Dell W-3200 User guide

  • Hello! I am an AI chatbot trained to assist you with the Dell W-3200 User guide. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
Dell Networking W-Series
ArubaOS 6.4.x
User Guide
0511698-00v1 | May 2015 Dell Networking W-Series ArubaOS 6.4.x | User Guide
Copyright Information
© 2015 Aruba Networks, Inc. Aruba Networks trademarks include , Aruba Networks
®
, Aruba
Wireless Networks
®
, the registered Aruba the Mobile Edge Company logo, and Aruba Mobility Management
System
®
. Dell™, the DELL™ logo, and PowerConnect are trademarks of Dell Inc.
All rights reserved. Specifications in this manual are subject to change without notice.
Originated in the USA. All other trademarks are the property of their respective owners.
Open Source Code
Certain Aruba products include Open Source software code developed by third parties, including software code
subject to the GNU General Public License (GPL), GNU Lesser General Public License (LGPL), or other Open
Source Licenses. Includes software from Litech Systems Design. The IF-MAP client library copyright 2011
Infoblox, Inc. All rights reserved. This product includes software developed by Lars Fenneberg, et al. The Open
Source code used can be found at this site:
arubanetworks.com/open_source
Legal Notice
The use of Aruba Networks, Inc. switching platforms and software, by all individuals or corporations, to
terminate other vendors’ VPN client devices constitutes complete acceptance of liability by that individual or
corporation for this action and indemnifies, in full, Aruba Networks, Inc. from any and all legal actions that
might be taken against it with respect to infringement of copyright on behalf of those vendors.
Dell Networking W-Series ArubaOS 6.4.x| User Guide Contents | 3
Contents
Contents 3
About this Guide 83
What's New In ArubaOS 6.4.x 83
Features Introduced in ArubaOS 6.4.3.0 83
Features Introduced in ArubaOS 6.4.2.5 89
Features Introduced in ArubaOS 6.4.2.4 89
Features Introduced in ArubaOS 6.4.2.3 90
Features Introduced in ArubaOS 6.4.2.0 90
Features Introduced in ArubaOS 6.4.1.0 92
Features Introduced in ArubaOS 6.4.0.0 95
Fundamentals 98
WebUI 98
CLI 99
Related Documents 99
Conventions 99
Contacting Dell 100
The Basic User-Centric Networks 101
Understanding Basic Deployment and Configuration Tasks 101
Deployment Scenario #1: Controller and APs on Same Subnet 101
Deployment Scenario #2: APs All on One Subnet Different from Controller Subnet 102
Deployment Scenario #3: APs on Multiple Different Subnets from Controllers 103
Configuring the Controller 104
Running Initial Setup 104
Connecting to the Controller after Initial Setup 105
W-7000 Series and W-7200 Series Controller 105
4 | Contents Dell Networking W-Series ArubaOS 6.4.x| User Guide
New Port Numbering Scheme 105
W-7200 Series Controllers Individual Port Behavior 106
Using the LCD Screen 106
Using the LCD and USB Drive 108
Upgrading an Image 108
Uploading a Pre-saved Configuration 108
Disabling LCD Menu Functions 109
Configuring a VLAN to Connect to the Network 109
Creating, Updating, and Viewing VLANs and Associated IDs 110
Creating, Updating, and Deleting VLAN Pools 110
Assigning and Configuring the Trunk Port 110
In the WebUI 110
In the CLI 111
Configuring the Default Gateway 111
In the WebUI 111
In the CLI 111
Configuring the Loopback IP Address for the Controller 111
In the WebUI 112
In the CLI 112
Configuring the System Clock 112
Installing Licenses 112
Connecting the Controller to the Network 112
Enabling Wireless Connectivity 113
Enabling Wireless Connectivity 113
Configuring Your User-Centric Network 113
Replacing a Controller 114
Transferring Licenses 114
Procedure Overview 114
Change the VRRP Priorities for a Redundant Master Pair 115
Back Up the Flash File System 115
In the WebUI 115
In the CLI 115
Stage the New Controller 115
Add Licenses to the New Controller 116
