Summit WM20 User Guide Software Version 4.2 Extreme Networks, Inc. 3585 Monroe Street Santa Clara, California 95051 (888) 257-3000 (408) 579-2800 http://www.extremenetworks.
AccessAdapt, Alpine, BlackDiamond, EPICenter, ESRP, Ethernet Everywhere, Extreme Enabled, Extreme Ethernet Everywhere, Extreme Networks, Extreme Standby Router Protocol, Extreme Turbodrive, Extreme Velocity, ExtremeWare, ExtremeWorks, ExtremeXOS, the Go Purple Extreme Solution, ScreenPlay, Sentriant, ServiceWatch, Summit, SummitStack, Unified Access Architecture, Unified Access RF Manager, UniStack, UniStack Stacking, the Extreme Networks logo, the Alpine logo, the BlackDiamond logo, the Extreme Turbodrive
Table of Contents About this Guide.............................................................................................................................. 9 Who Should Use This Guide .........................................................................................................9 What Is in This Guide ..................................................................................................................9 Formatting Conventions .......................................................
Table of Contents Filtering at the Interface Level..............................................................................................50 Built-in Port-Based Exception Filters.....................................................................................50 User-Defined Port-Based Exception Filters.............................................................................51 Completing the System Configuration....................................................................................
Table of Contents Assigning Wireless AP Radios to a WM-AD.................................................................................106 Authentication for a WM-AD .....................................................................................................108 Vendor-Specific Attributes .................................................................................................108 Defining Authentication for a WM-AD for Captive Portal .......................................................
Table of Contents Analysis Engine Overview .........................................................................................................176 Working With Summit WM Series Spy Scan Results ...................................................................177 Working With Friendly APs .......................................................................................................179 Viewing the Summit WM Series Spy List of Third-Party APs ....................................................
Table of Contents United States - FCC Declaration of Conformity Statement .....................................................244 Conditions Under Which a Second Party May Replace a Part 15 Unlicensed Antenna ..............246 European Community ........................................................................................................247 Certifications of Other Countries ...............................................................................................253 Altitude 350-2 Int.
Table of Contents 8 Summit WM20 User Guide, Software Release 4.
About this Guide This guide describes how to install, configure, and manage the Summit® WM Controller, Access Points, and Software. Who Should Use This Guide This guide is a reference for system administrators who install and manage the Summit WM Controller, Access Points and Software system. Any administrator performing tasks described in this guide must have an account with full administrative privileges.
About this Guide ● “Glossary” contains a list of terms and definitions for the Summit WM Controller and the Wireless AP as well as standard industry terms used in this guide. ● Appendix A, “Summit WM20 Controller,” provides a reference on the LED displays and their significance. ● Appendix B, “Regulatory Information,” provides the regulatory information for the Summit WM20 Wireless LAN Controllers and the Altitude 350-2 Int. AP (15958) and Altitude 350-2 Detach. (15939) Access Points (APs).
Safety Information Safety Information WARNING! Read the following safety information thoroughly before installing Extreme Networks products. Failure to follow this safety information can lead to personal injury or damage to the equipment.
About this Guide Installing Power Supply Units WARNING! Ensure that the following requirements are satisfied when installing all Extreme Networks power supplies. See Installation instructions of power supply unit (PSU) in questions for ratings and power requirements. Make sure to satisfy the following requirements: ● Plug power supplies only into properly grounded electrical outlets to help prevent electrical shock and comply with international safety standards.
Safety Information Maintenance Safety Take the following precautions: ● Use only original accessories and/or components approved for use with this system. Failure to observe these instructions may damage the equipment or even violate required safety and EMC regulations. ● The chassis cover should only be removed by Extreme Networks personnel. There are no customer serviceable components in this system. Repairs to the system must be performed by an Extreme Networks factory service technician.
About this Guide Canada only. Power supply cords for use outside of United States and Canada are typically provided by a third-party distribution center and must meet the following requirements: ● Power supply cords must be agency certified for country of use. ● Power supply cords must contain an appropriate rated and approved wall plug applicable to the country of installation.
Safety Information Battery Replacement and Disposal Please note the following for batteries: ● Replacing lithium battery--Batteries contained in this unit are not user-replaceable. Contact your Extreme Service personal for complete product replacement. WARNING! If replacement is attempted, the following guidelines must be followed to avoid danger of explosion: 1. replaced with the same or equivalent type as recommended by the battery manufacturer. 2.
About this Guide Sicherheitshinweise Vor der Installation der Produkte von Extreme Networks sind die nachfolgenden Sicherheitshinweise aufmerksam zu lesen. Die Nichtbeachtung dieser Sicherheitshinweise kann zu Verletzungen oder Schäden an der Ausrüstung führen.
Sicherheitshinweise Installation von Netzteilen Bei der Installation sämtlicher Netzteile von Extreme Networks muss sichergestellt werden, dass die nachfolgend aufgeführten Anforderungen erfüllt sind. Angaben zu Nennleistung und Leistungsbedarf finden sich in den Installationsanweisungen für das jeweilige Netzteil (Power Supply Unit, PSU).
About this Guide ● Beim Umgang mit Modulen, optischen Geräten, Netzteilen oder anderen modularen Zubehörteilen das ESD-Schutzarmband anlegen, um das Risiko einer Beschädigung der Geräte durch elektrostatische Entladungen zu verringern. Das Armband zum Schutz elektrostatisch gefährdeter Bauteile (ESB) grundsätzlich an der Grundplatte befestigt lassen, damit es beim Umgang mit diesen Bauteilen immer zur Hand ist. ● Alle Kabel so verlegen, dass übermäßige Belastungen vermieden werden.
Sicherheitshinweise ● ● Nr. 18 AWG (0,823 mm2) für Einheiten mit einem Bemessungsstrom von weniger als 10 A, oder ● Nr. 18 AWG (0,823 mm2) bis 2 m Länge für Einheiten mit einem Bemessungsstrom von 10 A oder höher, oder ● Nr. 16 AWG (1,0 mm2) bis 5 m Länge für Einheiten mit einem Bemessungsstrom von 10 A oder höher Bei allen Kabeln muss es sich um 3-adrige Kupferleiter vom Typ SVT oder SJT, HAR oder einen äquivalenten Typ handeln.
About this Guide 20 Summit WM20 User Guide, Software Release 4.
1 Overview of the Summit WM Controller, Access Points and Software Solution This chapter describes Summit WM Controller, Access Points and Software concepts, including: ● Conventional wireless LANs ● Elements of the Summit WM Controller, Access Points and Software solution ● Summit WM Controller, Access Points and Software and your network ● System configuration overview The next generation of Extreme Networks wireless networking devices provides a truly scalable WLAN solution.
Overview of the Summit WM Controller, Access Points and Software Solution Figure 1: Standard Wireless Network Solution Example RADIUS Authentication Server DHCP Server Router Wireless AP Wireless Device Wireless AP Wireless Device The wireless devices and the wired networks communicate with each other using standard networking protocols and addressing schemes. Most commonly, Internet Protocol (IP) addressing is used.
Elements of the Summit WM Controller, Access Points and Software Solution Figure 2: Extreme Networks Solution DHCP Server RADIUS Server Summit WM Controller Router Wireless AP Wireless AP Wireless Device Wireless Device As illustrated in Figure 2, the Summit WM Controller appears to the existing network as if it were an access point, but in fact one Summit WM Controller controls many Wireless APs. The Summit WM Controller has built-in capabilities to recognize and manage the Wireless APs.
Overview of the Summit WM Controller, Access Points and Software Solution ● Integrates with existing network – A Summit WM Controller can be added to an existing enterprise network as a new network device, greatly enhancing its capability without interfering with existing functionality. Integration of the Summit WM Controllers and Wireless APs does not require any reconfiguration of the existing infrastructure (for example, VLANs).
Summit WM Controller, Access Points and Software and Your Network ● DHCP Server (Dynamic Host Configuration Protocol) (RFC2131) – A server that assigns IP addresses, gateways, and subnet masks dynamically. IP address assignment for clients can be done by the DHCP server internal to the Summit WM Controller, or by existing servers using DHCP relay. It is also used by the Wireless APs to discover the location of the Summit WM Controller during the initial registration process.
