Dell W-IAP114/115 User guide

User Guide

Dell Networking W-Series

Instant Access Point

6.3.1.1-4.0

0511471-01 | November 2013 Dell Networking W-Series Instant 6.3.1.1-4.0 | User Guide

Copyright

®

, Aruba

Wireless Networks

®

, the registered Aruba the Mobile Edge Company logo, and Aruba Mobility Management

System

®

. Dell™, the DELL™ logo, and PowerConnect™ are trademarks of Dell Inc.

Originated in the USA. All other trademarks are the property of their respective owners.

Open Source Code

Certain Aruba products include Open Source software code developed by third parties, including software code

subject to the GNU General Public License (GPL), GNU Lesser General Public License (LGPL), or other Open

used can be found at this site:

http://www.arubanetworks.com/open_source

Legal Notice

The use of Aruba Networks, Inc. switching platforms and software, by all individuals or corporations, to terminate

other vendors’ VPN client devices constitutes complete acceptance of liability by that individual or corporation for

this action and indemnifies, in full, Aruba Networks, Inc. from any and all legal actions that might be taken against it

with respect to infringement of copyright on behalf of those vendors.

Dell Networking W-Series Instant 6.3.1.1-4.0 | User Guide Contents | 3

Contents

Contents 3

About this Guide 25

Intended Audience 25

Related Documents 25

Conventions 25

Contacting Dell 26

About Dell W-Instant 27

Dell W-Instant Overview 27

Supported Devices 27

Dell W-Instant UI 28

Dell W-Instant CLI 28

What is New in Dell W-Instant 6.3.1.1-4.0 28

Setting up a W-IAP 32

Setting up Dell W-Instant Network 32

Connecting a W-IAP 32

Assigning an IP address to the W-IAP 32

Assigning a Static IP 32

Connecting to a Provisioning Wi-Fi Network 33

W-IAP Cluster 33

Disabling the Provisioning Wi-Fi Network 33

Logging in to the Dell W-Instant UI 34

Specifying Country Code 34

Accessing the Dell W-Instant CLI 35

Connecting to a CLI Session 35

Applying Configuration Changes 36

Example: 36

Using Sequence Sensitive Commands 36

Dell W-Instant User Interface 38

Login Screen 38

4 | Contents Dell Networking W-Series Instant 6.3.1.1-4.0 | User Guide

Logging into the Dell W-Instant UI 38

Viewing Connectivity Summary 38

Language 38

Main Window 39

Banner 39

Search 39

Tabs 39

Networks Tab 40

Access Points Tab 40

Clients Tab 40

Links 41

New Version Available 41

System 41

RF 43

Security 44

Maintenance 45

Help 46

More 46

VPN 46

IDS 47

Wired 48

Services 48

DHCP Server 49

Support 50

Logout 51

Monitoring 51

Info 51

RF Dashboard 53

RF Trends 54

Usage Trends 55

Mobility Trail 59

Spectrum 60

Alerts 60

IDS 63

Configuration 64

AirGroup 64

W-AirWave Setup 65

Pause/Resume 65

Initial Configuration Tasks 67

Updating IP Address of a W-IAP 67

In the Dell W-Instant UI 67

In the CLI 68

Modifying the W-IAP Name 68

In the Dell W-Instant UI 68

In the CLI 68

Updating Location Details of a W-IAP 68

In the Dell W-Instant UI 68

In the CLI 68

Configuring External Antenna 69

EIRP and Antenna Gain 69

Configuring Antenna Gain 69

In the Dell W-Instant UI 69

In the CLI 70

Upgrading a W-IAP 70

Upgrading a W-IAP and Image Server 70

Image Management Using W-AirWave 70

Image Management Using Cloud Server 70

Configuring HTTP Proxy on a W-IAP 70

