Summit WM Series WLAN Switch and Altitude Access Point Software Version 4.1 User Guide Extreme Networks, Inc. 3585 Monroe Street Santa Clara, California 95051 (888) 257-3000 (408) 579-2800 http://www.extremenetworks.
Alpine, Alpine 3804, Alpine 3802, Altitude, BlackDiamond, BlackDiamond 6808, BlackDiamond 6816, EPICenter, Ethernet Everywhere, Extreme Ethernet Everywhere, Extreme Networks, Extreme Turbodrive, Extreme Velocity, ExtremeWare, ExtremeWorks, ExtremeXOS, GlobalPx Content Director, the Go Purple Extreme Solution Partners Logo, Sentriant, ServiceWatch, Summit, Summit24, Summit48, Summit1i, Summit4, Summit5i, Summit7i, Summit 48i, SummitRPS, SummitGbX, Triumph, vMAN, the Extreme Networks logo, the Alpine logo, th
Contents About this Guide.............................................................................................................................. 9 Who should use this guide ...........................................................................................................9 What is in this guide ...................................................................................................................9 Formatting conventions..............................................................
Contents Setting up OSPF Routing .....................................................................................................47 Filtering at the interface level ...............................................................................................50 Built-in port-based exception filters ......................................................................................50 User defined port-based exception filters............................................................................
Contents Assigning Altitude AP radios to a WM-AD ..................................................................................106 Authentication for a WM-AD.....................................................................................................108 Vendor Specific Attributes..................................................................................................108 Defining authentication for a WM-AD for Captive Portal ........................................................
Contents Chapter 8: Working with the Summit WM Series Spy..................................................................... 179 Summit spy overview ...............................................................................................................179 Enabling the Analysis and data collector engines........................................................................180 Running Summit Spy scans ................................................................................................
Contents Appendix B: Regulatory Information.............................................................................................. 251 Summit WM200 (15955), Summit WM2000 (15956) ...............................................................251 Safety Standards...............................................................................................................251 EMI/EMC Standards ..........................................................................................................
Contents 8 Summit WM Series WLAN Switch and Altitude Access Point Software Version 4.
About this Guide This guide describes how to install, configure, and manage the Summit® WM series switch, access points, and WLAN switch software. This guide is also available as an online help system. To access the online help system: 1 In the Summit Wireless Assistant Main Menu bar, click Help. The About Summit Wireless Assistant screen appears. 2 In the left pane, click Controller Documentation. The online help system is launched.
About this Guide ● Chapter 9 describes the various reports and displays available in the Summit WM series switch, access points, and WLAN switch software system. ● Chapter 10 describes maintenance activities, such as software upgrades on both the Summit WM series switch and the Altitude AP. This chapter also includes information on the logs, traces, reports and displays available.
Safety Information Safety Information WARNING! Read the following safety information thoroughly before installing Extreme Networks products. Failure to follow this safety information can lead to personal injury or damage to the equipment.
About this Guide Installing Power Supply Units WARNING! Ensure that the following requirements are satisfied when installing all Extreme Networks power supplies. See Installation instructions of power supply unit (PSU) in questions for ratings and power requirements. Make sure to satisfy the following requirements: ● Plug power supplies only into properly grounded electrical outlets to help prevent electrical shock and comply with international safety standards.
Safety Information Maintenance Safety Take the following precautions: ● Use only original accessories and/or components approved for use with this system. Failure to observe these instructions may damage the equipment or even violate required safety and EMC regulations. ● The chassis cover should only be removed by Extreme Networks personnel. There are no customer serviceable components in this system. Repairs to the system must be performed by an Extreme Networks factory service technician.
About this Guide Power supply cords for use outside of United States and Canada are typically provided by a third-party distribution center and must meet the following requirements: ● Power supply cords must be agency certified for country of use. ● Power supply cords must contain an appropriate rated and approved wall plug applicable to the country of installation.
Safety Information Battery Replacement and Disposal Please note the following for batteries: ● Replacing lithium battery--Batteries contained in this unit are not user-replaceable. Contact your Extreme Service personal for complete product replacement. WARNING! If replacement is attempted, the following guidelines must be followed to avoid danger of explosion: 1. replaced with the same or equivalent type as recommended by the battery manufacturer. 2.
About this Guide Sicherheitshinweise WARNUNG! Vor der Installation der Produkte von Extreme Networks sind die nachfolgenden Sicherheitshinweise aufmerksam zu lesen. Die Nichtbeachtung dieser Sicherheitshinweise kann zu Verletzungen oder Schäden an der Ausrüstung führen.
Sicherheitshinweise jede empfangene Interferenz zulassen, einschließlich einer Interferenz, die einen unerwünschten Betrieb verursachen kann. Installation von Netzteilen WARNUNG! Bei der Installation sämtlicher Netzteile von Extreme Networks muss sichergestellt werden, dass die nachfolgend aufgeführten Anforderungen erfüllt sind. Angaben zu Nennleistung und Leistungsbedarf finden sich in den Installationsanweisungen für das jeweilige Netzteil (Power Supply Unit, PSU).
About this Guide aus den Wandsteckdosen gezogen werden. Das Stromkabel dient zur Trennung von der Netzstromversorgung. ● Vor dem Entfernen der Rückwand eines Extreme Networks-Switch muss die gesamte Stromzufuhr unterbrochen werden. ● Vor der Aufnahme von Arbeiten in der Nähe von Stromquellen alle Stromkabel abziehen, sofern nicht im Rahmen eines Wartungsverfahrens anders vorgegeben.
Sicherheitshinweise ● Die Länge der Stromkabel muss weniger als 5 m (15 Fuß) betragen. ● Die Mindestspezifikation für das flexible Kabel lautet: ● ● Nr. 18 AWG (0,823 mm2) für Einheiten mit einem Bemessungsstrom von weniger als 10 A, oder ● Nr. 18 AWG (0,823 mm2) bis 2 m Länge für Einheiten mit einem Bemessungsstrom von 10 A oder höher, oder ● Nr.
About this Guide 20 Summit WM Series WLAN Switch and Altitude Access Point Software Version 4.
1 Overview of the Summit WM series switch, access points, and WLAN switch software solution This chapter describes Summit WM series switch, access points, and WLAN switch software concepts, including: ● Conventional wireless LANs ● Elements of the Summit WM series switch, access points, and WLAN switch software solution ● Summit WM series switch, access points, and WLAN switch software and your network ● System Configuration Overview The next generation of Extreme Networks wireless networking devi
Overview of the Summit WM series switch, access points, and WLAN switch software solution Figure 1: Standard wireless network solution example The wireless devices and the wired networks communicate with each other using standard networking protocols and addressing schemes. Most commonly, Internet Protocol (IP) addressing is used.
Elements of the Summit WM series switch, access points, and WLAN switch software solution Figure 2: Extreme Networks solution As illustrated in Figure 2, the Summit WM series switch appears to the existing network as if it were an access point, but in fact one Summit WM series switch controls many Altitude APs. The Summit WM series switch has built-in capabilities to recognize and manage the Altitude APs.
Overview of the Summit WM series switch, access points, and WLAN switch software solution ● Offers centralized management and control – An administrator accesses the Summit WM series switch in its centralized location to monitor and administer the entire wireless network. From the Summit WM series switch the administrator can recognize, configure, and manage the Altitude APs and distribute new software releases.
Summit WM series switch, access points, and WLAN switch software and your network during the initial registration process. For SLP, DHCP should have Option 78 enabled. Option 78 specifies the location of one or more SLP Directory Agents. ● Service Location Protocol (SLP) (SLP RFC2608) – Client applications are User Agents and services that are advertised by a Service Agent. In larger installations, a Directory Agent collects information from Service Agents and creates a central repository.
Overview of the Summit WM series switch, access points, and WLAN switch software solution Figure 3: Traffic Flow diagram Each wireless device sends IP packets in the 802.11 standard to the Altitude AP. The Altitude AP uses a UDP (User Datagram Protocol) based tunnelling protocol to encapsulate the packets and forward them to the Summit WM series switch.
Summit WM series switch, access points, and WLAN switch software and your network The Summit WM series switch, access points, and WLAN switch software system provides the centralized mechanism by which the corresponding security parameters are configured for a group of APs. ● Wired Equivalent Privacy (WEP) is a security protocol for wireless local area networks defined in the 802.
Overview of the Summit WM series switch, access points, and WLAN switch software solution WM Access Domain Services WM Access Domain Services (WM-AD) provide a versatile method of mapping wireless networks to the topology of an existing wired network. When you set up WM Access Domain Services (WM-AD) on the Summit WM series switch you are defining subnets for groups of wireless users.
Summit WM series switch, access points, and WLAN switch software and your network In the Summit WM series switch, access points, and WLAN switch software system, network access policy is carried out by means of packet filtering within a WM-AD. In the Summit WM series switch user interface, you set up a packet filtering policy by defining a set of hierarchical rules that allow or deny traffic to specific IP addresses, IP address ranges, or service ports.
Overview of the Summit WM series switch, access points, and WLAN switch software solution If a Summit WM series switch fails, all of its associated Altitude APs can automatically switch over to another Summit WM series switch that has been defined as the secondary or backup Summit WM series switch. If the AP reboots, the original Summit WM series switch is restored. The original Summit WM series switch is restored if it is active.
System Configuration Overview complete configuration. For typical deployments where all APs are to all have the same configuration, this feature will expedite deployment, as an AP will automatically receive full configuration (including WM-AD assignment) upon initial registration with the Summit WM series switch. 6 Altitude AP Configuration – Modify properties or settings of the Altitude AP, if applicable.
Overview of the Summit WM series switch, access points, and WLAN switch software solution 32 Summit WM Series WLAN Switch and Altitude Access Point Software Version 4.
2 Configuring the Summit WM series switch This chapter introduces the Summit WM series switch and describes the steps involved in its initial configuration and setup, including: ● System configuration overview ● Performing the first-time setup of the Summit WM series switch ● Completing the system configuration ● Ongoing Operations of the Summit WM series switch, access points, and WLAN switch software The Summit WM series switch is a network device designed to integrate with an existing wired Loc
Configuring the Summit WM series switch System configuration overview The following section provides a high-level overview of the steps involved in the initial configuration of your system: Step 1 – Before you begin configuration Research the type of WLAN deployment that is required. Step 2 – Preparing the network Ensure relevant DHCP servers and RADIUS servers (if applicable) are available and configured. Step 3 – Installing the hardware Install the Summit WM series switch WM200/2000.
System configuration overview Configuring for remote access In addition, the first-time setup also involves configuring for remote access, which includes: ● Setting up an administration station (laptop) on subnet 192.168.10.0/24. By default, the controller's interface is configured with static IP 192.168.10.1. ● Configuring the system management interface. ● Configuring the data interfaces.
Configuring the Summit WM series switch will expedite deployment, as an AP will automatically receive full configuration (including WM-AD assignment) upon initial registration with the Summit WM series switch. If applicable, modify the properties or settings of the Altitude APs. For more information, see Chapter 5, “WM Access Domain Services configuration.” Step 7 – Confirming the AP firmware version Confirm the latest firmware version is loaded.
Performing the first-time setup of the Summit WM series switch 4 In the User Name box, type your user name. The default is admin. 5 In the Password box, type your password. The default is abc123. Summit WM Series WLAN Switch and Altitude Access Point Software Version 4.
Configuring the Summit WM series switch 6 Click Login. The Summit Wireless Assistant main menu screen is displayed. NOTE In the footer of the Summit Wireless Assistant, the following is displayed: ■ [host name | product name | up time] If there is no key (unlicensed), the product name will not be displayed. ■ User is the user id you used to login in. For example, admin. ■ Port Status is the connectivity state of the port.
Performing the first-time setup of the Summit WM series switch 8 In the left pane, click IP Addresses. The factory default settings for the Summit WM series switch are displayed. Summit WM Series WLAN Switch and Altitude Access Point Software Version 4.