Overview of the Summit WM Controller, Access Points and Software Solution Figure 3: Traffic Flow Diagram DHCP Server RADIUS External External Web CP Server Authentication Server Server Packet Transmission Control and Routing • WM Authenticates wireless user Tunneling • AP sends data traffic to WM through UDP tunnel called CTP • Using WASSP tunnels, WM allows wireless clients to roam to Wireless APs on different WMs Summit WM Controller 802.11 Packet Transmission • 802.
Summit WM Controller, Access Points and Software and Your Network The Summit WM Controller, Access Points and Software system provides the centralized mechanism by which the corresponding security parameters are configured for a group of APs. ● Wired Equivalent Privacy (WEP) is a security protocol for wireless local area networks defined in the 802.
Overview of the Summit WM Controller, Access Points and Software Solution WM Access Domain Services WM Access Domain Services (WM-AD) provide a versatile method of mapping wireless networks to the topology of an existing wired network. When you set up WM-AD on the Summit WM Controller you are defining subnets for groups of wireless users.
Summit WM Controller, Access Points and Software and Your Network Packet Filtering Policy Policy refers to the rules that allow different groups of users access to the network. The Summit WM Controller, Access Points and Software system can link authorized users to user groups. These user groups then can be confined to predefined portions of the network. In the Summit WM Controller, Access Points and Software system, network access policy is carried out by means of packet filtering within a WM-AD.
Overview of the Summit WM Controller, Access Points and Software Solution If a Summit WM Controller fails, all of its associated Wireless APs can automatically switch over to another Summit WM Controller that has been defined as the secondary or backup Summit WM Controller. If the AP reboots, the original Summit WM Controller is restored. The original Summit WM Controller is restored if it is active.
System Configuration Overview have the same configuration, this feature will expedite deployment, as an AP will automatically receive full configuration (including WM-AD assignment) upon initial registration with the Summit WM Controller. 6 Wireless AP Configuration – Modify properties or settings of the Wireless AP, if applicable. 7 WM Access Domain Services (WM-AD) Setup – Set up one or more virtual subnetworks on the Summit WM Controller.
Overview of the Summit WM Controller, Access Points and Software Solution 32 Summit WM20 User Guide, Software Release 4.
2 Configuring the Summit WM Controller This chapter introduces the Summit WM Controller and describes the steps involved in its initial configuration and setup, including: ● “System Configuration Overview” on page 34 ● “Performing the First-Time Setup of the Summit WM Controller” on page 37 ● “Completing the System Configuration” on page 52 ● “Ongoing Operations of the Summit WM Controller, Access Points and Software” on page 53 The Summit WM Controller is a network device designed to integrate wi
Configuring the Summit WM Controller Summit WM Controller Product Family The Summit WM Controller is available in the following product families: Table 1: Summit WM Controller Product Families Summit WM Controller Model Number Specifications WM20 • Two Data ports (10/100/1000 BaseT) • One Management port (10/100 BaseT) • One USB Control (console) port • One USB Server port (future use) • Built-in PSU, Hard Drive, Fans and Controller card - not field replaceable • Supporting up to 32 APs WM200 • Four
System Configuration Overview Step 2 – Preparing the network Ensure relevant DHCP servers and RADIUS servers (if applicable) are available and configured. Step 3 – Installing the hardware Install the Summit WM Controller WM20. For more information, see ● Summit WM Controller, Access Points and Software Controller WM20 Installation Instructions NOTE The connection of a separate protective earth wire at the terminal on the rear side of the Summit WM Controller WM20 is optional.
Configuring the Summit WM Controller Configuring for Remote Access In addition, the first-time setup also involves configuring for remote access, which includes: ● Setting up an administration station (laptop) on subnet 192.168.10.0/24. By default, the controller's interface is configured with static IP 192.168.10.1. ● Configuring the system management interface. ● Configuring the data interfaces.
Performing the First-Time Setup of the Summit WM Controller For more information, see Chapter 3, “Configuring the Wireless AP.” Step 7 – Confirming the AP firmware version Confirm the latest firmware version is loaded. For more information, see “Performing Wireless AP Software Maintenance” on page 81.
Configuring the Summit WM Controller 4 In the User Name box, type your user name. The default is admin. 5 In the Password box, type your password. The default is abc123. 6 Click Login. The Summit WM GUI main menu screen is displayed. 38 Summit WM20 User Guide, Software Release 4.
Performing the First-Time Setup of the Summit WM Controller NOTE All images of the Summit WM GUI in this User Guide represent the Summit WM Controller WM20. In the footer of the Summit WM GUI, the following is displayed: • [host name | product name | up time] For example, [ Summit WM20| 7 days, 20:42]. • If there is no key (unlicensed), the product name will not be displayed. • User is the user id you used to login in. For example, admin. • Port Status is the connectivity state of the port.
Configuring the Summit WM Controller 10 Type the following information: ● Hostname – Specifies the name of the Summit WM Controller ● Domain – Specifies the IP domain name of the enterprise network ● Management IP Address – Specifies the new IP address for the Summit WM Controller’s management port. Change this as appropriate for the enterprise network.
Performing the First-Time Setup of the Summit WM Controller To change the administrator password: 1 From the main menu, click Summit Switch Configuration. The Summit WM Controller Configuration screen is displayed. 2 In the left pane, click Management Users. 3 In the user_admin table, click admin. 4 In the Modify User Password box, type the new administrator password. 5 In the Modify User Confirm Password box, type the new administrator password again. 6 Click Change Password.
Configuring the Summit WM Controller 4 In the Apply Product Key section, click Browse to navigate to the location of the product key file and select the file. 5 Click Apply Now. The product license key is applied, and the Summit WM Controller reboots. Setting up the Data Ports The next step in the initial setup of the Summit WM Controller is to configure the physical data ports. A new Summit WM Controller is shipped from the factory with all its data ports set up as host ports.
Performing the First-Time Setup of the Summit WM Controller ● Third-Party AP Port Use a third-party AP port definition for a port to which you will connect third-party APs. Only one port can be configured for third-party APs. Selecting this option prepares the port to support a third-party AP setup allowing the mapping of a WM-AD to the physical port.
Configuring the Summit WM Controller The chart below summarizes the port types and their functions: Table 2: Port Types and Functions Port Type Host 3rd-Party AP Router WM-AD OSPF route advertisement No No Selectable. Route wireless device traffic only.
Performing the First-Time Setup of the Summit WM Controller 3 To select a port, click it. Port configuration allows for the explicit state of the administration state for each interface. By default, data interface states will be enabled. If they are not enabled, you can enable them each of them individually. A disabled interface does not allow data to flow (receive/transmit). 4 Type the following: ● IP address – The IP Address of the physical Ethernet port.
Configuring the Summit WM Controller To set a static route on the Summit WM Controller: 1 From the main menu, click Summit Switch Configuration. The Summit WM Controller Configuration screen is displayed. 2 In the left pane, click Routing Protocols. The Static Routes tab is displayed. 3 To add a new route, in the Destination Address box type the destination IP address of a packet. To define a default static route for any unknown address not in the routing table, type 0.0.0.0.
Performing the First-Time Setup of the Summit WM Controller To view the forwarding table on the Summit WM Controller: 1 From the main menu, click Reports & Displays. The Summit WM Reports & Displays screen is displayed. 2 To view the static routes that have been defined for the Summit WM Controller, click Forwarding Table. The Forwarding Table is displayed. This report displays all defined routes, whether static or OSPF, and their current status. 3 To update the display, click Refresh.
Configuring the Summit WM Controller To set OSPF Routing Global Settings on the Summit WM Controller: 1 From the main menu, click Summit Switch Configuration. The Summit WM Controller Configuration screen is displayed. 2 In the left pane, click Routing Protocols. The Static Routes tab is displayed. 3 Click the OSPF tab. 4 From the OSPF Status drop-down list, select ON to enable OSPF. 5 In the Router ID box, type the IP address of the Summit WM Controller. This ID must be unique across the OSPF area.
Performing the First-Time Setup of the Summit WM Controller To set OSPF Routing Port Settings on the Summit WM Controller: 1 From the main menu, click Summit Switch Configuration. The Summit WM Controller Configuration screen is displayed. 2 In the left pane, click Routing Protocols. 3 Click the OSPF tab. The OSPF Settings screen is displayed. 4 From the Port Status drop-down list, select Enabled to enable OSPF on the port. The default setting is Disabled.