In the Dell W-Instant UI 70

In the CLI 71

Upgrading a W-IAP Using Automatic Image Check 71

Upgrading to a New Version Manually 72

Upgrading an Image Using CLI 72

Enabling Terminal Access 73

Dell Networking W-Series Instant 6.3.1.1-4.0 | User Guide Contents | 5

6 | Contents Dell Networking W-Series Instant 6.3.1.1-4.0 | User Guide

In the Dell W-Instant UI 73

In the CLI 73

Enabling Auto Join Mode 73

Disabling Auto Join Mode 73

Adding a W-IAP to the Network 73

Removing a W-IAP from the Network 74

Configuring a Preferred Band 74

In the Dell W-Instant UI 74

In the CLI 74

Configuring Radio Profiles for a W-IAP 74

Configuring ARMAssigned Radio Profiles for a W-IAP 74

Configuring Radio Profiles Manually for W-IAP 75

In the CLI 75

Configuring Inter-user Bridging and Local Routing 76

In the Dell W-Instant UI 76

In the CLI 76

Configuring Uplink VLANfor a W-IAP 76

In the Dell W-Instant UI 76

In the CLI 76

Configuring an NTP Server 76

In the Dell W-Instant UI 77

In the CLI 77

Mesh W-IAP Configuration 78

Mesh Network Overview 78

Mesh W-IAPs 78

Mesh Portals 78

Mesh Points 79

Setting up Dell W-Instant Mesh Network 79

VLAN Configuration 80

VLAN Pooling 80

Uplink VLAN Monitoring and Detection on Upstream Devices 80

Virtual Controller Configuration 81

Virtual Controller Overview 81

Master Election Protocol 81

Preference to a W-IAP with 3G/4G Card 81

Preference to a W-IAP with Non-Default IP 81

Manual Provisioning of Master W-IAP 81

Provisioning a W-IAP as a Master W-IAP 82

In the Dell W-Instant UI 82

In the CLI 82

Virtual Controller IP Address Configuration 82

Configuring IP Address for Virtual Controller 82

In the Dell W-Instant UI 82

In the CLI 83

Wireless Network Profiles 84

Understanding Wireless Network Profiles 84

Network Types 84

Configuring WLAN Settings for an SSID Profile 85

In the Dell W-Instant UI 85

In the CLI 87

Configuring VLAN Settings for a WLAN SSID Profile 88

In the Dell W-Instant UI 88

In the CLI 89

Configuring Security Settings for a WLAN SSID Profile 89

Configuring Security Settings for an Employee or Voice Network 89

In the Dell W-Instant UI 90

In the CLI 93

Configuring Access Rules for a WLAN SSID Profile 94

In the Dell W-Instant UI 95

In the CLI 95

Configuring Support for Fast Roaming of Clients 96

802.11r Roaming 96

Configuring a W-IAP for 802.11r support 96

Dell Networking W-Series Instant 6.3.1.1-4.0 | User Guide Contents | 7

8 | Contents Dell Networking W-Series Instant 6.3.1.1-4.0 | User Guide

In the Dell W-Instant UI 96

In the CLI 97

Opportunistic Key Caching 97

Configuring a W-IAP for OKC Roaming 98

In the Dell W-Instant UI 98

In the CLI 98

Editing Status of a WLAN SSID Profile 98

In the Dell W-Instant UI 99

In the CLI 99

Configuring Additional WLAN SSIDs 99

Enabling the Extended SSID 99

In the Dell W-Instant UI 99

In the CLI 100

Editing a WLAN SSID Profile 100

Deleting a WLAN SSID Profile 100

Wired Profiles 101

Configuring a Wired Profile 101

Configuring Wired Settings 101

In the Dell W-Instant UI 101

In the CLI 102

Configuring VLAN for a Wired Profile 102

In the Dell W-Instant UI 102

In the CLI 103

Configuring Security Settings for a Wired Profile 103

Configuring Security Settings for a Wired Employee Network 103

In the Dell W-Instant UI 104

