Instructions

ManualsBrandsAlcatel-Lucent Enterprise ManualsComputing & OfficeAP1201 Wi-Fi access point 1.3 GBit/s 2.4 GHz, 5 GHz

Alcatel-Lucent Enterprise

OmniAccess Stellar AP User Guide - AWOS 4.0.1

January 2021

033517-10 Rev.C

The Alcatel-Lucent name and logo are trademarks of Nokia used under license by ALE. To view

other trademarks used by affiliated companies of ALE Holding, visit: www.al-

enterprise.com/en/legal/trademarks-copyright. All other trademarks are the property of their

respective owners. The information presented is subject to change without notice. Neither ALE

Holding nor any of its affiliates assumes any responsibility for inaccuracies contained herein.

Summary of content (120 pages)

PAGE 1
Alcatel-Lucent Enterprise OmniAccess Stellar AP User Guide - AWOS 4.0.1 January 2021 033517-10 Rev.C The Alcatel-Lucent name and logo are trademarks of Nokia used under license by ALE. To view other trademarks used by affiliated companies of ALE Holding, visit: www.alenterprise.com/en/legal/trademarks-copyright. All other trademarks are the property of their respective owners. The information presented is subject to change without notice.
PAGE 2
How to Use This Manual Contents 1 How to Use This Manual ............................................................................................. 7 Access Stellar AP Through the GUI .................................................................................... 7 Document Conventions .................................................................................................. 7 2 Configuration Sample .........................................................................................
PAGE 3
How to Use This Manual Create an Enterprise WLAN ......................................................................................... 55 Create a Personal WLAN ............................................................................................ 60 Create a Captive Portal WLAN ..................................................................................... 64 Delete Your WLAN ......................................................................................................
PAGE 4
How to Use This Manual Configure Mesh/Bridge through AP UI ............................................................................. 95 Configure DHCP through AP UI ..................................................................................... 99 Configure DNS Cache through AP UI ............................................................................. 100 Configure NAT through AP UI .....................................................................................
PAGE 5
How to Use This Manual Figure 4-25 RF-5GHz ...................................................................................................... 37 Figure 4-26 RF Configuration Window .................................................................................. 38 Figure 4-27 Edit RF Information ......................................................................................... 39 Figure 4-28 Top 5 AP interfered ....................................................................................
PAGE 6
How to Use This Manual Figure 7-7 Select Your Login Method ................................................................................... 86 Figure 7-8 Create Captive Portal Users ................................................................................. 87 Figure 7-9 Create Access Code .......................................................................................... 88 Figure 7-10 Customize Your Splash Page ...............................................................................
PAGE 7
How to Use This Manual 1 How to Use This Manual This manual describes all features supported by the Stellar AP and provides instructions and examples for configuring ALE series OmniAccess Stellar Access Point (AP). It is designed for network administrators who are responsible for configuring and maintaining the Wi-Fi network. It assumes the reader is familiar with Layer2 and Layer3 networks and 802.11 protocols and related technologies.
PAGE 8
Configuration Sample 2 Configuration Sample This chapter describes the general steps to configure the Stellar AP with respect to several deployment topologies. Follow the configuration steps in the guide to configure your Stellar AP.
PAGE 9
Configuration Sample ➔ The Guest WLAN is designed for guests and can access the internet ONLY. It uses a captive portal authentication and a portal page will pop up when browsing any website. Guest can access the Internet only after inputting the access code or user name and password provided by the network administrator. The splash page can be customized to the customer’s style. ➔ The Voice WLAN is designed for VoIP application ONLY.
PAGE 10
Configuration Sample Scenario 2: AP Group With ALE OXO Server (ZTP) Figure 2-2 AP group with OXO Following are the requirements for this scenario, ➔ There are three APs in this group. All APs connect to a standard PoE switch and the PoE switch connects to the core router and an ALE OXO server. ➔ All three APs broadcast three SSIDs: Employee, Guest, and Voice. ➔ The Employee WLAN is used for company staff, by which both internal servers and the internet are accessible.
PAGE 11
Configuration Sample ➔ Step2: The APs will reboot automatically to setup a group and allow configuration from the OXO server take effect, all three WLANs are created. ➔ Step3: Check AP, Client and monitor the performance in the dashboard. Refer to Dashboard Overview for detail.
PAGE 12
Connecting AP Group via Web Browser 3 Connecting AP Group via Web Browser Prerequisites for Setting up and Accessing AP Group • • • • Connect all APs to switch and power up. Ensure that a DHCP server is present and accessible in the network. The AP group uses an external DHCP server for IP address management of the access points and the wireless clients. Ensure that a DNS server is available in the network, which helps to parse the web URL used to access the AP.
PAGE 13
Connecting AP Group via Web Browser Note 3-5: If there is no DHCP server in the network, the AP will default to the 192.168.1.254 address. See How to Configure the AP if there is no DHCP server. Stellar AP1230 series and AP1311 Access Points can be powered with dual uplinks, with both switch ports POE enabled only when connected to a standalone or VC of OmniSwitch 6860/E. • When using dual links, both switch ports should be of speed 1GE and configured as Linkagg (LACP).
PAGE 14
Connecting AP Group via Web Browser Figure 3-2 Initialization Wizard-Welcome Page Step2: Change your Administrator password. Figure 3-3 Initialization Wizard-Modify Administrator Password Note 3-6: It is highly recommended and a best security practice to change the default passwords for the predefined login accounts. Step3: Select your country code and time zone. (Only for -RW models) Figure 3-4 Initialization Wizard-Select country code and time zone Step4: Create your own WLAN.
