RoamAbout ® Switch Manager User’s Guide Version 5.
Notice Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and its web site without prior notice. The reader should in all cases consult Enterasys Networks to determine whether any such changes have been made. The hardware, firmware, or software described in this document is subject to change without notice.
Enterasys Networks, Inc. Firmware License Agreement BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT, CAREFULLY READ THIS LICENSE AGREEMENT. This document is an agreement (“Agreement”) between the end user (“You”) and Enterasys Networks, Inc.
4. EXPORT RESTRICTIONS. You understand that Enterasys and its Affiliates are subject to regulation by agencies of the U.S. Government, including the U.S. Department of Commerce, which prohibit export or diversion of certain technical products to certain countries, unless a license to export the Program is obtained from the U.S. Government or an exception from obtaining such license may be relied upon by the exporting party.
9. OWNERSHIP. This is a license agreement and not an agreement for sale. You acknowledge and agree that the Program constitutes trade secrets and/or copyrighted material of Enterasys and/or its suppliers. You agree to implement reasonable security measures to protect such trade secrets and copyrighted material. All right, title and interest in and to the Program shall remain with Enterasys and/or its suppliers. All rights not specifically granted to You shall be reserved to Enterasys. 10. ENFORCEMENT.
Enterasys Networks, Inc. Software License Agreement This document is an agreement (“Agreement”) between You, the end user, and Enterasys Networks, Inc. (“Enterasys”) that sets forth your rights and obligations with respect to the software contained in CD‐ROM or other media. BY UTILIZING THE ENCLOSED PRODUCT, YOU ARE AGREEING TO BECOME BOUND BY THE TERMS OF THIS AGREEMENT, WHICH INCLUDES THE LICENSE AND THE LIMITATION OF WARRANTY AND DISCLAIMER OF LIABILITY.
5. PROTECTION AND SECURITY. You agree not to deliver or otherwise make available the Licensed Materials or any part thereof, including without limitation the object or source code (if provided) of the Licensed Software, to any party other than Enterasys or its employees, except for purposes specifically related to your use of the Licensed Software on a single computer as expressly provided in this Agreement, without the prior written consent of Enterasys.
IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, WHICH ARE EXPRESSLY DISCLAIMED, AND STATEMENTS OR REPRESENTATIONS MADE BY ANY OTHER PERSON OR FIRM ARE VOID. ONLY TO THE EXTENT SUCH EXCLUSION OF ANY IMPLIED WARRANTY IS NOT PERMITTED BY LAW, THE DURATION OF SUCH IMPLIED WARRANTY IS LIMITED TO THE DURATION OF THE LIMITED WARRANTY SET FORTH ABOVE. YOU ASSUME ALL RISK AS TO THE QUALITY, FUNCTION AND PERFORMANCE OF THE LICENSED MATERIALS.
viii
Contents Introducing the Enterasys Networks Mobility System Enterasys Networks Mobility System ...............................................................................................................xv Documentation .................................................................................................................................................xv Planning, Configuration, and Deployment ..................................................................................................
Which Planning Method Should I Use? .................................................................................................... 2-4 Configuration .................................................................................................................................................. 2-6 Wireless Configuration ............................................................................................................................. 2-7 AAA Security Configuration ..........................
Chapter 4: Using RF Auto-Tuning What Is RF Auto-Tuning? ............................................................................................................................... 4-1 Place Your Equipment .................................................................................................................................... 4-2 Configure Initial RoamAbout Switch Connectivity ..........................................................................................
Chapter 7: Managing and Monitoring Your Network What is Network Management? ..................................................................................................................... 7-1 What Is Network Monitoring? ......................................................................................................................... 7-1 Deploy Your Configuration .............................................................................................................................
Chapter 9: Optimizing a Network Plan Using RF Measurements from an Ekahau Site Survey .................................................................................. 9-2 Generating an Ekahau Site Survey Work Order ...................................................................................... 9-2 Importing RF Measurements from the Ekahau Site Survey ..................................................................... 9-4 Optimizing the RF Coverage Model ...........................................
xiv
Introducing the Enterasys Networks Mobility System This guide provides information about planning, configuring, deploying, and managing an Enterasys Networks Mobility System Wireless LAN (WLAN) using the RoamAbout Switch Manager (RASM) tool suite. Read this guide if you are a network administrator or a person responsible for managing a WLAN.
Installation • Regulatory Information. Important safety instructions and compliance information that you must read before installing Enterasys Networks products • RoamAbout Access Point Installation Guide. Instructions and specifications for installing an access point and connecting it to a RoamAbout switch • RoamAbout Switch Installation Guide. Instructions and specifications for installing a RoamAbout switch in an Enterasys Mobility System WLAN, and basic instructions for deploying a secure IEEE 802.
Convention Use { } (curly brackets) Enclose mandatory parameters in command syntax. | (vertical bar) Separates mutually exclusive options in command syntax. Getting Help For additional support related to the product or this document, contact Enterasys Networks using one of the following methods: World Wide Web http://www.enterasys.com/services/support/ Phone 1-800-872-8440 (toll-free in U.S.
xviii Introducing the Enterasys Networks Mobility System
1 Getting Started This section contains information about recommended system requirements you should meet for optimum RoamAbout Switch Manager (RASM) performance, installing RASM client and RASM Services software, and an introduction to using the RASM interface. For information about... Refer to page...
Hardware Requirements for RASM Services Table 1‐2 shows the minimum requirements to run the RASM client on the Sun Solaris platform.
Hardware Requirements for RASM Services Table 1‐5 shows the minimum requirements to run the RASM Services on the Sun Solaris platform.
Software Requirements Software Requirements RASM client and RASM Services are supported on the following operating systems: • Microsoft Windows Server 2003, Microsoft Windows XP with Service Pack 1 or higher, or Microsoft Windows 2000 with Service Pack 4 • Sun Solaris 8 and Solaris 9 • SUSE Linux 9.1 and Red Hat WS 3 • Apple Macintosh OS 10.4x with Java 1.5 Note: You must use the English version of the operating system you select.
Preparing for Installation Serial Number and License Key The serial number is included with your RASM software packaging. You must request a license key from Enterasys Networks for each host on which you plan to use site planning or monitoring. One license allows you to use RASM planning or install the monitoring service on one system. Depending on the license, you might also have restrictions on the number of access points you can manage using RASM.
Preparing for Installation Table 1-7 Recommended Server Hardware Allocation (continued) Number of Radios 1-25 RoamAbout Switches 25-50 RoamAbout Switches 50+ RoamAbout Switches 1000 – 2000 2.4 MHz P4 3.0 GHz P4 3.6 GHz Xeon 1000 MB RAM 1000 MB RAM 2 GB RAM 2 GB HD 2 GB HD 2 GB HD RASM Services Options RASM Services can be installed either in standalone mode or shared mode. Standalone mode is when RASM client and RASM Services are installed on one machine.
Installing RASM Installing RASM The RASM installation program installs either RASM client, RASM Services, or both. This section contains information about the following topics: • “Using the Installation Wizard” on page 1‐8 • “RASM Access Control” on page 1‐12 Unpacking Files Windows To unpack files on Windows systems: 1. Insert the RASM CD into the CD‐ROM drive. If Autorun is enabled, wait briefly for the installation program to start.
Installing RASM 4. When the installation is complete, restart the computer. The installer does not make any path changes during installation. You might want to configure path information, to make RASM easy to start on your system. RASM must be run at the root level. Using the Installation Wizard To use the installation wizard: 1. On the Choose Installation Type page, select one of the following: • To install both the RASM server and the client, click the RASM Services icon.
Installing RASM Start the RASM Services on a Unix or Linux System To start RASM Services manually, type a command such as the following: solaris# rm-services start Stop the RASM services on a UNIX or Linux System To stop RASM Services manually, type a command such as the following: solaris# rm-services stop Configure RASM Services as a daemon The following examples assume that RASM Services is installed in the default location.
Installing RASM Enter the password, if prompted. To stop or restart RASM Services, enter the following commands: # sudo ./rm-services stop # sudo ./rm-services restart Either of these commands may require you to enter a password. These examples assume that RASM Services is installed in the default location. Connect RASM Clients to RASM Services To connect the client to services: 1. Select Start > Programs > Enterasys Networks > RASM. The RASM Services Connection wizard is displayed. 2.
Installing RASM Configure RASM Services You can change the properties of RASM Services. Note: If a firewall is enabled on the host where you install RASM Services, RASM Services will not be able to communicate with RASM client or with RoamAbout switches unless the firewall is configured to allow through traffic for the SSL and SNMP ports (443 and 162 by default). To configure RASM Services: 1. Select Services > Setup.
Installing RASM • From the Key Store area of the window, specify security settings. The Auto‐Config IP Subnet Matching option is used for field replacement of RoamAbout Switches. For information, refer to “Configuring RoamAbout Switches Remotely” in the RoamAbout Switch Manager Interface Reference Guide. Click Access Control on the left to define user accounts. For more information about access control, refer to “RASM Access Control” on page 1‐12.