Configuring the Summit WM series switch 9 In the Management Port Settings section, click Modify. The System Port Configuration screen is displayed. 10 Type the following information: ● Hostname – Specifies the name of the Summit WM series switch ● Domain – Specifies the IP domain name of the enterprise network ● Management IP Address – Specifies the new IP address for the Summit WM series switch’s management port. Change this as appropriate for the enterprise network.
Performing the first-time setup of the Summit WM series switch To change the administrator password: 1 From the main menu, click Summit Switch Configuration. The Summit WM series switch Configuration screen is displayed. 2 In the left pane, click Management Users. 3 In the user_admin table, click admin. 4 In the Modify User Password box, type the new administrator password. 5 In the Modify User Confirm Password box, type the new administrator password again. 6 Click Change Password.
Configuring the Summit WM series switch 3 Click the SWM Product Keys tab. 4 In the Apply Product Key section, click Browse to navigate to the location of the product key file and select the file. 5 Click Apply Now. The product license key is applied. Setting up the data ports The next step in the initial setup of the Summit WM series switch is to configure the physical data ports. A new Summit WM series switch is shipped from the factory with all its data ports set up as host ports.
Performing the first-time setup of the Summit WM series switch You can redefine the data ports to function as one of three types: ● Host Port Use a host port definition for connecting Altitude APs with no dynamic routing. A host port has dynamic routing disabled to ensure that the port does not participate in dynamic routing operations, such as OSPF, to advertise the availability of WM Access Domain Services (WM-AD) hosted by the Summit WM series switch.
Configuring the Summit WM series switch To configure the data port interfaces on the Summit WM series switch: 1 From the main menu, click Summit Switch Configuration. The Summit WM series switch Configuration screen is displayed. 2 In the left pane, click IP Addresses. The Management Port Settings and Interfaces screen is displayed. The lower portion of the Summit WM series switch Configuration screen displays the four Ethernet ports. For each port, the MAC address is displayed automatically.
Performing the first-time setup of the Summit WM series switch 4 Type the following: ● IP address – The IP Address of the physical Ethernet port. ● Subnet mask – The appropriate subnet mask for the IP address, which separates the network portion from the host portion of the address (typically 255.255.255.0). ● MTU – The Maximum Transmission Unit or maximum packet size for this port. The default setting is 1500.
Configuring the Summit WM series switch To set a static route on the Summit WM series switch: 1 From the main menu, click Summit Switch Configuration. The Summit WM series switch Configuration screen is displayed. 2 In the left pane, click Routing Protocols. The Static Routes tab is displayed. 3 To add a new route, in the Destination Address box type the destination IP address of a packet. To define a default static route for any unknown address not in the routing table, type 0.0.0.0.
Performing the first-time setup of the Summit WM series switch 8 To save your changes, click Save. To view the forwarding table on the Summit WM series switch: 1 From the main menu, click Reports & Displays. The Summit Reports & Displays screen is displayed. 2 To view the static routes that have been defined for the Summit WM series switch, click Forwarding Table. The Forwarding Table is displayed. This report displays all defined routes, whether static or OSPF, and their current status.
Configuring the Summit WM series switch Ensure that the OSPF parameters defined here for the Summit WM series switch are consistent with the adjacent routers in the OSPF area. This consistency includes the following: ● If the peer router has different timer settings, the protocol timer settings in the Summit WM series switch must be changed to match, in order to achieve OSPF adjacency. ● The MTU of the ports on either end of an OSPF link must match.
Performing the first-time setup of the Summit WM series switch 7 From the Area Type drop-down list, select one of the following: ● Default – The default acts as the backbone area (also known as area zero). It forms the core of an OSPF network. All other areas are connected to it, and inter-area routing happens via a router connected to the backbone area. ● Stub – The stub area does not receive external routes.
Configuring the Summit WM series switch To confirm that ports are set for OSPF: 1 To confirm that the ports are set up for OSPF, and that advertised routes from the upstream router are recognized, click View Forwarding Table. The Forwarding Table is displayed.
Performing the first-time setup of the Summit WM series switch Enabling management traffic on an interface adds additional rules to the exception filter, which opens up the well-known IP(TCP/UDP) ports, corresponding to the HTTPS, SSH, and SNMP applications. The port-based built-in exception filtering rules, in the case of traffic from WM-AD users, are applicable to traffic targeted directly for the WM-AD interface.
Configuring the Summit WM series switch The filtering rules are set up in the same manner as filtering rules defined for a WM-AD — specify an IP address and then either allow or deny traffic to that address. For more information, see “Configuring filtering rules for a WM-AD” on page 123. The rules defined for port exception filters are prepended to the normal set of restrictive exception filters and have precedence over the system's normal protection enforcement.
Completing the system configuration 6 Click Add. The new filter is displayed in the Filter section of the screen. 7 To select the new filter, click it. 8 To allow traffic, select the Allow checkbox. 9 To adjust the order of the filtering rules, click Up or Down to position the rule. The filtering rules are executed in the order defined here. 10 To save your changes, click Save.
Configuring the Summit WM series switch 54 Summit WM Series WLAN Switch and Altitude Access Point Software Version 4.
3 Configuring the Altitude AP This chapter discusses the Altitude AP and the Summit WM series switch, access points, and WLAN switch software solution, including: ● Altitude AP overview ● Discovery and registration overview ● Configuring the Altitude APs for the first time ● Adding and registering an Altitude AP manually ● Modifying Altitude AP settings ● Configuring Dynamic Radio Management ● Modifying an Altitude AP’s properties based on a default AP configuration ● Modifying the Altitude
Configuring the Altitude AP Altitude AP radios The Altitude AP has two radios: ● 5 GHz radio supporting the 802.11a standard – The 802.11a standard is an extension to 802.11 that applies to wireless LANs and provides up to 54 Mbps in the 5-GHz band. The 802.11a standard uses an orthogonal frequency division multiplexing encoding scheme, rather than Frequency-Hopping Spread Spectrum (FHSS) or Direct-Sequence Spread Spectrum (DSSS). ● 2.4 GHz radio supporting the 802.11b/g standards – The 802.
Discovery and registration overview Altitude AP discovery Altitude APs discover the IP address of a Summit WM series switch using a sequence of mechanisms that allow for the possible services available on the enterprise network. The discovery process is successful when the Altitude AP successfully locates a Summit WM series switch to which it can register. You must ensure that the appropriate services on your enterprise network are prepared to support the discovery process.
Configuring the Altitude AP If you use this method for discovery, place an A record in the DNS server for Controller.. The is optional, but if used, ensure it is listed with the DHCP server. ● Step 5 – Use a multicast SLP request to find SLP SAs If all of the preceding methods fail to locate a Summit WM series switch, the Altitude AP sends a multicast SLP request, looking for any SLP Service Agents providing the Extreme Networks service.
Discovery and registration overview WARNING! Disconnecting an Altitude AP from its power supply during a firmware upgrade may cause firmware corruption rendering the AP unusable. The table below assumes the software uses a timer and multiple phases to simulate LED blinking on all three LEDs. For example, an LED status of Red indicates the LED is solid colored Red, an LED status of Off/Green/Off indicates that the LED is Off for the first phase, Green for the second phase, and Off for the third phase.
Configuring the Altitude AP Configuring the Altitude APs for the first time Before the Altitude AP is configured for the first time, you must first confirm that the following has already occurred: ● The Summit WM series switch has been set up. For more information, see Chapter 2, “Configuring the Summit WM series switch.” ● The Summit WM series switch, access points, and WLAN switch software has been configured. For more information, see Chapter 2, “Configuring the Summit WM series switch.
Configuring the Altitude APs for the first time ● ● If the Summit WM series switch recognizes the serial number, it indicates that the registering device is pre-registered with the controller. The controller uses the existing registration record to authenticate the AP and the existing configuration record to configure the AP.
Configuring the Altitude AP To define the discovery process parameters: 1 From the main menu, click Altitude AP Configuration. The Altitude AP screen is displayed. 2 In the left pane, click WAP Registration. The Altitude AP Registration screen is displayed. 3 In the Security Mode section, select one of the following: ● Allow all Altitude APs to connect ● Allow only approved Altitude APs to connect The Allow all Altitude APs to connect option is selected by default.
Adding and registering an Altitude AP manually Connecting the Altitude AP to a power source and initiating the discovery and registration process When an Altitude AP is powered on, it automatically begins the discovery and registration process with the Summit WM series switch. An Altitude AP can be connected and powered in the following ways: ● ● Power over Ethernet (802.3af): ● PoE enabled switch port ● PoE Injector Power by AC adaptor For more information, see the AP Install Guide.
Configuring the Altitude AP 8 Click Add Altitude AP. The Altitude AP is added and registered. When an Altitude AP is added manually, it is added to the controller database only and does not get assigned. 9 Click Close. Modifying Altitude AP settings Altitude APs are added with default settings, which you can adjust and configure according to your network requirements. In addition, you can modify the properties and the settings for each radio on the Altitude AP.
Modifying Altitude AP settings To modify an Altitude AP's registration status: 1 From the main menu, click Altitude AP Configuration. The Altitude AP screen is displayed. 2 In the left pane, click Access Approval. The Access Approval screen is displayed, along with the registered Altitude APs and their status. 3 To select the Altitude APs for status change, do one of the following: ● For a specific Altitude AP, select the corresponding checkbox.
Configuring the Altitude AP Configuring the default AP settings Altitude APs are added with default settings. You can modify the system’s Altitude AP default settings accordingly, and then use these default settings to configure newly added Altitude APs. In addition, you can base the system’s Altitude AP default settings on an existing Altitude AP configuration or have configured Altitude APs inherit the properties of the default Altitude AP configuration when they register with the system.
Modifying Altitude AP settings some channels may be restricted. The default value is based on North America. The Auto selection allows the Altitude AP to select the appropriate channel automatically. For more information, see Appendix B, “Regulatory Information.” If DRM is enabled (DRM is enabled by default), it scans automatically for a channel, using a channel selection algorithm. For more information, see “Configuring Dynamic Radio Management” on page 77.
Configuring the Altitude AP 36, 28, or 54 Mbps for 11b+11g or 11g-only modes. If necessary, the Max Operational Rate choices adjust automatically to be higher or equal to the Min Basic Rate. 6 In the Static Configuration section, modify the following: ● In the Add box, type the IP address of the Summit WM series switch that will control this Altitude AP. ● Click Add. The IP address is added to the list. ● Repeat to add additional Summit WM series switches.
Modifying Altitude AP settings To modify an Altitude AP’s properties: 1 From the main menu, click Altitude AP Configuration. The Altitude AP screen is displayed. 2 In the Altitude AP list, click the Altitude AP whose properties you want to modify. The AP Properties tab displays Altitude AP information. 3 Modify the Altitude AP’s information: ● Name – Type a unique name for the Altitude AP that identifies the AP. The default value is the Altitude AP’s serial number.
Configuring the Altitude AP ■ If a BSSID is deactivated or removed on the Altitude AP. This option is disabled by default. ● Country – Select the country of operation. This option is only available with some licenses. The following on the AP Properties tab are view only: ● Serial # – Displays a unique identifier that is assigned during the manufacturing process. ● Hardware Version – Displays the current version of the Altitude AP hardware.
Modifying Altitude AP settings ● If applicable, click the 802.11b/g tab to modify the radio properties. ■ DTIM Period – Type the desired DTIM (Delivery Traffic Indication Message) period—the number of beacon intervals between two DTIM beacons. To ensure the best client power savings, use a large number. For example, 5. Use a small number for broadcast and multicast delay. The default value is 1. ■ Beacon Period – Type the desired time, in milliseconds, between beacon transmissions.