Configuring the Summit WM Controller Filtering at the Interface Level The Summit WM Controller, Access Points and Software has a number of built-in filters that protect the system from unauthorized traffic. These filters are specific only to the Summit WM Controller. These filters are applied at the network interface level and are automatically invoked. By default, these filters provide stringent-level rules to allow only access to the system's externally visible services.
Performing the First-Time Setup of the Summit WM Controller To enable SSH, HTTPS, or SNMP access through a data interface: 1 From the main menu, click Summit Switch Configuration. The Summit WM Controller Configuration screen is displayed. 2 In the left pane, click IP Addresses. The Management Port Settings screen is displayed. 3 Select the appropriate interface in the IP Addresses screen. 4 Select the corresponding Management checkbox. 5 To save your changes, click Save.
Configuring the Summit WM Controller To define port exception filters: 1 From the main menu, click Summit Switch Configuration. The Summit WM Controller Configuration screen is displayed. 2 In the left pane, click Port Exception Filters. The Port Exception Filters screen is displayed. 3 Select the applicable data port from the Port drop-down list. 4 In the IP / subnet: port box, type the destination IP address. You can also specify an IP range, a port designation or a port range on that IP address.
Ongoing Operations of the Summit WM Controller, Access Points and Software ● Registering and assigning APs to the WM-AD – For more information, see Chapter 3, “Configuring the Wireless AP.” Ongoing Operations of the Summit WM Controller, Access Points and Software Once you have configured the WM-AD and registered and assigned APs to the WM-AD, the Summit WM Controller, Access Points and Software system configuration is complete.
Configuring the Summit WM Controller 54 Summit WM20 User Guide, Software Release 4.
3 Configuring the Wireless AP This chapter discusses the Wireless AP and its role in the Summit WM Controller, Access Points and Software solution, including: ● “Wireless AP Overview” on page 55 ● “Discovery and Registration Overview” on page 56 ● “Configuring the Wireless APs for the First Time” on page 60 ● “Adding and Registering a Wireless AP Manually” on page 63 ● “Modifying Wireless AP Settings” on page 64 ● “Configuring Dynamic Radio Management” on page 77 ● “Modifying a Wireless AP’s
Configuring the Wireless AP NOTE In order to comply with FCC regulations in North America, the U-NII Low Band (5.15 to 5.25 GHz band) is disabled for the Altitude 350-2 Detach. (15939). Wireless AP Radios The Wireless AP has two radios: ● 5 GHz radio supporting the 802.11a standard – The 802.11a standard is an extension to 802.11 that applies to wireless LANs and provides up to 54 Mbps in the 5-GHz band. The 802.
Discovery and Registration Overview Wireless AP Discovery Wireless APs discover the IP address of a Summit WM Controller using a sequence of mechanisms that allow for the possible services available on the enterprise network. The discovery process is successful when the Wireless AP successfully locates a Summit WM Controller to which it can register. You must ensure that the appropriate services on your enterprise network are prepared to support the discovery process.
Configuring the Wireless AP ● Step 5 – Use a multicast SLP request to find SLP SAs If all of the preceding methods fail to locate a Summit WM Controller, the Wireless AP sends a multicast SLP request, looking for any SLP Service Agents providing the Extreme Networks service. Registration After Discovery Any of the discovery steps 2 through 5 can inform the Wireless AP of a list of multiple IP addresses to which the Wireless AP may attempt to connect.
Discovery and Registration Overview WARNING! Never disconnect a Wireless AP from its power supply during a firmware upgrade. Disconnecting a Wireless AP from its power supply during a firmware upgrade may cause firmware corruption rendering the AP unusable. The table below assumes the software uses a timer and multiple phases to simulate LED blinking on all three LEDs.
Configuring the Wireless AP Configuring the Wireless APs for the First Time Before the Wireless AP is configured for the first time, you must first confirm that the following has already occurred: ● The Summit WM Controller has been set up. For more information, see Chapter 2, “Configuring the Summit WM Controller.” ● The Summit WM Controller, Access Points and Software has been configured. For more information, see Chapter 2, “Configuring the Summit WM Controller.
Configuring the Wireless APs for the First Time ● ● If the Summit WM Controller does not recognize the registering serial number, a new registration record is automatically created for the AP (if within MDL license limit). The AP receives a default configuration. The default configuration can be the default template assignment. ● If the Summit WM Controller recognizes the serial number, it indicates that the registering device is pre-registered with the controller.
Configuring the Wireless AP To define the discovery process parameters: 1 From the main menu, click Altitude APs. The Altitude AP screen is displayed. 2 In the left pane, click WAP Registration. The Altitude AP Registration screen is displayed. 3 In the Security Mode section, select one of the following: ● Allow all Altitude APs to connect ● Allow only approved Altitude APs to connect The Allow all Altitude APs to connect option is selected by default.
Adding and Registering a Wireless AP Manually Connecting the Wireless AP to a Power Source and Initiating the Discovery and Registration Process When a Wireless AP is powered on, it automatically begins the discovery and registration process with the Summit WM Controller. A Wireless AP can be connected and powered in the following ways: ● ● Power over Ethernet (802.3af): ● PoE enabled switch port ● PoE Injector Power by AC adaptor For more information, see the AP Install Guide.
Configuring the Wireless AP 8 Click Add Altitude AP. The Wireless AP is added and registered. When a Wireless AP is added manually, it is added to the controller database only and does not get assigned. 9 Click Close. Modifying Wireless AP Settings Wireless APs are added with default settings, which you can adjust and configure according to your network requirements. In addition, you can modify the properties and the settings for each radio on the Wireless AP.
Modifying Wireless AP Settings 2 In the left pane, click Access Approval. The Access Approval screen is displayed, along with the registered Wireless APs and their status. 3 To select the Wireless APs for status change, do one of the following: ● For a specific Wireless AP, select the corresponding checkbox. ● For Wireless APs by category, click one of the Select Altitude APs options. To deselect your Wireless AP selections, click Clear All.
Configuring the Wireless AP To configure the default AP settings: 1 From the main menu, click Altitude APs. The Altitude APs screen is displayed. 2 In the left pane, click AP Default Settings.
Modifying Wireless AP Settings ● Max TX Power Level – For each radio, select the appropriate Tx power level from the Max TX Power Level drop-down menu. The values in the Max TX Power Level drop-down is in dBm (dBm is an abbreviation for the power ratio in decibel (dB) of the measured power referenced to one milliwatt). If Dynamic Radio Management (DRM) was enabled on the DRM screen, this option is read-only.
Configuring the Wireless AP mode. If necessary, the Max Operational Rate choices adjust automatically to be higher or equal to the Min Basic Rate. 6 In the Static Configuration section, modify the following: ● In the Add box, type the IP address of the Summit WM Controller that will control this Wireless AP. ● Click Add. The IP address is added to the list. ● Repeat to add additional Summit WM Controllers. ● Click Up and Down to modify the order of the controllers. The maximum is three controllers.
Modifying Wireless AP Settings To modify a Wireless AP’s properties as an access point: 1 From the main menu, click Altitude APs. The Altitude APs screen is displayed. 2 In the Wireless AP list, click the Wireless AP whose properties you want to modify. The WAP Properties tab displays Wireless AP information. 3 Modify the Wireless AP’s information: Summit WM20 User Guide, Software Release 4.
Configuring the Wireless AP ● Name – Type a unique name for the Wireless AP that identifies the AP. The default value is the Wireless AP’s serial number. ● Description – Type comments for the Wireless AP. ● Port # – This field is grayed out as any change in this field may have adverse consequence such as the Wireless AP not able to find/connect to the Summit WM Controller. This field is the Summit WM Controller’s Ethernet port to which the Wireless AP is connected.
Modifying Wireless AP Settings ● Changing the radio channel between Auto and any fixed channel number If the modification of a Wireless AP property does trigger a reboot, the Wireless AP property is identified with a red asterix in the Summit WM GUI. To modify the Wireless AP’s radio properties: 1 From the main menu, click Altitude APs. The Altitude APs screen is displayed. 2 Click the appropriate Wireless AP in the list. 3 Click the radio tab you want to modify.
