Concept Guide

ManualsBrandsDell ManualsAccess PlatformsW-Series 277 Access Points

401

402

403

404

405

406

407

408

409

410

Table Of Contents

About this Guide
- Intended Audience
- Related Documents
- Conventions
- Contacting Dell
About Instant
- Instant Overview
- What is New in this Release
Setting up a W-IAP
- Setting up Instant Network
- Provisioning a W-IAP
- Logging in to the Instant UI
- Accessing the Instant CLI
Automatic Retrieval of Configuration
- Managed Mode Operations
- Prerequisites
- Configuring Managed Mode Parameters
- Verifying the Configuration
Instant User Interface
- Login Screen
- Main Window
Initial Configuration Tasks
- Configuring System Parameters
- Changing Password
Customizing W-IAP Settings
- Modifying the W-IAP Host Name
- Configuring Zone Settings on a W-IAP
- Specifying a Method for Obtaining IP Address
- Configuring External Antenna
- Configuring Radio Profiles for a W-IAP
- Configuring Uplink VLAN for a W-IAP
- Changing the W-IAP Installation Mode
- Changing USB Port Status
- Master Election and Virtual Controller
- Adding a W-IAP to the Network
- Removing a W-IAP from the Network
VLAN Configuration
- VLAN Pooling
- Uplink VLAN Monitoring and Detection on Upstream Devices
IPv6 Support
- IPv6 Notation
- Enabling IPv6 Support for W-IAP Configuration
- Firewall Support for IPv6
- Debugging Commands
Wireless Network Profiles
- Configuring Wireless Network Profiles
- Configuring Fast Roaming for Wireless Clients
- Configuring Modulation Rates on a WLAN SSID
- Multi-User-MIMO
- Management Frame Protection
- Disabling Short Preamble for Wireless Client
- Editing Status of a WLAN SSID Profile
- Editing a WLAN SSID Profile
- Deleting a WLAN SSID Profile
Wired Profiles
- Configuring a Wired Profile
- Assigning a Profile to Ethernet Ports
- Editing a Wired Profile
- Deleting a Wired Profile
- Link Aggregation Control Protocol
- Understanding Hierarchical Deployment
Captive Portal for Guest Access
- Understanding Captive Portal
- Configuring a WLAN SSID for Guest Access
- Configuring Wired Profile for Guest Access
- Configuring Internal Captive Portal for Guest Network
- Configuring External Captive Portal for a Guest Network
- Configuring Facebook Login
- Configuring Guest Logon Role and Access Rules for Guest Users
- Configuring Captive Portal Roles for an SSID
- Configuring Walled Garden Access
Authentication and User Management
- Managing W-IAP Users
- Supported Authentication Methods
- Supported EAP Authentication Frameworks
- Configuring Authentication Servers
- Understanding Encryption Types
- Configuring Authentication Survivability
- Configuring 802.1X Authentication for a Network Profile
- Enabling 802.1X Supplicant Support
- Configuring MAC Authentication for a Network Profile
- Configuring MAC Authentication with 802.1X Authentication
- Configuring MAC Authentication with Captive Portal Authentication
- Configuring WISPr Authentication
- Blacklisting Clients
- Uploading Certificates
Roles and Policies
- Firewall Policies
- Content Filtering
- Configuring User Roles
- Configuring Derivation Rules
- Using Advanced Expressions in Role and VLAN Derivation Rules
DHCP Configuration
- Configuring DHCP Scopes
- Configuring the Default DHCP Scope for Client IP Assignment
Configuring Time-Based Services
- Time Range Profiles
- Configuring a Time Range Profile
- Applying a Time Range Profile to a WLAN SSID
- Verifying the Configuration
Dynamic DNS Registration
- Enabling Dynamic DNS
- Configuring Dynamic DNS Updates for Clients
- Verifying the Configuration
VPN Configuration
- Understanding VPN Features
- Configuring a Tunnel from a W-IAP to a Mobility Controller
- Configuring Routing Profiles
IAP-VPN Deployment
- Understanding IAP-VPN Architecture
- Configuring W-IAP and Controller for IAP-VPN Operations
Adaptive Radio Management
- ARM Overview