Backup Newly Installed Licenses 116
Import and Restore Flash Backup 116
In the WebUI 117
In the CLI 117
Restore Licenses 117
Reboot the Controller 117
Modify the Host Name 118
Modify Topology Settings 118
Save your Configuration 119
Remove the Existing Controller 119
Control Plane Security 120
Control Plane Security Overview 120
Configuring Control Plane Security 121
In the WebUI 121
In the CLI 123
Managing AP Whitelists 123
Adding an AP to the Campus or Remote AP Whitelists 123
In the WebUI 123
In the CLI 125
Viewing APWhitelist Status 125
Modifying an AP in the Campus AP Whitelist 128
In the WebUI 128
In the CLI 128
Dell Networking W-Series ArubaOS 6.4.x | User Guide Contents | 5
6 | Contents Dell Networking W-Series ArubaOS 6.4.x| User Guide
Revoking an AP from the Campus AP Whitelist 129
In the WebUI 129
In the CLI 129
Deleting an AP from the Campus AP Whitelist 129
In the WebUI 129
In the CLI 130
Purging a Campus AP Whitelist 130
In the WebUI 130
In the CLI 130
Offloading a Controller Whitelist to ClearPass Policy Manager 130
In the WebUI 130
In the CLI 131
Managing Whitelists on Master and Local Controllers 131
Campus AP Whitelist Synchronization 132
Viewing the Master or Local Controller Whitelists 133
In the WebUI 133
In the CLI 134
Deleting an Entry from the Master or Local Controller Whitelist 134
In the WebUI 134
In the CLI 134
Purging the Master or Local Controller Whitelist 135
In the WebUI 135
In the CLI 135
Working in Environments with Multiple Master Controllers 135
Configuring Networks with a Backup Master Controller 135
Configuring Networks with Clusters of Master Controllers 135
Creating a Cluster Root 136
Creating a Cluster Member 137
Viewing Controller Cluster Setting 137
Replacing a Controller on a Multi-Controller Network 138
Replacing Controllers in a Single Master Network 138
Replacing a Local Controller 138
Replacing a Master Controller with No Backup 139
Replacing a Redundant Master Controller 140
Replacing Controllers in a Multi-Master Network 140
Replacing a Local Controller in a Multi-Master Network 140
Replacing a Cluster Member Controller with no Backup 140
Replacing a Redundant Cluster Member Controller 141
Replacing a Cluster Root Controller with no Backup Controller 141
Replacing a Redundant Cluster Root Controller 142
Configuring Control Plane Security after Upgrading 142
Troubleshooting Control Plane Security 143
Identifying Certificate Problems 143
Verifying Certificates 144
Disabling Control Plane Security 144
Verifying Whitelist Synchronization 144
Rogue APs 145
Software Licenses 146
Understanding License Terminology 146
Working with Licenses 147
Centralized Licensing in a Multi-Controller Network 148
Primary and Backup Licensing Servers 149
Communication between the License Server and License Clients 149
Supported Topologies 151
Unsupported Topologies 152
Adding and Deleting Licenses 153
Replacing a Controller 153
Dell Networking W-Series ArubaOS 6.4.x | User Guide Contents | 7
8 | Contents Dell Networking W-Series ArubaOS 6.4.x| User Guide
Failover Behaviors 153
Client is Unreachable 154
Server is Unreachable 154
Configuring Centralized Licensing 154
Pre-configuration Setup in an All-Master Deployment 154
Preconfiguration Setup in a Master/Local Topology 155
Enabling Centralized Licensing 155
Monitoring and Managing Centralized Licenses 156
License server Table 156
License Client Table 156
License Client(s) Usage Table 157
Aggregate License Table 158
License Heartbeat Table 158
Using Licenses 158
Understanding License Interaction 160
License Installation Best Practices and Exceptions 160
Installing a License 161
Enabling a New License on your Controller 161
Requesting a Software License in Email 161
Locating the System Serial Number 161
Obtaining a Software License Key 162
Creating a Software License Key 162
Applying the Software License Key in the WebUI 162