PAGE 15
Connecting AP Group via Web Browser Figure 3-5 Initialization Wizard-Create New WLAN Note 3-7: The VLAN assignment for the WLAN is not available in the initial wizard phase. You can modify the mapping VLAN value after the initial setup is completed, using the steps described in “Modify your WLAN” section which can be used to modify existing WLANs.
PAGE 16
Connecting AP Group via Web Browser Step5: Complete Confirmation Page Figure 3-6 Initialization Wizard-Complete Notice Note 3-8: While configuring the Initialization Wizards, please make sure your configuring terminal is connected to the pre-defined WLAN ’mywifi-xxxx’ to keep the communication operational between AP group (or AP) and web browser.
PAGE 17
Connecting AP Group via Web Browser 1. PVM/SVM election priority: AP1320/AP1360 > AP1311 > AP1220/AP1230/AP1251/AP1201 > AP1101/AP1201H/AP1201L/AP1201HL 2. Among the APs with same priority, the one with highest MAC address will be selected as PVM, the second highest MAC address AP will be selected as SVM. 3. AP1101/AP1201H/AP1201L/AP1201HL as PVM in the cluster, it can scale to 32 APs. 4. AP1320/AP1360/AP1311/AP1220/AP1230/AP1251/AP1201 as PVM in the cluster, it can scale to 255 APs. 5.
PAGE 18
Introduction to the AP Group Web Management System 4 Introduction to the AP Group Web Management System Dashboard Overview The Stellar AP provides a visualized dashboard for AP and client monitoring and configuration. As illustrated in Figure 4-1 Dashboard Overview, the dashboard is split into sub-windows for WLAN Window, AP Window, Client Window and Monitoring Window, System Page, Wireless Page and Access Page.
PAGE 19
Introduction to the AP Group Web Management System Figure 4-2 WLAN Window-Simplified Mode Note 4-1: The label below displays the number of enabled or disabled WLANs. Table 4-1: Key word specification in WLAN Window (Simplified Mode) WLAN Name Status Clients New Label or name of WLAN, which is composed by 0-9, a-z or other string. Indicates the WLAN state, indicates that WLAN is in broadcast state, while indicates WLAN is not in broadcast state. The number of users connected to the WLAN.
PAGE 20
Introduction to the AP Group Web Management System WLAN Name Status Security Level Captive Portal Operate Label or name of WLAN. Indicates the WLAN state, indicates that WLAN is in broadcast state, while indicates WLAN is not in broadcast state. Security Level of WLAN, from high to low is Enterprise>Personal>Open. Indicates whether the WLAN is using captive portal authentication.
PAGE 21
Introduction to the AP Group Web Management System Figure 4-5 AP Window-Advanced Mode Table 4-4: Key word specification in AP Configuration Window (Advanced Mode) Primary Name IP Firmware Operate Name of the AP. IP address of the AP. Firmware version of the AP. There are three optional operations for the AP: PVM SVM MEMBER Joining Pending Neighboring Group , and . Primary Virtual Management in the AP group. Secondary Virtual Controller in the AP group. Other member APs in the group except PVM/SVM.
PAGE 22
Introduction to the AP Group Web Management System Restore factory settings for all the APs in the group. Backup the configuration of the AP group. Restore the configuration for the AP group. Update the firmware for all the APs in the group. • Contact to Cloud – Enable/Disable contacting to OmniVista Cirrus periodically. If AP in the cluster are authorized to register OV Cirrus, the AP will reboot the register to OV Cirrus, then user can monitor and manage the AP from OV Cirrus. By default, it is enabled.
PAGE 23
Introduction to the AP Group Web Management System Client Window Client Window displays all the connected clients. Similar to the WLAN Window, there are two modes for Client Window, Simplified Mode illustrated in Figure 4-6 and Advanced Mode illustrated in Figure 4-7. You can launch the Advanced Mode from Simplified Mode by clicking the Client Window Frame. Figure 4-6 Clients Window-Simplified Mode Table 4-5: Key word specification in Client Window (Simplified Mode) Clients connected to the group.
PAGE 24
Introduction to the AP Group Web Management System Figure 4-7 Clients Window-Advanced Mode Table 4-6: Key word specification in Client Information Window (Advanced Mode) User Name IP MAC WLAN Access Point AP Name Auth Attached Band Online Time Session Time RSSI Working Mode PHY Rx rate PHY Tx rate Rx rate Tx rate Download Upload Device type OS Type Rx Error Tx Retry User Name of the client. IPv4 address of the client. MAC address of the client. WLAN to which the client connected.
PAGE 25
Introduction to the AP Group Web Management System Roaming History Showing roaming history between SSID/AP/Band for the client, total 32 roaming records can be displayed and will be separated by connection sessions. • Connection Session – A session represent a period which starting from associating to the wireless network and ending by disassociating. Roaming records are distributed within sessions. • The connection sessions are arranged based to time sequence.
PAGE 26
Introduction to the AP Group Web Management System Client Band Client Health The working band distribution of clients connected to the AP group, including number of clients working on 2.4GHz band and number of clients working on 5GHz band. The wireless connection quality between client and Stellar AP, it is judged by the signals of client, and classified as below: • Best— Number of clients whose signal strength is more than 30. • Good— Number of clients whose signal strength is between 15 ~30.
PAGE 27
Introduction to the AP Group Web Management System Figure 4-10 Monitoring Window - AP Table 4-9: Key word specification in AP monitoring Window RX TX Client Client Band Client Health Total receiving rate of the AP. Total sending rate of the AP. The number of clients connected to the AP. The working band distribution of clients connected to the AP, including number of clients working on 2.4GHz band and number of clients working on 5GHz band.
PAGE 28
Introduction to the AP Group Web Management System Table 4-10: Key word specification in Client Monitoring Window RX TX RSSI PHY RX PHY TX Receiving rate of the client. Sending rate of the client. Received Signal Strength Indication of the client Physical receiving rate of the client. Physical sending rate of the client. Note 4-3: The data shown in the monitoring window is collected and displayed while the window is open. The data is not stored and no historical view of the data is available.