Configuring the Altitude AP If DRM is enabled (DRM is enabled by default), it scans automatically for a channel, using a channel selection algorithm. For more information, see “Configuring Dynamic Radio Management” on page 77. 72 ■ Tx Power Level – Select the Tx power level: Min, 13%, 25%, 50%, or Max. If Dynamic Radio Management (DRM) was enabled on the DRM screen, this option is read-only.
Modifying Altitude AP settings ■ Protection Type – Select a protection type: CTS Only or RTS CTS. The default and recommended setting is CTS Only. Select RTS CTS only if an 11b AP that operates on the same channel is detected in the neighborhood, or if there are many 11b-only clients in the environment. NOTE The overall throughput is reduced when Protection Mode is enabled, due to the additional overhead caused by the RTS/CTS.
Configuring the Altitude AP ● RTS/CTS Threshold – Type the packet size threshold, in bytes, above which the packet will be preceded by an RTS/CTS (Request to Send/Clear to Send) handshake. The default value is 2346, which means all packets are sent without RTS/CTS. Reduce this value only if necessary. ● Frag. Threshold – Type the fragment size threshold, in bytes, above which the packets will be fragmented by the AP prior to transmission.
Modifying Altitude AP settings ● No of Retries for Video VI – Select the number of retries for the Video transmission queue. The default value is 4. The recommended setting is adaptive (multi-rate). ● No of Retries for Voice VO – Select the number of retries for the Voice transmission queue. The default value is 1. The recommended setting is adaptive (multi-rate). ● No of Retries for Turbo Voice TVO – Select the number of retries for the Turbo Voice transmission queue. The default value is 1.
Configuring the Altitude AP 3 Click the Static Configuration tab. 4 Select one of the VLAN settings for the Altitude AP: ● Tagged - VLAN ID – Select if you want to assign this AP to a specific VLAN and type the value in the box. ● Untagged – Select if you want this AP to be untagged. This option is selected by default. WARNING! Caution should be exercised when using this feature. If a VLAN tag is not configured properly, the connectivity with the AP will be lost.
Configuring Dynamic Radio Management 5 Select one of the two methods of IP address assignment for the Altitude AP: ● Use DHCP – Select this option to enable Dynamic Host Configuration Protocol (DHCP). This option is enabled by default. ● Static Values – Select this option to specify the IP address of the Altitude AP. ■ IP Address – Type the IP address of the AP. ■ Subnet Mask – Type the appropriate subnet mask to separate the network portion from the host portion of the address.
Configuring the Altitude AP ● Avoids other WLANs by reducing transmit power whenever other APs with the same channel, but different SSIDs are detected. To configure the DRM software: 1 From the main menu, click Altitude AP Configuration. The Altitude AP screen is displayed. 2 In the left pane, click DRM. 3 Confirm the Enable DRM checkbox is selected. 4 To refresh the Altitude APs list, click Save. The list is populated with the Altitude APs.
Modifying an Altitude AP’s properties based on a default AP configuration NOTE If SSID Broadcast is disabled and DRM is enabled, you must provide an RF Domain ID. 9 From the Minimum drop-down list, select the minimum power level below which the power cannot be further reduced by the DRM. 10 From the Maximum drop-down list, select the maximum power level above which the power cannot be further increased by the DRM.
Configuring the Altitude AP To modify the system’s default AP settings based on an already configured AP: 1 From the main menu, click Altitude AP Configuration. The Altitude AP screen is displayed. 2 In the Altitude AP list, click the Altitude AP whose properties you want to become the system’s default AP settings. The AP Properties tab displays Altitude AP information. 3 If applicable, modify the Altitude AP’s properties. For more information, see “Modifying an Altitude AP’s properties” on page 68.
Performing Altitude AP software maintenance 3 In the Altitude APs list, select one or more APs to edit. To select multiple APs, select the appropriate APs from the list while pressing the CTRL key. The Channel drop-down list is not available if using the multi-edit feature. NOTE When using multi-edit configuration, any box or option that is not explicitly modified will not be changed by the update. The Altitude APs shown in the Altitude APs list can be from any version of the software.
Configuring the Altitude AP To maintain the list of current Altitude AP software images: 1 From the main menu, click Altitude AP Configuration. The Altitude AP Configuration screen is displayed. 2 From the left pane, click WAP Maintenance. The WAP Software Maintenance tab is displayed. 3 From the WAP Images for Platform drop-down list select the appropriate platform. 4 To select an image to be the default image for a software upgrade, select it in the list, and then click Set as default.
Performing Altitude AP software maintenance 8 To save your changes, click Save. To delete an Altitude AP software image: 1 From the main menu, click Altitude AP Configuration. The Altitude AP Configuration screen is displayed. 2 From the left pane, click WAP Maintenance. The WAP Software Maintenance tab is displayed. 3 From the WAP Images for Platform drop-down list, select the appropriate platform. 4 To select an image in the WAP Images list to delete, click it. 5 Click the Delete button.
Configuring the Altitude AP 3 Click the Controlled Upgrade tab. NOTE The Controlled Upgrade tab will appear only when the Upgrade Behavior is set to Upgrade when AP connects using settings from Controlled Upgrade on the AP Software Maintenance tab. 4 From the Select WAP Platform drop-down list, select the type of AP you want to upgrade. 5 From the Select an image to use drop-down list, select the software image you want to use for the upgrade.
4 WM Access Domain Services (WM-AD) This chapter describes WM Access Domain Services (WM-AD) concepts, including: ● WM-AD overview ● Setting up a WM-AD checklist ● Topology of a WM-AD ● RF assignment for a WM-AD ● Authentication for a WM-AD ● Filtering for a WM-AD ● Data protection on a WM-AD—WEP and WPA ● WM-AD global settings ● Setting up a new WM-AD WM-AD overview A WM-AD is an IP subnet designed to enable Altitude APs to interact with wireless devices.
WM Access Domain Services (WM-AD) ● Each WM-AD represents a mobility group that, when configured, can be carried across multiple Summit WM series switches. This does not apply for a bridged WM-AD. ● Each WM-AD also offers unique Authentication, Authorization and Accounting (AAA) services. Setting up a WM-AD checklist WM-AD provides a versatile means of mapping wireless networks to the topology of an existing wired network.
Topology of a WM-AD User access plan The user access plan should analyze the enterprise network and identify which users should have access to which areas of the network. What areas of the network should be separated? Which users can go out to the World Wide Web? The Summit WM series switch, access points, and WLAN switch software system relies on authenticating users via a RADIUS server (or other authentication server). To make use of this feature, an authentication server on the network is required.
WM Access Domain Services (WM-AD) ● ● Requires filtering rules for group filter IDs after authentication. A default filter applies if a more specific filter is not indicated by the RADIUS Access-Accept response. ● Used for a WM-AD supporting wireless voice traffic (QoS) ● Used for a WM-AD supporting third-party APs ● Has WEP and WPA-PSK privacy AAA: ● Has 802.1x authentication ● Requires filtering rules for group filter IDs and default filter. A definition of group filter IDs is optional.
Authentication for a WM-AD Authentication for a WM-AD The third step in setting up a WM-AD is to configure the authentication mechanism for the WM-AD. The authentication mechanism depends on the network assignment. In addition, all WM-AD definitions can include authentication by Media Access Control (MAC) address. Authentication by MAC address provides a method of access control for a user as it associates with the AP based on the device's MAC address.
WM Access Domain Services (WM-AD) ● Extensible Authentication Protocol with Tunneled Transport Layer Security (EAP-TTLS) – Relies on mutual authentication of client and server through an encrypted tunnel. Unlike EAP-TLS, it requires only server-side certificates. The client uses PAP, CHAP, or MS-CHAPv2 for authentication.
Filtering for a WM-AD Within each type of filter, define a sequence of filtering rules. The filtering rule sequence must be arranged in the order that you want them to take effect. Each rule is defined to allow or deny traffic in either direction: ● In – From a wireless device in to the network ● Out – From the network out to a wireless device Final filter rule The final rule in any filter should act as a catch-all for any traffic that did not match a filter.
WM Access Domain Services (WM-AD) The following is a high-level description of how Summit WM series switch filters traffic: Step One – The Summit WM series switch attempts to match each packet of a WM-AD to the filtering rules that apply to the wireless device user. Step Two – If a filtering rule is matched, the operation to allow or deny is executed. Step Three – The next packet is fetched for filtering.
WM-AD global settings To define RADIUS servers for WM-AD global settings: 1 From the main menu, click WM Access Domain Configuration. The WM Access Domains list is displayed. 2 In the left pane, click Global Settings. The Authentication tab is displayed. 3 To define a RADIUS server available on the network, do the following: ● In the Server Name box, type a name. ● In the Server Address box, type the IP address. ● In the Shared Secret box, type the password that is required in both directions.
WM Access Domain Services (WM-AD) To define admission control thresholds for WM-AD global settings: 1 From the main menu, click WM Access Domain Configuration. The WM Access Domains list is displayed. 2 In the left pane, click Global Settings. The Authentication tab is displayed. 3 Click the Wireless QoS tab.
WM-AD global settings To define inter-Summit WM series switch shared secret for WM-AD global settings: 1 From the main menu, click WM Access Domain Configuration. The WM Access Domains list is displayed. 2 In the left pane, click Global Settings. 3 Click the General tab. 4 In the Inter-SWM Shared Secret box, type a password between 8 and 63 characters long, to be used between Summit WM series switches. The shared secret is to encrypt pre-shared keys that have to be moved between controllers for mobility.
WM Access Domain Services (WM-AD) Setting up a new WM-AD Now that you are familiar with the WM-AD concepts, you can now set up a new WM-AD. Setting up a new WM-AD involves the following general steps: ● Step one – Create a WM-AD name ● Step two – Define the topology parameters ● Step three – Configure the WM-AD For information on setting up a new WM-AD, see Chapter 5, “WM Access Domain Services configuration.” 96 Summit WM Series WLAN Switch and Altitude Access Point Software Version 4.
5 WM Access Domain Services configuration This chapter discusses WM Access Domain Services (WM-AD) configuration, including: ● Topology for a WM-AD ● Assigning Altitude AP radios to a WM-AD ● Authentication for a WM-AD ● Defining accounting methods for a WM-AD ● Defining RADIUS filter policy for WM-ADs and WM-AD groups ● Configuring filtering rules for a WM-AD ● Enabling multicast for a WM-AD ● Configuring privacy for a WM-AD ● Defining a WM-AD with no authentication ● Defining priority
WM Access Domain Services configuration To create a new WM-AD name: 1 From the main menu, click WM Access Domain Configuration. The WM Access Domain Configuration screen is displayed. 2 In the left pane, type a name that will identify the new WM-AD in the Add subnet box, and then click Add subnet. The name is displayed in the WM-AD list. The Topology screen is displayed. The following sections describe in detail how to define the WM-AD topology parameters and configure the WM-AD.
Topology for a WM-AD To create an SSID for Captive Portal WM-AD: 1 From the main menu, click WM Access Domain Configuration. The WM Access Domain Configuration screen is displayed. 2 In the left pane WM Access Domains list, click the WM-AD you want to create an SSID for. The Topology tab is displayed. 3 From the Assignment by drop-down list, select SSID.
WM Access Domain Services configuration The session timer defines the maximum amount of time a session is allowed to be connected to the system. The session timer is particularly useful in pay-per-use models. When the lifetime of the session reaches the defined limit, the session is expired and cleaned up. A user would have to re-authenticate with the system to continue to receive network services.
Topology for a WM-AD A third-party AP WM-AD allows for the specification of a segregated subnet by which non-Extreme Altitude APs are used to provide RF services to users while still utilizing the Summit WM series switch for user authentication and user policy enforcement. NOTE Third-party AP devices are not fully integrated with the system and therefore must be managed individually to provide the correct user access characteristics.
