Concept Guide

ManualsBrandsDell ManualsAccess PlatformsW-Series 228 Access Points

331

332

333

334

335

336

337

338

339

340

Table Of Contents

About this Guide
- Intended Audience
- Related Documents
- Conventions
- Contacting Dell
About Instant
- Instant Overview
- What is New in this Release
Setting up a W-IAP
- Setting up Instant Network
- Provisioning a W-IAP
- Logging in to the Instant UI
- Accessing the Instant CLI
Automatic Retrieval of Configuration
- Managed Mode Operations
- Prerequisites
- Configuring Managed Mode Parameters
- Verifying the Configuration
Instant User Interface
- Login Screen
- Main Window
Initial Configuration Tasks
- Configuring System Parameters
- Changing Password
Customizing W-IAP Settings
- Modifying the W-IAP Host Name
- Configuring Zone Settings on a W-IAP
- Specifying a Method for Obtaining IP Address
- Configuring External Antenna
- Configuring Radio Profiles for a W-IAP
- Configuring Uplink VLAN for a W-IAP
- Changing the W-IAP Installation Mode
- Changing USB Port Status
- Master Election and Virtual Controller
- Adding a W-IAP to the Network
- Removing a W-IAP from the Network
VLAN Configuration
- VLAN Pooling
- Uplink VLAN Monitoring and Detection on Upstream Devices
IPv6 Support
- IPv6 Notation
- Enabling IPv6 Support for W-IAP Configuration
- Firewall Support for IPv6
- Debugging Commands
Wireless Network Profiles
- Configuring Wireless Network Profiles
- Configuring Fast Roaming for Wireless Clients
- Configuring Modulation Rates on a WLAN SSID
- Multi-User-MIMO
- Management Frame Protection
- Disabling Short Preamble for Wireless Client
- Editing Status of a WLAN SSID Profile
- Editing a WLAN SSID Profile
- Deleting a WLAN SSID Profile
Wired Profiles
- Configuring a Wired Profile
- Assigning a Profile to Ethernet Ports
- Editing a Wired Profile
- Deleting a Wired Profile
- Link Aggregation Control Protocol
- Understanding Hierarchical Deployment
Captive Portal for Guest Access
- Understanding Captive Portal
- Configuring a WLAN SSID for Guest Access
- Configuring Wired Profile for Guest Access
- Configuring Internal Captive Portal for Guest Network
- Configuring External Captive Portal for a Guest Network
- Configuring Facebook Login
- Configuring Guest Logon Role and Access Rules for Guest Users
- Configuring Captive Portal Roles for an SSID
- Configuring Walled Garden Access
Authentication and User Management
- Managing W-IAP Users
- Supported Authentication Methods
- Supported EAP Authentication Frameworks
- Configuring Authentication Servers
- Understanding Encryption Types
- Configuring Authentication Survivability
- Configuring 802.1X Authentication for a Network Profile
- Enabling 802.1X Supplicant Support
- Configuring MAC Authentication for a Network Profile
- Configuring MAC Authentication with 802.1X Authentication
- Configuring MAC Authentication with Captive Portal Authentication
- Configuring WISPr Authentication
- Blacklisting Clients
- Uploading Certificates
Roles and Policies
- Firewall Policies
- Content Filtering
- Configuring User Roles
- Configuring Derivation Rules
- Using Advanced Expressions in Role and VLAN Derivation Rules
DHCP Configuration
- Configuring DHCP Scopes
- Configuring the Default DHCP Scope for Client IP Assignment
Configuring Time-Based Services
- Time Range Profiles
- Configuring a Time Range Profile
- Applying a Time Range Profile to a WLAN SSID
- Verifying the Configuration
Dynamic DNS Registration
- Enabling Dynamic DNS
- Configuring Dynamic DNS Updates for Clients
- Verifying the Configuration
VPN Configuration
- Understanding VPN Features
- Configuring a Tunnel from a W-IAP to a Mobility Controller
- Configuring Routing Profiles
IAP-VPN Deployment
- Understanding IAP-VPN Architecture
- Configuring W-IAP and Controller for IAP-VPN Operations
Adaptive Radio Management
- ARM Overview
- Configuring ARM Features on a W-IAP
- Configuring Radio Settings
Deep Packet Inspection and Application Visibility
- Deep Packet Inspection
- Enabling Application Visibility
- Application Visibility
- Enabling URL Visibility
- Configuring ACL Rules for Application and Application Categories
- Configuring Web Policy Enforcement Service
Voice and Video
- Wi-Fi Multimedia Traffic Management
- Media Classification for Voice and Video Calls
- Enabling Enhanced Voice Call Tracking
Services
- Configuring AirGroup
- Configuring a W-IAP for RTLS Support
- Configuring a W-IAP for Analytics and Location Engine Support
- Managing BLE Beacons
- Clarity Live
- Configuring OpenDNS Credentials
- Integrating a W-IAP with Palo Alto Networks Firewall
- Integrating a W-IAP with an XML API Interface
- CALEA Integration and Lawful Intercept Compliance
Cluster Security
- Overview
- Enabling Cluster Security
- Cluster Security Debugging Logs
- Verifying the Configuration
W-IAP Management and Monitoring
- Managing a W-IAP from W-AirWave
Uplink Configuration
- Uplink Interfaces
- Uplink Preferences and Switching
Intrusion Detection
- Detecting and Classifying Rogue W-IAPs
- OS Fingerprinting
- Configuring Wireless Intrusion Protection and Detection Levels
- Configuring IDS
Mesh W-IAP Configuration
- Mesh Network Overview
- Setting up Instant Mesh Network
- Configuring Wired Bridging on Ethernet 0 for Mesh Point
Mobility and Client Management
- Layer-3 Mobility Overview
- Configuring L3-Mobility
Spectrum Monitor
- Understanding Spectrum Data
- Configuring Spectrum Monitors and Hybrid W-IAPs
W-IAP Maintenance
- Upgrading a W-IAP
- Backing up and Restoring W-IAP Configuration Data
- Converting a W-IAP to a Remote AP and Campus AP
- Resetting a Remote AP or Campus AP to a W-IAP
- Rebooting the W-IAP
Monitoring Devices and Logs
- Configuring SNMP
- Configuring a Syslog Server
- Configuring TFTP Dump Server
- Running Debug Commands
- Uplink Bandwidth Monitoring
Hotspot Profiles
- Understanding Hotspot Profiles
- Configuring Hotspot Profiles
- Sample Configuration
ClearPass Guest Setup
- Configuring ClearPass Guest
- Verifying ClearPass Guest Setup
- Troubleshooting
IAP-VPN Deployment Scenarios
- Scenario 1—IPsec: Single Datacenter Deployment with No Redundancy
- Scenario 2—IPsec: Single Datacenter with Multiple Controllers for Redundancy
- Scenario 3—IPsec: Multiple Datacenter Deployment with Primary and Backup Cont...
- Scenario 4—GRE: Single Datacenter Deployment with No Redundancy
- Glossary
Acronyms and Abbreviations
- Glossary