Configuring the Wireless AP large number. For example, 5. Use a small number for broadcast and multicast delay. The default value is 1. ● Beacon Period – Type the desired time, in milliseconds, between beacon transmissions. The default value is 100 milliseconds. ● RTS/CTS Threshold – Type the packet size threshold, in bytes, above which the packet will be preceded by an RTS/CTS (Request to Send/Clear to Send) handshake. The default value is 2346, which means all packets are sent without RTS/CTS.
Modifying Wireless AP Settings 36, 28, or 54 Mbps for 11b+11g or 11g-only modes. If necessary, the Max Operational Rate choices adjust automatically to be higher or equal to the Min Basic Rate. ● No of Retries for Background BK – Select the number of retries for the Background transmission queue. The default value is 4. The recommended setting is adaptive (multi-rate). ● No of Retries for Best Effort BE – Select the number of retries for the Best Effort transmission queue. The default value is 4.
Configuring the Wireless AP ● If applicable, click the 802.11a tab to modify the radio properties. ● DTIM Period – Type the desired DTIM (Delivery Traffic Indication Message) period—the number of beacon intervals between two DTIM beacons. To ensure the best client power savings, use a large number. For example, 5. Use a small number for broadcast and multicast delay. The default value is 1. ● Beacon Period – Type the desired time, in milliseconds, between beacon transmissions.
Modifying Wireless AP Settings milliwatt). If Dynamic Radio Management (DRM) was enabled on the DRM screen, this option is read-only. ● Rx Diversity – Select Alternate for the best signal from both antennas, or Left or Right to choose either of the two diversity antennas. The default and recommended selection is Alternate. If only one antennae is connected, use the corresponding Left or Right diversity setting. Do not use Alternate if two identical antennas are not used.
Configuring the Wireless AP NOTE If a Wireless AP with a statically configured IP address (without a statically configured Summit Switch Search List) cannot register with the Summit WM Controller within the specified number of retries, the Wireless AP will use SLP, DNS, and SLP multicast as a backup mechanism. To set up a Wireless AP using static configuration: 1 From the main menu, click Altitude APs. The Altitude APs screen is displayed. 2 Click the appropriate Wireless AP in the list.
Configuring Dynamic Radio Management this situation, you will need to reset the AP to its factory default settings. For more information, see “Resetting the AP to Its Factory Default Settings” on page 199. 5 Select one of the two methods of IP address assignment for the Wireless AP: ● Use DHCP – Select this option to enable Dynamic Host Configuration Protocol (DHCP). This option is enabled by default. ● Static Values – Select this option to specify the IP address of the Wireless AP.
Configuring the Wireless AP ● Avoids other WLANs by reducing transmit power whenever other APs with the same channel, but different SSIDs are detected. To configure the DRM software: 1 From the main menu, click Altitude APs. The Altitude APs screen is displayed. 2 In the left pane, click DRM. 3 Confirm the Enable DRM checkbox is selected. 4 To refresh the Altitude APs list, click Save. The list is populated with the Wireless APs.
Modifying a Wireless AP’s Properties Based on a Default AP Configuration 9 From the Minimum drop-down list, select the minimum power level below which the power cannot be further reduced by the DRM. 10 From the Maximum drop-down list, select the maximum power level above which the power cannot be further increased by the DRM. NOTE Due to limited power control resolution, the actual power limits may differ slightly from the settings you define. 11 Click Apply to selected WAPs.
Configuring the Wireless AP 3 If applicable, modify the Wireless AP’s properties. For more information, see “Modifying a Wireless AP’s Properties” on page 68. 4 Click Copy to Defaults to make this AP’s configuration be the system’s default AP settings. A popup window asking you to confirm the configuration change is displayed. 5 Click OK to confirm resetting the system’s default AP settings.
Performing Wireless AP Software Maintenance The Wireless APs shown in the Altitude AP list can be from any version of the software. Attributes that are common between software versions are set on all Wireless APs. Attributes that are not common, are only sent to the AP versions to which the attributes apply. Attempting to set an attribute that does not apply for an AP will not abort the multi-edit operation.
Configuring the Wireless AP 3 From the WAP Images for Platform drop-down list select the appropriate platform. 4 To select an image to be the default image for a software upgrade, select it in the list, and then click Set as default. 5 In the Upgrade Behavior section, select one of the following: ● Upgrade when WAP connects using settings from Controlled Upgrade – The Controlled Upgrade tab is displayed.
Performing Wireless AP Software Maintenance 3 From the WAP Images for Platform drop-down list, select the appropriate platform. 4 To select an image in the WAP Images list to delete, click it. 5 Click the Delete button. The image is removed from the list. To download a new Wireless AP software image: 1 From the main menu, click Altitude APs. The Altitude APs screen is displayed. 2 From the left pane, click WAP Maintenance. The WAP Software Maintenance tab is displayed.
Configuring the Wireless AP 3 Click the Controlled Upgrade tab. NOTE The Controlled Upgrade tab will appear only when the Upgrade Behavior is set to Upgrade when WAP connects using settings from Controlled Upgrade on the WAP Software Maintenance tab. 4 From the Select WAP Platform drop-down list, select the type of AP you want to upgrade. 5 From the Select an image to use drop-down list, select the software image you want to use for the upgrade.
4 WM Access Domain Services This chapter describes WM Access Domain Services (WM-AD) concepts, including: ● “WM-AD Overview” on page 85 ● “Setting up a WM-AD Checklist” on page 86 ● “Topology of a WM-AD” on page 87 ● “RF Assignment for a WM-AD” on page 88 ● “Authentication for a WM-AD” on page 89 ● “Filtering for a WM-AD” on page 90 ● “Data Protection on a WM-AD—WEP and WPA” on page 92 ● “WM-AD Global Settings” on page 92 ● “Setting up a New WM-AD” on page 95 WM-AD Overview A WM-AD is an
WM Access Domain Services ● Each WM-AD also offers unique Authentication, Authorization and Accounting (AAA) services. Setting up a WM-AD Checklist WM-AD provides a versatile means of mapping wireless networks to the topology of an existing wired network. When you set up a WM-AD on the Summit WM Controller, you are defining a subnet for a group of wireless device users. The WM-AD definition creates a virtual IP subnet where the Summit WM Controller acts as a default gateway to wireless devices.
Topology of a WM-AD User Access Plan The user access plan should analyze the enterprise network and identify which users should have access to which areas of the network. What areas of the network should be separated? Which users can go out to the World Wide Web? The Summit WM Controller, Access Points and Software system relies on authenticating users via a RADIUS server (or other authentication server). To make use of this feature, an authentication server on the network is required.
WM Access Domain Services ● ● Used for a WM-AD supporting third-party APs ● Has WEP and WPA-PSK privacy AAA: ● Has 802.1x authentication ● Requires filtering rules for group filter IDs and default filter. A definition of group filter IDs is optional. If a filter is not specified or not returned by the Access-Accept response, the default filter group is applied. ● Has WEP and WPA privacy ● Controller is involved in authenticating users. 802.
Authentication for a WM-AD Authentication for a WM-AD The third step in setting up a WM-AD is to configure the authentication mechanism for the WM-AD. The authentication mechanism depends on the network assignment. In addition, all WM-AD definitions can include authentication by Media Access Control (MAC) address. Authentication by MAC address provides a method of access control for a user as it associates with the AP based on the device's MAC address.
WM Access Domain Services ● Extensible Authentication Protocol with Tunneled Transport Layer Security (EAP-TTLS) – Relies on mutual authentication of client and server through an encrypted tunnel. Unlike EAP-TLS, it requires only server-side certificates. The client uses PAP, CHAP, or MS-CHAPv2 for authentication.
Filtering for a WM-AD Within each type of filter, define a sequence of filtering rules. The filtering rule sequence must be arranged in the order that you want them to take effect. Each rule is defined to allow or deny traffic in either direction: ● In – From a wireless device in to the network ● Out – From the network out to a wireless device Final Filter Rule The final rule in any filter should act as a catch-all for any traffic that did not match a filter.