WM Access Domain Services configuration To define a next hop route and OSPF advertisement: 1 From the main menu, click WM Access Domain Configuration. The WM Access Domain Configuration screen is displayed. 2 In the left pane WM Access Domains list, click the WM-AD you want to define a next-hop route for. The Topology tab is displayed. 3 In the Next Hop Address box, type the IP address of the next hop router on the network through which you wish all traffic on this WM-AD to be directed.
Topology for a WM-AD The Address Range boxes (from and to) populate automatically with the range of IP addresses to be assigned to wireless devices using this WM-AD, based on the IP address you provided. ● To modify the address in the Address Range from box, type the first available address. ● To modify the address in the Address Range to box, type the last available address. ● If there are specific IP addresses to be excluded from this range, click Exclusion(s).
WM Access Domain Services configuration To modify time limits for IP assignments: 1 From the main menu, click WM Access Domain Configuration. The WM Access Domain Configuration screen is displayed. 2 In the left pane WM Access Domains list, click the WM-AD you want to set time limits for. The Topology tab is displayed. 3 In the Lease default box, type the default time limit. The default time limit dictates how long a wireless device can keep the DHCP server assigned IP address.
Topology for a WM-AD To use an external DHCP server for the WM-AD: 1 From the main menu, click WM Access Domain Configuration. The WM Access Domain Configuration screen is displayed. 2 In the left pane WM Access Domains list, click the WM-AD you want to use DHCP relay for. The Topology tab is displayed. 3 From the DHCP Option drop-down list, select Use DHCP Relay. 4 In the Gateway box, type the IP address for the WM-AD. 5 In the Mask box, type the appropriate subnet mask for this IP address.
WM Access Domain Services configuration 3 From the Assignment by drop-down list, select AAA. 4 Configure the topology for your WM-AD accordingly. For more information, see “Topology for a WM-AD” on page 98. 5 To save your changes, click Save. Saving your topology properties Once your topology is defined, you can then save your topology properties to continue configuring your WM-AD. To save your topology properties, click Save.
Assigning Altitude AP radios to a WM-AD to any of the WM-ADs defined within the system. The following lists the number of WM-ADs that each Summit WM series switch can support: ● WM200 -- up to 32 WM-ADs ● WM2000 -- up to 64 WM-ADs To assign Altitude APs to a WM-AD: 1 From the main menu, click WM Access Domain Configuration. The WM Access Domain Configuration screen is displayed. 2 In the left pane WM Access Domains list, click the WM-AD you want to assign Altitude APs to. The Topology tab is displayed.
WM Access Domain Services configuration 7 To save your changes, click Save. You can view the WM-ADs that each radio is assigned to by clicking on each radio tab in the Altitude AP Configuration screen. Authentication for a WM-AD The next step in configuring a WM-AD is to set up the authentication mechanism.
Authentication for a WM-AD Table 4: Vendor Specific Attributes (Continued) Attribute Name ID Type Messages Description Extreme-WM-ADName 4 string Sent to RADIUS server The name of the Virtual Network the client has been assigned to. It is used in assigning policy and billing options, based on service selection. Extreme-SSID 5 string Sent to RADIUS server The name of the SSID the client is associating to. It is used in assigning policy and billing options, based on service selection.
WM Access Domain Services configuration To define authentication by Captive Portal: 1 From the main menu, click WM Access Domain Configuration. The WM Access Domain Configuration screen is displayed. 2 In the left pane WM Access Domains list, click the WM-AD you want to set up authentication by Captive Portal for. The Topology tab is displayed. 3 Click the Auth & Acct tab. On the Auth & Acct tab, there are three options: ● Auth – Use to define authentication servers.
Authentication for a WM-AD 5 From the RADIUS drop-down list, select the server you want to use for Captive Portal authentication, and then click Use. The server’s default information is displayed. The RADIUS servers are defined in the Global Settings screen. For more information, see “WM-AD global settings” on page 92. The selected server is no longer available in the RADIUS drop-down list.
WM Access Domain Services configuration 10 In the Auth. Type drop-down list, select the authentication protocol to be used by the RADIUS server to authenticate the wireless device users.
Authentication for a WM-AD To define the RADIUS server priority for RADIUS redundancy: 1 From the main menu, click WM Access Domain Configuration. The WM Access Domain Configuration screen is displayed. 2 In the left pane WM Access Domains list, click the WM-AD you want to define the RADIUS server priority for. The Topology tab is displayed. 3 Click the Auth & Acct tab.
WM Access Domain Services configuration To configure the Captive Portal settings for internal Captive Portal: 1 From the main menu, click WM Access Domain Configuration. The WM Access Domain Configuration screen is displayed. 2 In the left pane WM Access Domains list, click the WM-AD you want to configure the Captive Portal settings for. The Topology tab is displayed. 3 Click the Auth & Acct tab. 4 Click Configure Captive Portal Settings. The Captive Portal Configurations screen is displayed.
Authentication for a WM-AD 10 In the Message box, type the message that will appear above the Login box to greet the user. For example, the message could explain why the Captive Portal page is appearing, and instructions for the user. 11 In the Replace Gateway IP with FQDN box, type the appropriate name if a Fully Qualified Domain Name (FQDN) is used as the gateway address. 12 In the Default Redirection URL box, type the URL to which the wireless device user will be directed to before authentication.
WM Access Domain Services configuration 7 Type the port of the Summit WM series switch. If there is an authentication server configured for this WM-AD, the external Captive Portal page on the external authentication server will send the request back to the Summit WM series switch to allow the Summit WM series switch to continue with the RADIUS authentication and filtering.
Authentication for a WM-AD 3 Click the Auth & Acct tab. On the Auth & Acct tab, there are three options: ● Auth – Use to define authentication servers. ● MAC – Use to define servers for MAC-based authentication. ● Acct – Use to define accounting servers. 4 Click Auth. The Authentication fields are displayed. Summit WM Series WLAN Switch and Altitude Access Point Software Version 4.
WM Access Domain Services configuration 5 From the RADIUS drop-down list, select the server you want to use for Captive Portal authentication, and then click Use. The server’s default information is displayed. The RADIUS servers are defined in the Global Settings screen. For more information, see “WM-AD global settings” on page 92. The selected server is no longer available in the RADIUS drop-down list.
Authentication for a WM-AD 10 In the Include VSA Attributes section, click the appropriate checkboxes to include the Vendor Specific Attributes in the message to the RADIUS server: ● AP’s ● WM-AD’s ● SSID The Vendor Specific Attributes must be defined on the RADIUS server. 11 If applicable, select Set as primary server. 12 To save your changes, click Save.
WM Access Domain Services configuration 5 From the RADIUS drop-down list, select the server you want to use for MAC authentication, and then click Use. The server’s default information is displayed and a red asterisk is displayed next to MAC, indicating that a server has been assigned. The RADIUS servers are defined in the Global Settings screen. For more information, see “WM-AD global settings” on page 92.
Defining accounting methods for a WM-AD 13 In the Include VSA Attributes section, click the appropriate checkboxes to include the Vendor Specific Attributes in the message to the RADIUS server: ● AP’s ● WM-AD’s ● SSID The Vendor Specific Attributes must be defined on the RADIUS server. 14 If applicable, select Set as primary server. 15 To enable MAC-based authentication on roam, select the MAC-based authentication on roam checkbox.
WM Access Domain Services configuration 5 From the RADIUS drop-down list, select the server you want to use for RADIUS accounting, and then click Use. The server’s default information is displayed and a red asterisk is displayed next to Acct, indicating that a server has been assigned. The RADIUS servers are defined in the Global Settings screen. For more information, see “WM-AD global settings” on page 92. 6 Select Use server for RADIUS Accounting.
Configuring filtering rules for a WM-AD 3 Click the RAD Policy tab. 4 In the Filter ID Values box, type the name of a group that you want to define specific filtering rules for to control network access. 5 Click the corresponding Add button. The filter ID value is displayed in the list. These filter ID values will appear in the Filter ID list on the Filtering tab. These filter ID values must match those set up for the filter ID attribute in the RADIUS server.
WM Access Domain Services configuration matches are found, then the default filter is applied. WM-AD Policy is also applicable for Captive Portal and MAC-based authorization. Filtering rules for an exception filter The exception filter provides a set of rules aimed at restricting the type of traffic that is delivered to the controller. By default, your system is shipped with a set of restrictive filtering rules that help control access through the interfaces to only absolutely necessary services.
Configuring filtering rules for a WM-AD 3 Click the Filtering tab. 4 From the Filter ID drop-down list, select Exception. 5 For each filtering rule you are defining, do the following: ● In the IP/subnet:port box, type the destination IP address. You can also specify an IP range, a port designation, or a port range on that IP address. ● In the Protocol drop-down list, select the applicable protocol. The default is N/A.
WM Access Domain Services configuration Defining non-authenticated filters Defining non-authenticated filters allows administrators to identify destinations to which a user is allowed to access without incurring an authentication redirection. Typically, the recommended default rule is to deny all.
Configuring filtering rules for a WM-AD 4 From the Filter ID drop-down list, select Non-Authenticated. The Filtering tab automatically provides a Deny All rule already in place. Use this rule as the final rule in the non-authenticated filter for Captive Portal. 5 For each filtering rule you are defining, do the following: ● In the IP/subnet:port box, type the destination IP address. You can also specify an IP range, a port designation, or a port range on that IP address.
WM Access Domain Services configuration NOTE Administrators must ensure that the non-authenticated filter allows access to the corresponding authentication server: ● Internal Captive Portal – IP address of the WM-AD interface ● External Captive Portal – IP address of external Captive Portal server Non-authenticated filter examples A basic non-authenticated filter for internal Captive Portal should have three rules, in the following order: Table 5: Non-authenticated filter example A In Out Allow IP
Configuring filtering rules for a WM-AD Once a wireless device user has logged in on the Captive Portal page, and has been authenticated by the RADIUS server, then the following filters will apply: ● Filter ID – If a filter ID associated with this user was returned by the authentication server.
WM Access Domain Services configuration 4 From the Filter ID drop-down list, select one of the names you defined in the Filter ID Values field on the RAD Policy tab. For example, select one of your organization’s user groups, such as Sales, Engineering, Teacher, Guest, etc. The Filtering tab automatically provides a Deny All rule already in place. This rule can be modified to Allow All, if appropriate to the network access needs for this WM-AD.
Configuring filtering rules for a WM-AD Filtering rules by filter ID examples Below are two examples of possible filtering rules for a filter ID. The first example disallows some specific access before allowing everything else. Table 7: Filtering rules by filter ID example A In Out x Allow IP / Port Description x *.*.*.*:22-23 SSH and telnet sessions x x [specific IP address, range] Deny all traffic to a specific IP address or address range x x *.*.*.*.
WM Access Domain Services configuration 4 From the Filter ID drop-down list, select Default. The Filtering tab automatically provides a Deny All rule already in place. This rule can be modified to Allow All, if appropriate to the network access needs for this WM-AD.
Enabling multicast for a WM-AD Table 10: Default filter example B (Continued) In Out Allow IP / Port Description x Intranet IP 10.3.0.20 Allow all other traffic from the wireless devices to the Intranet network x x Intranet IP 10.3.0.20 Allow all other traffic from Intranet network to wireless devices x x *.*.*.*.
WM Access Domain Services configuration To enable multicast for a WM-AD: 1 From the main menu, click WM Access Domain Configuration. The WM Access Domain Configuration screen is displayed. 2 In the left pane WM Access Domains list, click the WM-AD you want to enable Multicast for. The Topology tab is displayed. 3 Click the Multicast tab. 4 To enable the multicast function, click Enable Multicast Support.
Configuring privacy for a WM-AD Configuring privacy for a WM-AD Privacy is a mechanism that protects data over wireless and wired networks, usually by encryption techniques. The following section describes how the Privacy mechanism is handled for a Captive Portal WM-AD and an AAA WM-AD.
