Concept Guide
Table Of Contents
- About this Guide
- About Instant
- Setting up a W-IAP
- Automatic Retrieval of Configuration
- Instant User Interface
- Initial Configuration Tasks
- Basic Configuration Tasks
- Additional Configuration Tasks
- Customizing W-IAP Settings
- Modifying the W-IAP Hostname
- Configuring Zone Settings on a W-IAP
- Specifying a Method for Obtaining IP Address
- Configuring External Antenna
- Configuring Radio Profiles for a W-IAP
- Configuring Uplink VLAN for a W-IAP
- Changing USB Port Status
- Master Election and Virtual Controller
- Adding a W-IAP to the Network
- Removing a W-IAP from the Network
- VLAN Configuration
- Wireless Network Profiles
- Configuring Wireless Network Profiles
- Configuring Fast Roaming for Wireless Clients
- Editing Status of a WLAN SSID Profile
- Editing a WLAN SSID Profile
- Deleting a WLAN SSID Profile
- Wired Profiles
- Configuring a Wired Profile
- Assigning a Profile to Ethernet Ports
- Editing a Wired Profile
- Deleting a Wired Profile
- Link Aggregation Control Protocol
- Understanding Hierarchical Deployment
- Captive Portal for Guest Access
- Understanding Captive Portal
- Configuring a WLAN SSID for Guest Access
- Configuring Wired Profile for Guest Access
- Configuring Internal Captive Portal for Guest Network
- wConfiguring External Captive Portal for a Guest Network
- Configuring Facebook Login
- Configuring Guest Logon Role and Access Rules for Guest Users
- Configuring Captive Portal Roles for an SSID
- Configuring Walled Garden Access
- Authentication and User Management
- Managing W-IAP Users
- Supported Authentication Methods
- Supported EAP Authentication Frameworks
- Configuring Authentication Servers
- Understanding Encryption Types
- Configuring Authentication Survivability
- Configuring 802.1X Authentication for a Network Profile
- Configuring MAC Authentication for a Network Profile
- FConfiguring MAC Authentication with 802.1X Authentication
- hConfiguring MAC Authentication with Captive Portal Authentication
- Configuring WISPr Authentication
- Blacklisting Clients
- Uploading Certificates
- Roles and Policies
- Firewall Policies
- Content Filtering
- Configuring User Roles
- Configuring Derivation Rules
- Using Advanced Expressions in Role and VLAN Derivation Rules
- DHCP Configuration
- VPN Configuration
- IAP-VPN Deployment
- Adaptive Radio Management
- Deep Packet Inspection and Application Visibility
- Voice and Video
- Services
- AirGroup Configuration
- Configuring a W-IAP for RTLS Support
- Configuring a W-IAP for Analytics and Location Engine Support
- Configuring OpenDNS Credentials
- Integrating a W-IAP with Palo Alto Networks Firewall
- Integrating a W-IAP with an XML API interface
- CALEA Integration and Lawful Intercept Compliance
- W-IAP Management and Monitoring
- Managing a W-IAP from W-AirWave
- Image Management
- Resetting a W-IAP
- W-IAP and Client Monitoring
- Template-based Configuration
- Trending Reports
- Intrusion Detection System
- Wireless Intrusion Detection System (WIDS) Event Reporting to W-AirWave
- RF Visualization Support for Instant
- PSK-based and Certificate-based Authentication
- Configurable Port for W-IAP and W-AirWave Management Server Communication
- Configuring Organization String
- Managing a W-IAP from W-AirWave
- Uplink Configuration
- Intrusion Detection
- Mesh W-IAP Configuration
- Mobility and Client Management
- Spectrum Monitor
- W-IAP Maintenance
- Monitoring Devices and Logs
- Hotspot Profiles
- Understanding Hotspot Profiles
- Configuring Hotspot Profiles
- Creating Advertisement Profiles for Hotspot Configuration
- Configuring an NAI Realm Profile
- Configuring a Venue Name Profile
- Configuring a Network Authentication Profile
- Configuring a Roaming Consortium Profile
- Configuring a 3GPP Profile
- Configuring an IP Address Availability Profile
- Configuring a Domain Profile
- Configuring an Operator-friendly Profile
- Configuring a Connection Capability Profile
- Configuring an Operating Class Profile
- Configuring a WAN Metrics Profile
- Creating a Hotspot Profile
- Associating an Advertisement Profile to a Hotspot Profile
- Creating a WLAN SSID and Associating Hotspot Profile
- Creating Advertisement Profiles for Hotspot Configuration
- Sample Configuration
- ClearPass Guest Setup
- IAP-VPN Deployment Scenarios
- Terminology
2. To create a new server, click New and configure the required RADIUSserver parameters as described in
Table 31.
3. Ensure that the following dynamic RADIUS proxy parameters are configured:
l DRP IP— IP address to be used as source IP for RADIUS packets
l DRP Mask—Subnet mask of the DRP IP address.
l DRP VLAN—VLAN in which the RADIUS packets are sent.
l DRP Gateway—Gateway IP address of the DRP VLAN.
4. Click OK.
In the CLI
To configure dynamic RADIUS proxy parameters:
(Instant AP)(config)# wlan auth-server <profile-name>
(Instant AP)(Auth Server <profile-name>)# ip <IP-address>
(Instant AP)(Auth Server <profile-name>)# key <key>
(Instant AP)(Auth Server <profile-name>)# port <port>
(Instant AP)(Auth Server <profile-name>)# acctport <port>
(Instant AP)(Auth Server <profile-name>)# nas-id <NAS-ID>
(Instant AP)(Auth Server <profile-name>)# nas-ip <NAS-IP-address>
(Instant AP)(Auth Server <profile-name>)# timeout <seconds>
(Instant AP)(Auth Server <profile-name>)# retry-count <number>
(Instant AP)(Auth Server <profile-name>)# deadtime <minutes>
(Instant AP)(Auth Server <profile-name>)# drp-ip <IP-address> <mask> vlan <vlan> gateway
<gateway-IP-address>
(Instant AP)(Auth Server <profile-name>)# end
(Instant AP)# commit apply
Associate Server Profiles to a Network Profile
To associate the authentication server profiles with a network profile:
1. Access the WLAN wizard or Wired Settings window.
l To open the WLAN wizard, select an existing SSID on the Network tab, and click edit.
l To open the wired settings window, click More > Wired. In the Wired window, select a profile and click
Edit.
You can also associate the authentication servers when creating a new WLAN or wired profile.
2. Click the Security tab.
3. If you are configuring the authentication server for a WLAN SSID, under Security tab, slide to Enterprise
security level.
4. Ensure that an authentication type is enabled.
5. From the Authentication Server 1 drop-down list, select the server name on which dynamic RADIUS
proxy parameters are enabled. You can also create a new server with RADIUS and RADIUSproxy
parameters by selecting New.
6. Click Next and then click Finish.
7. To assign the RADIUSauthentication server to a network profile, select the newly added server when
configuring security settings for a wireless or wired network profile.
You can also add an external RADIUSserver by selecting New for Authentication Server when
configuring a WLAN or wired profile. For more information, see Configuring Security Settings for a
WLAN SSID Profile on page 104 and Configuring Security Settings for a Wired Profile on page 121.
In the CLI
To associate an authentication server to a WLAN SSID:
Dell Networking W-Series Instant 6.4.3.1-4.2.0.0 | User Guide Authentication and User Management | 172