Applying the Software License Key in the License Wizard 162
Deleting a License 162
Moving Licenses 163
Resetting the Controller 163
Network Configuration Parameters 164
Configuring VLANs 164
Creating and Updating VLANs 164
In the WebUI 164
In the CLI 165
Creating Bulk VLANs In the WebUI 165
In the CLI 165
Creating a Named VLAN 165
In the WebUI 165
Distinguishing Between Even and Hash Assignment Types 166
Updating a Named VLAN 166
Deleting a Named VLAN 166
Creating a Named VLAN Using the CLI 167
Viewing and Adding VLAN IDs Using the CLI 167
Role Derivation for Named VLAN Pools 167
In the CLI 167
In the WebUI 168
Adding a Bandwidth Contract to the VLAN 168
Optimizing VLAN Broadcast and Multicast Traffic 168
In the WebUI 168
In the CLI 169
Configuring Ports 169
Classifying Traffic as Trusted or Untrusted 169
About Trusted and Untrusted Physical Ports 169
About Trusted and Untrusted VLANs 169
Configuring Trusted/Untrusted Ports and VLANs 170
In the WebUI 170
In the CLI 170
Dell Networking W-Series ArubaOS 6.4.x | User Guide Contents | 9
10 | Contents Dell Networking W-Series ArubaOS 6.4.x| User Guide
Configuring Trusted and Untrusted Ports and VLANs in Trunk Mode 171
In the WebUI 171
In the CLI 171
Understanding VLAN Assignments 171
VLAN Derivation Priorities for VLAN types 172
How a VLAN Obtains an IP Address 173
Assigning a Static Address to a VLAN 173
In the WebUI 173
In the CLI 173
Configuring a VLAN to Receive a Dynamic Address 173
Configuring Multiple Wired Uplink Interfaces (Active-Standby) 173
Enabling the DHCP Client 174
In the WebUI 174
In the CLI 174
Enabling the PPPoE Client 175
In the WebUI 175
In the CLI 175
Default Gateway from DHCP/PPPoE 175
In the WebUI 175
In the CLI 175
Configuring DNS/WINS Server from DHPC/PPPoE 175
In the WebUI 175
In the CLI 176
Configuring Source NAT to Dynamic VLAN Address 176
In the WebUI 176
In the CLI 176
Configuring Source NAT for VLAN Interfaces 177
Sample Configuration 177
In the WebUI 177
In the CLI 177
Inter-VLAN Routing 178
In the WebUI 178
In the CLI 179
Configuring Static Routes 179
In the WebUI 179
In the CLI 179
Configuring the Loopback IP Address 179
In the WebUI 179
In the CLI 180
Configuring the Controller IP Address 180
In the WebUI 180
In the CLI 181
Configuring GRE Tunnels 181
About Layer-2 GRE Tunnels 181
Layer-2 GRE Tunnel Network Diagram 181
Layer-2 Traffic Flow 181
About Layer-3 GRE Tunnels 182
IPv4 Layer-3 GRE Tunnel Network Diagram 182
IPv6 Layer-3 GRE Tunnel Network Diagram 182
Layer-3 Traffic Flow 182
Configuring a Layer-2 GRE Tunnel 183
In the WebUI 183
In the CLI 185
Configuring a Layer-3 GRE Tunnel for IPv4 186
In the WebUI 186
In the CLI 187
Configuring a Layer-3 GRE Tunnel for IPv6 188
In the WebUI 188
Dell Networking W-Series ArubaOS 6.4.x | User Guide Contents | 11
12 | Contents Dell Networking W-Series ArubaOS 6.4.x| User Guide
In the CLI 189
Limitations for Static IPv6 Layer-3 Tunnels 190
Directing Traffic into the Tunnel 190
About Configuring Static Routes 190
Configuring a Firewall Policy Rule 190
Configuring Tunnel Keepalives 192
Configuring GRE Tunnel Groups 193
About GRE Tunnel Groups 193
Tunnel Group Order 193
Tunnel Failover 193
Preemption 194
Enabling a Tunnel Group 194
Points to Remember 194
Regarding Layer-2 Tunnel Groups 194
Configuring a Layer-2 or Layer-3 Tunnel Group Using the CLI 194
Example Configuration 194
Enabling Preemption 194
Viewing Operational Status 195
Viewing Active and Member Tunnels 195
Viewing the Standby Member Tunnels 195
Configuring a Layer-2 or Layer-3 Tunnel Group Using the WebUI 196
Jumbo Frame Support 196
Limitations for Jumbo Frame Support 196
Configuring Jumbo Frame Support 197
In the WebUI 197
In the CLI 197
Viewing the Jumbo Frame Support Status 197
IPv6 Support 198
Understanding IPv6 Notation 198
Understanding IPv6 Topology 198
Enabling IPv6 199