In the CLI 104

Configuring Access Rules for a Wired Profile 104

In the Dell W-Instant UI 104

In the CLI 105

Understanding Hierarchical Deployment 106

Configuring Wired Bridging on Ethernet 0 106

In the Dell W-Instant UI 107

In the CLI 107

Assigning a Profile to Ethernet Ports 107

In the Dell W-Instant UI 107

In the CLI 107

Editing a Wired Profile 107

Deleting a Wired Profile 108

Captive Portal for Guest Access 109

Understanding Captive Portal 109

Types of Captive Portal 109

Walled Garden 110

Configuring a WLANSSID for Guest Access 110

In the Dell W-Instant UI 110

In the CLI 112

Configuring Wired Profile for Guest Access 113

In the Dell W-Instant UI 113

In the CLI 114

Configuring Internal Captive Portal for Guest Network 115

In the Instant UI 115

In the CLI 116

Configuring External Captive Portal for a Guest Network 117

External Captive Portal Profiles 117

Creating a Captive Portal Profile 117

In the Dell W-Instant UI 117

In the CLI 118

Configuring an SSID or Wired Profile to Use External Captive Portal Authentication 119

In the Dell W-Instant UI 119

In the CLI 120

Configuring External Captive Portal Authentication Using ClearPass Guest 120

Creating a Web Login page in the ClearPass Guest 120

Configuring the RADIUS Server in Dell W-Instant 120

Configuring Guest Logon Role and Access Rules for Guest Users 121

Dell Networking W-Series Instant 6.3.1.1-4.0 | User Guide Contents | 9

10 | Contents Dell Networking W-Series Instant 6.3.1.1-4.0 | User Guide

In the Dell W-Instant UI 121

In the CLI 121

Configuring Captive Portal Roles for an SSID 122

In the Dell W-Instant UI 123

In the CLI 124

Configuring Walled Garden Access 125

In the Dell W-Instant UI 125

In the CLI 125

Disabling Captive Portal Authentication 125

User Management 127

W-IAP Users 127

Configuring Administrator Credentials for the Virtual Controller Interface 127

In the Dell W-Instant UI 127

In the CLI 128

Configuring Guest Management Interface Administrator Credentials 129

In the Dell W-Instant UI 129

In the CLI 129

Configuring Users for Internal Database of a W-IAP 129

In the Dell W-Instant UI 129

In the CLI 130

Configuring the Read-Only Administrator Credentials 131

In the Dell W-Instant UI 131

In the CLI 131

Adding Guest Users through the Guest Management Interface 131

Authentication 133

Understanding Authentication Methods 133

Supported Authentication Servers 134

External RADIUS Server 135

RADIUS Server Authentication with VSA 135

Internal RADIUS Server 135

Authentication Termination on W-IAP 136

Supported VSAs 136

Understanding Encryption Types 140

WPA and WPA2 140

Recommended Authentication and Encryption Combinations 140

Understanding Authentication Survivability 141

Configuring Authentication Servers 143

Configuring an External Server for Authentication 143

In the Dell W-Instant UI 143

In the CLI 146

Configuring Dynamic RADIUSProxy Parameters 147

Enabling Dynamic RADIUS Proxy 147

In the Dell W-Instant UI 147

In the CLI 148

Configuring Dynamic RADIUS Proxy Parameters for Authentication Servers 148

In the Dell W-Instant UI 148

In the CLI 148

Associate the AuthenticationServers with an SSID or Wired Profile 148

In the CLI 149

Configuring Authentication Parameters for Virtual Controller Management Interface 149

