Concept Guide
Table Of Contents
- About this Guide
- About Instant
- Setting up a W-IAP
- Automatic Retrieval of Configuration
- Instant User Interface
- Initial Configuration Tasks
- Basic Configuration Tasks
- Additional Configuration Tasks
- Customizing W-IAP Settings
- Modifying the W-IAP Hostname
- Configuring Zone Settings on a W-IAP
- Specifying a Method for Obtaining IP Address
- Configuring External Antenna
- Configuring Radio Profiles for a W-IAP
- Configuring Uplink VLAN for a W-IAP
- Changing USB Port Status
- Master Election and Virtual Controller
- Adding a W-IAP to the Network
- Removing a W-IAP from the Network
- VLAN Configuration
- Wireless Network Profiles
- Configuring Wireless Network Profiles
- Configuring Fast Roaming for Wireless Clients
- Editing Status of a WLAN SSID Profile
- Editing a WLAN SSID Profile
- Deleting a WLAN SSID Profile
- Wired Profiles
- Configuring a Wired Profile
- Assigning a Profile to Ethernet Ports
- Editing a Wired Profile
- Deleting a Wired Profile
- Link Aggregation Control Protocol
- Understanding Hierarchical Deployment
- Captive Portal for Guest Access
- Understanding Captive Portal
- Configuring a WLAN SSID for Guest Access
- Configuring Wired Profile for Guest Access
- Configuring Internal Captive Portal for Guest Network
- wConfiguring External Captive Portal for a Guest Network
- Configuring Facebook Login
- Configuring Guest Logon Role and Access Rules for Guest Users
- Configuring Captive Portal Roles for an SSID
- Configuring Walled Garden Access
- Authentication and User Management
- Managing W-IAP Users
- Supported Authentication Methods
- Supported EAP Authentication Frameworks
- Configuring Authentication Servers
- Understanding Encryption Types
- Configuring Authentication Survivability
- Configuring 802.1X Authentication for a Network Profile
- Configuring MAC Authentication for a Network Profile
- FConfiguring MAC Authentication with 802.1X Authentication
- hConfiguring MAC Authentication with Captive Portal Authentication
- Configuring WISPr Authentication
- Blacklisting Clients
- Uploading Certificates
- Roles and Policies
- Firewall Policies
- Content Filtering
- Configuring User Roles
- Configuring Derivation Rules
- Using Advanced Expressions in Role and VLAN Derivation Rules
- DHCP Configuration
- VPN Configuration
- IAP-VPN Deployment
- Adaptive Radio Management
- Deep Packet Inspection and Application Visibility
- Voice and Video
- Services
- AirGroup Configuration
- Configuring a W-IAP for RTLS Support
- Configuring a W-IAP for Analytics and Location Engine Support
- Configuring OpenDNS Credentials
- Integrating a W-IAP with Palo Alto Networks Firewall
- Integrating a W-IAP with an XML API interface
- CALEA Integration and Lawful Intercept Compliance
- W-IAP Management and Monitoring
- Managing a W-IAP from W-AirWave
- Image Management
- Resetting a W-IAP
- W-IAP and Client Monitoring
- Template-based Configuration
- Trending Reports
- Intrusion Detection System
- Wireless Intrusion Detection System (WIDS) Event Reporting to W-AirWave
- RF Visualization Support for Instant
- PSK-based and Certificate-based Authentication
- Configurable Port for W-IAP and W-AirWave Management Server Communication
- Configuring Organization String
- Managing a W-IAP from W-AirWave
- Uplink Configuration
- Intrusion Detection
- Mesh W-IAP Configuration
- Mobility and Client Management
- Spectrum Monitor
- W-IAP Maintenance
- Monitoring Devices and Logs
- Hotspot Profiles
- Understanding Hotspot Profiles
- Configuring Hotspot Profiles
- Creating Advertisement Profiles for Hotspot Configuration
- Configuring an NAI Realm Profile
- Configuring a Venue Name Profile
- Configuring a Network Authentication Profile
- Configuring a Roaming Consortium Profile
- Configuring a 3GPP Profile
- Configuring an IP Address Availability Profile
- Configuring a Domain Profile
- Configuring an Operator-friendly Profile
- Configuring a Connection Capability Profile
- Configuring an Operating Class Profile
- Configuring a WAN Metrics Profile
- Creating a Hotspot Profile
- Associating an Advertisement Profile to a Hotspot Profile
- Creating a WLAN SSID and Associating Hotspot Profile
- Creating Advertisement Profiles for Hotspot Configuration
- Sample Configuration
- ClearPass Guest Setup
- IAP-VPN Deployment Scenarios
- Terminology
226 | VPN Configuration Dell Networking W-Series Instant 6.4.3.1-4.2.0.0 | User Guide
Supported VPN Protocols
Instant support the following VPN protocols for remote access:
VPNProtocol Description
Dell IPsec IPsec is a protocol suite that secures IP communications by authenticating and encrypting each IP
packet of a communication session.
You can configure an IPsec tunnel to ensure that to ensure that the data flow between the
networks is encrypted. However, you can configure a split-tunnel to encrypt only the corporate
traffic.
When IPsec is configured, ensure that you add the W-IAP MAC addresses to the whitelist
database stored on the controller or an external server. IPsec supports Local, L2, and L3 modes
of IAP-VPN operations.
NOTE: The W-IAPs support IPsec only with Dell Controllers.
Layer-2 (L2)
GRE
Generic Routing Encapsulation (GRE) is a tunnel protocol for encapsulating multicast, broadcast,
and L2 packets between a GRE-capable device and an end-point. W-IAPs support the
configuration of L2 GRE (Ethernet over GRE)tunnel with a Dell Controller to encapsulate the
packets sent and received by the W-IAP.
You can use the GRE configuration for L2 deployments when there is no encryption requirement
between the W-IAP and controller for client traffic.
W-IAPs support two types of GRE configuration:
l Manual GRE—The manual GRE configuration sends unencrypted client traffic with an
additional GRE headerand does not support failover. When manual GRE is configured on the
W-IAP, ensure that the GRE tunnel settings are enabled on the controller.
l Dell GRE—With Dell GRE, no configuration on the controller is required except for adding the
W-IAP MAC addresses to the whitelist database stored on the controller or an external server.
Dell GRE reduces manual configuration when Per-AP tunnel configuration is required and
supports failover between two GRE end-points.
NOTE: W-IAPs support manual and Dell GRE configuration only for L2 mode of operations. Dell
GREconfiguration is supported only on Dell Controllerss.
L2TP The Layer 2 Tunneling Protocol version 3 (L2TPv3) feature allows W-IAP to act as L2TP Access
Concentrator (LAC) and tunnel all wireless clients L2 traffic from AP to L2TP Network Server
(LNS). In a centralized L2 model, the VLAN on the corporate side are extended to remote branch
sites. Wireless clients associated with W-IAP gets the IP address from the DHCP server running
on LNS. For this, AP has to transparently allow DHCP transactions through the L2TPv3 tunnel.
Table 44: VPN Protocols
Configuring a Tunnel from a W-IAP to Dell Networking W-Series
Mobility Controller
W-IAP supports the configuration of tunneling protocols such as Generic Routing Encapsulation (GRE), IPsec,
and L2TPv3. This section describes the procedure for configuring VPN host settings on a W-IAP to enable
communication with a controller in a remote location:
l Configuring an IPSec Tunnel on page 227
l Configuring an L2-GRETunnel on page 228
l Configuring an L2TPv3 Tunnel on page 231