WM Access Domain Services configuration 4 Select Static Keys (WEP). 5 From the WEP Key Length drop-down list, select the WEP encryption key length: ● 40-bit ● 104-bit ● 128-bit 6 Select one of the following input methods: ● Input Hex – If you select Input Hex, type the WEP key input in the WEP Key box. The key is generated automatically, based on the input. ● Input String – If you select Input String, type the secret WEP key string used for encrypting and decrypting in the WEP Key String box.
Configuring privacy for a WM-AD 5 To enable WPA v1 encryption, select WPA v.1. 6 If WPA v.1 is enabled, select one of the following encryption types from the Encryption drop-down list: ● Auto – The AP will advertise both TKIP and CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) for WPAv1. CCMP is an IEEE 802.11i encryption protocol that uses the encryption cipher AES (Advanced Encryption Standard). Auto is the default.
WM Access Domain Services configuration Privacy for a WM-AD for AAA For a WM-AD with authentication by 802.
Configuring privacy for a WM-AD 5 From the WEP Key Length drop-down list, select the WEP encryption key length: ● 40-bit ● 104-bit ● 128-bit 6 Select one of the following input methods: ● Input Hex – If you select Input Hex, type the WEP key input in the WEP Key box. The key is generated automatically, based on the input. ● Input String – If you select Input String, type the secret WEP key string used for encrypting and decrypting in the WEP Key String box.
WM Access Domain Services configuration ● A Message Integrity Check or Code (MIC), an additional 8-byte code that is inserted before the standard WEP 4-byte Integrity Check Value (ICV). These integrity codes are used to calculate and compare, between sender and receiver, the value of all bits in a message, which ensures that the message has not been tampered with. The encryption portion of WPA v2 is Advanced Encryption Standard (AES). AES includes: ● A 128 bit key length, for the WPA2/802.
Configuring privacy for a WM-AD 4 Select WPA. 5 To enable WPA v1 encryption, select WPA v.1. 6 From the Encryption drop-down list, select one of the following encryption types: ● Auto – The AP will advertise both TKIP and CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) for WPAv1. CCMP is an IEEE 802.11i encryption protocol that uses the encryption cipher AES (Advanced Encryption Standard). Auto is the default.
WM Access Domain Services configuration Defining a WM-AD with no authentication You can set up a WM-AD that will bypass all authentication mechanisms and run Summit WM series switch, access points, and WLAN switch software with no authentication of a wireless device user. A WM-AD with no authentication can still control network access using filtering rules.
Defining priority level and service class for WM-AD traffic In order to provide better network traffic flow, the Summit WM series switch, access points, and WLAN switch software provides advanced Quality of Service (QoS) management. These management techniques include: ● WMM (Wi-Fi Multimedia) – Enabled globally on the Altitude AP, the standard provides multimedia enhancements that improve the user experience for audio, video, and voice applications. WMM is part of the 802.11e standard for QoS.
WM Access Domain Services configuration Configuring the priority override Priority override allows you to define the desired priority level. Priority override can be used with any combination, as shown in Table 14. You can user is allowed to configure the service class (L2 override) and the DSCP values (L3 override values). When Priority Override is enabled, the configured service class overrides the queue selection in the downlink direction, the 802.
Working with Quality of Service (QoS) All combinations of the three modes are valid. The following table summarizes all possible combinations: Table 14: QoS mode combinations Configuration Legacy mode x x x WMM mode x x 802.11e mode Traffic that is classified and prioritized To legacy client x x x x x x x x x x x x x x x x From legacy client To WMM client x From WMM client To 802.11e client x x From 802.
WM Access Domain Services configuration Table 16: Traffic prioritization WM-AD type Packet Source Packet type L2 L3 Tunneled Wired Untagged No Yes Branch Wired VLAN tagged Yes Yes Branch Wired Untagged No Yes Branch or Tunneled Wireless WMM Yes Yes Branch or Tunneled Wireless non-WMM No Yes Configuring the QoS policy on a WM-AD The following is an overview of the steps involved in configuring the QoS on a WM-AD.
Configuring the QoS policy on a WM-AD Step 3 – Defining the DSCP and service class classifications: All 64 DSCP code-points are supported. The IETF defined codes are listed by name and code. Undefined codes are listed by code.
WM Access Domain Services configuration 3 Click the QoS Policy tab. 4 From the Wireless QoS list, select the following: ● Legacy – Select if your WM-AD will support legacy devices that use SpectraLink Voice Protocol (SVP) for prioritizing voice traffic. If selected, the Turbo Voice option is displayed. ● WMM – Select to enable the AP to accept WMM client associations, and classify and prioritize the downlink traffic for all WMM clients.
Bridging traffic locally ● ■ Gold (4) ■ Silver (3) ■ Bronze (2) ■ Best Effort (1) ■ Background (0) – The lowest priority level DSCP marking – From the drop-down list, select the DSCP value used to tag the IP header of the encapsulated packets. 6 If you want to assign a service class to each DSCP marking, clear the Priority Override checkbox and define the DSCP service class priorities in the DSCP classification table.
WM Access Domain Services configuration 5 To define the VLAN Setting, select one of the following: ● Tagged ● Untagged If you select Tagged, type the VLAN ID in the VLAN ID box. The default value is 1. NOTE The VLAN IDs are assigned by the branch office network administrator. The AP will operate correctly only if the VLAN ID is unique per AP. Configuring two untagged branch WM-ADs to the same AP on different radios is permitted.
Bridging traffic locally If it has more then one branch mode WM-AD, only one bridged WM-AD can be untagged per AP. The other branch mode WM-ADs need to have unique VLAN ID. You must have VLAN aware L2 switches to support this feature. NOTE When a WM-AD is setup for bridged mode, it cannot be switched to tunneled mode. The administrator must delete and re-add the WM-AD. Summit WM Series WLAN Switch and Altitude Access Point Software Version 4.
WM Access Domain Services configuration 152 Summit WM Series WLAN Switch and Altitude Access Point Software Version 4.
6 Availability, mobility, and controller functionality This chapter describes the availability and mobility concepts, including: ● ● ● ● ● ● ● ● Availability overview Mobility manager Defining management users Configuring network time Configuring Check Point event logging Enabling SNMP Using controller utilities Configuring Web session timeouts The Summit WM series switch provides additional functionality including: ● Availability – Maintains service availability in the event of a Summit WM series swit
Availability, mobility, and controller functionality From the viewpoint of an Altitude AP, if a Summit WM series switch or the connection to it fails, the Altitude AP begins its discovery process. The Altitude AP is directed to the appropriate backup controller of the pair. This connection may require the Altitude AP to reboot. Users on the Altitude AP must log in again and be authenticated on the second Summit WM series switch.
Availability overview An alternate method to setting up APs includes: 1 Add each Altitude AP manually to each Summit WM series switch. 2 From the AP Properties screen, click Add Altitude AP. 3 Define the Altitude AP and click Add Altitude AP. Manually defined APs will inherit the default AP configuration settings. WARNING! If two Summit WM series switches are paired and one has the Allow All option set for Altitude AP registration, all Altitude APs will register with that Summit WM series switch.
Availability, mobility, and controller functionality 5 Do one of the following: ● To set this Summit WM series switch as the primary connection point, select the Current Summit Switch is primary connect point checkbox. ● To set this Summit WM series switch as the secondary connection point, clear the Current Summit Switch is primary connect point checkbox. If the Current Wireless Switch is primary connect point checkbox is selected, the specified switch waits for a request.
Availability overview To view SLP activity: 1 From the main menu, click Altitude AP Configuration. The Altitude APs screen is displayed. 2 In the left pane, click AP Registration. The Altitude AP Registration screen is displayed. 3 To confirm SLP registration, click the View SLP Registration button. A pop-up screen displays the results of the diagnostic slpdump tool, to confirm SLP registration. Summit WM Series WLAN Switch and Altitude Access Point Software Version 4.
Availability, mobility, and controller functionality Events and actions during a failover If one of the Summit WM series switches in a pair fails, the connection between the two Summit WM series switches is lost. This triggers a failover mode condition, and a critical message is displayed in the information log of the remaining Summit WM series switch.
Mobility manager When the Altitude APs connect to the second Summit WM series switch, they will be assigned to the WM-AD that is defined in the system’s default AP configuration. The wireless device users will log in again and be authenticated on the second Summit WM series switch. When the failed Summit WM series switch recovers, each Summit WM series switch in the pair goes back to normal mode. They exchange information that includes the latest lists of registered Altitude APs.
Availability, mobility, and controller functionality ● Defines the registration behavior for a multi-controller mobility domain set: ● Open mode – A new agent is automatically able to register itself with the mobility manager and immediately becomes part of the mobility domain ● Secure mode – The mobility manager does not allow a new agent to automatically register. Instead, the connection with the new agent is placed in pending state until the administrator approves the new device.
Mobility manager To designate a mobility manager: 1 From the main menu, click Summit Switch Configuration. The Summit Switch Configuration screen is displayed. 2 In the left pane, click Mobility Manager. The Mobility Manager Settings screen is displayed. 3 To enable mobility for this controller, select the Enable Mobility checkbox. The controller mobility options appear. 4 Select the This Summit Switch is a Mobility Manager option. The mobility manager options appear.
Availability, mobility, and controller functionality 9 Select the Security Mode option: ● Allow all mobility agents to connect – All mobility agents can connect to the mobility manager. ● Allow only approved mobility agents to connect – Only approved mobility agents can connect to the mobility manager. 10 To save your changes, click Save. NOTE If you set up one Summit WM series switch on the network as a mobility manager, all other Summit WM series switches must be set up as mobility agents.
Defining management users 7 From the Discovery Method drop-down list, select one of the following: ● SLPD – Service Location Protocol Daemon is a background process acting as a SLP server. It provides the functionality of the Directory Agent and Service Agent for SLP. Use SLP to support the discovery of extremeNET service to attempt to locate the area mobility manager controller. ● Static Configuration – Select Static Configuration if you want to enter the IP address of the mobility manager manually.
Availability, mobility, and controller functionality 2 In the left pane, click the Management Users option. The Management Users screen is displayed. The user_admin list displays Admin users who have read/write privileges. The user_read list is for users who have read only privileges. 3 From the Group pull-down list, select Admin or Read only. 4 In the User ID box, type the user ID for the new user. A User ID can only be used once, in only one category.
Configuring network time To remove a Summit WM series switch management user: 1 From the main menu, click Summit Switch Configuration. The Summit Switch Configuration screen is displayed. 2 In the left pane, click the Management Users option. The Management Users screen is displayed. 3 To select a user to be removed, click it. 4 To remove the user, click Remove user. The user if removed from the list. Configuring network time You can synchronize the elements on the network to a universal clock.
Availability, mobility, and controller functionality To apply time zone settings: 1 From the main menu, click Summit Switch Configuration. The Summit Switch Configuration screen is displayed. 2 In the left pane, click Network Time. The Network Time screen is displayed. 3 From the Continent or Ocean drop-down list, select the appropriate large-scale geographic grouping for the time zone. 4 From the Country drop-down list, select the appropriate country for the time zone.
Configuring Check Point event logging To set Network Time Protocol: 1 From the main menu, click Summit Switch Configuration. The Summit Switch Configuration screen is displayed. 2 In the left pane, click Network Time. The Network Time screen is displayed. 3 To use Network Time Protocol, select the Use NTP radio button. 4 In the Use System TIme box, type the time setting using the mm-dd-yyyy hh:mm format. 5 In the Time Server 1 box, type the IP address or FQDN of a standard NTP Time Server.
Availability, mobility, and controller functionality To enable and configure Check Point: 1 From the main menu, click Summit Switch Configuration. The Summit Switch Configuration screen is displayed. 2 In the left pane, click Check Point. The Check Point Configuration screen is displayed. 3 To enable check point logging, select the Enable Check Point Logging checkbox.
Enabling SNMP 6 To create the certificate to be sent to the ELA Management Station, click Generate Certificate button.
