303
Using Captive Portal with a PEFNG License 305
Sample Authentication with Captive Portal 308
Configuring Guest VLANs 314
Configuring Captive Portal Authentication Profiles 315
Enabling Optional Captive Portal Configurations 320
Personalizing the Captive Portal Page 324
Dell Networking W-Series ArubaOS 6.5.x | User Guide Contents | 7
8| Contents Dell Networking W-Series ArubaOS 6.5.x| User Guide
Creating and Installing an Internal Captive Portal 326
Creating Walled Garden Access 335
Enabling Captive Portal Enhancements 336
Netdestination for AAAA Records 341
Virtual Private Networks 342
Planning a VPN Configuration 342
Working with VPN Authentication Profiles 346
Configuring a Basic VPN for L2TP/IPsec 348
Configuring a VPN for L2TP/IPsec with IKEv2 353
Configuring a VPN for Smart Card Clients 357
Configuring a VPN for Clients with User Passwords 358
Configuring Remote Access VPNs for XAuth 359
Working with Remote Access VPNs for PPTP 361
Working with Site-to-Site VPNs 361
Working with VPN Dialer 368
Roles and Policies 370
Configuring Firewall Policies 370
User Roles 380
Assigning User Roles 382
Understanding Global Firewall Parameters 388
Using AppRF 2.0 393
ClearPass Policy Manager Integration 399
Introduction 399
Important Points to Remember 399
Enabling Downloadable Role on a Controller 400
Sample Configuration 400
Virtual APs 408
Virtual AP Configuration Workflow 408
Virtual AP Profiles 409
Changing a Virtual AP Forwarding Mode 417
Radio Resource Management (802.11k) 418
BSSTransition Management (802.11v) 426
Fast BSS Transition ( 802.11r) 426
SSIDProfiles 428
WLAN Authentication 436
High-Throughput Virtual APs 439
Guest WLANs 445
Changing a Virtual AP Forwarding Mode 448
Adaptive Radio Management 449
Understanding ARM 449
Client Match 451
ARM Coverage and Interference Metrics 453
Configuring ARM Profiles 454
Assigning an ARM Profile to an AP Group 464
Using Multi-Band ARM for 802.11a/802.11g Traffic 465
Band Steering 465
Dynamic Bandwidth Switch 467
Enabling Traffic Shaping 467
Spectrum Load Balancing 470
Reusing Channels to Control RX Sensitivity Tuning 470
Configuring Non-802.11 Noise Interference Immunity 471
Troubleshooting ARM 471
Wireless Intrusion Prevention 473
Working with the Reusable Wizard 473
Monitoring the Dashboard 476
Detecting Rogue APs 477
Dell Networking W-Series ArubaOS 6.5.x | User Guide Contents | 9
10| Contents Dell Networking W-Series ArubaOS 6.5.x| User Guide
Working with Intrusion Detection 480
Configuring Intrusion Protection 492
Configuring the WLAN Management System 496
Understanding Client Blacklisting 500
Working with WIP Advanced Features 503
Configuring TotalWatch 503
Administering TotalWatch 505
Tarpit Shielding Overview 506
Configuring Tarpit Shielding 507
Access Points 508
Important Points to Remember 508
Basic Functions and Features 510
AP Settings Triggering a Radio Restart 511
Naming and Grouping APs 513
Understanding AP Configuration Profiles 515
Before you Deploy an AP 522
Enable Controller Discovery 522
Enable DHCP to Provide APs with IP Addresses 523
AP Provisioning Profiles 524
Configuring Installed APs 527
Optional AP Configuration Settings 532
RF Management 544
Optimizing APs Over Low-Speed Links 558
AP Scanning Optimization 564
Channel Group Scanning 565
Configuring AP Channel Assignments 566
Managing AP Console Settings 568
Link Aggregation Support on W-AP220 Series, W-AP270 Series, and W-AP320 Series 572
Recording Consolidated AP-Provisioned Information 575
Service Tag 577
Secure Enterprise Mesh 578
Mesh Overview Information 578
Mesh Configuration Procedures 578
Understanding Mesh Access Points 578
Understanding Mesh Links 580
Understanding Mesh Profiles 582
Understanding Remote Mesh Portals (RMPs) 586
Understanding the AP Boot Sequence 587