In the Dell W-Instant UI 149

In the CLI 150

Configuring 802.1X Authentication for a Network Profile 150

Configuring 802.1X authentication for a Wireless Network Profile 151

In the Dell W-Instant UI 151

In the CLI 151

Configuring 802.1X authentication for Wired Profiles 152

In the Dell W-Instant UI 152

In the CLI 152

Configuring MAC Authentication for a Network Profile 152

Configuring MAC Authentication for Wireless Network Profiles 153

In the Dell W-Instant UI 153

In the CLI 153

Configuring MAC Authentication for Wired Profiles 153

Dell Networking W-Series Instant 6.3.1.1-4.0 | User Guide Contents | 11

12 | Contents Dell Networking W-Series Instant 6.3.1.1-4.0 | User Guide

In the Dell W-Instant UI 153

In the CLI 153

Configuring MAC Authentication with 802.1X Authentication 154

Configuring MAC and 802.1X Authentication for a Wireless Network Profile 154

In the Dell W-Instant UI 154

In the CLI 154

Configuring MAC and 802.1X Authentication for Wired Profiles 154

In the Dell W-Instant UI 154

In the CLI 155

Configuring MAC Authentication with Captive Portal Authentication 155

In the Dell W-Instant UI 155

In the CLI 156

Configuring WISPr Authentication 156

In the Dell W-Instant UI 156

In the CLI 157

Blacklisting Clients 157

Blacklisting Clients Manually 158

Adding a Client to the Blacklist 158

In the Dell W-Instant UI 158

In the CLI 158

Blacklisting Users Dynamically 158

Authentication Failure Blacklisting 158

Session Firewall Based Blacklisting 158

Configuring Blacklist Duration 158

In the Dell W-Instant UI 158

In the CLI 159

Uploading Certificates 159

Loading Certificates using Dell W-Instant UI 160

Loading Certificates using Dell W-Instant CLI 160

Loading Certificates using W-AirWave 160

Roles and Policies 163

Firewall Configuration 163

Configuring ALG Protocols 163

In the Dell W-Instant UI 163

In the CLI 164

Configuring Firewall Settings for Protection from ARP Attacks 165

In the Dell W-Instant UI 165

In the CLI 165

Managing Inbound Traffic 166

Configuring Management Subnets 166

In the Dell W-Instant UI 166

In the CLI 167

Configuring Restricted Access to Corporate Network 167

In the Dell W-Instant UI 167

In the CLI 167

Access Control List Rules 168

Configuring Access Rules 168

In the Instant UI 168

In the CLI 170

Configuring Network Address Translation 170

Configuring a Source NAT Access Rule 171

In the Dell W-Instant UI 171

In the CLI 171

Configuring Source-Based Routing 171

Configuring a Destination NAT Access Rule 172

In the Dell W-Instant UI 172

In the CLI 172

Configuration Examples for Access Rules 172

Allow POP3 Service to a Particular Server 173

Allow TCP Service to a Particular Network 173

Deny FTP Service except to a Particular Server 173

Deny bootp Service except to a Particular Network 174

Configuring User Roles 174

Dell Networking W-Series Instant 6.3.1.1-4.0 | User Guide Contents | 13

14 | Contents Dell Networking W-Series Instant 6.3.1.1-4.0 | User Guide

Creating a User Role 174

In the Dell W-Instant UI 174

In the CLI 175

Assigning Bandwidth Contracts to User Roles 175

Assigning Bandwidth Contracts in the Dell W-InstantUI 175

Assigning a bandwidth contract using Dell W-Instant CLI: 175

Configuring Machine and User Authentication Roles 176

In the Dell W-Instant UI 176

In the CLI 176

Configuring Derivation Rules 177

Understanding Role Assignment Rule 177

RADIUS VSA Attributes 177

MAC-Address Attribute 177

Roles Based on Client Authentication 177

DHCP Option and DHCP Fingerprinting 177

Creating a Role Derivation Rule 178

In the Dell W-Instant UI 178

In the CLI 179

Example 179

Understanding VLAN Assignment 179

Vendor Specific Attributes (VSA) 179

VLAN Assignment Based on Derivation Rules 180

User Role 181

VLANs Created for an SSID 181