RASM Interface RASM Interface This section contains the following topics: • “Display the Main Window” on page 1‐13 • “Using the Toolbar and Menu Bar” on page 1‐14 • “Setting Preferences” on page 1‐14 • “Easy Configuration Using Wizards” on page 1‐15 • “Easy Configuration Using Wizards” on page 1‐15“Easy Configuration Using Wizards” on page 1‐15 Display the Main Window When you start RASM client and log onto RASM Services, a network plan is displayed by the RASM client (see Figure 1‐2 on page 1‐14
RASM Interface Figure 1-2 RASM Main Window Organizer panel Content panel Task panel Toolbar Alerts panel Server Icon Using the Toolbar and Menu Bar The main RASM window has a toolbar that provides quick access to features and summary views. You can use the Back and Forward buttons to cycle through your display selections. The menu bar (located above the toolbar) provides access to administrative options such as plan management and access to online help.
RASM Interface 2. Select any of the tabs, make modifications in the fields, and select Reset All to reset preferences. Easy Configuration Using Wizards Wizards help walk administrators through configuration steps. There are many wizards in the RASM application. Enter the required fields and click Next at the bottom of the wizard to display the next step. Click Cancel to discard any changes made with the wizard. When you are done, click Finish or OK to save changes.
RASM Interface Getting Help Click Help from the Main menu bar to access online help and other information: 1-16 1. Select Help > Help to display HTML help about configuring and using RASM. 2. Select Services > Licensing to open a browser window and view product licensing information, or to get access to Enterasys Networks product licensing server web page. 3. Select Help > Report Problem to report a problem to Enterasys Technical Support. 4.
2 Planning and Managing Your Wireless Network This section contains information about planning and managing your wireless network with RoamAbout Switch Manager (RASM). Planning your wireless network is highly recommended because it not only helps you configure and deploy it, but also aids in scaling and monitoring your network. Enterasys Networks provides you with flexible tools to assist with network planning. For information about... Refer to page...
Which Services to Provide? Which Services to Provide? What is a service?: A service is a concept (not a selectable item in the RASM interface) that represents a set of options you configure and deploy on your wireless network. You configure services to support the different levels of network access you need to provide. For example, a service configured to support employee access will have different options configured to provide greater access to the network.
RF Coverage Area RF Coverage Area What is an RF coverage area?: An RF coverage area is the geographical area in which IEEE 802.11 radios provide wireless services. Purpose of this section: To describe the three techniques you can use for RF coverage. Why is this important?: By understanding available RF coverage planning techniques, you can use the technique that meets your organization’s requirements.
RF Coverage Area RF Planning To do RF Planning, you provide detailed information about your site and buildings by importing AutoCAD DXF™, AutoCAD DWG, JPEG, or GIF floor plan files of the buildings into RASM. As you import the floor plans, you can modify them to add or remove RF obstacles. You define RF obstacles by specifying the attenuation factor in decibels for the obstacle. In addition, RASM includes a library of attenuators for building obstacles.
RF Coverage Area Refer to Table 2‐1 for some guidelines to help you determine what planning technique is right for your organization.
Configuration Configuration Purpose of this section: To describe the main areas of the Enterasys Network (RoamAbout switch and DAPs) you will configure in RASM. Why is this important?: To provide you with overview information about the software so that you can plan a configuration to support the services you require. You will configure the wireless configuration and AAA security configuration for each service you provide on your wireless network.
Configuration Wireless Configuration Wireless configuration focuses on the configuration tasks (radio configuration and AAA configuration) you do to deliver the virtual wireless services you want to provide on your network. You enable the APs to operate according to your planned RF coverage requirements. Most of the wireless configuration is done as you plan your RF coverage and create your radio profiles and service profiles.
Configuration For each service you want to provide, you configure the following items in a service profile: • The SSID name • SSID advertisement (whether the SSID name is beaconed) • Whether the SSID name is encrypted or clear (not encrypted) • Web page (if using WebAAA) • Multiple encryption choices (Dynamic/static WEP, WPA, WEP + WPA, 802.11i) Note: You also must configure AAA security configuration items for each service. For more information, see “AAA Security Configuration” on page 2-8.
Configuration Figure 2-4 Authentication Flowchart for Network Users Client associates with Enterasys radio Client requests encrypted SSID? Yes 802.1X rule that matches SSID? Client responds to 802.1X? Yes No Yes No Authent. Allow succeeds? Yes Client No No Refuse Client Authent.
Configuration Authorization Authorization is the method for providing users with specific rights to the network by associating attribute‐value (AV) pairs to the user. AAA authorization works by assembling a set of attributes that describe what the user is authorized to perform. These attributes are compared to the information contained in a local database or on a RADIUS server for a given user and the result is returned to the RoamAbout switch to determine the user’s actual capabilities and restrictions.
Configuration Configure Basic RoamAbout Switch Properties To configure basic RoamAbout switch properties, you specify a name, select a model, select its location by wiring closet, and select the Mobility System Software (MSS) you want to run on the switch. Optionally, you can select an MSS image to download when you deploy changes to the RoamAbout switch. You also can specify if the switch is managed. A RoamAbout switch that is physically installed as well as configured can be managed.
Equipment Installation Equipment Installation Switch Installation Perform the following steps to physically install a RoamAbout switch: 1. Unpack and rack the RoamAbout switch in the wiring closet or data center location. 2. Plug the RoamAbout switch electrical cord into a power outlet. 3. Connect a network access cable from your existing network to one of the Ethernet ports on the switch (10/100 or Gigabit Ethernet, depending on the RoamAbout switch model and available interfaces on the network).
Management and Monitoring Management and Monitoring Purpose of this section: To provide an overview of the management and monitoring capabilities offered in RASM. Why is this important?: Understanding the management and monitoring tools available in RASM can help you to quickly identify and correct problems in your wireless network, as well as to provide you with the statistics and reporting information you need to optimize your network.
Management and Monitoring previous 30 days, week, or day. You can display and print the charts from RASM, as well as generate a report. Client Monitoring Client monitoring provides current and historical information about the clients using your network, including client activity, watch list clients, current client sessions, and the ability to locate clients at your site.
Management and Monitoring Rogue Detection A rogue AP is an access point that is not authorized to operate in or near your network. You can use RF countermeasures to deny service to or from a targeted rogue AP, and render them ineffective. Once a rogue AP is detected and reported, the closest RoamAbout access point is assigned to perform RF countermeasures. By spoofing various 802.
Management and Monitoring Table 2-2 RASM Reports (continued) Report Description Client Monitoring Reports Client Session Summary Displays summary data for sessions in the selected scope. Client Session Details Displays detailed session information. Client Errors Provides data on client-related health in the network over time; for example, if there is a large number of association failures in some area of the network.
RF Plan Optimization RF Plan Optimization What is optimization?: Importing RF measurement data into an RF model to improve the accuracy of the model. Purpose of this section: Provides an overview of optimization methods. Why is this important?: A network plan contains the configuration settings that determine the performance of your wireless network. Optimization of the RF model leads to a more successful RF plan.
RF Plan Optimization 2-18 Planning and Managing Your Wireless Network
3 Configuring Wireless Services For information about... Refer to page... What Are Services? 3-1 Configure Employee Access Services 3-2 Configure Guest Access Services 3-18 Configure Voice over Wireless IP Service 3-33 What’s Next? 3-46 What Are Services? A service is a concept that represents a set of options you configure and deploy on your wireless network; it is not a selectable item in the RASM interface.
Configure Employee Access Services Configure Employee Access Services Services for Employee access are typically configured to provide secure, encrypted access to the wireless network. The following sections provide information about how to configure Employee access: • “Task Table” on page 3‐2 • “Step Summary” on page 3‐4 • “Example: Configure Employee Access” on page 3‐5 Table 3‐1 contains the tasks you need to perform to create a service for employee access.
Configure Employee Access Services Table 3-1 Creating a Service for Employee Access (continued) Task Path Primary Parameters to Configure “Configure RADIUS Servers” on page 3-7 1. Toolbar option: select Configuration. From the Create RADIUS Server wizard: • Name: enter server name 2. Organizer panel: expand the RoamAbout Switch. • IP Address: enter server IP address 3. Expand AAA. • Key: enter key 4. Click RADIUS. • Server group: allow the wizard to create it 5.
Configure Employee Access Services Step Summary The following list summarizes the fields selected or configuration items entered in the example that follows to configure Employee access: 1. 2. Create a radio profile. a. From the Radio Profile wizard, enter RadioProfile1 as the name of the radio profile. b. Click Finish. Configure the RADIUS back end: a. Configure the RADIUS server for 802.1X. Use the recommended EAP method, PEAP + MS‐CHAPv2. b. Set up each RoamAbout Switch as a RADIUS client. c.