Availability, mobility, and controller functionality The Extreme Networks Enterprise MIB includes: ● EXTREME-SUMMIT-WM-MIB.my ● EXTREME-SUMMIT-WM-SMI ● EXTREME-SUMMIT-DOT11-EXTNS-MIB ● EXTREME-SUMMIT-WM-BRANCH-OFFICE-MIB The MIB is provided for compilation into an external NMS. No support has been provided for automatic device discovery by an external NMS. The Summit WM series switch is the only point of SNMP access for the entire system.
Using controller utilities 3 Type: the following information: ● Contact Name – Specifies the name of SNMP administrator. ● Location – Specifies the location of the SNMP administration machine. ● Read Community Name – Specifies the community name for users with read privileges. ● Read/Write Community Name – Specifies the community name for users with read and write privileges. ● SNMP Trap Port – Specifies the destination port for SNMP traps. The industry standard is 162.
Availability, mobility, and controller functionality 5 To record the route through the Internet between your computer and the target IP address, click Trace Route. The following is an example of a screen after clicking the Trace Route button. Configuring Web session timeouts You can configure the time period to allow Web sessions to remain inactive before timing out. 172 Summit WM Series WLAN Switch and Altitude Access Point Software Version 4.
Configuring Web session timeouts To configure Web session timeouts: 1 From the main menu, click Summit Switch Configuration. The Summit Switch Configuration screen is displayed. 2 In the left pane, click Web Settings. The Summit Switch Web Management Settings screen is displayed. 3 In the Web Session Timeout box, type the time period to allow the Web session to remain inactive before it times out. This can be entered as hour:minutes, or as minutes. The range is 1 minute to 168 hours.
Availability, mobility, and controller functionality 174 Summit WM Series WLAN Switch and Altitude Access Point Software Version 4.
7 Working with third-party APs You can set up the Summit WM series switch to handle wireless device traffic from third-party access points, providing the same policy and network access control.
Working with third-party APs 4 Connect the third-party access point to this port, via a switch. Step 2 – Define a WM-AD for the third-party AP port: 1 From the main menu, click WM-AD Configuration. The WM-AD Configuration screen is displayed. 2 In the left pane, type a name that will identify the new WM-AD in the Add subnet box, and then click Add subnet. The name is displayed in the WM Access Domains list. The Topology tab is displayed. 3 In the Assignment by drop-down list, click SSID.
3 In the Captive Portal Settings screen, define the Captive Portal configuration. 4 Click the RAD Policy tab. 5 Define the filter IDs to match those in RADIUS server. Step 4 – Define filtering rules for the third-party APs: 1 Because the third-party APs are mapped to a physical port, you must define the Exception filters on the physical port, using the Port Exception Filters screen. For more information, see “Configuring filtering rules for a WM-AD” on page 123.
Working with third-party APs 178 Summit WM Series WLAN Switch and Altitude Access Point Software Version 4.
8 Working with the Summit WM Series Spy This chapter describes Summit spy concepts, including: ● Summit spy overview ● Enabling the Analysis and data collector engines ● Running Summit Spy scans ● Analysis engine overview ● Working with Summit spy scan results ● Working with friendly APs ● Viewing the Summit spy list of third-party APs ● Maintaining the Summit spy list of APs ● Viewing the Scanner Status report Summit spy overview The Summit spy is a mechanism that assists in the detecti
Working with the Summit WM Series Spy Enabling the Analysis and data collector engines Before using the Summit spy, you must enable and define the Analysis and data collector engines. To enable the Analysis engine: 1 From the main menu, click Summit Switch Configuration. The Summit Switch Configuration screen is displayed. 2 In the left pane, click Summit Spy. The Summit Spy Configuration screen is displayed.
Running Summit Spy scans 7 Click Add. The IP address of the Data Collection Engine, with its Poll Interval and Poll Retry parameters is displayed in the list. NOTE For each remote RF Data Collection Engine defined here, you must: > Enable it by selecting the Enable Summit Spy Analysis Engine checkbox on the remote Summit WM series switch > Ensure that the controllers are routable by whatever means you use (for example, static routes, or OSPF). 8 To add a new collection engine, click Add Collection Engine.
Working with the Summit WM Series Spy To run the Summit Spy scan task mechanism: 1 From the main menu, click Summit Spy. The Summit Spy screen is displayed. 2 Click the Scan Groups tab. 3 In the Scan Group Name box, type a unique name for this scan group. 4 In the Altitude APs list, select the checkbox corresponding to the Altitude APs you want included in the new scan group, which will perform the scan function. NOTE An Altitude AP can participate in only one Scan Group at a time.
Analysis engine overview ● Passive – The Altitude AP listens for 802.11 beacons. 8 In the Channel Dwell Time box, type the time (in milliseconds) for the scanner to wait for a response from either 802.11 beacons in passive scanning, or ProbeResponse in active scanning. 9 In the Scan Time Interval box, type the time (in minutes) to define the frequency at which an Altitude AP within the Scan Group will initiate a scan of the RF space. The range is from one minute to 120 minutes.
Working with the Summit WM Series Spy NOTE In the current release, there is no capability to initiate a DoS attack on the detected rogue access point. Containment of a detected rogue requires an inspection of the geographical location of its Scan Group area, where its RF activity has been found. Working with Summit spy scan results When viewing the Summit spy scan results you can delete all or selected Access Points from the scan results.
Working with Summit spy scan results 6 To clear all detected rogue devices from the list, click Clear Detected Rogues. NOTE To avoid the Summit spy's database becoming too large, it is recommended that you either delete Rogue APs or add them to the Friendly APs list, rather than leaving them in the Rogue list. To add an AP from the Summit spy scan results to the list of friendly APs: 1 From the main menu, click Summit Spy. The Summit Spy screen is displayed. 2 Click the Rogue Detection tab.
Working with the Summit WM Series Spy Working with friendly APs To view the friendly APs: 1 From the main menu, click Summit Spy. The Summit Spy screen is displayed. 2 Click the Friendly AP’s tab. To add friendly APs manually: 1 From the main menu, click Summit Spy. The Summit Spy screen is displayed. 2 Click the Friendly AP’s tab.
Working with friendly APs To delete a friendly AP: 1 From the main menu, click Summit Spy. The Summit Spy screen is displayed. 2 Click the Friendly AP’s tab. 3 To select an access point from the Friendly AP Definitions list to delete, click it. 4 Click Delete. The selected access point is removed from the Friendly AP Definitions list. 5 To save your changes, click Save. To modify a friendly AP: 1 From the main menu, click Summit Spy. The Summit Spy screen is displayed. 2 Click the Friendly AP’s tab.
Working with the Summit WM Series Spy Viewing the Summit spy list of third-party APs To view known third-party access points connected to local/remote RF data collectors: 1 From the main menu, click Summit Spy. The Summit Spy screen is displayed. 2 Click the 3rd Party AP’s tab. 188 Summit WM Series WLAN Switch and Altitude Access Point Software Version 4.
Maintaining the Summit spy list of APs Maintaining the Summit spy list of APs To maintain the Altitude APs: 1 From the main menu, click Summit Spy. The Summit Spy screen is displayed. 2 Click the WAP Maintenance tab. Inactive APs and known third-party APs are displayed. 3 Select the applicable APs. 4 To delete the selected APs, click Delete marked WAPs. NOTE The selected APs are deleted from the Summit spy database, not from the Summit WM series switch database.
Working with the Summit WM Series Spy Viewing the Scanner Status report When the Summit spy is enabled, you can view a report on the connection status of the RF Data Collector Engines with the Analysis Engine. To view the Summit spy scanner engine status display: 1 From the main menu, click Summit Spy. The Summit Spy screen is displayed. 2 Click the Scanner Status link. The Scanner Status report is displayed, as shown in the example below. The boxes display the IP address of the Data Collector engine.
9 Working with reports and displays This chapter describes the various reports and displays available in the Summit WM series switch, access points, and WLAN switch software system.
Working with reports and displays To view reports and displays: 1 From the main menu, click Reports & Displays. The Summit Reports & Displays screen is displayed. NOTE The two displays on the right-hand side of the screen only appear if the mobility manager function has been enabled for the controller. 2 In the List of Displays, click the display you want to view (some examples will follow): NOTE Statistics are expressed in relation to the AP.
Viewing the displays Viewing the Altitude AP availability display This display reports the active connection state of an Altitude AP (availability to the Summit WM series switch for service). Depending on the state of the Altitude AP, the following is displayed: Green – Altitude AP is configured on the Summit WM series switch and is presently connected. Red – Altitude AP is configured on the Summit WM series switch but is presently not connected (not available to service this Summit WM series switch).
Working with reports and displays To view wired Ethernet statistics by Altitude AP: 1 From the main menu, click Reports & Displays. The Summit Reports & Displays screen is displayed. 2 Click the Wired Ethernet Statistics by Altitude AP display option. The Wired Ethernet Statistics by Altitude APs display opens in a new browser window. 3 In the Wired Ethernet Statistics by Altitude APs display, click a registered Altitude AP to display its information.
Viewing the displays To view Wireless Statistics by Altitude AP: 1 From the main menu, click Reports & Displays. The Summit Reports & Displays screen is displayed. 2 Click the Wireless Statistics by Altitude AP display option. The Wireless Statistics by Altitude APs display opens in a new browser window. 3 In the Wired Statistics by Altitude APs display, click a registered Altitude AP to display its information. 4 Click the appropriate tab to display information for each radio on the Altitude AP.
Working with reports and displays To view Active Clients by Altitude AP statistics: 1 From the main menu, click Reports & Displays. The Summit Reports & Displays screen is displayed. 2 Click the Active Clients by Altitude APs display option. The Active Clients by Altitude APs display opens in a new browser window. ● Statistics are expressed in respect of the AP. Therefore, Packets Sent means the AP has sent that data to a client and Packets Rec’d means the AP has received packets from a client.
Viewing the displays ● Mobility Tunnel Matrix – Displays a cross-connection view of the state of inter-controller tunnels, as well as relative loading for user distribution across the mobility domain To view mobility manager displays: 1 From the main menu, click Reports & Displays. The Summit Reports & Displays screen is displayed.
Working with reports and displays ● Search for a client by MAC address, user name, or IP address, and typing the search criteria in the box ● Define the refresh rates for this display ● Export this information as an xml file Mobility Tunnel Matrix ● Provides connectivity matrix of mobility state ● Provides a view of: ● Tunnel state ● If a tunnel between controllers is reported down, it is highlighted in red ● If only a control tunnel is present, it is highlighted in yellow ● If data and cont
Viewing reports To view reports: 1 From the main menu, click Reports & Displays. The Reports & Displays screen is displayed. 2 In the Reports list, click the report you want to view: ● Forwarding Table ● OSPF Neighbor ● OSPF Linkstate ● AP Inventory NOTE The AP Inventory report opens in a new browser window. All other reports appear in the current browser window.
Working with reports and displays The following is an example of the AP Inventory report: The following is a description of the column names and abbreviations found in the AP Inventory report: 200 ● Rdo – Radio ● Ra – 802.11a radio. The data entry for an Altitude AP indicates whether the a radio is on or off. ● Rb – 802.11b protocol enabled. Possible values are on or off. ● Rg – 802.11g protocol enabled. Possible values are on or off.
Viewing reports ● Port – Ethernet Port and associated IP address of the interface on the Summit WM series switch through which the Altitude AP communicates. ● HW – Hardware version of the Altitude AP. ● SW – Software version executing on the Altitude AP. ● TA – Telnet access (enabled or disabled). ● BD – Broadcast disassociation (enabled or disabled).
Working with reports and displays 202 Summit WM Series WLAN Switch and Altitude Access Point Software Version 4.