Configuring VLAN Derivation Rules 181

In the Dell W-Instant UI 181

In the CLI 182

Example 182

Using Advanced Expressions in Role and VLAN Derivation Rules 183

Configuring a User Role for VLAN Derivation 184

Creating a User VLAN Role 184

In the Dell W-Instant UI 184

In the CLI 184

Assigning User VLAN Roles to a Network Profile 184

In the Dell W-Instant UI 184

In the CLI 185

Uplink Configuration 186

Uplink Interfaces 186

Ethernet Uplink 187

Configuring PPPoE Uplink Profile 188

In the Dell W-Instant UI 188

In the CLI 188

3G/4G Uplink 189

Types of Modems 189

Configuring Cellular Uplink Profiles 191

In the Dell W-Instant UI 191

In the CLI 192

Wi-Fi Uplink 193

Configuring a Wi-Fi Uplink Profile 193

Uplink Preferences and Switching 195

Enforcing Uplinks 195

In the Dell W-Instant UI 195

In the CLI 195

Setting an Uplink Priority 195

In the Dell W-Instant UI 195

In the CLI 196

Enabling Uplink Preemption 196

In the Dell W-Instant UI 196

In the CLI 196

Switching Uplinks Based on VPN and Internet Availability 196

Switching Uplinks Based on VPN Status 196

Switching Uplinks Based on Internet Availability 197

In the Dell W-Instant UI 197

In the CLI 197

Viewing Uplink Status and Configuration 198

Dell Networking W-Series Instant 6.3.1.1-4.0 | User Guide Contents | 15

16 | Contents Dell Networking W-Series Instant 6.3.1.1-4.0 | User Guide

Mobility and Client Management 199

Layer-3 Mobility Overview 199

Configuring L3-Mobility 200

Home Agent Load Balancing 200

Configuring a Mobility Domain for Dell W-Instant 200

In the Dell W-Instant UI 200

In the CLI 201

Spectrum Monitor 202

Understanding Spectrum Data 202

Device List 202

Non Wi-Fi Interferers 203

Channel Details 205

Channel Metrics 206

Spectrum Alerts 207

Configuring Spectrum Monitors and Hybrid W-IAPs 207

Converting aW-IAP to a Hybrid W-IAP 207

In the Dell W-Instant UI 207

In the CLI 207

Converting aW-IAP to a Spectrum Monitor 208

In the Dell W-Instant UI 208

In the CLI 208

Adaptive Radio Management 210

ARM Overview 210

Channel or Power Assignment 210

Voice Aware Scanning 210

Load Aware Scanning 210

Band Steering Mode 210

Client Match 210

Airtime Fairness Mode 211

Access Point Control 211

Monitoring the Network with ARM 212

ARM Metrics 212

Configuring ARM Features on a W-IAP 212

In the Dell W-Instant UI 212

In the CLI 215

Configuring Radio Settings for a W-IAP 217

In the Dell W-Instant UI 217

In the CLI 218

Intrusion Detection 220

Detecting and Classifying Rogue APs 220

OS Fingerprinting 220

Configuring Wireless Intrusion Protection and Detection Levels 221

Containment Methods 225

Configuring IDSUsing CLI 225

Content Filtering 227

Enabling Content Filtering 227

Enabling Content Filtering for a Wireless Profile 227

In the Dell W-Instant UI 227

In the CLI 227

Enabling Content Filtering for a Wired Profile 228

In the Dell W-Instant UI 228

In the CLI 228

Configuring Enterprise Domains 228

In the Dell W-Instant UI 228

In the CLI 228

Configuring OpenDNS Credentials 228

In the Dell W-Instant UI 229

In the CLI 229

DHCP Configuration 230

Configuring DHCP Scopes 230

Configuring Distributed DHCP Scopes 230

In the Dell W-Instant UI 230

In the CLI 232

Dell Networking W-Series Instant 6.3.1.1-4.0 | User Guide Contents | 17

18 | Contents Dell Networking W-Series Instant 6.3.1.1-4.0 | User Guide

Configuring Centralized DHCP Scope 233

In the Dell W-Instant UI 233

In the CLI 234

Configuring Local and Local,L3 DHCP Scopes 235

In the Dell W-Instant UI 235

In the CLI 236

Configuring DHCP Server for Client IP Assignment 237

In the Dell W-Instant UI 237

In the CLI 237

VPN Configuration 238

Understanding VPN Features 238

Configuring a Tunnel from a W-IAP to Dell Networking W-Series Mobility Controller 238