WM Access Domain Services The following is a high-level description of how Summit WM Controller filters traffic: Step One – The Summit WM Controller attempts to match each packet of a WM-AD to the filtering rules that apply to the wireless device user. Step Two – If a filtering rule is matched, the operation to allow or deny is executed. Step Three – The next packet is fetched for filtering. Data Protection on a WM-AD—WEP and WPA On wireless and wired networks, data is protected by encryption techniques.
WM-AD Global Settings To define RADIUS servers for WM-AD global settings: 1 From the main menu, click WM-AD Configuration. The WM Access Domains list is displayed. 2 In the left pane, click Global Settings. The Authentication tab is displayed. 3 To define a RADIUS server available on the network, do the following: ● In the Server Name box, type a name. ● In the Server Address box, type the IP address. ● In the Shared Secret box, type the password that is required in both directions.
WM Access Domain Services 4 Using the percentage drop-down lists, define the thresholds for the following: ● Max Voice (VO) BW for roaming streams – The maximum allowed overall bandwidth on the new AP when a client with an active voice stream roams to a new AP and requests admission for the voice stream. ● Max Voice (VO) BW for new streams – The maximum allowed overall bandwidth on an AP when an already associated client requests admission for a new voice stream.
Setting up a New WM-AD Setting up a New WM-AD Now that you are familiar with the WM-AD concepts, you can now set up a new WM-AD. Setting up a new WM-AD involves the following general steps: ● Step one – Create a WM-AD name ● Step two – Define the topology parameters ● Step three – Configure the WM-AD For information on setting up a new WM-AD, see Chapter 5, “WM Access Domain Services Configuration.” Summit WM20 User Guide, Software Release 4.
WM Access Domain Services 96 Summit WM20 User Guide, Software Release 4.
5 WM Access Domain Services Configuration This chapter discusses WM Access Domain Services (WM-AD) configuration, including: ● “Topology for a WM-AD” on page 98 ● “Assigning Wireless AP Radios to a WM-AD” on page 106 ● “Authentication for a WM-AD” on page 108 ● “Defining Accounting Methods for a WM-AD” on page 120 ● “Defining RADIUS Filter Policy for WM-ADs and WM-AD Groups” on page 121 ● “Configuring Filtering Rules for a WM-AD” on page 122 ● “Enabling Multicast for a WM-AD” on page 132 ●
WM Access Domain Services Configuration To create a new WM-AD name: 1 From the main menu, click WM-AD Configuration. The WM-AD Configuration screen is displayed. 2 In the left pane, type a name that will identify the new WM-AD in the Add subnet box, and then click Add subnet. The name is displayed in the WM Access Domains list. The Topology screen is displayed. The following sections describe in detail how to define the WM-AD topology parameters and configure the WM-AD.
Topology for a WM-AD Configuring Topology for a WM-AD for Captive Portal The section describes how to set up a WM-AD for Captive Portal. The RF tab, where you assign APs to WM-ADs, is not accessible until the topology for the WM-AD has been configured and saved. To create an SSID for Captive Portal WM-AD: 1 From the main menu, click WM-AD Configuration. The WM-AD Configuration screen is displayed. 2 In the left pane WM Access Domains list, click the WM-AD you want to create an SSID for.
WM Access Domain Services Configuration A client that exceeds either the pre-timeout or post-timeout value will be forced to disassociate. The session timer defines the maximum amount of time a session is allowed to be connected to the system. The session timer is particularly useful in pay-per-use models. When the lifetime of the session reaches the defined limit, the session is expired and cleaned up. A user would have to re-authenticate with the system to continue to receive network services.
Topology for a WM-AD A third-party AP WM-AD allows for the specification of a segregated subnet by which non-Altitude Wireless APs are used to provide RF services to users while still utilizing the Summit WM Controller for user authentication and user policy enforcement. NOTE Third-party AP devices are not fully integrated with the system and therefore must be managed individually to provide the correct user access characteristics.
WM Access Domain Services Configuration To define a next hop route and OSPF advertisement: 1 From the main menu, click WM-AD Configuration. The WM-AD Configuration screen is displayed. 2 In the left pane WM Access Domains list, click the WM-AD you want to define a next-hop route for. The Topology tab is displayed. 3 In the Next Hop Address box, type the IP address of the next hop router on the network through which you wish all traffic on this WM-AD to be directed.
Topology for a WM-AD DHCP enabled (by default, DHCP is disabled). These values are not visible for a bridged at AP WMAD or a VLAN bridged WM-AD with DHCP disabled (by default, DHCP is disabled). The Address Range boxes (from and to) populate automatically with the range of IP addresses to be assigned to wireless devices using this WM-AD, based on the IP address you provided. ● To modify the address in the Address Range from box, type the first available address.
WM Access Domain Services Configuration To modify time limits for IP assignments: 1 From the main menu, click WM-AD Configuration. The WM-AD Configuration screen is displayed. 2 In the left pane WM Access Domains list, click the WM-AD you want to set time limits for. The Topology tab is displayed. 3 In the Lease default box, type the default time limit. The default time limit dictates how long a wireless device can keep the DHCP server assigned IP address. The default value is 36000 seconds (10 hours).
Topology for a WM-AD To use an external DHCP server for the WM-AD: 1 From the main menu, click WM-AD Configuration. The WM-AD Configuration screen is displayed. 2 In the left pane WM Access Domains list, click the WM-AD you want to use DHCP relay for. The Topology tab is displayed. 3 From the DHCP Option drop-down list, select Use DHCP Relay. 4 In the Gateway box, type the IP address for the WM-AD. 5 In the Mask box, type the appropriate subnet mask for this IP address.
WM Access Domain Services Configuration 3 From the Assignment by drop-down list, select AAA. 4 Configure the topology for your WM-AD accordingly. For more information, see “Topology for a WM-AD” on page 98. 5 To save your changes, click Save. Saving Your Topology Properties Once your topology is defined, you can then save your topology properties to continue configuring your WM-AD. To save your topology properties, click Save.
Assigning Wireless AP Radios to a WM-AD To assign Wireless APs to a WM-AD: 1 From the main menu, click WM-AD Configuration. The WM-AD Configuration screen is displayed. 2 In the left pane WM Access Domains list, click the WM-AD you want to assign Wireless APs to. The Topology tab is displayed. 3 Click the RF tab. 4 In the SSID box, type the SSID that wireless devices will use to access the Wireless AP.
WM Access Domain Services Configuration Authentication for a WM-AD The next step in configuring a WM-AD is to set up the authentication mechanism. There are various authentication combinations available: ● ● If network assignment is by SSID, authentication can be: ● none ● by Captive Portal using internal Captive Portal ● by Captive Portal using external Captive Portal ● by MAC-based authentication If network assignment is by AAA (802.1x), authentication can be: ● by 802.
Authentication for a WM-AD Table 4: Vendor-Specific Attributes (Continued) Attribute Name ID Type Messages Description Extreme-BSS-MAC 6 string Sent to RADIUS server The name of the BSS-ID the client is associating to. It is used in assigning policy and billing options, based on service selection and location. The first five of these VSAs provide information on the identity of the specific Wireless AP that is handling the wireless device, enabling the provision of location-based services.
WM Access Domain Services Configuration ● Auth – Use to define authentication servers. ● MAC – Use to define servers for MAC-based authentication. ● Acct – Use to define accounting servers. 4 Click Auth. The Authentication fields are displayed. 110 Summit WM20 User Guide, Software Release 4.
Authentication for a WM-AD 5 From the RADIUS drop-down list, select the server you want to use for Captive Portal authentication, and then click Use. The server’s default information is displayed. The RADIUS servers are defined in the Global Settings screen. For more information, see “WM-AD Global Settings” on page 92. The selected server is no longer available in the RADIUS drop-down list.
WM Access Domain Services Configuration 11 In the Include VSA Attributes section, click the appropriate checkboxes to include the Vendor Specific Attributes in the message to the RADIUS server: ● AP’s ● WM-AD’s ● SSID The Vendor Specific Attributes must be defined on the RADIUS server. 12 If appropriate, click the Reset to Primary checkbox.
Authentication for a WM-AD 5 In the server list, select the RADIUS server and click Up or Down to arrange the order. The first server in the list is the active one. 6 To test the Summit WM Controller’s connection to all configured RADIUS servers, click Test. The Test RADIUS servers screen displays the message transaction with the RADIUS server, which allows you to visually verify the state of the server connection and user authentication.