PAGE 29
Introduction to the AP Group Web Management System Figure 4-13 General Window – Simplified Mode The General Configuration window includes two tabs: Group Info Management and Account management, illustrated in Figure 4-14 . Group Info Management Group Info Management contains the basic information of the AP group, you can edit it with your own group settings to identify a private Wi-Fi network.
PAGE 30
Introduction to the AP Group Web Management System Group ID MQTT Compatibility Identification of the AP group, default is 100. Enable to allow AP with lower version firmware (AWOS4.0.0 and before) to join. The lower version firmware is low-level security on MQTT. By default, it is not allowed AWOS4.0.0 and before version AP to join. Note 4-4: AP of a group usually obtains its IP address dynamically from a DCHP server, and it is difficult to keep the same assigned IP address for the AP.
PAGE 31
Introduction to the AP Group Web Management System There are security methods to protect AP group management web UI from unsecure usage: Figure 4-16 Account Lockout Account Lockout Threshold – Specify how many times a user must fail against a valid account before the user is denied login. By default, the lockout threshold is 3 times of invalid login attempts. Account Lockout Duration – Specify how long will the user be denied from login after exceeding invalid attempts.
PAGE 32
Introduction to the AP Group Web Management System Certificate Management AP support 3 types of build-in certificates, user can customize their own certificate on demand: (1) Internal Web Server – The certificate is utilized to setup the secure connection between web browser and AP web server for https management. By default, there is a build-in CA certificate generated by ALE with the domain ‘mywifi.al-enterprise.com’.
PAGE 33
Introduction to the AP Group Web Management System Figure 4-19 Service Management Tab System Time Window It is important to ensure the system time is correct, this is because proper communication between network elements and syslog for troubleshooting are based on the correct time. NTP (RFC 1305 - Network Time Protocol) is a networking protocol for time synchronization between the elements across the network.
PAGE 34
Introduction to the AP Group Web Management System You can also specify the Time Zone and daylight-saving time of the AP group to coordinate with the local time. The daylight-saving time is automatically enabled on supporting time zone. Note 4-5: In order to ensure time synchronization, it is recommended to check the reachability before adding an NTP server. If the NTP server is not configured or is unreachable, an AP reboot may lead to variation in time.
PAGE 35
Introduction to the AP Group Web Management System a Warning level entry will also be included in Notice, Info and Debug processing. Notice is the default level of Syslog setting, and the system generates logs including levels of Notice, Warning, Error, Critical, Alert and Emergency. Log Remote: Setting of remote log server. If configured and enabled, besides storage in local file, Syslog messages of all APs in group can be sent to and stored in the server once generated.
PAGE 36
Introduction to the AP Group Web Management System With SNMP user can monitor AP status in the group through traditional network management platform. • SNMP Agent – Enable/Disable the SNMP agent on AP. Network management platform can fetch information from AP through SNMP protocol. • Community – The credential used to communicate between AP and network management platform. • SNMP Trap – Enable/Disable AP to send trap to network management platform.
PAGE 37
Introduction to the AP Group Web Management System Figure 4-24 RF-2.
PAGE 38
Introduction to the AP Group Web Management System Figure 4-26 RF Configuration Window The left side of the RF Configuration window displays the list of working channels and transmitting power of all APs in the group. When you pick an AP from the list, its detailed RF information is displayed on the right side of the window, illustrated Figure 4-26.
PAGE 39
Introduction to the AP Group Web Management System Figure 4-27 Edit RF Information Note4-6: Radio Dynamic Adjustment™ (RDA) is a technology that adjusts the radio working channel and transmitting power according to the wireless environment around it. It includes Auto Channel Selection (ACS) and Auto Power Control (APC) functions. By default, RDA is enabled. RDA relies on the background scanning feature.
PAGE 40
Introduction to the AP Group Web Management System MU-MIMO High Efficiency Beacon Interval Enable/Disable MU-MIMO (multi-user, multiple-input, multiple-output) feature. Enable/Disable 802.11ax high efficiency wireless functionality. When disabled, the HE mode capable AP will downgrade to VHT (Very High Throughput) mode. Specify the Beacon period for the AP in milliseconds. This indicates how often the 802.11 beacon management frames are transmitted by the access point.
PAGE 41
Introduction to the AP Group Web Management System AP blacklist: Only rogue APs can be added to the blacklist. If a rogue AP is added to the blacklist, it cannot change its role to act as a client and access to the Stellar AP wireless network, illustrated in Figure 4-31. Suppress: Enable/disable the function of rogue AP suppress. If enabled, the detecting Stellar AP will send DEAUTH frames to clients that have associated to the rogue AP, keeping the clients away from the unsafe wireless network.
PAGE 42
Introduction to the AP Group Web Management System Whitelist of foreign APs. Those not considered as security threat to the Stellar AP network, you can add the trusted MAC address into whitelist manually, see more in Figure 4-30. Blacklist of foreign APs. Those classified as rogue APs and pretending to act as a client to access the Stellar AP network. If and there are detected ad-hoc devices, all of them will be added to the blacklist automatically.
PAGE 43
Introduction to the AP Group Web Management System Performance Optimization Window Wireless performance optimization is useful to enhance the quality of wireless service for users. The performance optimization includes Background Scanning, Band Steering, Load Balance, RSSI Threshold, Roaming RSSI, Voice and Video Awareness, and Airtime Fairness, illustrated in Figure 4-32.