Mesh Deployment Solutions 588
Mesh Deployment Planning 590
Configuring Mesh Cluster Profiles 592
Creating and Editing Mesh Radio Profiles 597
Creating and Editing Mesh High-Throughput SSID Profiles 602
Configuring Ethernet Ports for Mesh 608
Provisioning Mesh Nodes 611
Verifying Your Mesh Network 613
Configuring Remote Mesh Portals (RMPs) 615
Increasing Network Uptime Through Redundancy and VRRP 617
High Availability 617
VRRP-Based Redundancy 617
High Availability Deployment Models 618
Client State Synchronization 620
High Availability Inter-Controller Heartbeats 621
High Availability Extended Controller Capacity 621
Configuring High Availability 622
Migrating from VRRP or Backup-LMS Redundancy 624
Dell Networking W-Series ArubaOS 6.5.x | User Guide Contents | 11
12| Contents Dell Networking W-Series ArubaOS 6.5.x| User Guide
Configuring VRRP Redundancy 626
RSTP 634
Understanding RSTP Migration and Interoperability 634
Working with Rapid Convergence 634
Configuring RSTP 635
Troubleshooting RSTP 637
PVST+ 639
Understanding PVST+ Interoperability and Best Practices 639
Enabling PVST+ in the CLI 639
Enabling PVST+ in the WebUI 640
Link Layer Discovery Protocol 641
Important Points to Remember 641
LLDP Overview 641
Configuring LLDP 642
Monitoring LLDP Configuration 643
IP Mobility 647
Understanding Dell Mobility Architecture 647
Configuring Mobility Domains 648
Tracking Mobile Users 652
Configuring Advanced Mobility Functions 654
Understanding Bridge Mode Mobility Deployments 663
Enabling Mobility Multicast 664
External Firewall Configuration 669
Understanding Firewall Port Configuration Among Dell Devices 669
Enabling Network Access 670
Ports Used for Virtual Internet Access (VIA) 670
Configuring Ports to Allow Other Traffic Types 670
Palo Alto Networks Firewall Integration 672
Limitation 672
Preconfiguration on the PANFirewall 672
Configuring PAN Firewall Integration 674
Remote Access Points 678
About Remote Access Points 678
Configuring the Secure Remote Access Point Service 680
Deploying a Branch/Home Office Solution 686
Enabling Remote AP Advanced Configuration Options 692
Understanding Split Tunneling 708
Understanding Bridge 714
Provisioning Wi-Fi Multimedia 718
Reserving Uplink Bandwidth 718
Provisioning 4G USB Modems on Remote Access Points 719
Provisioning RAPs at Home 721
Configuring W-IAP3WN and W-IAP3WNP Access Points 725
Converting an IAP to RAP or CAP 725
Enabling Bandwidth Contract Support for RAPs 726
RAP TFTP Image Upgrade 729
Virtual Intranet Access 732
Spectrum Analysis 733
Understanding Spectrum Analysis 733
Creating Spectrum Monitors and Hybrid APs 738
Connecting Spectrum Devices to the Spectrum Analysis Client 741
Configuring the Spectrum Analysis Dashboards 743
Customizing Spectrum Analysis Graphs 747
Working with Non-Wi-Fi Interferers 776
Understanding the Spectrum Analysis Session Log 778
Dell Networking W-Series ArubaOS 6.5.x | User Guide Contents | 13
14| Contents Dell Networking W-Series ArubaOS 6.5.x| User Guide
Viewing Spectrum Analysis Data 779
Recording Spectrum Analysis Data 780
Troubleshooting Spectrum Analysis 783
Dashboard Monitoring 785
WAN 785
Performance 786
Usage 787
Potential Issues 788
Traffic Analysis 788
AirGroup 810
Security 811
UCC 811
Controller 813
WLANs 815
Access Points 816
Clients 816
Firewall 817
Management Access 824
Configuring Certificate Authentication for WebUI Access 824
Secure Shell (SSH) 825
WebUI Session Timer 826
Enabling RADIUS Server Authentication 827
Connecting to an W-AirWave Server 833
Custom Certificate Support for RAP 835
Implementing a Specific Management Password Policy 837
Configuring AP Image Preload 840
Configuring Centralized Image Upgrades 842
Managing Certificates 845
Configuring SNMP 851