WM Access Domain Services Configuration To configure the Captive Portal settings for internal Captive Portal: 1 From the main menu, click WM-AD Configuration. The WM-AD Configuration screen is displayed. 2 In the left pane WM Access Domains list, click the WM-AD you want to configure the Captive Portal settings for. The Topology tab is displayed. 3 Click the Auth & Acct tab. 4 Click Configure Captive Portal Settings. The Captive Portal Configurations screen is displayed.
Authentication for a WM-AD 11 In the Replace Gateway IP with FQDN box, type the appropriate name if a Fully Qualified Domain Name (FQDN) is used as the gateway address. 12 In the Default Redirection URL box, type the URL to which the wireless device user will be directed after authentication. 13 In the Specific Message URL box, type the URL of a document that will be displayed in a text frame on the Captive Portal login page.
WM Access Domain Services Configuration If there is an authentication server configured for this WM-AD, the external Captive Portal page on the external authentication server will send the request back to the Summit WM Controller to allow the Summit WM Controller to continue with the RADIUS authentication and filtering.
Authentication for a WM-AD 4 Click Auth. The Authentication fields are displayed. 5 From the RADIUS drop-down list, select the server you want to use for Captive Portal authentication, and then click Use. The server’s default information is displayed. The RADIUS servers are defined in the Global Settings screen. For more information, see “WM-AD Global Settings” on page 92. Summit WM20 User Guide, Software Release 4.
WM Access Domain Services Configuration The selected server is no longer available in the RADIUS drop-down list. The server name is now displayed in the list of configured servers, next to the Up and Down buttons, where it can be prioritized for RADIUS redundancy. The server can also be assigned again for MAC-based authentication or accounting purposes. A red asterisk is displayed next to Auth, indicating that a server has been assigned. 6 In the Port box, type the port used to access the RADIUS server.
Authentication for a WM-AD To define MAC-based authentication for a WM-AD: 1 From the main menu, click WM-AD Configuration. The WM-AD Configuration screen is displayed. 2 In the left pane WM Access Domains list, click the WM-AD you want to set up MAC-based authentication for. The Topology tab is displayed. 3 Click the Auth & Acct tab. On the Auth & Acct tab, there are three options: ● Auth – Use to define authentication servers. ● MAC – Use to define servers for MAC-based authentication.
WM Access Domain Services Configuration 11 In the NAS Identifier box, type the Network Access Server (NAS) identifier. The NAS identifier is a RADIUS attribute that identifies the server responsible for passing information to designated RADIUS servers and then acting on the response returned. This is an optional step. 12 In the Auth. Type field, select the authentication protocol to be used by the RADIUS server to authenticate the wireless device users for a Captive Portal WM-AD.
Defining RADIUS Filter Policy for WM-ADs and WM-AD Groups 5 From the RADIUS drop-down list, select the server you want to use for RADIUS accounting, and then click Use. The server’s default information is displayed and a red asterisk is displayed next to Acct, indicating that a server has been assigned. The RADIUS servers are defined in the Global Settings screen. For more information, see “WM-AD Global Settings” on page 92. 6 Select Use server for RADIUS Accounting.
WM Access Domain Services Configuration 3 Click the RAD Policy tab. 4 In the Filter ID Values box, type the name of a group that you want to define specific filtering rules for to control network access. 5 Click the corresponding Add button. The filter ID value is displayed in the list. These filter ID values will appear in the Filter ID list on the Filtering tab. These filter ID values must match those set up for the filter ID attribute in the RADIUS server.
Configuring Filtering Rules for a WM-AD Filtering Rules for an Exception Filter The exception filter provides a set of rules aimed at restricting the type of traffic that is delivered to the controller. By default, your system is shipped with a set of restrictive filtering rules that help control access through the interfaces to only absolutely necessary services.
WM Access Domain Services Configuration 5 For each filtering rule you are defining, do the following: ● In the IP/subnet:port box, type the destination IP address. You can also specify an IP range, a port designation, or a port range on that IP address. ● In the Protocol drop-down list, select the applicable protocol. The default is N/A. 6 Define a rule to allow access to the default gateway for this WM-AD: ● Select IP/Port.
Configuring Filtering Rules for a WM-AD rule is to deny all. Administrators should define a rule set that will permit users to access essential services: ● DNS (IP of DNS server) ● Default Gateway (WM-AD Interface IP) Any HTTP streams requested by the client for denied targets will be redirected to the specified location. The non-authenticated filter should allow access to the Captive Portal page IP address, as well as to any URLs for the header and footer of the Captive Portal page.
WM Access Domain Services Configuration 4 From the Filter ID drop-down list, select Non-Authenticated. The Filtering tab automatically provides a Deny All rule already in place. Use this rule as the final rule in the non-authenticated filter for Captive Portal. 5 For each filtering rule you are defining, do the following: ● In the IP/subnet:port box, type the destination IP address. You can also specify an IP range, a port designation, or a port range on that IP address.
Configuring Filtering Rules for a WM-AD NOTE Administrators must ensure that the non-authenticated filter allows access to the corresponding authentication server: • Internal Captive Portal – IP address of the WM-AD interface • External Captive Portal – IP address of external Captive Portal server Non-authenticated Filter Examples A basic non-authenticated filter for internal Captive Portal should have three rules, in the following order: Table 5: Non-authenticated filter example A In Out Allow IP / P
WM Access Domain Services Configuration Once a wireless device user has logged in on the Captive Portal page, and has been authenticated by the RADIUS server, then the following filters will apply: ● Filter ID – If a filter ID associated with this user was returned by the authentication server.
Configuring Filtering Rules for a WM-AD 4 From the Filter ID drop-down list, select one of the names you defined in the Filter ID Values field on the RAD Policy tab. For example, select one of your organization’s user groups, such as Sales, Engineering, Teacher, Guest, etc. The Filtering tab automatically provides a Deny All rule already in place. This rule can be modified to Allow All, if appropriate to the network access needs for this WM-AD.
WM Access Domain Services Configuration Filtering Rules by Filter ID Examples Below are two examples of possible filtering rules for a filter ID. The first example disallows some specific access before allowing everything else. Table 7: Filtering rules by filter ID example A In Out x x x x Allow IP / Port Description x *.*.*.*:22-23 SSH and telnet sessions x [specific IP address, range] Deny all traffic to a specific IP address or address range *.*.*.*.
Configuring Filtering Rules for a WM-AD 4 From the Filter ID drop-down list, select Default. The Filtering tab automatically provides a Deny All rule already in place. This rule can be modified to Allow All, if appropriate to the network access needs for this WM-AD.
WM Access Domain Services Configuration Table 10: Default Filter Example B (Continued) In x Out Allow IP / Port Description x x Intranet IP 10.3.0.20 Allow all other traffic from Intranet network to wireless devices x x *.*.*.*. Allow everything else Filtering Rules for an AAA Child Group WM-AD If you defined a child group for an AAA WM-AD, it will have the same authentication parameters and filter IDs as the parent WM-AD.
Enabling Multicast for a WM-AD To enable multicast for a WM-AD: 1 From the main menu, click WM-AD Configuration. The WM-AD Configuration screen is displayed. 2 In the left pane WM Access Domains list, click the WM-AD you want to enable Multicast for. The Topology tab is displayed. 3 Click the Multicast tab. 4 To enable the multicast function, click Enable Multicast Support. 5 Define the multicast groups by selecting one of the radio buttons: ● IP Group – Type the IP address range.
WM Access Domain Services Configuration Configuring Privacy for a WM-AD Privacy is a mechanism that protects data over wireless and wired networks, usually by encryption techniques. The following section describes how the Privacy mechanism is handled for a Captive Portal WM-AD and an AAA WM-AD.
Configuring Privacy for a WM-AD 4 Select Static Keys (WEP). 5 From the WEP Key Length drop-down list, select the WEP encryption key length: ● 64-bit ● 128-bit ● 152-bit 6 Select one of the following input methods: ● Input Hex – If you select Input Hex, type the WEP key input in the WEP Key box. The key is generated automatically, based on the input. ● Input String – If you select Input String, type the secret WEP key string used for encrypting and decrypting in the WEP Key String box.