PAGE 44
Introduction to the AP Group Web Management System channels on 5 GHz band. By default, band steering is enabled. When Band Steering is enabled and Force 5G is NOT selected, AP is working in Prefer 5G mode. The prefer-5GHz-band-steering is based on channel utilization and client density. When the 5G band is busy and connecting too many clients, a new client will be guided to connect to free 2.4G band. Force 5G: AP forces dual band clients to connect to the 5 GHz band.
PAGE 45
Introduction to the AP Group Web Management System Figure 4-33 Access Page Authentication Window Authentication Window displays the user authentication and accessing information. There are two modes for Authentication Window, Simplified Mode illustrated in Figure 4-34 and Advanced Mode illustrated in Figure 4-35. You can launch the Advanced Mode from Simplified Mode by clicking the Authentication Window Frame.
PAGE 46
Introduction to the AP Group Web Management System Figure 4-35 Authentication Window – Internal Portal Server Figure 4-36 Authentication Window – External Portal Server Stellar AP User Guide ALCATEL-LUCENT ENTERPRISE 46
PAGE 47
Introduction to the AP Group Web Management System Table 4-14: Key word specification in Authentication Window (Advanced Mode) HTTPs Captive Portal Type UserName Starting Date Ending Date Operate Specify the captive portal login protocol, https or http. • Internal Captive Portal – Use AP internal captive portal server for authentication. • External Captive Portal – Use external captive portal server for authentication.
PAGE 48
Introduction to the AP Group Web Management System • SFTP Server – Record the client connection information to a specific SFTP server by uploading log files • Syslog Server – Record the client connection information to a specific server by syslog message Specify the cycle for uploading user behavior logs to FTP server, can be set to 1 hour, 2 hours and 4 hours. Save the FTP setting for uploading user behavior logs. Upload the user behavior logs to the FTP server manually.
PAGE 49
Introduction to the AP Group Web Management System There are three splash page templates provided by the system, you can choose your captive portal login method and customize your own splash page accordingly, see more in Customized Portal Page – Login by Account, Customized Portal Page – Login by access code and Customized Portal Page – Login by Terms of use.
PAGE 50
Introduction to the AP Group Web Management System Figure 4-40 Customized Portal Page – Login by Terms of use Figure 4-41 Customized Portal Page – Terms of use Black List & White List Window Black List & White List Window focuses on the basic access control mechanism for users connecting to the Stellar WLAN network based on the client level. It includes following tabs: Black List Tab, White List Tab, Wall Garden Tab and Multicast Control Tab.
PAGE 51
Introduction to the AP Group Web Management System Figure 4-42 Black List Tab The whitelist is applied to captive portal authentication ONLY. Those clients on the whitelist are permitted to access the network resource without passing the captive portal authentication. You can manually add/remove client(s) to/from the whitelist for captive portal authentication by MAC address, illustrated in Figure 4-43. The whitelist does not support Enterprise/Personal WLANs.
PAGE 52
Introduction to the AP Group Web Management System Figure 4-44 Walled Garden Tab Note 4-7: To allow the user to access some network resources (For example: office website or open file server) before passing the captive portal authentication, you must know the IP address or domain name of the network resource and add it into the walled garden. The Multicast Control targets on the mDNS multicast traffic forwarding from wired network (switch ports) towards AP.
PAGE 53
Introduction to the AP Group Web Management System Access Control List Window There are two modes for ACL Window, Simplified Mode illustrated in Figure 4-46 and Advanced Mode illustrated in Figure 4-47. You can launch the Advanced Mode from Simplified Mode by clicking the ACL Window Frame. The simplified ACL Window displays the ACLs configured, illustrated in Figure 4-46. You can create L3 ACLs using wildcard entries for both IP address and TCP/UDP/ICMP ports.
PAGE 54
Introduction to the AP Group Web Management System Table 4-15 ACL Parameter Specification Parameter Source IP Destination IP Source Port Destination Port IP Protocol Action Apply To WLAN Apply To EthPort Specifications The source IP address. The destination IP address. Source UDP or TCP port. Destination UDP or TCP port. There are three options for IP Protocol, TCP, UDP or ICMP. Accept or Reject Indicate the range which the ACL rule take effect for wireless connection, specific SSID or any SSID.
PAGE 55
Admin Status Enable/Disable Ethernet port 5 WLAN Configuration Configuring WLAN should be the first step when setting up your Wi-Fi network. This section contains the following topics: ➔ Create NEW WLAN ➔ Delete Your WLAN ➔ Modify Your WLAN ➔ Modify WLAN Qos Create New WLAN To create a new WLAN, click on the hyperlink ‘New’ to launch the WLAN creation window. There are three security levels of WLANs that can be created: Enterprise, Personal and Open (Captive Portal).
PAGE 56
WLAN Configuration Figure 5-1 Create Enterprise WLAN - Simplified Mode Stellar AP User Guide ALCATEL-LUCENT ENTERPRISE 56
PAGE 57
WLAN Configuration Figure 5-2 Create Enterprise WLAN - Advanced Mode Stellar AP User Guide ALCATEL-LUCENT ENTERPRISE 57
PAGE 58
WLAN Configuration Table 5-1: Key word specification in Enterprise WLAN Configuration Window WLAN Parameter WLAN Name Security Level Key Management Specification Label or name of WLAN. Security mode of WLAN, from high to low is Enterprise>Personal>Open. Here select the Enterprise mode. WPA3/WPA2/WPA encryption method. It is applicable to Enterprise/Personal WLANs only.
PAGE 59
WLAN Configuration Scope Type WLAN Access Timer Max Clients per band Upstream Per Client Downstream Per Client Client Isolate 802.11r 802.11v 802.11k 802.11b 802.11g 2.4G Client Rate Control 2.4G Client Rate 5G Client Rate Control 5G Client Rate 2.4G MGMT Rate Control 2.4G MGMT Rate 5G MGMT Rate Control 5G MGMT Rate Specify the scope of APs in the cluster which will create the WLAN. • All – All APs in the cluster will create the WLAN. • Group – Select the APs which will create the WLAN.