10 Performing system maintenance This chapter describes system maintenance processes, including: ● Performing Altitude AP client management ● Resetting the AP to its factory default settings ● Performing system maintenance tasks ● Performing Summit WM series switch software maintenance ● Configuring Summit WM series switch, access points, and WLAN switch software logs and traces Performing Altitude AP client management There are times when for service reasons or security issues, you want to cut th
Performing system maintenance To disassociate a wireless device client: 1 From the main menu, click Altitude AP Configuration. The Altitude AP Configuration screen is displayed. 2 From the left pane, click Client Management. The Disassociate tab is displayed. 3 In the Select AP list, click the AP you want to disassociate. 4 In the Select Client(s) list, select the checkbox next to the client you want to disassociate, if applicable.
Performing Altitude AP client management To blacklist a wireless device client: 1 From the main menu, click Altitude AP Configuration. The Altitude AP Configuration screen is displayed. 2 From the left pane, click Client Management. The Disassociate tab is displayed. 3 In the Select AP list, click the AP you want to disassociate. 4 In the Select Client(s) list, select the checkbox next to the client you want to disassociate, if applicable.
Performing system maintenance 3 Click the Blacklist tab. 4 To add a new MAC address to the blacklist, in the MAC Address box enter the client’s MAC address. 5 Click Add. The client is displayed in the MAC Addresses list. NOTE You can use the Select All or Clear All buttons to help you select multiple clients. 6 To save your changes, click Save. To clear an address from the blacklist: 1 From the main menu, click Altitude AP Configuration. The Altitude AP Configuration screen is displayed.
Resetting the AP to its factory default settings 6 To save your changes, click Save. To import a list of MAC addresses for the blacklist: 1 From the main menu, click Altitude AP Configuration. The Altitude AP Configuration screen is displayed. 2 From the left pane, click Client Management. The Disassociate tab is displayed. 3 Click the Blacklist tab. 4 Click Browse and navigate to the file of MAC addresses you want to import and add to the blacklist. 5 Select the file, and then click Import.
Performing system maintenance Performing system maintenance tasks You can perform various maintenance tasks, including: ● Changing the log level ● Setting a poll interval for checking the status of the Altitude APs (Health Checking) ● Enabling and defining parameters for Syslog event reporting ● Forcing an immediate system shutdown, with or without reboot Syslog event reporting uses the syslog protocol to relay event messages to a centralized event server on your enterprise network.
Performing system maintenance tasks 4 From the Altitude AP Log Level drop-down list, select the least severe log level for the AP that you want to receive: Information, Minor, Major, Critical. The default is Critical. 5 Click Apply. To set a poll interval: 1 From the main menu, click Summit Switch Configuration. The Summit Switch Configuration screen is displayed. 2 From the left pane, click System Maintenance. The System Maintenance screen is displayed.
Performing system maintenance Table 17 shows Syslog and Summit WM series switch, access points, and WLAN switch software event log mapping.
Performing Summit WM series switch software maintenance If your Summit WM series switch has a v3.1 license key when it is upgraded, the key will be rejected and the Summit WM series switch will revert to a factory default DEMO region setting. Whenever the licensed region changes on the Summit WM series switch, all Altitude APs are changed to Auto Channel Select to prevent possible infractions to local RF regulatory requirements. If this occurs, all manually configured radio channel settings will be lost.
Performing system maintenance NOTE It is recommended that the Bypass checks for compatible upgrade RPM and OS patch and the Skip backup during RPM un-install options remain disabled. 4 To launch the upgrade with the selected image, click on the Upgrade Now button. 5 In the dialog box that is displayed, confirm the upgrade. At this point, all sessions are closed. The previous software is uninstalled automatically. The new software is installed. The Summit WM series switch reboots automatically.
Performing Summit WM series switch software maintenance To upgrade operating system software: 1 From the main menu, click Summit Switch Configuration. The Summit Switch Configuration screen is displayed. 2 From the left pane, click Software Maintenance. The SWM Software tab is displayed. 3 Click the OS Software tab. The Available OS Images section displays the list of software versions that have been downloaded and are available.
Performing system maintenance 4 To download a new image to be added to the list, in the Download Image section type the following: ● FTP Server – The IP of the FTP server to retrieve the image file from. ● User ID – The user ID that the controller should use when it attempts to log in to the FTP server. ● Password – The corresponding password for the user ID. ● Confirm – The corresponding password for the user ID to confirm it was typed correctly.
Performing Summit WM series switch software maintenance 3 Click the Backup tab. The Available Backups section displays the list items that have been backed up and are available. 4 In the Backup section, select an item from the Select what to backup drop-down list. 5 To launch the backup with the selected items, click on the Backup Now button. 6 In the dialog box that is displayed, confirm the backup. The items are backed up. To upload a new backup: 1 From the main menu, click Summit Switch Configuration.
Performing system maintenance ● Platform – The AP hardware type to which the image applies. The are several types of AP and they require different images. 5 Click Upload. The backup is uploaded and added to the list. To delete a backup: 1 From the main menu, click Summit Switch Configuration. The Summit Switch Configuration screen is displayed. 2 From the left pane, click Software Maintenance. The SWM Software tab is displayed. 3 Click the Backup tab.
Performing Summit WM series switch software maintenance 6 In the Schedule task drop-down list, select the frequency of the backup: ● Daily ● Weekly ● Monthly ● Never 7 In the FTP settings section, type the following: ● FTP Server – The IP of the FTP server to where the scheduled backup will be copied to. ● User ID – The user ID that the controller should use when it attempts to log in to the FTP server.
Performing system maintenance 3 Click the Restore tab. The Available Backups section displays the list items that have been backed up and are available. 4 In the Restore section, select an item from the Select an image to use drop-down list. 5 To launch the backup with the selected items, click on the Restore Now button. 6 In the dialog box that is displayed, confirm the restore. The image is restored. To download for restore: 1 From the main menu, click Summit Switch Configuration.
Performing Summit WM series switch software maintenance ● Platform – The AP hardware type to which the image applies. The are several types of AP and they require different images. 5 Click Download. The image is downloaded and added to the list. To delete a backup available for restore: 1 From the main menu, click Summit Switch Configuration. The Summit Switch Configuration screen is displayed. 2 From the left pane, click Software Maintenance. The System Maintenance screen is displayed.
Performing system maintenance 2 Change to the directory to receive the uploaded file: ● For AP images change to: /var/tftp/chantry ● For Summit WM series switch images change to: /var/controller/upgrade ● For OS archives change to: /var/controller/osupgrade 3 Upload the image file using the SFTP client upload feature. 4 To complete a Summit WM series switch upgrade or an AP upgrade go to the appropriate Software Maintenance screen.
Performing Summit WM series switch software maintenance Logs including alarms The log messages contain the time of event, severity, source component and any details generated by the source component.
Performing system maintenance To view logs: 1 From the main menu, click Logs & Traces. The Logs & Traces screen is displayed. 2 Click one of the Log tabs. The following is an example of the Summit WM series switch logs: The events are displayed in chronological order, sorted by the Timestamp column. 3 To sort the display by Type or Component, click the appropriate column heading.
Performing Summit WM series switch software maintenance To view traces: 1 From the main menu, click Logs & Traces. The Logs & Traces screen is displayed. 2 Click one of the Traces tabs. The following is an example of the Summit WM series switch traces: The events are displayed in chronological order, sorted by the Timestamp column. 3 To sort the display by Type or Component, click the appropriate column heading.
Performing system maintenance To view audits: 1 From the main menu, click Logs & Traces. The Logs & Traces screen is displayed. 2 Click the Audit: GUI tab. The Audit screen is displayed. The events are displayed in chronological order, sorted by the Timestamp column. 3 To sort the display by User, Section, Page, or Audit Message, click the appropriate column heading. 4 To clear the audits from the list, click Clear Audits. 5 To refresh the information in any display, click Refresh.
Performing Summit WM series switch software maintenance To clear logs: 1 From the main menu, click Logs & Traces. The Logs & Traces screen is displayed. 2 Click one of the Log tabs. The following is an example of the Summit WM series switch logs: The events are displayed in chronological order, sorted by the Timestamp column. 3 To clear the logs, click Clear Log Messages. Summit WM Series WLAN Switch and Altitude Access Point Software Version 4.
Performing system maintenance 226 Summit WM Series WLAN Switch and Altitude Access Point Software Version 4.
Glossary Networking terms and abbreviations A AAA Authentication, Authorization and Accounting. A system in IP-based networking to control what computer resources users have access to and to keep track of the activity of users over a network. Access Point (AP) A wireless LAN transceiver or “base station” that can connect a wired LAN to one or many wireless devices. Ad-hoc mode An 802.
Glossary B BSS Basic Service Set. A wireless topology consisting of one Access Point connected to a wired network and a set of wireless devices. Also called an infrastructure network. See also IBSS. Captive Portal A browser-based authentication mechanism that forces unauthenticated users to a Web page. Sometimes called a “reverse firewall”.
D D (Continued) Device Server A specialized, network-based hardware device designed to perform a single or specialized set of server functions. Print servers, terminal servers, remote access servers and network time servers are examples of device servers. DHCP Dynamic Host Configuration Protocol. A protocol for assigning dynamic IP addresses to devices on a network. With dynamic addressing, a device can have a different IP address every time it connects to the network.
Glossary D (Continued) DTIM DTIM delivery traffic indication message (in 802.11 standard) Dynamic WEP The IEEE introduced the concept of user-based authentication using per-user encryption keys to solve the scalability issues that surrounded static WEP. This resulted in the 802.1X standard, which makes use of the IETF's Extensible Authentication Protocol (EAP), which was originally designed for user authentication in dial-up networks. The 802.
F F FHSS Frequency-Hopping Spread Spectrum. A transmission technology used in Local Area Wireless Network (LAWN) transmissions where the data signal is modulated with a narrowband carrier signal that “hops” in a random but predictable sequence from frequency to frequency as a function of time over a wide band of frequencies. This technique reduces interference. If synchronized properly, a single logical channel is maintained.
Glossary H Heartbeat message A heartbeat message is a UDP data packet used to monitor a data connection, polling to see if the connection is still alive. In general terms, a heartbeat is a signal emitted at regular intervals by software to demonstrate that it is still alive. In networking, a heartbeat is the signal emitted by a Level 2 Ethernet transceiver at the end of every packet to show that the collision-detection circuit is still connected.
I I (Continued) Infrastructure Mode An 802.11 networking framework in which devices communicate with each other by first going through an Access Point (AP). In infrastructure mode, wireless devices can communicate with each other or can communicate with a wired network. (See ad-hoc mode and BSS.
Glossary I (Continued) isochronous Isochronous data is data (such as voice or video) that requires a constant transmission rate, where data must be delivered within certain time constraints. For example, multimedia streams require an isochronous transport mechanism to ensure that data is delivered as fast as it is displayed and to ensure that the audio is synchronized with the video.
N M (Continued) MIC Message Integrity Check or Code (MIC), also called “Michael”, is part of WPA and TKIP. The MIC is an additional 8-byte code inserted before the standard 4-byte integrity check value (ICV) that is appended in by standard WEP to the 802.11 message. This greatly increases the difficulty in carrying out forgery attacks. Both integrity check mechanisms are calculated by the receiver and compared against the values sent by the sender in the frame.
Glossary N (Continued) NTP Network Time Protocol, an Internet standard protocol (built on top of TCP/IP) that assures accurate synchronization to the millisecond of computer clock times in a network of computers. Based on UTC, NTP synchronizes client workstation clocks to the U.S. Naval Observatory Master Clocks in Washington, DC and Colorado Springs CO.
P O (Continued) OSPF Open Shortest Path First, an interior gateway routing protocol developed for IP networks based on the shortest path first or link-state algorithm. Routers use link-state algorithms to send routing information to all nodes in an internetwork by calculating the shortest path to each node based on a topography of the Internet constructed by each node.