WM Access Domain Services Configuration 6 If WPA v.1 is enabled, select one of the following encryption types from the Encryption drop-down list: ● Auto – The AP will advertise both TKIP and CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) for WPAv1. CCMP is an IEEE 802.11i encryption protocol that uses the encryption cipher AES (Advanced Encryption Standard). Auto is the default. ● TKIP only – The AP will advertise TKIP as an available encryption protocol for WPAv1.
Configuring Privacy for a WM-AD Privacy for a WM-AD for AAA For a WM-AD with authentication by 802.1x (AAA), there are four Privacy options: ● Static keys (WEP) ● Dynamic keys ● Wi-Fi Protected Access (WPA) version 1, with encryption by Temporal Key Integrity Protocol (TKIP) ● Wi-Fi Protected Access (WPA) version 2, with encryption by Advanced Encryption Standard with Counter-Mode/CBC-MAC Protocol (AES-CCMP) NOTE In order to use WPA with 802.1x authentication, network assignment must be AAA.
WM Access Domain Services Configuration ● 152-bit 6 Select one of the following input methods: ● Input Hex – If you select Input Hex, type the WEP key input in the WEP Key box. The key is generated automatically, based on the input. ● Input String – If you select Input String, type the secret WEP key string used for encrypting and decrypting in the WEP Key String box. The WEP Key box is automatically filled by the corresponding Hex code. 7 To save your changes, click Save.
Configuring Privacy for a WM-AD The encryption portion of WPA v2 is Advanced Encryption Standard (AES). AES includes: ● A 128 bit key length, for the WPA2/802.11i implementation of AES ● Four stages that make up one round. Each round is iterated 10 times. ● A per-packet key mixing function that shares a starting key between devices, and then changes their encryption key for every packet or after the specified re-key time interval expires.
WM Access Domain Services Configuration 4 Select WPA. 5 To enable WPA v1 encryption, select WPA v.1. 6 From the Encryption drop-down list, select one of the following encryption types: ● Auto – The AP will advertise both TKIP and CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) for WPAv1. CCMP is an IEEE 802.11i encryption protocol that uses the encryption cipher AES (Advanced Encryption Standard). Auto is the default.
Defining Priority Level and Service Class for WM-AD Traffic To define a WM-AD with no authentication: 1 From the main menu, click WM-AD Configuration. The WM-AD Configuration screen is displayed. 2 In the left pane WM Access Domains list, click the WM-AD you want to configure with no authentication. The Topology tab is displayed. 3 From the Assignment by drop-down list, select SSID. 4 Configure the topology for this WM-AD, then click Save.
WM Access Domain Services Configuration Defining the Service Class for the WM-AD Service class is determined by the combination of the following operations: ● The class of treatment given to a packet. For example, queuing or per hop behavior (PHB). ● The packet marking of the output packets (user traffic and/or transport).
Working with Quality of Service (QoS) Working with Quality of Service (QoS) QoS policy is configured for each WM-AD and applies to routed, bridged at AP, and bridged at controller WM-ADs. Each WM-AD has a configurable policy for the QoS characteristics of the WM-AD. For every user associated with the WM-AD there will be a different behavior on the wireless traffic. NOTE Active QoS is only applied on the wireless/802.11 domain, not on the wired domain.
WM Access Domain Services Configuration The APs are capable of supporting 5 queues. The queues are implemented per radio. For example, 5 queues per radio. The queues are: Table 15: Queues Queue Name Purpose AC_VO Voice AC_VI Video AC_BK Background AC_BE Best Effort AC_TVO Turbo Voice The Summit WM Controller supports the definition of 8 levels of user priority (UP). These priority levels are mapped at the AP to the best appropriate access class.
Configuring the QoS Policy on a WM-AD Configuring the QoS Policy on a WM-AD The following is an overview of the steps involved in configuring the QoS on a WM-AD. Step 1 – Define the QoS mode to employ on the WM-AD: ● Legacy – Enables DL (downlink) classification for all clients ● WMM: ● ● Enables WMM support ● Enables DL classification for WMM clients ● Enables UL (uplink) classification in WMM clients 802.11e: ● Enables 802.11e support ● Enables DL classification for 802.
WM Access Domain Services Configuration Table 17: DSCP and Service Class Classifications (Continued) DSCP SC/UP DSCP SC/UP CS7 7/7 AF32 4/4 DSCP SC/UP Step 4 – Enable Priority override: ● ● Select the applicable service class and implicitly desired UP ● Updates UP in user packet ● Updates UP for WASSP frame (if field exists) sent by AP Select the desired DSCP ● Updates DSCP for WASSP frames sent by AP ● Does not change DSCP in user packet Step 5 – Configure the advanced wireless QoS: ●
Configuring the QoS Policy on a WM-AD 3 Click the QoS Policy tab. 4 From the Wireless QoS list, select the following: ● Legacy – Select if your WM-AD will support legacy devices that use SpectraLink Voice Protocol (SVP) for prioritizing voice traffic. If selected, the Turbo Voice option is displayed. ● WMM – Select to enable the AP to accept WMM client associations, and classify and prioritize the downlink traffic for all WMM clients.
WM Access Domain Services Configuration ● ■ Bronze (2) ■ Best Effort (1) ■ Background (0) – The lowest priority level DSCP marking – From the drop-down list, select the DSCP value used to tag the IP header of the encapsulated packets. 6 If you want to assign a service class to each DSCP marking, clear the Priority Override checkbox and define the DSCP service class priorities in the DSCP classification table.
Bridging Traffic Locally ● Untagged If you select Tagged, type the VLAN ID in the VLAN ID box. NOTE The VLAN IDs are assigned by the branch office network administrator. The AP will operate correctly only if you set the VLAN ID corresponding to the VLAN ID that was setup in the LAN. Configuring two untagged branch WM-ADs to the same AP on different radios is permitted. This is similar to having two untagged branch WM-ADs with the same VLAN ID assigned to the same AP on different radios.
WM Access Domain Services Configuration 150 Summit WM20 User Guide, Software Release 4.
6 Availability and Controller Functionality This chapter describes the availability concepts, including: ● “Availability Overview” on page 151 ● “Defining Management Users” on page 157 ● “Configuring Network Time” on page 158 ● “Configuring Check Point Event Logging” on page 160 ● “Enabling SNMP” on page 162 ● “Using Controller Utilities” on page 164 ● “Configuring Web Session Timeouts” on page 166 The Summit WM Controller provides additional functionality including: ● Availability – Mainta
Availability and Controller Functionality For more information, see “Configuring the Default AP Settings” on page 65. From the viewpoint of a Wireless AP, if a Summit WM Controller or the connection to it fails, the Wireless AP begins its discovery process. The Wireless AP is directed to the appropriate backup controller of the pair. This connection may require the Wireless AP to reboot. Users on the Wireless AP must log in again and be authenticated on the second Summit WM Controller.
Availability Overview ● If the APs are not yet known to the system, the AP will be initially configured according to AP default settings. To ensure better transition in availability, it is recommended that the AP default settings match the desired WM-AD assignment for failover APs. ● AP assignment to WM-ADs according to the AP default settings can be overwritten by manually modifying the AP WM-AD assignment. (For example, select and assign each WM-AD that the AP should connect to.
Availability and Controller Functionality ● For a primary controller, in the Summit Switch IP Address box, type the IP address of the physical port of the secondary Summit WM Controller. This IP address must be on a routable subnet between the two Summit WM Controllers. ● For a secondary controller, in the Summit Switch IP Address box, type the IP address of the Management port or physical port of the primary Summit WM Controller.
Availability Overview Viewing SLP Activity In normal operations, the primary Summit WM Controller registers as an SLP service called ac_manager. The controller service directs the Wireless APs to the appropriate Summit WM Controller. During an outage, if the remaining Summit WM Controller is the secondary controller, It registers as the SLP service ru_manager. To view SLP activity: 1 From the main menu, click Altitude APs. The Altitude APs screen is displayed. 2 In the left pane, click AP Registration.
Availability and Controller Functionality Events and Actions During a Failover If one of the Summit WM Controllers in a pair fails, the connection between the two Summit WM Controllers is lost. This triggers a failover mode condition, and a critical message is displayed in the information log of the remaining Summit WM Controller. After the Wireless AP on the failed Summit WM Controller loses its connection, it will try to connect to all enabled interfaces on both controllers without rebooting.