PAGE 60
WLAN Configuration broadcast on 12 Mbps rate and other management frames (such as probe frame) will broadcast on 9 Mbps. If OKC is enabled, a cached pairwise master key (PMK) is used when the client roams to a new AP. This allows faster roaming of clients without the need for a complete 802.1x authentication. The DTIM interval indicates the DTIM period in beacons, which determines how often the AP should deliver the buffered broadcast and multicast frames to associated clients in the power save mode.
PAGE 61
WLAN Configuration Figure 5-4 Create Personal WLAN - Advanced Mode Stellar AP User Guide ALCATEL-LUCENT ENTERPRISE 61
PAGE 62
WLAN Configuration Table 5-2: Key word specification in Personal WLAN Configuration Window WLAN Parameter WLAN Name Security Level Key Management PMF Password Format Password Confirm Inactivity Timeout Status Inactivity Timeout Interval Enable Hidden Multicast Broadcast ARP VLAN ID Specification Label or name of WLAN. Security Level of WLAN, from high to low is Enterprise>Personal>Open. Here select the Personal type. WPA3/WPA2/WPA encryption method. It is applicable to Enterprise/Personal WLANs only.
PAGE 63
WLAN Configuration Band Scope Type WLAN Access Timer Max Clients per band Upstream Per Client Downstream Per Client Client Isolate 802.11r 802.11v 802.11k 802.11b 802.11g 2.4G Client Rate Control 2.4G Client Rate 5G Client Rate Control 5G Client Rate 2.4G MGMT Rate Control 2.4G MGMT Rate 5G MGMT Rate Control 5G MGMT Rate DTIM Interval Select a value to specify the band at which the network transmits radio signals. You can set the band to 2.4 GHz, 5 GHz, or All. The All option is selected by default.
PAGE 64
WLAN Configuration the client checks for buffered data on the AP at every beacon. User can also configure a higher DTIM value for power saving. The WLAN Creation Window is closed if you click ‘Cancel’ button. Click ‘Save’ to save the configuration and create the WLAN.
PAGE 65
WLAN Configuration Figure 5-6 Create Captive Portal WLAN - Advanced Mode Stellar AP User Guide ALCATEL-LUCENT ENTERPRISE 65
PAGE 66
WLAN Configuration Table 5-3: Key word specification in Captive Portal WLAN Configuration Window WLAN Parameter WLAN Name Security Level Captive Portal Inactivity Timeout Status Inactivity Timeout Interval Enable Hidden Multicast Broadcast ARP VLAN ID Band Scope Type WLAN Access Timer Max Clients per band Upstream Per Client Downstream Per Client Client Isolate 802.11r 802.11v Specification Label or name of WLAN. Security Level of WLAN, from high to low is Enterprise>Personal>Open.
PAGE 67
WLAN Configuration 802.11k 802.11b 802.11g 2.4G Client Rate Control 2.4G Client Rate 5G Client Rate Control 5G Client Rate 2.4G MGMT Rate Control 2.4G MGMT Rate 5G MGMT Rate Control 5G MGMT Rate Enables/Disables 802.11k. The 802.11k protocol enables APs and clients to dynamically measure the available radio resources. When 802.11k is enabled, APs and clients send neighbor reports, beacon reports, and link measurement reports to each other.
PAGE 68
WLAN Configuration Figure 5-7 Delete a WLAN Modify Your WLAN In WLAN Window Advanced Mode Figure 4-3 WLAN Window-Advanced Mode, you can modify the WLAN by clicking the ‘ ’ Button, shown in Figure 5-8. All configurable WLAN parameters will be displayed on the right of WLAN Window Advanced Mode, Enterprise WLAN see Table 5-1, Personal WLAN see Table 5-2 and Captive Portal WLAN see Table 5-3. Click to cancel the modification or click to save the configuration.
PAGE 69
WLAN Configuration background (AC_BK). It is suitable for well-defined applications that require QoS, such as Voice over IP (VoIP) on Wi-Fi phones. You can edit the mapping relationship between DSCP/802.1p values and WMM priorities for a WLAN on Stellar AP, illustrated in Figure 5-9.
PAGE 70
AP Management 6 AP Management This chapter describes how to configure and manage your AP. The ALE Wi-Fi solution is a controller-less based architecture. The APs can establish an autonomous group, in which there are three types of AP roles, Primary Virtual Management (PVM), Secondary Virtual Management (SVM) and member AP. This chapter describes how to manage the group and how to check, backup, restore AP configuration and to upgrade firmware in GUI.
PAGE 71
AP Management Group Management Netmask Netmask of Group Management IP. Figure 6-1 AP Group Configuration Window Figure 6-2 AP Group Information Location Figure 6-3 AP Group Management IP There are two IP addresses on the PVM of the group, illustrated in Figure 6-3 (Navigate:Dashboard – AP Window – AP Configuration Window). 1. AP IP address [e.g.: 192.168.20.162(AP)] – The IP of the PVM which used to communicate with other Stellar APs in the group and with network entities outside the group.
PAGE 72
AP Management Import and Export AP Configuration In the AP Configuration Window (Navigate:Dashboard – AP Window – AP Configuration Window), you can backup, recover or clear the group configuration, illustrated in Figure 6-4 and Figure 6-5. Figure 6-4 Export AP Group Configuration Figure 6-5 Import AP Group Configuration Table 6-2: AP Group Configuration Parameter Specification Clear all AP configurations, return to factory state.
PAGE 73
AP Management Upgrade all AP’s firmware. Note6-1: All configuration settings (clear, backup or restore) will be applied to the entire group. There is no need to select specific APs to apply configuration settings. The entire group of APs have one configuration file. Upgrade AP Firmware Before upgrading the AP you should prepare the firmware file to be upgraded.