Glossary P (Continued) PoE Power over Ethernet. The Power over Ethernet standard (802.3af) defines how power can be provided to network devices over existing Ethernet connection, eliminating the need for additional external power supplies. POST Power On Self Test, a diagnostic testing sequence performed by a computer to determine if its hardware elements are present and powered on. If so, the computer begins its boot sequence.
S R (Continued) RFC Request for Comments, a series of notes about the Internet, submitted to the Internet Engineering Task Force (IETF) and designated by an RFC number, that may evolve into an Internet standard. The RFCs are catalogued and maintained on the IETF RFC website: www.ietf.org/ rfc.html. Roaming In 802.11, roaming occurs when a wireless device (a station) moves from one Access Point to another (or BSS to another) in the same Extended Service Set (ESS) -identified by its SSID.
Glossary S (Continued) SMT (802.11) SNMP Station ManagemenT. The object class in the 802.11 MIB that provides the necessary support at the station to manage the processes in the station such that the station may work cooperatively as a part of an IEEE 802.11 network. The four branches of the 802.
S S (Continued) SSL Secure Sockets Layer. A protocol developed by Netscape for transmitting private documents via the Internet. SSL works by using a public key to encrypt data that's transferred over the SSL connection. URLs that require an SSL connection start with https: instead of http. SSL uses a program layer located between the Internet's Hypertext Transfer Protocol (HTTP) and Transport Control Protocol (TCP) layers.
Glossary T TCP / IP Transmission Control Protocol. TCP, together with IP (Internet Protocol), is the basic communication language or protocol of the Internet. Transmission Control Protocol manages the assembling of a message or file into smaller packets that are transmitted over the Internet and received by a TCP layer that reassembles the packets into the original message. Internet Protocol handles the address part of each packet so that it gets to the right destination.
U U UDP User Datagram Protocol. A connectionless protocol that, like TCP, runs on top of IP networks. Unlike TCP/IP, UDP/IP provides very few error recovery services, offering instead a direct way to send and receive packets over an IP network. It is used primarily for broadcasting messages over a network. U-NII Unlicensed National Information Infrastructure.
Glossary W (Continued) WINS Windows Internet Naming Service. A system that determines the IP address associated with a particular network computer, called name resolution. WINS supports network client and server computers running Windows and can provide name resolution for other computers with special arrangements.
W W (Continued) WPA-PSK Wi-Fi Protected Access with Pre-Shared Key, a special mode of WPA for users without an enterprise authentication server. Instead, for authentication, a Pre-Shared Key is used. The PSK is a shared secret (passphrase) that must be entered in both the Altitude AP or router and the WPA clients. This preshared key should be a random sequence of characters at least 20 characters long or hexadecimal digits (numbers 0-9 and letters A-F) at least 24 hexadecimal digits long.
Glossary Langley Langley is a Summit WM series switch, access points, and WLAN switch software term for the inter-process messaging infrastructure on the Summit WM series switch. Mobility manager (and mobility agent) The technique in Summit WM series switch, access points, and WLAN switch software by which multiple Summit WM series switches on a network can discover each other and exchange information about a client session.
A System states and LEDs Summit WM series switch system states and LEDs The Summit WM series switch has the two system states: Standby and Active. It enters Standby state when shut down in the user interface.
System states and LEDs Table 18 shows the sequence of the Status and Activity LEDs. Table 18: Status and Activity LED sequence System State Status LED Activity LED Power up Off Off Services started: WDTSTAT installed (init.
Altitude AP system states Table 19: Altitude AP system states and status LED displays (Continued) State / Process Description LEDs Active (Ready) Altitude AP has received a control message from an active Summit WM series switch to enter active or ready state. It is ready to receive wireless traffic. Note: The two Traffic LEDs on either side of the Status LED display a green (blink) if there is active wireless traffic. The left LED is for the 2.4 GHz radio. The right LED is for the 5 GHz radio.
System states and LEDs 250 Summit WM Series WLAN Switch and Altitude Access Point Software Version 4.
B Regulatory Information This section provides the regulatory information for the Summit WM 200/2000 series switch and Altitude 350-2 Access Point. Configuration of the Altitude 350-2 frequencies and power output are controlled by the regional software purchased with the Summit WM series switch and are downloaded from the sever upon initial set-up.
Regulatory Information EMI/EMC Standards North America EMC for ITE: ● FCC CFR 47 part 15 Class A (USA) ● ICES-003 Class A (Canada) European EMC standards ● EN 55022:1998 Class A ● EN 55024:1998 Class A includes IEC 61000-4-2, 3, 4, 5, 6, 11 ● EN 61000-3-2,3 (Harmonics & Flicker) ● ETSI EN 300 386:2001 (EMC Telecommunications) ● 89/336/EEC EMC Directive International EMC Certifications: ● CISPR 22:1997 Class A (International Emissions) ● CISPR 24:1997 Class A (International Immunity) ● IE
Summit WM200 (15955), Summit WM2000 (15956) Physical and Environmental Product Dimensions: ● Width: 17.3 inches (44 cm) ● Depth: 13 inches (33 cm)-with module levers ● Height: 4.4 inches (11.1 cm)-2.5U rack according to IEC 60297-5-100 and IEC 60297-5-107 for front mounted modules Product Weight: ● 21 lbs (9.4 kg)-with dual PSU Package Dimensions: ● Width: 25.2 inches (63.5 cm) ● Depth: 18.1 inches (46 cm) ● Height: 9.4 inches (24 cm) Package Weight: ● 27 lbs (12.
Regulatory Information Storage & Transportation Environment: ● ● ● ● ● Storage & Transportation Temp.Range1 Storage & Transportation Relative Storage & Transportation Humidity1 Shock1 Storage & Transportation Random –40º C to +70º C (-40º F to 158º F) 10 - 95% RH 18G @ 6ms, 600 shocks (package < 50kg) Vib.1 Storage & Transportation Packaging Drop1 5-20 Hz @ 1.0 ASD w/-3dB/oct. from 20-200 Hz 14 drops min on sides & corners @ 39.
Altitude 350-2i Integrated Antenna AP (15938), Altitude 350-2d Detachable Antenna AP (15939) ● Connect the equipment to an outlet on a circuit different from that to which the effected equipment is connected. ● Consult the dealer or an experienced radio/TV technician for suggestion. This equipment meets the conformance standards listed in Table 20.
Regulatory Information ● Replacement antennas must be the same pattern type (i.e. similar in-band and out-of-band antenna beam patterns). Special care must be taken when adhering to this condition; the antenna beam patterns of the antennas tested must be compared with the beam patterns of the replacement antennas for similarities. ● Integral and detachable antennas included with the Altitude 350-2 AP have been tested and included within the FCC/TCB grant.
Altitude 350-2i Integrated Antenna AP (15938), Altitude 350-2d Detachable Antenna AP (15939) This equipment meets the following conformance standards: Table 21: Canada Conformance Standards Safety • cULus Listed Accessory #60950-1-03 1st edition EMC • ICES-003 Class B Radio Transceiver • RSS-210 Other: • RSS-139-1 • IEEE 802.11a (5 GHz) • RSS-102 FR Exposure • IEEE 802.11b/g (2.4 GHz) • ID# 4141A-3502 Environmental • Plenum Rated Enclosure • IEEE 802.3af See Environmental Conditions.
Regulatory Information Declaration of Conformity with regard to R&TTE Directive of the European Union 1999/5/EC The symbol 0891 indicates compliance with the Essential Requirements of the R&TTE Directive of the European Union (1999/5/EC). The Altitude 350-2i Integral Antenna AP (15938) and Altitude 3502d Detachable Antenna AP (15939) models meet the following conformance standards.
Altitude 350-2i Integrated Antenna AP (15938), Altitude 350-2d Detachable Antenna AP (15939) WARNING! The user or installer is responsible to ensure that the Altitude 350-2 AP is operated according to channel limitations, indoor / outdoor restrictions, license requirements, and within power level limits for the current country of operation.
Regulatory Information ● In Italy, the end user must apply for a license from the national spectrum authority to operate this device outdoors. ● In Belgium, outdoor operation is only permitted using the 2.46 - 2.4835 GHz band: Channel 13. ● In France, outdoor operation is only permitted using the 2.4 - 2.454 GHz band: Channels 1 - 7. Permitted 5 GHz Channels for the European Community Table 23 lists the 5 GHz channels approved for operation in the European Community.
Altitude 350-2i Integrated Antenna AP (15938), Altitude 350-2d Detachable Antenna AP (15939) Table 24: European Spectrum Usage Rules - Effective as of July 2005 (Continued) 5.47-5.725 (GHz) 5.15-5.25 (GHz) 5.25-5.35 (GHz) Country Channels: 36,40,44,48 Channels: 52,56,60,64 Channels: 100,104,108,112,116,12 0,124,128,132,136,140 2.4-2.
Regulatory Information Declarations of Conformity Table 25 presents the Extreme Networks declarations of conformity for the languages used in the European Community. Table 25: Declaration of Conformity in Languages of the European Community English Hereby, Extreme Networks, declares that this Radio LAN device is in compliance with the essential requirements and other relevant provisions of Directive 1999/5/EC.
Certifications of Other Countries Certifications of Other Countries The Altitude 350-2 AP Model 15938 and 15939 has been certified for use in the countries listed in Table 26. When the Altitude 350-2 AP is connected to the Extreme Networks switch, the user is prompted to enter a country code. Once the correct country code is entered, the switch automatically sets up the Altitude 350-2 AP with the proper frequencies and power outputs for that country code. Go to http://www.extremenetworks.
Regulatory Information 264 Summit WM Series WLAN Switch and Altitude Access Point Software Version 4.
Index A C accounting setup on a WM-AD, 121 adding Altitude AP manually, 63 alarms overview of log types and levels, 220 allow all or approved APs for availability setup, 155 allow or deny in a filtering rule, 91 Altitude AP adding for availability setup, 155 adding manually, 63 assigning to a WM-AD, 107 client disassociate, 203 default configuration, 30, 35, 58, 66, 68, 79, 153, 155, 159 copy to defaults, 79 international licensing, 56 LED sequence in discovery, 58 maintenance and reboot, 81 radios, 56, 7
Index documentation feedback, 10 Domain Name Server (DNS) in discovery, 57 DSCP classifications, 147 Dynamic Host Configuration Protocol (DHCP) for availability, 153 for mobility (WM Access Domain Manager), 159 Option 78 in discovery, 57 relay on a WM-AD, 104 required as part of solution, 22 E Authorization, H health checking status of Altitude APs, 208 heartbeat messages, in WM Access Domain Manager feature, 159 I IP address range on a WM-AD, 103 L event logging in Check Point, 167 in Summit switch s
Index O operating system software upgrade, 210 OSPF configuring, 47 linkstate report, 50 neighbor report, 50 on a WM-AD, 101 overview, 28 P password, for management users, 163 port port exception filters, 51 priority override, 144 privacy dynamic WEP on a WM-AD for AAA, 139 encryption methods supported, 27 on a WM-AD for AAA AAA, 138 overview on a WM-AD, 92 setup on a WM-AD for Captive Portal, 135 static WEP for an AAA WM-AD, 138 WPA v1 and WPA v2 on a WM-AD for AAA, 139 product key system maintenance, 21
Index T W third-party APs, 175 defining a WM-AD for, 100 in Summit spy feature, 188 topology of a WM-AD Captive Portal, 98 traces overview of log types and levels, 220 Type of Service (ToS/DSCP) on a WM-AD, 142 Quality of Service, 30 Wi-Fi Multimedia (WMM) on a WM-AD, 142 Quality of Service, 30 Wi-Fi Protected Access (WPA) overview on a WM-AD, 92 PSK mode for Captive Portal, 136 WPA v1 and v2 on a WM-AD for AAA, 139 Wired Equivalent Privacy (WEP) on a WM-AD for AAA, 138 overview on a WM-AD, 92 static fo