Configure Employee Access Services Example: Configure Employee Access The following detailed steps provide an example of how to configure Employee services. You will: • “Create a Radio Profile” on page 3‐5 • “Configure RADIUS Servers” on page 3‐7 • “Create a Service Profile for 802.1X Access” on page 3‐10 • “Set Up VLANs on RoamAbout Switches” on page 3‐15 In general, these same steps are required to configure other services, too.
Configure Employee Access Services 5. Enter the name of the radio profile, then click Next at the bottom of the wizard. 6. If APs are already configured, select the radios to map to the radio profile, then click Move. RoamAbout Switch Manager removes the radios from the radio profile they are in and places them in the new profile. If you have not configured the APs in RoamAbout Switch Manager yet, no radios are listed. You can map the radios to the radio profile later. 7.
Configure Employee Access Services Configure RADIUS Servers Remote Authentication Dial‐In User Service (RADIUS) is a client‐server security protocol that provides authentication, authorization, and accounting for network users and devices. A RADIUS server stores user profiles, which include usernames, passwords, and other user attributes.
Configure Employee Access Services 6. Click Finish to save the server and create the server group. The new server and group appear in the Content panel.
Configure Employee Access Services Configure Attributes on the RADIUS Server To authenticate users, configure users either in the local database or on RADIUS servers. To configure services for Employee access, configure the following items configured on the RADIUS server. To configure the RADIUS server: 1. Configure RADIUS server to perform 802.1X using the recommended EAP method PEAP + MSCHAPV2. 2. Set up each RoamAbout Switch as a RADIUS client. 3.
Configure Employee Access Services Table 3-2 Enterasys Networks VSAs (continued) Attribute URL 4. Type, Vendor ID, Vendor Type 26, 14525, 8 Rcv in Access Resp? Sent in Access Reqst? Sent in Acct Reqst? Yes No No Description URL to which the user is redirected after successful Web authentication. Use the following format: http://www.example.
Configure Employee Access Services 5. Click Next. 6. Change the service profile name to Secure‐802.1X‐Employees, and use the same name for the SSID. 7. Click Next. Select WPA and deselect Dynamic WEP. 8. Click Next. TKIP is already selected.
Configure Employee Access Services 9. Click Next. Leave External RADIUS Server selected as the EAP Type. 10. Select the RADIUS server group in the Available RADIUS Server Groups list and click Add. 11. Click Next. Type vlan‐mkt in the VLAN Name box. 12. Click Next. Select RadioProfile1 in the Available Radio Profiles list and click Add. Select default in the Current Radio Profiles list and click Remove.
Configure Employee Access Services 13. Click Finish. The new service profile appears in the Content panel.
Configure Employee Access Services View the Service Profile’s Access Rules Every service profile requires access rules. The access rules specify the usernames or MAC addresses that are allowed to access the SSID. The service profile wizards automatically create access rules that match on all usernames or, for VoWIP services, that match on all MAC addresses. To view an 802.1X service profile’s access rules: 1.
Configure Employee Access Services Modify or Create Access Rules Refer to the “Modifying SSID Encryption Settings and Access Rules” section in the “Configuring Wireless Parameters” chapter of the RoamAbout Switch Manager Interface Reference Guide. Set Up VLANs on RoamAbout Switches RoamAbout Switches in a Mobility Domain contain a user’s traffic within the VLAN to which the user is assigned.
Configure Employee Access Services 5. Enter vlan‐mkt as the VLAN name and use the VLAN ID suggested by the wizard. 6. Click Next. Select the ports you want to use in the VLAN and click Add or Move. • The Add button adds the ports to the new VLAN without removing them from any other VLANs. • The Move button removes the ports from all other VLANs, and places them in the new VLAN. The ports appear in the Current Members list. To tag ports in the VLAN, select Tag and edit the tag value.
What’s Next? What’s Next? After you create Employee services, you can create additional services. For information about configuring additional services, refer to: • “Configure Guest Access Services” on page 3‐18 • “Configure Voice over Wireless IP Service” on page 3‐33 After you have created additional services, you can create your RF environment, deploy the configuration, and enable monitoring.
Configure Guest Access Services Configure Guest Access Services Guest access is access for visitors at your location, and is typically clear (no encryption). This section contains the following information about how to configure Guest access services: • “Task Table” on page 3‐18 • “Step Summary” on page 3‐19 • “Optional: Configure Mobility Profiles” on page 3‐31 Table 3‐3 on page 3‐18 contains the tasks to configure Guest access services. The “Step Summary” provides the configurable options to set.
Configure Guest Access Services Table 3-3 Creating a Service for Guest Access (continued) Task Path Primary Parameters to Configure “Create a Service Profile for Guest Access with Web Login” on page 3-25 1. Toolbar option: select Configuration. From the Create Service Profile wizard: • Service profile name: edit name 2. Organizer panel: expand the RoamAbout Switch. • SSID name: enter name 3. Expand Wireless. 4. Click Wireless Services. 5. Select Web Portal Service Profile in the Task List.
Configure Guest Access Services 3. Create a Web‐Portal service profile. a. From the Web‐Portal Service Profile wizard, click Next and enter Web‐Portal‐Guests as the Name of the service profile and Guests as the SSID. b. Click Next. Enter guest_vlan. c. Click Next. Click Next again. Select LOCAL and click Add. d. Click Next. Click Next again. Select RadioProfile1 and click Add. Select default and click Remove. e. 4. 5. Click Finish. Set up a VLAN on the RoamAbout Switches. a.
Configure Guest Access Services 5. Enter the username and password. Leave the User Group unassigned. (You can add the user to the group when you create the group.) Leave the VLAN name unassigned. Note: For Web Portal access, you specify the VLAN name when you configure the guest service profile. (refer to Step 8 on page 3-22.) 6. Click Next. The wizard lists the authorization attributes you can configure for the user.
Configure Guest Access Services 8. Click Finish. The new user appears in the Content panel.
Configure Guest Access Services Create a User Group and Add Users to the Group To create a user group and add users to the group: 1. In the Task List panel, select User Group. 2. Type a name for the group in the name box, and click Next. The wizard lists the authorization attributes you can configure for the group. For this example, leave the attributes unconfigured.
Configure Guest Access Services 4. Click Finish. The new group appears in the Content panel.
Configure Guest Access Services Create a Service Profile for Guest Access with Web Login To create a Web‐Portal service profile: 1. Select Configuration on the toolbar. 2. In the Organizer panel, expand the RoamAbout Switch. 3. Expand Wireless, then select Wireless Services. 4. In the Task List panel, select Web‐Portal Service Profile. The Web‐Portal Wireless Service wizard is displayed. 5. Click Next.
Configure Guest Access Services 6. Change the service profile name to Web‐Portal‐Guests, and use the name Guests for the SSID. 7. Select one of the following SSID types: • Encrypted—Traffic on the SSID is encrypted. • Clear—Traffic on the SSID is unencrypted. For this example, Clear is selected. 8. Click Next. Type, or select, the name of the VLAN you want to place your guests users in. For this example, use guest‐vlan. Notes: Typing the VLAN name here does not actually configure the VLAN.
Configure Guest Access Services 9. Click Next. The wizard displays the ACL that will automatically be added to the configuration by the wizard. The ACL restricts users to DHCP traffic only while the users are in the portal and are being authenticated. After successful authentication, the user is allowed through the portal and the ACL no longer applies to the user session.
Configure Guest Access Services 10. Click Next. Select the location of the user information and click Add: • LOCAL—The switch’s local database • RADIUS server group—group of external RADIUS servers (For a server group to be available in the wizard, the group must already be configured. Refer to “Configure RADIUS Servers” on page 3‐7.) For this example, LOCAL is selected. 11. Click Next. The wizard shows the user names configured in the local database.
Configure Guest Access Services The users created in “To create users:” on page 3‐20 are listed. If you need to add users, click Create in the wizard. 12. Click Next. Select RadioProfile1 in the Available Radio Profiles list. To create a new radio profile, click on the Create new Radio Profile checkbox and follow the wizard’s instructions. 13. Click Finish.
Configure Guest Access Services The new service profile appears in the Content panel. View the Service Profile’s Access Rules. Viewing a Web-Portal Service Profile’s Access Rules To view a Web‐Portal service profile’s access rules: 1. Select the service profile in the Wireless Service Profiles table (located in the Content panel). A Setup group appears in the Task List panel. 2. In the Task List panel, select Web Portal Access. The Configure 802.1X Access wizard appears.
Configure Guest Access Services Optional: Configure Mobility Profiles Mobility Profile™ attributes allow or deny access to the network for a specific user or group of users. When you create a Mobility Profile, you specify which AP ports, Distributed APs, or wired authentication ports are to be included. Typically, you include ports that are defined as AP ports or Distributed APs. You can specify that all or no ports are included, or you can specify a list of ports to be included.
What’s Next? What’s Next? After you create Guest services, you can create another service.