PAGE 74
AP Management Figure 6-7 Update Single AP from Remote TFTP Server Figure 6-8 Update all APs’ Firmware Warning 6-1: Note 6-2: In order to make sure you’re running the latest software, we strongly recommend to clear the browsing data in your browser after the software upgrade, including: • Cookies Stellar AP User Guide ALCATEL-LUCENT ENTERPRISE 74
PAGE 75
AP Management • Cache Modify AP Name and IP Address In the AP Configuration Window (Navigate: Dashboard–AP Window–AP Configuration Window), you can modify the name and other parameters as needed for the AP in Detailed Information panel. ➔ Modify AP Name Figure 6-9 Modify AP Name Click on “Edit” to modify the AP name. Enter a name to identify the AP. By default, an Stellar AP is named with the last two bytes of its MAC address (e.g.
PAGE 76
AP Management Figure 6-10 Modify AP IP Address Check AP Configuration Detail Click to verify AP configuration in the AP Configuration Window (Navigate: Dashboard–AP Window- AP Configuration Window).
PAGE 77
AP Management Figure 6-11 Check AP Configuration Detail Modify AP Transmission Power and Channel You can modify the transmission power and working channel for the Stellar AP in the RF Configuration Window. (Navigate: Dashboard-Wireless Page-RF Window-RF Configuration Window) Figure 6-12 RF Management Automatic Channel Selection (ACS) and Automatic Power Control (APC) are turned ON by default. The AP transmission power and channel are adjusted dynamically by default.
PAGE 78
AP Management used by the AP and the transmit power must be set manually. In manual mode the AP transmit power can be adjusted in 1 dB increments. These values must be set for both radio bands. AP LED Specification Table 6-3: Describes the LED status during different stages of Stellar AP.
PAGE 79
AP Management Figure 6-14 Locate AP The Restore window appears. The LED blinks with red, blue and green color. Step 4: Click "Restore" to return to the normal state. Figure 6-15 Restore AP state Remove an AP from the Group An AP is removed from the AP group list (PVM/SVM/Member) by selecting “kick off”. Then the AP enters a group blacklist, if it is not disconnected from the network it will move to the ‘Joining’ state, and without authorization is not permitted to be a member of group again.
PAGE 80
AP Management Figure 6-16 Remove an AP from Group Allow an AP to Join the Group Figure 6-17 Allow AP to join group In the displayed AP Configuration screen, an AP in ‘Joining’ state is in the group blacklist, the ‘Accept’ operation lets it join the group and removes it from the group blacklist. How to Add a New AP to Group To add a new AP to the group, ensure that the PVM is not in the ‘Down’ state. If the PVM is down, upgrade the SVM to be the PVM before plugging in the new AP.
PAGE 81
AP Management How to Replace a Current AP in Group 1. To replace the current PVM: Upgrade the SVM to the PVM before disconnecting the old PVM. Then replace the old PVM with a new Stellar AP. 2. To replace the SVM or a MEMBER of the group: Disconnect and replace the SVM or member directly with a new Stellar AP, users on other Stellar APs will not be affected.
PAGE 82
Authentication Management 3. Browse http://mywifi.al-enterprise.com:8080 or http://192.168.1.254:8080 to configure the Stellar AP. 7 Authentication Management As WLANs evolve from best-effort to mission-critical infrastructure, organizations are finding that the operational aspects of network security take on much greater importance.
PAGE 83
Authentication Management Enterprise Authentication is developed for medium and large businesses and requires a RADIUS authentication server that provides automatic key generation and authentication throughout the entire enterprise. Figure 7-1 Enterprise Authentication Users in small office and home office (SOHO) wireless LAN environments lack the budget and IT staff to install and maintain RADIUS authentication servers.
PAGE 84
Authentication Management Figure 7-3 Authentication Security Type-Personal Figure 7-4 Authentication Security Type-Enterprise There are multiple Wi-Fi security protocols for personal and enterprise networks: • Wired Equivalent Privacy (WEP), introduced as part of the original 802.11 standard ratified in 1997. It uses the RC4 cipher to ensure confidentiality and a CRC-32 Checksum to ensure integrity of the data transmitted. • Wi-Fi Protected Access (WPA) became available in 2003.
PAGE 85
Authentication Management • WPA2 replaced WPA began in 2004. Most important upgrade is mandatory use of AES algorithms (instead of previous RC4) and the introduction of CCMP (AES CCMP, Counter Cipher Mode with Block Chaining Message Authentication Code Protocol, 128 Bit) as a replacement for TKIP (which is still present in WPA2, as a fallback system and WPA interoperability). • WPA3 began as a replacement to WPA2 in 2018.
PAGE 86
Authentication Management Navigate: Dashboard-Access Page-Authentication Window-Authentication Configuration Window. Figure 7-6 Enable Captive Portal Service After you have enabled the captive portal service, proceed to: Select Your Login Method. Select Your Login Method Navigate: Dashboard-Access Page-Authentication Window-Authentication Configuration Window.
PAGE 87
Authentication Management Figure 7-8 Create Captive Portal Users Note 7-2: If you have selected login by account method for the captive portal authentication, it ONLY supports users in the local user database. It does not support connecting to an external authentication server. You can add user accounts to the local user database, see in Figure 7-8.
PAGE 88
Authentication Management Figure 7-9 Create Access Code Customize Your Splash Page (Optional) Navigate: Dashboard-Access Page-Authentication Window-Authentication Configuration WindowCustomized Portal Page Panel. Figure 7-10 Customize Your Splash Page Log User Behavior (Optional) Navigate: Dashboard-Access Page-Authentication Window-Authentication Configuration Window The user behaviors including online and offline are logged and sent to the specified TFTP server.