Enabling IPv6 Support for Controller and APs 199
Configuring IPv6 Addresses 201
In the WebUI 202
In the CLI 202
Configuring IPv6 Static Neighbors 202
In the WebUI 203
In the CLI 203
Configuring IPv6 Default Gateway and Static IPv6 Routes 203
In the WebUI 203
In the CLI 203
Managing Controller IP Addresses 203
In the WebUI 203
In the CLI 204
Configuring Multicast Listener Discovery 204
In the WebUI 204
In the CLI 205
Dynamic Multicast Optimization 205
In the WebUI 205
In the CLI 206
Limitations 206
Debugging an IPv6 Controller 206
In the WebUI 206
In the CLI 206
Provisioning an IPv6 AP 206
Dell Networking W-Series ArubaOS 6.4.x | User Guide Contents | 13
14 | Contents Dell Networking W-Series ArubaOS 6.4.x| User Guide
In the WebUI 207
In the CLI 207
Enhancements to IPv6Support on AP 207
Filtering an IPv6 Extension Header (EH) 207
Configuring a Captive Portal over IPv6 207
Working with IPv6 Router Advertisements (RAs) 208
Configuring an IPv6 RA on a VLAN 208
Using WebUI 209
Using CLI 209
Configuring Optional Parameters for RAs 209
In the WebUI 210
In the CLI 211
RADIUS Over IPv6 211
In the CLI 211
In the WebUI 212
TACACS Over IPv6 212
In the CLI 212
In the WebUI 213
DHCPv6 Server 213
Points to Remember 213
DHCP Lease Limit 213
Configuring DHCPv6 Server 214
In the WebUI 214
In the CLI 215
Understanding ArubaOS Supported Network Configuration for IPv6 Clients 216
Supported Network Configuration 216
Understanding the Network Connection Sequence for Windows IPv6 Clients 216
Understanding ArubaOS Authentication and Firewall Features that Support IPv6 217
Understanding Authentication 217
Working with Firewall Features 217
Understanding Firewall Policies 219
Creating an IPv6 Firewall Policy 221
Assigning an IPv6 Policy to a User Role 222
Understanding DHCPv6 Passthrough/Relay 222
Managing IPv6 User Addresses 222
Viewing or Deleting User Entries 222
Understanding User Roles 223
Viewing Datapath Statistics for IPv6 Sessions 223
Understanding IPv6 Exceptions and Best Practices 223
Link Aggregation Control Protocol 225
Understanding LACP Best Practices and Exceptions 225
Configuring LACP 226
In the CLI 226
In the WebUI 227
LACP Sample Configuration 227
OSPFv2 229
Understanding OSPF Deployment Best Practices and Exceptions 229
Understanding OSPFv2 by Example using a WLAN Scenario 230
WLAN Topology 230
WLAN Routing Table 230
Understanding OSPFv2 by Example using a Branch Scenario 231
Branch Topology 231
Branch Routing Table 232
Configuring OSPF 232
Exporting VPN Client Addresses to OSPF 234
In the WebUI 234
In the CLI 234
Dell Networking W-Series ArubaOS 6.4.x | User Guide Contents | 15
16 | Contents Dell Networking W-Series ArubaOS 6.4.x| User Guide
Sample Topology and Configuration 234
Remote Branch 1 235
Remote Branch 2 236
W-3200 Central Office ControllerActive 237
W-3200 Central Office ControllerBackup 238
Topology 240
Observation 240
Configuring W-3600-UP Controller 240
Configuring W-3600-DOWN Controller 242
Viewing the Status of Instant AP VPN 243
RAPNG AP-1 243
RAPNG AP-3 244
Tunneled Nodes 246
Understanding Tunneled Node Configuration 246
Configuring a Wired Tunneled Node Client 247
Configuring an Access Port as a Tunneled Node Port 248
Configuring a Trunk Port as a Tunneled Node Port 248
Authentication Servers 249
Understanding Authentication Server Best Practices and Exceptions 249
Understanding Servers and Server Groups 249
Configuring Authentication Servers 250
Configuring a RADIUS Server 250
Using the WebUI 251
Using the CLI 251
RADIUS Service-Type Attribute 253
Enabling Radsecon RADIUS Servers 254
In the Web UI 254
In the CLI 254
RADIUS Server VSAs 254
RADIUS Server Authentication Codes 257
RADIUS Server Fully Qualified Domain Names 258
DNS Query Intervals 258
Configuring Username and Password for CPPM Authentication 258
In the WebUI: 258
In the CLI: 259
Configuring an RFC-3576 RADIUS Server 259
Using the WebUI 259