Configure Voice over Wireless IP Service Configure Voice over Wireless IP Service Voice over Wireless IP (VoWIP) is a new technology, merging VoIP (Voice over IP) with 802.11 wireless LANs to create a wireless telephone system. Organizations that add VoWIP to their wireless LANs can deploy and manage voice and data over a single wireless backbone, reserving some portion of network bandwidth to support real‐time voice communications.
Configure Voice over Wireless IP Service Table 3-4 Creating a Service for VoWIP Access (continued) Task Path Primary Parameters to Configure “Create a Service Profile for Voice” on page 3-36 1. Toolbar option: select Configuration. From the Create Service Profile wizard: • Service profile name: edit name 2. Organizer panel: expand the RoamAbout Switch. • SSID name: enter name 3. Expand Wireless. 4. Click Wireless Services.
Configure Voice over Wireless IP Service Step Summary The following list summarizes the fields selected or configuration items entered in the example that follows to configure VoWIP access: 1. Create a radio profile. a. From the Radio Profile wizard, enter RadioProfileVoice as the Name of the radio profile. b. Click Finish. c. Select the radio profile and click Properties. d. Select the 802.11 Attributes and change the DTIM Period to 3. e. 2. Click OK. Create a Voice Service Profile. a.
Configure Voice over Wireless IP Service Create a Radio Profile for Voice This procedure is similar to the procedure in “Create a Radio Profile” on page 3‐5, but has additional steps to change the delivery traffic indication map (DTIM) interval to 3. To create a radio profile for voice service: 1. Select Configuration on the toolbar. 2. In the Organizer panel, expand the RoamAbout Switch. 3. Expand Wireless, then select Radio Profiles. 4. In the Task List panel, select Radio Profile.
Configure Voice over Wireless IP Service Create a Service Profile for WMM VoWIP Devices 1. Select Configuration on the toolbar. 2. In the Organizer panel, expand the RoamAbout Switch. 3. Expand Wireless, then select Wireless Services. 4. In the Task List panel, select Voice Service Profile. The Voice Service Profile wizard is displayed. 5. Click Next. 6. Change the service profile name to Voice‐WMM, and use the name WMM for the SSID. 7. Select Other from the Vendor drop‐down list. 8.
Configure Voice over Wireless IP Service 9. Click Next. Select WPA and deselect Static WEP. 10. Click Next. Leave TKIP enabled and click Next.
Configure Voice over Wireless IP Service 11. Click Next. Type a passphrase from 8 to 63 characters long in the Pre‐shared Key box, and click Generate. 12. Click Next. Type or select the name of the VLAN you want to place voice users in. For this example, use voice‐vlan. Note: Typing the VLAN name here does not actually configure the VLAN. To configure a VLAN, refer to “Set Up VLANs on RoamAbout Switches” on page 3-15.
Configure Voice over Wireless IP Service 13. Click Next. Select Enable WMM. 14. Click Next. Select a MAC Address user from the list, or click Create to create one. If you choose not to use a MAC Address, click Next. 15. Click Next. Select RadioProfileVoic in the Radio Profiles list. 16. Click Finish. Create a Service Profile for SVP VoWIP Devices 1. Select Configuration on the toolbar. 2. In the Organizer panel, expand the RoamAbout Switch. 3. Expand Wireless, then select Wireless Services. 4.
Configure Voice over Wireless IP Service 12. Click Next. Type, or select, the name of the VLAN you want to place SVP users in. For this example, use voice‐vlan. Note: Typing the VLAN name here does not actually configure the VLAN. To configure a VLAN, refer to “Set Up VLANs on RoamAbout Switches” on page 3-15. 13. Click Next. 14. Click Next. The wizard displays the ACL that will automatically be added to the configuration by the wizard.
Configure Voice over Wireless IP Service Create a Service Profile for Avaya VoWIP Devices 1. Select Configuration on the toolbar. 2. In the Organizer panel, expand the RoamAbout Switch. 3. Expand Wireless, then select Wireless Services. 4. In the Task List panel, select Voice Service Profile. The Voice Service Profile wizard is displayed. 5. Click Next. 6. Change the service profile name to Voice‐Avaya, and use the name Avaya for the SSID. 7. Select Avaya in the Vendor drop‐down list. 8.
Configure Voice over Wireless IP Service 14. Click Next. The wizard displays the ACL that will automatically be added to the configuration by the wizard. 15. Click Next. Select a MAC Address user from the list, or click Create to create one. If you choose not to use a MAC Address, click Next.
Configure Voice over Wireless IP Service 16. Click Next. Select RadioProfileVoic in the Radio Profiles list. 17. Click Finish. Create a Service Profile for Vocera VoWIP Devices 1. Select Configuration on the toolbar. 2. In the Organizer panel, expand the RoamAbout Switch. 3. Expand Wireless, then select Wireless Services. 4. In the Task List panel, select Voice Service Profile. The Voice Service Profile wizard is displayed. 5. Click Next. 6.
Configure Voice over Wireless IP Service Set Up a VLAN for VoWIP on RoamAbout Switches This procedure is similar to the procedure in “Set Up VLANs on RoamAbout Switches” on page 3‐15, except IGMP snooping is disabled on the VLAN. To set up a VLAN for VoWIP on a RoamAbout Switch: 1. Select Configuration on the toolbar. 2. In the Organizer panel, expand the RoamAbout Switch. 3. Expand System, then select VLANs. 4. In the Task List panel, select VLAN. The Create VLAN wizard is displayed. 5.
What’s Next? What’s Next? After you create VoWIP access services, you can create another service.
4 Using RF Auto-Tuning For information about... Refer to page...
Place Your Equipment Place Your Equipment Unpack and physically install the RoamAbout switches and APs. For information about installing the equipment, refer to “Equipment Installation” on page 2‐12. Configure Initial RoamAbout Switch Connectivity After installing a RoamAbout switch, prepare it for RASM configuration and management by configuring IP connectivity between the RoamAbout Switch and RASM. Use the Web Quick Start (if available), or enter the quickstart command at the CLI prompt.
Create a Service Profile Create a Service Profile A service profile contains the configuration for the service you want to offer, such as employee access, guest access, or multi‐hosted access. For more information about service profiles, refer to “Wireless Configuration” on page 2‐7. For more information about wireless services, refer to “Which Services to Provide?” on page 2‐2. To create a service profile: 1. Select the Configuration toolbar option. 2.
Create a Radio Profile and Map the Service Profile to It Create a Radio Profile and Map the Service Profile to It To create a radio profile and map a service profile to that profile: 1. Select the Configuration toolbar option. 2. In the Organizer panel, click the plus sign next to the RoamAbout Switch. 3. Click the plus sign next to Wireless. 4. Select Radio Profiles. 5. In the Task List panel under Create, select Radio Profile. 6.
Create Your DAPs An AP’s fingerprint is the hash value of the AP’s public encryption key. The fingerprint is displayed on a label on the back of the AP, and is labeled RSA key. If the AP is already installed and operating, use the CLI command show dap status command to display the fingerprint. Note: The fingerprint is used for secure communication between the RoamAbout Switch and the AP, and applies only to Distributed APs. 6. Click Next. 7. Select the AP model from the AP Model list. 8.
Apply a Radio Profile to Each Radio Apply a Radio Profile to Each Radio When you create a DAP, a new radio (or radios, depending upon the type of DAP created) is added into RASM. The radios use the default radio profile in RASM unless you create a new radio profile and apply it to each radio on the AP. For more information about creating a radio profile, refer to “Create a Radio Profile and Map the Service Profile to It” on page 4‐4.
5 Using RF Auto-Tuning with Modelling For information about... Refer to page... What Is RF Auto-Tuning with Modelling? 5-1 Add Site Information 5-2 Insert RF Obstacles 5-5 Create Your RF Coverage Area 5-6 What’s Next? 5-15 What Is RF Auto-Tuning with Modelling? RF Auto‐Tuning with modelling is a technique you can use to configure and implement your network. This technique builds on the RF Auto‐Tuning method.
Add Site Information Add Site Information By adding minimal information about your buildings and floors at your site, you support improved monitoring for your network. You can manually add building and floor information, or you can import a floor plan. For information about importing a floor plan, refer to “Import a Floor Plan” on page 6‐8. Adding Site information To add site information: 1. Select the RF Planning toolbar option. 2. In the Organizer panel, click the name of the network plan. 3.
Add Site Information 3. In the Building Name box, type the name of the building (1 to 30 alphanumeric characters, with no spaces or tabs), and click Next. 4. In the Number Of Floors box, specify how many floors the building has. When you specify the number of floors a building contains, RoamAbout Switch Manager creates each floor using the default settings. You can edit the floors RoamAbout Switch Manager creates or you can add new floors. 5.
Add Site Information 5-4 Using RF Auto-Tuning with Modelling
Insert RF Obstacles Insert RF Obstacles Add major RF obstacles that will affect the placement of your APs, such as solid walls, barriers, or elevator shafts. Adding RF Obstacles To add RF obstacles: 1. Display the floor plan in the Content panel. 2. In the Task List panel, click Tools. 3. In the RF Obstacle area under Layout, click one of the icons that most closely matches the RF obstacle you wish to place. 4. Click and drag the mouse to draw the location and shape of the RF obstacle on the floor.