PAGE 89
Authentication Management Figure 7-11 Log User Behavior Specify Your Walled Garden (Optional) Navigate: Dashboard-Access Page-Black List & Whitelist Window-Walled Garden Tab. Figure 7-12 Wall Garden Specify Your Captive Portal Whitelist (Optional) Navigate: Dashboard-Access Page-Black List & Whitelist Window-White List Tab.
PAGE 90
Authentication Management Figure 7-13 Portal Whitelist Stellar AP User Guide ALCATEL-LUCENT ENTERPRISE 90
PAGE 91
Tools 8 Tools Tools are several commands provided for diagnosing and troubleshooting. The commands are applied to a single AP in the group. You can select an AP from the group and execute a command to discover the running information of the AP, such as system health, wireless health and reboot reason. Illustrated in Figure 8-1, Figure 8-2. Figure 8-1 Tools in Dashboard Figure 8-2 Troubleshooting Command Table8-1 describes the commands for troubleshooting.
PAGE 92
Tools show history syslog info traceroute ping show history reset reason AP log collection show channel utilization Show historic Syslog messages generated in last time system running (Before this time system up) of specified AP Traceroute from specified AP to another host in the network Ping operation from specified AP to another host in the network Show historic reboot reason of specified AP Collect AP log files for troubleshooting and download by TFTP/HTTP Display current 2.
PAGE 93
AP UI 9 AP UI AP UI is a dedicated web interface to monitor and configure single AP in the group, while group web management system is focus on cluster configuration as well as monitoring. In AP UI, you can: (1) Learn the WLANs status, connecting clients on the AP; (2) Configure DHCP/DNS/NAT services on the AP; (3) Configure wireless Mesh/Bridge feature for the AP; (4) Maintenance – Upgrade/Reset/Reboot the AP.
PAGE 94
AP UI Figure 9-2 AP UI When AP is working in the OmniVista Enterprise mode, you can open the AP UI through the “AP Web” hyperlink. More information can refer to help information on OmniVista platform. AP Interface Navigate: AP-UI -> Network -> AP Interface -> AP Interface Configuration. Figure 9-3 AP Interface • • • ENET0 – Uplink interface of the AP. Backhaul1 – Downlink interface of the Mesh/Bridge link. Connector1 – Uplink interface of the Mesh/Bridge link.
PAGE 95
AP UI • • • Link Status – Up/down. Enable – Indicate whether the AP interface is enabled or disabled. Operate – Can be applied to Backhaul1 or Connector1 interface for wireless mesh/bridge configuring. AP Network Navigate: AP-UI -> Network -> AP Networks. Figure 9-4 AP Network • • • • • • • • Network Name – Name of the network. There are 2 types of network on AP: VLAN networks mapping to WLAN (SSID); WAN networking mapping to AP uplink port. VLAN – VLAN ID mapping to specific WLAN (SSID).
PAGE 96
AP UI clients and establishes a mesh path to the mesh root, which uses its wired interface to connect to the switch. Figure 9-5 MESH Topology MESH Configuration: Out-of-box MESH: Out-of-box MESH is mainly used to improve the MESH deployment efficiency and administrator only needs to specify the root MESH point, other leaf MESH point can automatically join the MESH network without manual configuration.
PAGE 97
AP UI Figure 9-6 Configure Mesh Root Figure 9-7 Configure Mesh Leaf Edit the Backhaul/Connector interface to complete the MESH configuration. Either Backhaul configuration or Connector configuration is sufficient. The last saved configuration will be effective if Backhaul1 and Connector1 are both configured: • Enable – Enable/disable the wireless mesh on the AP. • Mode – AP working mode, mesh mode or bridge mode.
PAGE 98
AP UI Wireless Bridge Configuration: A point-to-point wireless bridge is used to connect LAN(s), which are often in different buildings, through the wireless interface. The wireless bridges eliminate the need for expensive leased lines and fiber-optic cables. Navigate: AP-UI -> Network -> AP Interface -> AP Interface Configuration. Edit the Backhaul1/Connector1 interface to complete the wireless bridge configuration. Either Backhaul1 configuration or Connector1 configuration is sufficient.
PAGE 99
AP UI 2. MESH AP can provide service to wireless client accompanied with MESH link. While Wireless Bridge AP can only provide bridge link, not able to connect wireless clients. Configure DHCP through AP UI Navigate: AP-UI -> Service -> DHCP. For an AP group in the same L2 domain, you can setup DHCP server on a specific AP in the group. Figure 9-9 DHCP Server in AP group Figure 9-10 DHCP Server • • Pool Name – Name of the DHCP pool. Pool Size – Size of the DHCP pool.
PAGE 100
AP UI • • • • • • • • • • Assign – IP addresses have been allocated. Network – Network to which the DHCP pool is bound. A Network usually means the VLAN mapping to specific SSID or the AP WAN interface. All the networks are displayed in the window: AP UI -> Network -> AP Networks. You must map the VLAN to a SSID before it can be displayed in the AP UI. Lease Time – Period of time that the IP address allocated can be used by the device. By default, lease time is 24 hours. Subnet – Subnet of the DHCP pool.
PAGE 101
AP UI • • • • • • Destination IP – Mapping destination IP address of the NAT rule, single IP or segment. Source Port – Mapping source port of the NAT rule. Destination Port – Mapping destination port of the NAT rule. Protocol Type – Network protocol to which the NAT rule is applied. Output Interface – Specify the outbound interface of the NAT rule. Translation – Use Masquerade, indicates the internal IP addresses will be translated to the interface IP address (gateway) of the network.
