Concept Guide
Table Of Contents
- About this Guide
- About Instant
- Setting up a W-IAP
- Automatic Retrieval of Configuration
- Instant User Interface
- Initial Configuration Tasks
- Basic Configuration Tasks
- Additional Configuration Tasks
- Customizing W-IAP Settings
- Modifying the W-IAP Hostname
- Configuring Zone Settings on a W-IAP
- Specifying a Method for Obtaining IP Address
- Configuring External Antenna
- Configuring Radio Profiles for a W-IAP
- Configuring Uplink VLAN for a W-IAP
- Changing USB Port Status
- Master Election and Virtual Controller
- Adding a W-IAP to the Network
- Removing a W-IAP from the Network
- VLAN Configuration
- Wireless Network Profiles
- Configuring Wireless Network Profiles
- Configuring Fast Roaming for Wireless Clients
- Editing Status of a WLAN SSID Profile
- Editing a WLAN SSID Profile
- Deleting a WLAN SSID Profile
- Wired Profiles
- Configuring a Wired Profile
- Assigning a Profile to Ethernet Ports
- Editing a Wired Profile
- Deleting a Wired Profile
- Link Aggregation Control Protocol
- Understanding Hierarchical Deployment
- Captive Portal for Guest Access
- Understanding Captive Portal
- Configuring a WLAN SSID for Guest Access
- Configuring Wired Profile for Guest Access
- Configuring Internal Captive Portal for Guest Network
- wConfiguring External Captive Portal for a Guest Network
- Configuring Facebook Login
- Configuring Guest Logon Role and Access Rules for Guest Users
- Configuring Captive Portal Roles for an SSID
- Configuring Walled Garden Access
- Authentication and User Management
- Managing W-IAP Users
- Supported Authentication Methods
- Supported EAP Authentication Frameworks
- Configuring Authentication Servers
- Understanding Encryption Types
- Configuring Authentication Survivability
- Configuring 802.1X Authentication for a Network Profile
- Configuring MAC Authentication for a Network Profile
- FConfiguring MAC Authentication with 802.1X Authentication
- hConfiguring MAC Authentication with Captive Portal Authentication
- Configuring WISPr Authentication
- Blacklisting Clients
- Uploading Certificates
- Roles and Policies
- Firewall Policies
- Content Filtering
- Configuring User Roles
- Configuring Derivation Rules
- Using Advanced Expressions in Role and VLAN Derivation Rules
- DHCP Configuration
- VPN Configuration
- IAP-VPN Deployment
- Adaptive Radio Management
- Deep Packet Inspection and Application Visibility
- Voice and Video
- Services
- AirGroup Configuration
- Configuring a W-IAP for RTLS Support
- Configuring a W-IAP for Analytics and Location Engine Support
- Configuring OpenDNS Credentials
- Integrating a W-IAP with Palo Alto Networks Firewall
- Integrating a W-IAP with an XML API interface
- CALEA Integration and Lawful Intercept Compliance
- W-IAP Management and Monitoring
- Managing a W-IAP from W-AirWave
- Image Management
- Resetting a W-IAP
- W-IAP and Client Monitoring
- Template-based Configuration
- Trending Reports
- Intrusion Detection System
- Wireless Intrusion Detection System (WIDS) Event Reporting to W-AirWave
- RF Visualization Support for Instant
- PSK-based and Certificate-based Authentication
- Configurable Port for W-IAP and W-AirWave Management Server Communication
- Configuring Organization String
- Managing a W-IAP from W-AirWave
- Uplink Configuration
- Intrusion Detection
- Mesh W-IAP Configuration
- Mobility and Client Management
- Spectrum Monitor
- W-IAP Maintenance
- Monitoring Devices and Logs
- Hotspot Profiles
- Understanding Hotspot Profiles
- Configuring Hotspot Profiles
- Creating Advertisement Profiles for Hotspot Configuration
- Configuring an NAI Realm Profile
- Configuring a Venue Name Profile
- Configuring a Network Authentication Profile
- Configuring a Roaming Consortium Profile
- Configuring a 3GPP Profile
- Configuring an IP Address Availability Profile
- Configuring a Domain Profile
- Configuring an Operator-friendly Profile
- Configuring a Connection Capability Profile
- Configuring an Operating Class Profile
- Configuring a WAN Metrics Profile
- Creating a Hotspot Profile
- Associating an Advertisement Profile to a Hotspot Profile
- Creating a WLAN SSID and Associating Hotspot Profile
- Creating Advertisement Profiles for Hotspot Configuration
- Sample Configuration
- ClearPass Guest Setup
- IAP-VPN Deployment Scenarios
- Terminology
330 | Mobility and Client Management Dell Networking W-Series Instant 6.4.3.1-4.2.0.0 | User Guide
When a client first connects to an Instant network, a message is sent to all configured Virtual Controller IP
addresses to see if this is an L3 roamed client. On receiving an acknowledgement from any of the configured
Virtual Controller IP addresses, the client is identified as an L3 roamed client. If the AP has no GRE tunnel to this
home network, a new tunnel is formed to an AP (home AP) from the client's home network.
Each foreign AP has only one home AP per Instant network to avoid duplication of broadcast traffic. Separate
GRE tunnels are created for each foreign AP / home AP pair. If a peer AP is a foreign AP for one client and a
home AP for another, two separate GRE tunnels are used to handle L3 roaming traffic between these APs.
If client subnet discovery fails on association due to some reason, the foreign AP identifies its subnet when it
sends out the first L3 packet. If the subnet is not a local subnet and belongs to another Instant network, the
client is treated as an L3 roamed client and all its traffic is forwarded to the home network through a GRE
tunnel.
Configuring L3-Mobility
To configure a mobility domain, you have to specify the list of all Instant networks that form the mobility
domain. To allow clients to roam seamlessly among all the APs, specify the Virtual Controller IP for each foreign
subnet. You may include the local Instant or Virtual Controller IP address, so that the same configuration can
be used across all Instant networks in the mobility domain.
It is recommended that you configure all client subnets in the mobility domain. When client subnets are
configured:
l If a client is from a local subnet, it is identified as a local client. When a local client starts using the IP address,
the L3 roaming is terminated.
l If the client is from a foreign subnet, it is identified as a foreign client. When a foreign client starts using the
IP address, the L3 roaming is set up.
Home Agent Load Balancing
Home Agent Load Balancing is required in large networks where multiple tunnels might terminate on a single
border or lobby AP and overload it. When load balancing is enabled, the Virtual Controller assigns the home AP
for roamed clients by using a round robin policy. With this policy, the load for the APs acting as Home Agents
for roamed clients is uniformly distributed across the W-IAP cluster.
Configuring a Mobility Domain for Instant
You can configure L3 mobility domain by using the Instant UI or CLI.
In the Instant UI
To configure a mobility domain, perform the following steps:
1. Click the System link at top right corner of the Instant main window. The System window is displayed.
2. Click the Show advanced options link. The advanced options are displayed.
3. Click L3 Mobility. The L3 Mobility window is displayed.