Create Your RF Coverage Area Create Your RF Coverage Area To create your RF coverage area, create a wiring closet (not mandatory), designate an area for RF coverage, and add APs to the coverage area. Distributed APs are indirectly attached through intermediate Layer 2 or Layer 3 devices. Creating a Wiring Closet To add the location of a wiring closet to the floor plan: 5-6 1. Display the floor plan in the Content panel. 2. In the Task List panel, click Tools. 3.
Create Your RF Coverage Area Creating Your RF Coverage Area To create your RF coverage area: 1. Display the floor plan in the Content panel. 2. In the Task List panel, click Tools. 3. In the Create area under Coverage Area, click one of the icons and draw the RF coverage area you want to add to the floor by clicking and dragging the mouse. The Create Coverage Area wizard appears. 4. Select one or more technologies to use in the coverage area and click Next.
Create Your RF Coverage Area 6. In the Rate [Mb/s] list for each technology, select the average desired association rate for typical clients in this coverage area. 7. For 802.11g, to prevent the association of 802.11b clients to any radio in this coverage area, select Exclude 802.11b clients. To allow 802.11b clients to associate to radios in the coverage area, clear Exclude 802.11b clients. Note: Even when association of 802.11b clients is disabled, if an 802.11b/g radio detects a beacon from an 802.
Create Your RF Coverage Area 12. To change the default RoamAbout Switch model, select the model from the RoamAbout Model list. 13. To change the default AP model, select the model from the Default AP Model list. 14. To change the AP connection type, select one of the following types from the AP Connection Type list: • Distributed—APs can be indirectly attached through intermediate Layer 2 or Layer 3 devices.
Create Your RF Coverage Area 16. To plan for redundant AP connections to RoamAbout Switches, select Compute Redundancy. 17. To change the AP connection type for the redundant connection, select Distributed from the AP Connection Type list. 18. To change the number of redundant connections for the distributed connection type, enter the number in the Redundancy Level box. 19. Click Next. The Optional: Capacity Planning for Data page appears.
Create Your RF Coverage Area 20. To calculate AP placement and configuration based on both coverage and on capacity, enable Use Capacity Calculation for Data. Otherwise, click Next and go to step 24. By default, RoamAbout Switch Manager performs only the coverage calculation. If you enable the Use Capacity Calculation for Data option, RoamAbout Switch Manager performs both calculations. 21.
Create Your RF Coverage Area 25. To calculate AP placement and configuration based on both coverage and capacity for voice over IP, enable Use Capacity Calculation for Voice. Otherwise, click Next and go to step 31. By default, RoamAbout Switch Manager performs only the coverage calculation. If you enable the Use Capacity Calculation for Voice option, RoamAbout Switch Manager performs both calculations. 26.
Create Your RF Coverage Area 31. In the Mobility Domain list, select the Mobility Domain that contains the APs used for this coverage area. 32. In the Radio Profile list, select the radio profile used for this coverage area. The profiles available depend on the Mobility Domain you selected in step 31. The profile you select applies to all radios associated with the coverage area. If you type the name of a radio profile that does not already exist, RoamAbout Switch Manager creates it. 33.
Create Your RF Coverage Area Add APs Add your distributed APs to your network. To add distributed APs to your network: 1. If you have not already done so, create a wiring closet (optional) and associate your RoamAbout Switches to the closet. For more information, see “Creating a Wiring Closet” on page 5‐6. 2. Go to “Create Your DAPs” on page 4‐4 for information about adding distributed APs to your network. Once created, APs can be associated with a coverage area and added to the floor plan.
What’s Next? 7. Click OK to close the dialog box. 8. In the Organizer panel, click on Objects to Place. A list of the APs you created is displayed in the panel. 9. Click on the AP icon, then click on the location where you installed the AP. The AP icon moves from the Objects To Place panel to its location on the floor.
What’s Next? 5-16 Using RF Auto-Tuning with Modelling
6 Using RF Planning For information about... Refer to page... What is RF Planning? 6-1 Prepare the Floor Drawings 6-2 Define Site Information 6-3 Model RF Obstacles 6-12 Import a Site Survey 6-14 Plan RF Coverage 6-14 Generate a Work Order 6-28 Install the Equipment 6-29 What’s Next? 6-30 What is RF Planning? RF Planning is a technique used to import detailed information about your site into RASM.
Prepare the Floor Drawings Prepare the Floor Drawings Note: If your floor drawings are contained in JPEG or GIF files, this step does not apply. Go directly to “Define Site Information” on page 6-3. If you plan to import AutoCAD DXF™ or AutoCAD DWG files into RASM, you should perform some “clean up” work before importing the files. Doing this work before you import the files into RASM creates a more compact file, requiring less storage space.
Define Site Information Define Site Information You define your site with information about your campus, buildings, and floors. In addition, you describe the attenuation characteristics of the location and specify the traffic engineering needs (bandwidth and reliability) of the users. Note: RASM commits your work into the network plan only when you click Finish, not when you click Next. Changes are not persistently saved until you save the network plan. Create a Network Plan To create a network plan: 1.
Define Site Information 5. In the Network Plan Name box, type a name for the network plan. You can use 1 to 60 alphanumeric characters, with no spaces, tabs, or any of the following: slash (/), backslash (\), quotation marks (“ ”), asterisk (*), question mark (?), angle brackets (< >), or vertical bar (|). 6. In the Country Code list, select the country where the network is to be deployed. Note: You must select a country code before continuing. 6-4 7.
Define Site Information Add Site Information To add site information 1. Select the RF Planning toolbar option. 2. In the Organizer panel, click the name of the network plan. 3. Select Create Site in the Task List panel. The Create Site wizard, a series of dialog boxes, prompts you for information about the new site. 4. In the Site Name box, type a name for the site (1 to 80 alphanumeric characters, with no spaces or tabs), and click Next. 5.
Define Site Information Create a Building To create a building: 1. In the Organizer panel, click the site name. 2. Select Create Building in the Task List panel. The Create Building wizard prompts you for information about the new building. 3. In the Building Name box, type the name of the building (1 to 30 alphanumeric characters, with no spaces or tabs), and click Next. 4. In the Number Of Floors box, specify how many floors the building has.
Define Site Information Add a Floor to the Building To add a floor to the building: 1. In the Organizer panel, click the building name. 2. Select Create Floor in the Task List panel. The Create Floor wizard prompts you for information about the new floor. 3. In the Floor Name box, type the name of the floor (1 to 60 alphanumeric characters, with no spaces or tabs), and click Next. 4. To change the default attenuation for radios, type the number of dB in the 802.11a (dB) box or 802.11b/g (dB) box.
Define Site Information Import a Floor Plan Import existing floor plans into RASM. The file can be in one of the AutoCAD DXF, AutoCAD DWG, JPEG, or GIF formats. Note: Enterasys recommends that you modify the AutoCAD files from AutoCAD to remove unnecessary objects and layers; then save them in .dxf format. For more information about how to modify AutoCAD files, refer to “Prepare the Floor Drawings” on page 6-2. Import a Floor Drawing To import a floor drawing: 6-8 1.
Define Site Information Set the Scale Set the scale on your floor plan to better define the distance between objects in your network. To set the scale: 1. Display the floor plan in the Content panel. 2. Click the ruler icon on the toolbar. a. Draw a line on the floor plan over an object whose length you know; for example, a 3‐foot door. b. Enter the actual length of the object in the pop‐up box. c. Click OK. Note: Zooming in the object makes it easier to set the scale.
Define Site Information 3. Click Next. Cleanup progress is displayed at the bottom of the wizard. 4. 6-10 You can display a Before Cleanup and After Cleanup view when cleanup is complete.
Define Site Information 5. When you are satisfied with the results, click Finish.
Model RF Obstacles Model RF Obstacles When planning a Enterasys network, you need to consider how the building layout and physical objects affect signal loss. Walls, windows, and doors absorb RF signals, and different building materials have different attenuation factors. You can model an RF obstacle on your floor plan and assign the obstacle type and attenuation factor, or you can assign an obstacle type and attenuation factor to objects in a DWG or DXF drawing.
Model RF Obstacles 4. Define the RF obstacle. 5. Click Finish. The layer’s objects are now obstacles in your floor plan.
Import a Site Survey Import a Site Survey You can import RF measurement data by means of a site survey done outside of RASM. Using the Site Survey Order report from RASM, a map is created of your site that can be used in an Ekahau™ site survey. After the survey is complete, the measurement data can be imported back into RASM, and RF obstacles adjusted. In this way, actual, measured information about RF obstacles can be obtained and incorporated into your plan.