Using the CLI 259
Configuring an RFC-3576 RADIUS Server with Radsec 260
Using the WebUI 260
Using the CLI 260
Configuring an LDAP Server 260
Using the WebUI 261
Using the CLI 261
Configuring a TACACS+ Server 261
Using the WebUI 262
Using the CLI 262
Configuring a Windows Server 263
Using the WebUI 263
Using the CLI 263
Managing the Internal Database 263
Configuring the Internal Database 263
Using the WebUI 264
Using the CLI 264
Managing Internal Database Files 265
Exporting Files in the WebUI 265
Importing Files in the WebUI 265
Dell Networking W-Series ArubaOS 6.4.x | User Guide Contents | 17
18 | Contents Dell Networking W-Series ArubaOS 6.4.x| User Guide
Exporting and Importing Files in the CLI 265
Working with Internal Database Utilities 265
Deleting All Users 265
Repairing the Internal Database 265
Configuring Server Groups 266
Configuring Server Groups 266
Using the WebUI 266
Using the CLI 266
Configuring Server List Order and Fail-Through 266
Using the WebUI 267
Using the CLI 267
Configuring Dynamic Server Selection 267
Using the WebUI 268
Using the CLI 269
Configuring Match FQDN Option 269
Using the WebUI 269
Using the CLI 269
Trimming Domain Information from Requests 269
Using the WebUI 270
Using the CLI 270
Configuring Server-Derivation Rules 270
Using the WebUI 271
Using the CLI 272
Configuring a Role Derivation Rule for the Internal Database 272
Using the WebUI 272
Using the CLI 272
Assigning Server Groups 272
User Authentication 273
Management Authentication 273
Using the WebUI 273
Using the CLI 273
Accounting 273
RADIUS Accounting 273
RADIUS Accounting on Multiple Servers 276
TACACS+ Accounting 276
Configuring Authentication Timers 276
Setting an Authentication Timer 277
Using the WebUI 277
Using the CLI 278
Authentication Server Load Balancing 278
Enabling Authentication Server Load Balancing Functionality 278
MAC-based Authentication 279
Configuring MAC-Based Authentication 279
Configuring the MAC Authentication Profile 279
In the WebUI 280
In the CLI 280
Configuring Clients 280
In the WebUI 281
In the CLI 281
BranchController Config for Controllers 282
Branch Deployment Features 283
WAN Failure (Authentication) Survivability 284
Supported Client and Authentication Types 284
Supported Key Reply Attributes 285
Support Restrictions 285
Administrative Functions 285
Enabling Authentication Survivability on a Local Branch Controller 286
Dell Networking W-Series ArubaOS 6.4.x | User Guide Contents | 19
20 | Contents Dell Networking W-Series ArubaOS 6.4.x| User Guide
Configuring the Survival Server Certificate 286
Configuring the Lifetime of the Authentication Survivability Cache 286
User Credential and Key Reply Attributes Are Saved Automatically 286
Expired User Credential and Key Reply Attributes Are Purged Automatically 286
About the Survival Server 286
Trigger Conditions for Critical Actions 286
Storing User Access Credential and Key Reply Attributes to Survival Cache 286
Picking Up the Survival Server for Authentication 287
Access Credential Data Stored 287
Authentication for Captive Portal Clients 287
Captive Portal Client Authentication Using PAP 287
External Captive Portal Client Authentication Using the XML-API 287
Authentication for 802.1X Clients 288
802.1X Termination Disabled at the Wireless LAN Controller 288
802.1X Termination Enabled at the Wireless LAN Controller 288
Authentication for MAC Address-Based Clients 289
Authentication for WISPr Clients 289
WAN Health Check 290
WAN Optimization through IP Payload Compression 290
Distributed Layer 3 Branch Deployment Model 291
Compression/Decompression Engine 291
Modes of Operation 291
Interface Bandwidth Contracts 292
Integration with a Palo Alto Networks (PAN) Portal 292
Integration Workflow 293
Configuration Prerequisites 294
Branch Controller Routing Features 295
Uplink Routing Using Nexthop Lists 295
Policy-Based Routing 295
/