Configuring IPSec Tunnel 238

In the Dell W-Instant UI 238

In the CLI 239

Example 240

Enabling Automatic Configuration of GRETunnel 240

In the Dell W-Instant UI 240

In the CLI 242

Manually Configuring a GRETunnel 242

In the Dell W-Instant UI 242

In the CLI 243

Configuring an L2TPv3 Tunnel 243

In the Dell W-Instant UI 244

In the CLI 245

Example 246

Configuring Routing Profiles 249

In the Dell W-Instant UI 249

In the CLI 250

IAP-VPN Configuration 251

Overview 251

Termination of IPSec and GRE VPNTunnels 251

L2/L3 Forwarding Modes 251

IAP-VPN Scalability Limits 252

OSPFConfiguration 252

VPN Configuration 254

Whitelist Database Configuration 254

Controller Whitelist Database 254

External Whitelist Database 254

VPN Local Pool Configuration 254

Role Assignment for the Authenticated W-IAPs 254

VPN Profile Configuration 255

Viewing Branch Status 255

Example 255

W-AirwaveIntegration and Management 257

W-AirWave Features 257

Image Management 257

W-IAP and Client Monitoring 257

Template-based Configuration 257

Trending Reports 258

Intrusion Detection System 258

Wireless Intrusion Detection System (WIDS) Event Reporting to W-AirWave 258

RF Visualization Support forDell W-Instant 258

PSK-based and Certificate-based Authentication 259

Configuring W-AirWave 259

Configuring Organization String 259

Shared Key 260

Configuring W-AirWave Information 260

In the Dell W-Instant UI 260

In the CLI 261

Configuring for W-AirWave Discovery through DHCP 261

Standard DHCP option 60 and 43 on Windows Server 2008 261

Alternate Method for Defining Vendor-Specific DHCP Options 264

Dell Networking W-Series Instant 6.3.1.1-4.0 | User Guide Contents | 19

20 | Contents Dell Networking W-Series Instant 6.3.1.1-4.0 | User Guide

AirGroup Configuration 267

AirGroup Overview 267

AirGroup with Dell W-Instant 268

AirGroup Solution 269

AirGroup Features 270

CPPM and ClearPass Guest Features 271

AirGroup Components 271

AirGroup Services 271

Configuring AirGroup and AirGroup Services on a W-IAP 272

In the Dell W-Instant UI 272

In the CLI 273

Configuring AirGroup and CPPM interface in Dell W-Instant 274

Creating a RADIUS Server 274

Assign a Server to AirGroup 274

Configure CPPM to Enforce Registration 274

Change of Authorization (CoA) 274

Integration with Security and Location Services Applications 275

Configuring a W-IAP for Analytics and Location Engine Support 275

ALE with Dell W-Instant 275

Enabling ALE Support on a W-IAP 275

In the Dell W-Instant UI 275

In the CLI 276

Verifying ALE Configuration on a W-IAP 276

Configuring a W-IAP for RTLSSupport 276

In the Dell W-Instant UI 276

In the CLI 277

Integrating a W-IAP with Palo Alto Networks Firewall 277

Integration with Dell W-Instant 278

Configuring a W-IAP for PAN integration 278

In the Dell W-Instant UI 278

In the CLI 279

Page is loading ...

Dell W-IAP114/115, W-IAP224/225 User guide

Related papers

Other documents