Plan RF Coverage 5. In the Name box, type the name of the wiring closet (1 to 60 characters, with no tabs). 6. Click a RoamAbout Switch in the Available Devices box, then click the Add button to move it to the Current Devices box. 7. Click Finish to save the changes. The wiring closet is displayed on your floor plan. Create Coverage Areas The RF coverage area is the geographical area in your network you define RF coverage.
Plan RF Coverage 6-16 3. In the Create area under Coverage Area, click one of the icons and draw the RF coverage area you want to add to the floor by clicking and dragging the mouse. The Create Coverage Area wizard appears. 4. Select one or more technologies you want to use in the coverage area, and click Next. The wizard presents properties and association pages for the technology you chose in step 3. 5.
Plan RF Coverage 7. For 802.11g, to prevent the association of 802.11b clients to any radio in this coverage area, select Exclude 802.11b clients. To allow 802.11b clients to associate to radios in the coverage area, clear Exclude 802.11b clients. Note: Even when association of 802.11b clients is disabled, if an 802.11b/g radio detects a beacon from an 802.11b network, the radio enters protection mode to protect against interference. 8. Click Next. The Floor Properties page appears. 9.
Plan RF Coverage 12. To change the default RoamAbout Switch model, select the model from the RoamAbout Switch Model list: 13. To change the default AP model, select the model from the Default AP Model list. 14. To change the AP connection type, select the type from the AP Connection Type list: • Distributed—APs can be indirectly attached through intermediate Layer 2 or Layer 3 devices. • Distributed (Auto)—APs can be indirectly attached through intermediate Layer 2 or Layer 3 devices.
Plan RF Coverage 16. To plan for redundant AP connections to RoamAbout Switches, select Compute Redundancy. 17. To change the AP connection type for the redundant connection, select Distributed from the AP Connection Type list. 18. To change the number of redundant connections for the distributed connection type, type the number in the Redundancy Level box. 19. Click Next. The Capacity Planning for Data page appears.
Plan RF Coverage 20. To calculate AP placement and configuration based on both coverage and on capacity, enable Use Capacity Calculation for Data. Otherwise, click Next and go to step 24. By default, RASM performs only the coverage calculation. If you enable the Use Capacity Calculation for Data option, RASM performs both calculations. 21. In the Per Station Throughput list, specify the throughput (combined transmit and receive) in kilobits per second (Kbps) for a station. 22.
Plan RF Coverage 25. To calculate AP placement and configuration based on both coverage and on capacity for voice over IP, enable Plan for Voice over IP. Otherwise, click Next and go to step 30. By default, RASM performs only the coverage calculation. If you enable the Plan for Voice over IP option, RASM performs both calculations. 26. In the Active Call Bandwidth list, specify the amount of bandwidth in kilobytes per second (Kbps) that you expect for each call. 27.
Plan RF Coverage 31. In the Mobility Domain list, select the Mobility Domain that contains the APs used for this coverage area. 32. In the Radio Profile list, select the radio profile used for this coverage area. The profiles available depend on the Mobility Domain you selected in step 31. The profile you select applies to all radios associated with the coverage area. If you type the name of a radio profile that does not already exist, RASM creates it. 33.
Plan RF Coverage Compute and Place APs When you perform the Compute and Place procedure for one or more coverage areas, RASM automatically calculates the number of RoamAbout Switches you require, and places them in appropriate locations on the floor. To do this, two calculations are performed in RASM. One is based on capacity (traffic engineering) and the other is based on pure RF coverage (at a given data rate).
Plan RF Coverage 6-24 7. Review the number of RoamAbout Switches required for each coverage area, and the overriding criterion used (coverage or capacity). 8. Click Finish to apply the changes. Icons for the suggested RoamAbout Switch locations appear on the floor plan.
Plan RF Coverage Assign Channel Settings After identifying the RoamAbout Switches required for a coverage area, you need to assign channels to the RoamAbout Switches. Appropriate assignment of channels across the floor minimizes co‐channel interference. The channel assignment algorithm assigns non‐overlapping channels to neighboring APs from the selected channel set. Choose the starting floor and the ending floor (in the downward direction) for multi‐floor channel assignment.
Plan RF Coverage 8. Click Next. The Channel Assignment Progress page appears. 9. Review the results. The 802.11a channel assignments are listed on the 802.11a Radio(s) tab. The 802.11b/g channel assignments are listed on the 802.11b/g Radio(s) tab. 10. Click Finish to accept the channel assignments. The new channel assignments are reflected in the Coverage Areas panel.
Plan RF Coverage 3. To optimize the AP count, select Optimize AP Count. This option checks for coverage overlaps and removes an AP if neighboring APs provide enough coverage to make the AP unnecessary. 4. Select Compute Power for the areas for which you want to compute power. 5. Click Next. The Compute Power For Progress page appears. 6. Click Finish to see the results.
Generate a Work Order Display Coverage Looking at the RF coverage allows you to see if the entire area is adequately covered by the RoamAbout Switches. You can move the APs and see how the coverage changes. To display the RF coverage for an area: 1. Beside Show RF Coverage Using, select how you want to display the coverage: • Baseline Association Rate—Coverage is shown based on the AP radio baseline association rate.
Install the Equipment 4. Specify the work order options. 5. In the Language list, select English or German. The language you select is the language used when you next access this page. 6. To select the directory to which the work order report is saved, click Choose. The Select dialog box appears. For UNIX and Linux systems, the default directory is the home directory of the user running RASM. 7. Click Generate. The work order is saved in the directory you specified in the format WO_scope_name_date.
What’s Next? What’s Next? A RASM network plan can support both RF Auto‐Tuning and RF Planning techniques at the same time. You can use RF Auto‐Tuning to meet the demands of rapid network changes that can be caused by a greater or lesser number of users, or by a physical blockage of APs. You are alerted when changes occur in your network of this nature. 6-30 • To fine tune your network’s RF coverage area and performance, refer to Chapter 9, Optimizing a Network Plan.
7 Managing and Monitoring Your Network .’ For information about... Refer to page...
Deploy Your Configuration Once you are familiar with the Monitor function, this section also provides three monitoring examples you can use as a guide to troubleshooting user connectivity issues in your network. For detailed information about monitoring, refer to the “Monitoring the Network” chapter in the RoamAbout Switch Manager Interface Reference Guide.
Deploy Your Configuration 7. Click Close. Notes: You can click Close at any time after clicking Deploy. The operation continues in the background. To review the status of the operation, use the operation log. (Select View Operation Log.) Scheduling Deployment of Local Changes To schedule deployment of local changes: 1. Select the Devices toolbar option. 2. At the bottom of the Task List panel, select Change Management. 3. Select one or more RoamAbout Switches.
Perform Basic Administrative Tasks Perform Basic Administrative Tasks This section contains information about basic administrative tasks you can perform in RASM. For detailed information about performing administrative tasks including configuring RoamAbout Switch management services, refer to the chapter “Configuring RoamAbout Switch System and Administrative Parameters” in the RoamAbout Switch Manager Interface Reference Guide.
Perform Basic Administrative Tasks 5. Use the Content panel and Task List options to modify settings. For information about the management options, refer to the “Viewing and Changing Management Settings” section in the “Configuring RoamAbout Switch System Parameters” chapter of the RoamAbout Switch Manager Interface Reference Guide.
Distributing System Images Distributing System Images You can use RASM to upgrade or downgrade the system image (MSS software) on RoamAbout Switches. System images include switch software and AP software. Using the Image Repository Use the image repository to add or delete RoamAbout Switch system images. The image file is checked and its version is verified when added to the image repository. Images are stored in the RASM_installation_directory\images\dp directory.
Distributing System Images Distributing System Images You can distribute a system image to one or more RoamAbout Switches in a network plan. To use a new system image, you must reboot the RoamAbout Switch. Notes: • Enterasys Networks recommends that you use the Verification tab to resolve any configuration errors or warnings before you distribute system images. • Before you can distribute an image, you must add it to the image repository. (Refer to “Using the Image Repository” on page 7-6.
Distributing System Images 8. 7-8 Click Finish.
Distributing System Images Saving Versions of Network Plans You can save multiple versions of a network plan in RASM. After deploying a network plan to a RoamAbout Switch, you can save a snapshot of the plan as a version. Create versions of the network plan on a regular basis and at every major baseline event for network configurations. Doing so allows you to have snapshots of network configurations should you need to revert to one of them.
Importing and Exporting Switch Configuration Files Importing and Exporting Switch Configuration Files You can import or export switch configuration files in Extensible Markup Language (XML) format. • The import option enables you to create a RoamAbout Switch in the network plan by importing configuration files in Extensible Markup Language (XML) format. You also can update the configuration of a switch that is already in the plan.
Importing and Exporting Switch Configuration Files Exporting a Configuration To export a configuration: 1. Select Tools > Export. The Export Configurations dialog box appears. 2. In the Export From list, select the Mobility Domain with the configuration you want to export. 3. Click the Choose button, which is labeled with the current output directory, to export the configuration file to a different directory. The Select dialog box appears.