Enabling Capacity Alerts 853
Configuring Logging 854
Enabling Guest Provisioning 857
Managing Files on the Controller 873
Setting the System Clock 876
ClearPass Profiling with IF-MAP 878
Whitelist Synchronization 879
Downloadable Regulatory Table 880
802.11u Hotspots 883
Hotspot 2.0 Pre-Deployment Information 883
Hotspot Profile Configuration Tasks 883
Hotspot 2.0 Overview 883
Configuring Hotspot 2.0 Profiles 886
Configuring Hotspot Advertisement Profiles 891
Configuring ANQP Venue Name Profiles 893
Configuring ANQP Network Authentication Profiles 895
Configuring ANQP Domain Name Profiles 896
Configuring ANQP IPAddress Availability Profiles 897
Configuring ANQPNAIRealm Profiles 898
Configuring ANQP Roaming Consortium Profiles 902
Configuring ANQP 3GPP Cellular Network Profiles 903
Configuring H2QP Connection Capability Profiles 904
Configuring H2QP Operator Friendly Name Profiles 906
Configuring H2QP Operating Class Indication Profiles 907
Configuring H2QP WAN Metrics Profiles 907
Adding Local Controllers 911
Moving to a Multi-Controller Environment 911
Dell Networking W-Series ArubaOS 6.5.x | User Guide Contents | 15
16| Contents Dell Networking W-Series ArubaOS 6.5.x| User Guide
Configuring Local Controllers 914
Uplink Monitoring and Management 916
Voice and Video 918
Voice and Video License Requirements 918
Configuring Voice and Video 918
Working with QoS for Voice and Video 927
Unified Communication and Collaboration 936
Understanding Extended Voice and Video Features 956
Advanced Voice Troubleshooting 982
AirGroup 989
Zero Configuration Networking 989
AirGroup Solution 989
AirGroup Deployment Models 993
Features Supported in AirGroup 994
ClearPass Policy Manager and ClearPass Guest Features 999
Auto-association and Controller-based Policy 999
Best Practices and Limitations 1001
Integrated Deployment Model 1005
Controller Dashboard Monitoring 1014
Configuring the AirGroup-CPPM Interface 1016
Bluetooth-Based Discovery and AirGroup 1024
AirGroup mDNS Static Records 1024
mDNS APVLANAggregation 1026
mDNS Multicast Response Propagation 1028
Troubleshooting and Log Messages 1030
Instant AP VPN Support 1033
Overview 1033
VPN Configuration 1037
Viewing Branch Status 1038
External Services Interface 1040
Sample ESI Topology 1040
Understanding the ESI Syslog Parser 1042
Configuring ESI 1045
Sample Route-Mode ESI Topology 1052
Sample NAT-mode ESI Topology 1056
Understanding Basic Regular Expression (BRE) Syntax 1061
External User Management 1064
Overview 1064
How the ArubaOS XML API Works 1064
Creating an XML Request 1064
XML Response 1067
Using the XML API Server 1071
Sample Scripts 1076
Behavior and Defaults 1082
Understanding Mode Support 1082
Understanding Basic System Defaults 1084
Understanding Default Management User Roles 1094
Understanding Default Open Ports 1098
DHCP with Vendor-Specific Options 1101
Configuring a Windows-Based DHCP Server 1101
Enabling DHCP Relay Agent Information Option (Option 82) 1104
Enabling Linux DHCP Servers 1105
802.1X Configuration for IAS and Windows Clients 1106
Configuring Microsoft IAS 1106
Configuring Management Authentication using IAS 1108
Window XP Wireless Client Sample Configuration 1110
Dell Networking W-Series ArubaOS 6.5.x | User Guide Contents | 17
18| Contents Dell Networking W-Series ArubaOS 6.5.x| User Guide
Acronyms and Terms 1113
Acronyms 1113
Terms 1120
Revision History
The following table provides the revision history of this document.
Revision Change Description
Revision 02 Updated the following:
l Branch Deployment Features on page 208.
l Note in Web Content on page 796.
l Controller License Capacity on page 77
Revision 01 Initial release.
Table 1: Revision History
Dell Networking W-Series ArubaOS 6.5.x | User Guide Contents | 19
/