PAGE 102
AP UI Figure 9-13 Auto Neighbor AP Figure 9-14 Static Neighbor AP • • • • Order – Item number of the neighbor AP. MAC Address – MAC address of the neighbor AP. IP Address – IP address of the neighbor AP. Operate – Remove the neighbor AP, only applicable for static neighbor APs. RF Environment The RF Environment is used to view Scanning Mode data for APs. Wireless networks operate in environments with electrical and radio frequency devices that can interfere with network communications.
PAGE 103
AP UI Figure 9-15 RF Environment Figure 9-16 RF Scanning Data The RF • • • • • • • • scanning data can be viewed by selecting 2.4G/5G radio: Channel – Wi-Fi channel. Radio – Radio of the Wi-Fi channel. Utilization – Utilization of the Wi-Fi channel. Channel Width – Width of the Wi-Fi channel. Frequency Range – Frequency range of the Wi-Fi channel. Known APs – APs which are identified working in the same network with scanning APs on the Wi-Fi channel.
PAGE 104
AP UI Wireless Packet Capture Figure 9-17 Wireless Packet Capture User can use specific AP to capture wireless packets for troubleshooting purpose: • Channel – Specify the Wi-Fi channel for packet capture. • TFTP Server – The file server to which the packets captured will be uploaded. • Filter – A filter used to select the Wi-Fi packets wanted to be captured. o MAC1 – Target MAC for wireless packet capturing, could be destination MAC or Source MAC.
PAGE 105
Web Management with HTTPS 10 Web Management with HTTPS There are two methods to login to the AP group web management system: (1) HTTP protocol with URL http://AP-IP:8080 (For example: http://172.16.101.34:8080) or http://mywifi.al-enterprise.com:8080, which is simpler and easier for the user without needing to install the digital certificate; (2) HTTPS protocol with URL https://AP-IP (For example: https://172.16.101.34) or https://mywifi.alenterprise.
PAGE 106
Web Management with HTTPS Figure 10-2 Download Certificate from AP Install the Certificate on Different Platform accordingly You can follow the demonstrated steps to install the certificate based on the operating system and browser combinations. After you have installed the certificate successfully, you can access https://PVM-IP (For example: https://172.16.101.34) or https://mywifi.al-enterprise.com to manage the AP group.
PAGE 107
Web Management with HTTPS Figure 10-4 Case A – Step 2 Figure 10-5 Case A – Step 3 Stellar AP User Guide ALCATEL-LUCENT ENTERPRISE 107
PAGE 108
Web Management with HTTPS Figure 10-6 Case A – Step 4 Figure 10-7 Case A – Step 5 Stellar AP User Guide ALCATEL-LUCENT ENTERPRISE 108
PAGE 109
Web Management with HTTPS Figure 10-8 Case A – Step 6 Case B: Microsoft Windows + Mozilla Firefox When using Mozilla Firefox browser on Microsoft Windows, you can follow the steps illustrated from Figure 10-9 to Figure 10-13 to install the certificate.
PAGE 110
Web Management with HTTPS Figure 10-10 Case B – Step 2 Figure 10-11 Case B – Step 3 Stellar AP User Guide ALCATEL-LUCENT ENTERPRISE 110
PAGE 111
Web Management with HTTPS Figure 10-12 Case B – Step 4 Figure 10-13 Case B – Step 5 Stellar AP User Guide ALCATEL-LUCENT ENTERPRISE 111
PAGE 112
Web Management with HTTPS Case C: Apple MAC OS X + Google Chrome When using Google Chrome on Apple MAC OS X, you can follow the step illustrated from Figure 10-14 to Figure 10-22 to install the certificate.
PAGE 113
Web Management with HTTPS Figure 10-16 Case C – Step 3 Figure 10-17 Case C – Step 4 Stellar AP User Guide ALCATEL-LUCENT ENTERPRISE 113
PAGE 114
Web Management with HTTPS Figure 10-18 Case C – Step 5 Figure 10-19 Case C – Step 6 Stellar AP User Guide ALCATEL-LUCENT ENTERPRISE 114
PAGE 115
Web Management with HTTPS Figure 10-20 Case C – Step 7 Figure 10-21 Case C – Step 8 Stellar AP User Guide ALCATEL-LUCENT ENTERPRISE 115
PAGE 116
Web Management with HTTPS Figure 10-22 Case C – Step 9 Case D: Apple MAC OS X + Mozilla Firefox When using Mozilla Firefox browser on Apple MAC OS X platform, go to Mozilla Firefox and follow the steps to install the certificate. Case B: Microsoft Windows + Note 9-1: The recommended operating system and web browser refer to Prerequisites for Setting up and Accessing AP Group.
PAGE 117
End-User Software License Agreement A. End-User Software License Agreement ALCATEL-LUCENT ENTERPRISE USA, INC. ("ALU E") SOFTWARE LICENSE AGREEMENT IMPORTANT Please read the terms and conditions of this license agreement carefully before installing or downloading this software. The installation and use of the software is subject to these terms and conditions (Agreement).
PAGE 118
End-User Software License Agreement machine-readable form (the "Software"), and any documentation delivered with the Software (the "Documentation").
PAGE 119
End-User Software License Agreement a. Specific Disclaimer for High Risk Activities: The Software are not designed or intended for use in highrisk activities, including, without limitation, nuclear facilities, aircraft navigation or aircraft communication systems, air traffic control, direct life support machines, or weapons systems, in which the failure of the Components could lead directly to death, personal injury, or severe physical or environmental damage ("High Risk Activities").
PAGE 120
End-User Software License Agreement 13. Notes to United States Government Users. Software and documentation are provided with restricted rights. Use, duplication or disclosure by the government is subject to (i) restrictions set forth in GSA ADP Schedule Contract with ALU's reseller or distributor.(s), or (ii) restrictions set forth in subparagraph (c) (1) and (2) of 48 CFR 52.227-19, as applicable. 14. Third Party Materials.