Monitoring Examples Monitoring Examples When you click on the Monitor toolbar option. you will notice several different sections or views. Each view is a different way to examine data that RASM captures.
Monitoring Examples Monitor an Individual User If an individual user notifies you with the complaint that the network is very slow or inaccessible, use the following steps to identify the problem: 1. Find the user in the list of users on the network. 2. Locate the user in the floor plan. (If you can locate them, then the scope of the problem can be narrowed down to performance.) 3. View the user’s network activity. 4.
Monitoring Examples Locating the User Display the user’s approximate location by performing the following steps: 1. On the Find Client(s) Result screen, click the Locate Client task (under Manage). RASM retrieves information about the client’s location. 2. If three or more APs have not detected the client within 15 seconds of each other, the Listeners Selection dialog box appears, displaying a list of the APs that have detected the client. You can select up to six APs from the list.
Monitoring Examples Client’s Approximate Location 4. To refresh the list of APs that detect the client, click the (Refresh Listeners) button 5. To change the APs used for calculating the client’s location, click the Listeners tab and select or deselect APs from the list, then click the (Locate) button. Displaying User Activity You can display the event types recorded for the user. Disassociation events can occur, and users can be dropped from the network.
Monitoring Examples 3. Select the Statistics tab to display current and lifetime statistics for the user. Operational rate statistics display the throughput per second. The following throughput rates are optimum: • 802.11b–11 Mb/s (optimum) • 802.11g/a–36 Mb/s or higher Signal to Noise Ratio (SNR) statistics can help you determine whether the interference is being created by too much noise on a channel.
Monitoring Examples Viewing User Performance Statistics If the user’s complaint cannot be traced to a specific problem based on current activity, you can view statistics over a period of time. To view user performance statistics: 1. Click on the Monitor option in the main RASM toolbar. 2. Click Details in the Client Summary View to switch to the Client Monitor View. 3.
Monitoring Examples 7-18 3. Click Details in the Traffic Summary View to switch to the Radio Monitor View. 4. Click on one of the options under Statistics in the Task Panel to display the Performance ‐ Per Radio Statistics dialog for the radio. In the example below, error statistics are displayed.
Monitoring Examples Viewing RF Trends for an Individual Radio To view RF trends for an individual radio: 1. Click on the Monitor option in the main RASM toolbar. 2. Expand the Equipment list in the Organizer panel, and select a radio to display the Monitor views for the radio. 3. Click Details in the Traffic Summary View to switch to the Radio Monitor View. 4. Click on one of the options under Trends in the Task Panel to display trend information for the radio.
What’s Next? What’s Next? You can optimize your network by importing RF measurement data to correct RF attenuation obstacle information if you have a reported coverage area problem or if you want to verify your RF network coverage. For more information about optimizing your network plan, refer to “Optimizing a Network Plan” on page 9‐1.
8 Managing Alarms ’ For information about... Refer to page... What Is Fault Management? 8-1 Set Up the Fault Management System 8-1 Classify and Organize Faults 8-3 Manage Faults 8-4 Store Faults and Retrieve Fault History 8-7 Generate Alarm Reports 8-9 Use the Fault Management System to Locate a Rogue 8-11 What’s Next? 8-17 What Is Fault Management? The Fault Management System is a feature included in RASM to make it easier to manage faults (alarms) that occur in the network.
Set Up the Fault Management System To set up the Fault Management system: 1. Select the Alarms option in the main RASM toolbar. 2. Click Setup in the Task Panel. The Alarm Setup dialog is displayed. 3. Select the type of alarms you want to enable by clicking the appropriate check box. Notice that there are several types available for various severity levels. 4. Click the Notification tab and select the severity levels for which RASM should send an email notification.
Classify and Organize Faults 6. • Number of days—The number of days after which any cleared alarms will be deleted from the database. • Critical—The number of days after which any active critical alarms will be aged. • Major—The number of days after which any active major will be aged. • Minor—The number of days after which any active minor will be aged. • Informational—The number of days after which any active informational will be aged.
Manage Faults Menu items include the following options: • • • • All Severities – Critical – Major – Minor – Info All Categories – System – Performance Client – Security Network Plan – Mobility Domain – Mobility Exchange – 10/100 Ethernet Port – Gigabit Ethernet Port – Distributed AP – AP – Radio – Site – Building – Floor Network plan name(s) These options allow you to see a variety of specific alarms for each device in the network.
Manage Faults • Top 5 Sources of Alarms • IDS Alarms • DoS Alarms Alarm Summary The RASM Fault Management System displays alarm data in three ways: in bar graphs, pie charts, or tables. The default view is the graphical representation of alarms. However, you may switch between the chart and table views by clicking the tabular icon or the graph icon. Alarm Summary Details RASM displays Fault Management data in the Content panel when you click on the Alarms toolbar option.
Manage Faults Top 5 Sources of Alarms Sources are the separate RoamAbout Switches in the network plan. To view the top 5 sources of alarms in chart format: 1. Click the chart icon at the bottom left corner of the Top 5 Sources of Alarms section of the RASM screen. Each bar in the graph shows the alarms that are generated by a specific RoamAbout Switch in the network plan, depicted in the following screen. 2.
Store Faults and Retrieve Fault History Denial of Service (DoS) Alarms RASM generates alarms when attempts at Denial of Service attacks are detected on the network. SNMP notifications must be enabled on the RoamAbout Switches in order for alarms to appear in RASM. To view DoS alarms: 1. To view DoS alarms in chart format, click the chart icon at the bottom left corner of the DoS Alarms section of the RASM screen. 2.
Store Faults and Retrieve Fault History 8-8 4. After clicking on a row, RASM displays more information for the specific alarm in the lower pane. Click a row in the lower pane to view all of the details for the alarm, or click Event Details in the Alarms panel on the right. RASM displays a window similar to the one shown in the following screen. 5. Click Close in the lower right corner.
Generate Alarm Reports Generate Alarm Reports RASM provides the capability to export fault data in the form of reports. You can generate the following reports: • Alarm Summary—Provides the total number of current faults in the system and identifies them by type, source, severity or state. • Alarm History—Provides a list of all faults in the system that were active within a specified time period. Users can sort the faults by source, severity, or category.
Generate Alarm Reports Alarm History Report The Fault History report provides a list of all faults in the system that were active within a specified time period. RASM allows you to sort the faults by source, severity, or category. To generate an Alarm History report: 1. Click Alarm History in the Task panel under Reports. The Alarm History Report dialog box appears. 2. Select the desired Report Scope type from the list.
Use the Fault Management System to Locate a Rogue 4. If necessary, browse to the desired output directory in the Output Directory box. Navigate to the desired location and click Select. 5. Click Generate in the bottom right corner. 6. After generating the report, click the blue hyperlink in the Results box to view the report. RASM opens the report in a new window and saves it at the previously selected location. 7. Click Close in the bottom right corner of the Report dialog box.
Use the Fault Management System to Locate a Rogue 3. 8-12 Managing Alarms Click on one of the alarms to display details about the alarm.
Use the Fault Management System to Locate a Rogue 4. Click the Events tab to display events RASM has recorded about the rogue. The number of listeners (other APs) that detected the rogue are displayed. The larger the number of listeners detecting the rogue, the easier it is for RASM to locate the rogue in the RF coverage area. 5. Locate the rogue in the RF coverage area. In the Task Panel, under Related Tasks, click Locate. The approximate location of the rogue is displayed in the RF coverage area.
Use the Fault Management System to Locate a Rogue Rogue’s Approximate Location 6. To change the APs used for calculating the rogue’s location, click the Listeners tab and select or deselect APs from the list, then click the (Locate) button. Configuring Countermeasures You can enable MSS to use countermeasures against rogues. Countermeasures consist of packets that interfere with a client’s ability to use the rogue. Countermeasures are disabled by default.
Use the Fault Management System to Locate a Rogue 6. In the Name box, type the name of the radio profile (1 to 16 characters, with no spaces or tabs), and click Next. The Optional: Radio Profile Members page appears. 7. Select the AP radios on which you want to enable countermeasures from the Available Members column, and click Move to move the radios to the Current Members column. 8. Click Next. The Radio Profile Service Selection page appears. 9.
Use the Fault Management System to Locate a Rogue 11. Select the radio profile you created and click the Properties button. The Radio Profile Properties dialog box is displayed. 12. To enable countermeasures against rogues detected by radios managed by this profile, select one of the following from the Countermeasures Mode pull‐down list: • None—Radios do not use countermeasures. This is the default.
What’s Next? • Rogue—Radios use countermeasures against devices classified by MSS as rogues, but do not use countermeasures against devices classified by MSS as interfering devices. Caution: Countermeasures affect wireless service on a radio. When an AP radio is sending countermeasures, the radio is disabled for use by network traffic, until the radio finishes sending the countermeasures.