- Configuring ARM Features on a W-IAP
- Configuring Radio Settings
Deep Packet Inspection and Application Visibility
- Deep Packet Inspection
- Enabling Application Visibility
- Application Visibility
- Enabling URL Visibility
- Configuring ACL Rules for Application and Application Categories
- Configuring Web Policy Enforcement Service
Voice and Video
- Wi-Fi Multimedia Traffic Management
- Media Classification for Voice and Video Calls
- Enabling Enhanced Voice Call Tracking
Services
- Configuring AirGroup
- Configuring a W-IAP for RTLS Support
- Configuring a W-IAP for Analytics and Location Engine Support
- Managing BLE Beacons
- Clarity Live
- Configuring OpenDNS Credentials
- Integrating a W-IAP with Palo Alto Networks Firewall
- Integrating a W-IAP with an XML API Interface
- CALEA Integration and Lawful Intercept Compliance
Cluster Security
- Overview
- Enabling Cluster Security
- Cluster Security Debugging Logs
- Verifying the Configuration
W-IAP Management and Monitoring
- Managing a W-IAP from W-AirWave
Uplink Configuration
- Uplink Interfaces
- Uplink Preferences and Switching
Intrusion Detection
- Detecting and Classifying Rogue W-IAPs
- OS Fingerprinting
- Configuring Wireless Intrusion Protection and Detection Levels
- Configuring IDS
Mesh W-IAP Configuration
- Mesh Network Overview
- Setting up Instant Mesh Network
- Configuring Wired Bridging on Ethernet 0 for Mesh Point
Mobility and Client Management
- Layer-3 Mobility Overview
- Configuring L3-Mobility
Spectrum Monitor
- Understanding Spectrum Data
- Configuring Spectrum Monitors and Hybrid W-IAPs
W-IAP Maintenance
- Upgrading a W-IAP
- Backing up and Restoring W-IAP Configuration Data
- Converting a W-IAP to a Remote AP and Campus AP
- Resetting a Remote AP or Campus AP to a W-IAP
- Rebooting the W-IAP
Monitoring Devices and Logs
- Configuring SNMP
- Configuring a Syslog Server
- Configuring TFTP Dump Server
- Running Debug Commands
- Uplink Bandwidth Monitoring
Hotspot Profiles
- Understanding Hotspot Profiles
- Configuring Hotspot Profiles
- Sample Configuration
ClearPass Guest Setup
- Configuring ClearPass Guest
- Verifying ClearPass Guest Setup
- Troubleshooting
IAP-VPN Deployment Scenarios
- Scenario 1—IPsec: Single Datacenter Deployment with No Redundancy
- Scenario 2—IPsec: Single Datacenter with Multiple Controllers for Redundancy
- Scenario 3—IPsec: Multiple Datacenter Deployment with Primary and Backup Cont...
- Scenario 4—GRE: Single Datacenter Deployment with No Redundancy
- Glossary
Acronyms and Abbreviations
- Glossary

403 | IAP-VPN Deployment Scenarios Dell Networking W-Series Instant 6.5.1.0-4.3.1.0 | User Guide

Scenario 3—IPsec: Multiple Datacenter Deployment with Primary

and Backup Controllers for Redundancy

This scenario includes the following configuration elements:

l Multiple controller deployment model with controllers in different data centers operating as

primary/backup VPN with Fast Failover and preemption enabled.

l Split-tunneling of traffic.

l Split-tunneling of client DNS traffic.

l Two Distributed, L3 mode DHCPs, one each for employee and contractors; and one Local mode DHCP

server.

l RADIUS server within corporate network and authentication survivability enabled for branch survivability.

l Wired and wireless users in L3 and NAT modes, respectively.

l Access rules for wired and wireless users with source-NAT-based rule for contractor roles to bypass global

routing profile.

l OSPF based route propagation on controller.

Topology

Figure 122 shows the topology and the IP addressing scheme used in this scenario.

Figure 122 Scenario 3—IPsec: Multiple Datacenter Deployment with Primary and Backup Controllers for

Redundancy

The IP addressing scheme used in this example is as follows:

l 10.0.0.0/8 is the corporate network.

l 10.30.0.0/16 subnet is reserved for L3 mode –used by Employee SSID.