333 | Intrusion Detection Dell Networking W-Series Instant 6.5.1.0-4.3.1.0 | User Guide

Containment Methods

You can enable wired and wireless containments to prevent unauthorized stations from connecting to your

Instant network.

Instant supports the following types of containment mechanisms:

l Wired containment—When enabled, W-IAPs generate ARP packets on the wired network to contain wireless

attacks.

n wired-containment-ap-adj-mac—Enables a wired containment to Rogue W-IAPs whose wired interface

MAC address is offset by one from its BSSID.

n wired-containment-susp-l3-rogue—Enables the users to identify and contain an W-IAP with a preset MAC

address that is different from the BSSID of the W-IAP, if the MAC address that the W-IAP provides is

offset by one character from its wired MAC address.

Enable the wired-containment-susp-l3-rogue parameter only when a specific containment is required, to

avoid a false alarm.

l Wireless containment—When enabled, the system attempts to disconnect all clients that are connected or

attempting to connect to the identified Access Point.

n None—Disables all the containment mechanisms.

n Deauthenticate only—With deauthentication containment, the Access Point or client is contained by

disrupting the client association on the wireless interface.

n Tarpit containment—With Tarpit containment, the Access Point is contained by luring clients that are

attempting to associate with it to a tarpit. The tarpit can be on the same channel or a different channel

as the Access Point being contained.

Figure 98 Containment Methods