What’s Next? 8-18 Managing Alarms
9 Optimizing a Network Plan For information about... Refer to page... Using RF Measurements from an Ekahau Site Survey 9-2 Optimizing the RF Coverage Model 9-6 Locating and Fixing Coverage Holes 9-8 What’s Next? 9-10 Optimizing your network is a post‐deployment technique. To optimize your WLAN, import RF measurement data to correct RF attenuation obstacle information in your network plan.
Using RF Measurements from an Ekahau Site Survey Using RF Measurements from an Ekahau Site Survey RF measurements come from a site survey file generated by the Ekahau Site Survey tool. Choose one of the following to perform a site survey: • In RASM—View your RF coverage area. • In RASM—Generate a site survey work order, specifying the area you want to survey. A JPEG (.jpeg, .jpg) file is generated. • Import the generated JPEG file into the Ekahau Site Survey tool. • Set the scale of the drawing.
Using RF Measurements from an Ekahau Site Survey A browser window containing the report opens. 9. Click View Site Survey Order to view the site survey work order. 10. Browse to the output directory and locate the JPEG file. Copy this file and import it into your Ekahau Site Survey tool. Proceed with your site survey.
Using RF Measurements from an Ekahau Site Survey Importing RF Measurements from the Ekahau Site Survey After you complete the site survey, you import the csv file containing the RF measurements from the Ekahau Site Survey tool into your network plan. After you import your RF measurements, you optimize to correct attenuation for obstacles on the floor. To import RF measurements: 1. Display the floor plan in the Content panel. 2. In the Task List panel, click RF Planning. 3.
Using RF Measurements from an Ekahau Site Survey 8. Click Next. The import progress is displayed. When the import is done, check the Total valid RF measurements found line in the progress messages. • If the number is greater than 0, RoamAbout Switch Manager successfully imported measurements. • If the number is 0, no measurements were imported. Try the import again. If you are using a site survey file, verify that the map name is correct.
Optimizing the RF Coverage Model After you import your RF measurements, you correct the attenuation factors for the floor. Refer to “Optimizing the RF Coverage Model” on page 9‐6 next for information about this topic. Optimizing the RF Coverage Model An attenuation library is a set of attenuation values for the RF obstacles on a floor.
Optimizing the RF Coverage Model 4. • The Total number of RF measurements that did not intersect any object line lists the number of measurements that did not experience attenuation due to an RF obstacle in the path between them. • If the measurements came from a site survey file, they are measurements between the deployed APs and the Ekahau Site Survey tool performing the survey. If the measurements came from AP radios in the network, they are measurements between AP radios.
Locating and Fixing Coverage Holes Locating and Fixing Coverage Holes After importing RF measurements and rebuilding the attenuation library, look for coverage holes by displaying coverage. Perform the following steps to locate coverage holes: 1. Display the optimized RF coverage area to view the results of the corrected attenuation data. 2. Lock down deployed APs in the coverage area (so that RASM will not move APs in your network plan during the compute and place process). 3. Compute and place APs.
Locating and Fixing Coverage Holes Locking Down APs To prevent RASM from moving an AP on your network plan that you do not want to be redistributed, lock the AP down. To lock down an AP: 1. Display the RF coverage area. For information about how to display the RF coverage area, refer to “Displaying the RF Coverage Area” on page 9‐8. 2. Right‐click on an AP in the RF coverage area, and select Lock. 3. Right‐click (Macintosh: Control+click) on an AP in the RF coverage area, and select Lock.
What’s Next? 7. Click OK to close the dialog box. 8. In the Organizer panel, click on Objects to Place. A list of the APs you created is displayed in the panel. 9. Click on the AP icon, then click on the location where you installed the AP. The AP icon moves from the Objects To Place panel to its location on the floor. What’s Next? You can create a backup copy of your updated network plan, and distribute the RASM configuration to others.
A Access Point 3000 Conversion This section describes how to convert an Enterasys Networks RoamAbout Access Point 3000 (AP3000) operating in standalone mode to operate in thin mode with the Enterasys RBT‐8xxx series of wireless switches. Logically, the process appears to the AP3000 as a firmware upgrade, and therefore can be performed without requiring physical access to the device.
Obtaining the Image Obtaining the Image To obtain the image file required to convert a standalone AP3000 to thin mode: 1. Access the download page on the Enterasys web site: http://www.enterasys.com/services/support/downloads 2. Use the drop‐down list at the top of the page under Products to jump right to the RoamAbout Wireless Devices section, or scroll down to the Wireless LAN section on the page. 3. From the RoamAbout drop‐down list, select RoamAbout Wireless Access Point Manager, and click Go!.
Configuring the AP3000 2. Enter the username and password, and click LOGIN. If you did not change the default settings, enter the default username of admin and the default password of password, and click LOGIN. The Country Code page, if applicable, appears. 3. To set the Country, if applicable, perform the following steps: a. Click the arrow in the Country pull‐down menu to select the appropriate country, then click Apply at the bottom of the page. The access point prompts you to reset.
Configuring the AP3000 b. A-4 Click OK. The Identification page appears. 4. Click Administration from the menu on the left‐hand side of the page. The Administration page appears. 5. In the Firmware Upgrade area on the page, click the Browse button next to the Local, New firmware file field and browse to the location of the RBT3K‐thin‐bin.img which you downloaded previously. 6. Select the RBT3K‐thin‐bin.img file and click Open. 7. Click the Start Upgrade button.
Configuring the AP3000 8. Click OK. 9. When the Administration page is displayed again, click the Reset button next to the Reset Access Point field.
Returning to Standalone Mode 10. When a dialog box appears, asking if you want to reboot the system now, click OK. After the access point resets, the conversion process is complete. Returning to Standalone Mode To return an AP3000 operating in thin mode back to standalone mode, depress the access point’s reset button for 30 seconds. Caution: When you return back to standalone mode, all configuration settings are lost, and the AP is set back to the factory default settings.
B Access Point RBT-4102 Conversion This section describes how to convert an Enterasys Networks RoamAbout Access Point RBT‐4102 operating in standalone mode to operate in thin mode with the Enterasys RBT‐8xxx series of wireless switches. Logically, the process appears to the RBT‐4102 as a firmware upgrade, and therefore can be performed without requiring physical access to the device.
Obtaining the Image Obtaining the Image To obtain the image file required to convert a standalone RBT‐4102 to thin mode: 1. Access the download page on the Enterasys web site: http://www.enterasys.com/services/support/downloads 2. Use the pull‐down list at the top of the page under Products to jump right to the RoamAbout Wireless Devices section, or scroll down to the Wireless LAN section on the page. 3. From the RoamAbout drop‐down list, select RoamAbout Wireless Access Point Manager, and click Go!.
Configuring the RBT-4102 2. Enter the username and password, and click LOGIN. If you did not change the default settings, enter the default username of admin and the default password of password, and click LOGIN. The Country Code page, if applicable, appears. 3. To set the Country, if applicable, perform the following steps: a. Click the arrow in the Country pull‐down menu to select the appropriate country, then click Apply at the bottom of the page. The access point prompts you to reset.
Configuring the RBT-4102 B-4 5. In the Firmware Upgrade area on the page, click the Browse button next to the Local, New firmware file field and browse to the location of the RBT‐4102‐thin‐bin.img which you downloaded previously. 6. Select the RBT‐4102‐thin‐bin.img file and click Open. 7. Click the Start Upgrade button. After a successful completion of the upgrade, a screen is displayed that prompts you to reset the access point. 8. Click OK. 9.
Returning to Standalone Mode 10. When a dialog box appears, asking if you want to reboot the system now, click OK. After the access point resets, the conversion process is complete. Returning to Standalone Mode To return an RBT‐4102 operating in thin mode back to standalone mode, depress the access point’s reset button for 30 seconds. Caution: When you return back to standalone mode, all configuration settings are lost, and the AP is set back to the factory default settings.
Returning to Standalone Mode B-6 Access Point RBT-4102 Conversion
Index A AAA security configuring, accounting 2-10 configuring, authentication 2-8 configuring, authorization 2-10 configuring, overview 2-8 access control configuring 1-12 advisory notices, explanations of xvi Alarms 8-1 AP3000 configuring A-2 converting A-1 APs assigning channel settings 6-25 computing and placing 6-23 locking down 9-9 attributes Encryption-Type 3-9 AutoCAD DWG files 6-2 C clean layout 6-9 configurations deploying 7-2 exporting 7-10 importing 7-10 configuring access control 1-12 employee
RASM software requirements 1-4 RASM client 1-6 connecting to RASM monitoring service 1-10 hardware requirements 1-1 installing 1-7 installing, preparing for 1-4 installing, resource allocation 1-5 installing, standalone mode 1-6 software requirements 1-4 RASM GUI overview 1-13 RASM monitoring service configuring 1-11 hardware requirements 1-2 installing 1-7 installing, preparing for 1-4 installing, resource allocation 1-5 installing, shared mode 1-6 software requirements 1-4 RBT switches configuring, VLANs