Defining Management Users When the failed Summit WM Controller recovers, each Summit WM Controller in the pair goes back to normal mode. They exchange information that includes the latest lists of registered Wireless APs. The administrator must release the Wireless APs manually on the second Summit WM Controller, so that they may re-register with their home Summit WM Controller.
Availability and Controller Functionality The user_admin list displays Admin users who have read/write privileges. The user_read list is for users who have read only privileges. 3 From the Group pull-down list, select Admin or Read only. 4 In the User ID box, type the user ID for the new user. A User ID can only be used once, in only one category. 5 In the Password box, type the password for the new user. 6 In the Confirm Password, retype the password. The $ character is not permitted.
Configuring Network Time To apply time zone settings: 1 From the main menu, click Summit Switch. The Summit Switch Configuration screen is displayed. 2 In the left pane, click Network Time. The Network Time screen is displayed. 3 From the Continent or Ocean drop-down list, select the appropriate large-scale geographic grouping for the time zone. 4 From the Country drop-down list, select the appropriate country for the time zone.
Availability and Controller Functionality 3 To use Network Time Protocol, select the Use NTP radio button. 4 In the Use System TIme box, type the time setting using the mm-dd-yyyy hh:mm format. 5 In the Time Server 1 box, type the IP address or FQDN of a standard NTP Time Server. You can repeat this step for the Time Server 2 and Time Server 3 boxes. 6 To apply your changes, click Apply.
Configuring Check Point Event Logging To enable and configure Check Point: 1 From the main menu, click Summit Switch. The Summit Switch Configuration screen is displayed. 2 In the left pane, click Check Point. The Check Point Configuration screen is displayed. 3 To enable check point logging, select the Enable Check Point Logging checkbox. 4 Type the following information: ● Check Point Server IP – Specifies the IP address of the ELA Management Station ● ELA Port – Specifies the port to use for ELA.
Availability and Controller Functionality If there is an error in generating the certificate or establishing the connection, the Connection Status section displays the following message: OPSEC Connection Error ELA Management Station Events The events for the ELA Management Station are grouped under Extreme Networks and are mapped as info events and alert events.
Enabling SNMP ● EXTREME-SUMMIT-WM-SMI ● EXTREME-SUMMIT-WM-DOT11-EXTNS-MIB ● EXTREME-SUMMIT-WM-BRANCH-OFFICE-MIB The MIB is provided for compilation into an external NMS. No support has been provided for automatic device discovery by an external NMS. The Summit WM Controller is the only point of SNMP access for the entire system. In effect, the Summit WM Controller proxies sets, gets, and alarms from the associated Wireless APs.
Availability and Controller Functionality 3 Type: the following information: ● Contact Name – Specifies the name of SNMP administrator. ● Location – Specifies the location of the SNMP administration machine. ● Read Community Name – Specifies the community name for users with read privileges. ● Read/Write Community Name – Specifies the community name for users with read and write privileges. ● SNMP Trap Port – Specifies the destination port for SNMP traps. The industry standard is 162.
Using Controller Utilities 3 In the Target IP Address box, type the IP address of the destination computer. 4 To test a connection to the target IP address, click Ping. A pop-up window is displayed with the ping results. The following is an example of a screen after clicking the Ping button Summit WM20 User Guide, Software Release 4.
Availability and Controller Functionality 5 To record the route through the Internet between your computer and the target IP address, click Trace Route. A pop-up window is displayed with the trace route results. The following is an example of a screen after clicking the Trace Route button. Configuring Web Session Timeouts You can configure the time period to allow Web sessions to remain inactive before timing out. 166 Summit WM20 User Guide, Software Release 4.
Configuring Web Session Timeouts To configure Web session timeouts: 1 From the main menu, click Summit Switch. The Summit Switch Configuration screen is displayed. 2 In the left pane, click Web Settings The Summit Switch Web Management Settings screen is displayed. 3 In the Web Session Timeout box, type the time period to allow the Web session to remain inactive before it times out. This can be entered as hour:minutes, or as minutes. The range is 1 minute to 168 hours.
Availability and Controller Functionality 168 Summit WM20 User Guide, Software Release 4.
7 Working With Third-Party APs You can set up the Summit WM Controller to handle wireless device traffic from third-party access points, providing the same policy and network access control.
Working With Third-Party APs Step 2 – Define a WM-AD for the third-party AP port: 1 From the main menu, click WM-AD Configuration. The WM-AD Configuration screen is displayed. 2 In the left pane, type a name that will identify the new WM-AD in the Add subnet box, and then click Add subnet. The name is displayed in the WM Access Domains list. The Topology tab is displayed. 3 In the Assignment by drop-down list, click SSID. 4 To define a WM-AD for a third-party AP, select the Use 3rd Party AP checkbox.
Step 4 – Define filtering rules for the third-party APs: 1 Because the third-party APs are mapped to a physical port, you must define the Exception filters on the physical port, using the Port Exception Filters screen. For more information, see “Configuring Filtering Rules for a WM-AD” on page 122. 2 Define filtering rules that allow access to other services and protocols on the network such as HTTP, FTP, Telnet, SNMP.
Working With Third-Party APs 172 Summit WM20 User Guide, Software Release 4.
8 Working With the Summit WM Series Spy This chapter describes Summit WM series Spy concepts, including: ● “Summit WM Series Spy Overview” on page 173 ● “Enabling the Analysis and Data Collector Engines” on page 174 ● “Running Summit WM Series Spy Scans” on page 175 ● “Analysis Engine Overview” on page 176 ● “Working With Summit WM Series Spy Scan Results” on page 177 ● “Working With Friendly APs” on page 179 ● “Viewing the Summit WM Series Spy List of Third-Party APs” on page 180 ● “Mainta
Working With the Summit WM Series Spy Enabling the Analysis and Data Collector Engines Before using the Summit WM series Spy, you must enable and define the Analysis and data collector engines. To enable the Analysis engine: 1 From the main menu, click Summit Switch. The Summit Switch Configuration screen is displayed. 2 In the left pane, click Summit Spy. The Summit Spy Configuration screen is displayed. 3 To enable the Summit Spy Analysis Engine, select the Enable Summit Spy Analysis Engine checkbox.
Running Summit WM Series Spy Scans Running Summit WM Series Spy Scans The Summit WM series Spy feature allows you to view the following: ● Scan Groups ● Friendly APs ● Third-party APs ● AP Maintenance NOTE A scan will not run on an inactive AP, even though it is displayed as part of the Scan Group. If it becomes active, it will be sent a scan request during the next periodic scan. To run the Summit WM series Spy scan task mechanism: 1 From the main menu, click Summit Spy.
Working With the Summit WM Series Spy NOTE A Wireless AP can participate in only one Scan Group at a time. It is recommended that the Scan Groups represent geographical groupings of Wireless APs. 5 In the Radio drop-down list, select one of the following: ● Both – The a and b/g radios both perform the scan function. ● a – Only the a radio performs the scan function. ● b/g – Only the b/g radio performs the scan function.
Working With Summit WM Series Spy Scan Results ● Wireless devices – Registered with any Summit WM Controller that has its RF Data Collector enabled and has been associated with the Analysis Engine on this Summit WM Controller.
Working With the Summit WM Series Spy 5 To view the Rogue Summary report, click Rogue Summary. The Rogue Summary report is displayed in a pop-up window. 6 To clear all detected rogue devices from the list, click Clear Detected Rogues. NOTE To avoid the Summit WM series Spy's database becoming too large, it is recommended that you either delete Rogue APs or add them to the Friendly APs list, rather than leaving them in the Rogue list. 178 Summit WM20 User Guide, Software Release 4.
Working With Friendly APs To add an AP from the Summit WM series Spy scan results to the list of friendly APs: 1 From the main menu, click Summit Spy. The Summit Spy screen is displayed. 2 Click the Rogue Detection tab. 3 To add a Wireless AP to the Friendly APs list, click Add to Friendly List. The AP is removed from this list and is displayed in the Friendly AP Definitions section of the Friendly AP’s tab.
Working With the Summit WM Series Spy To add friendly APs manually: 1 From the main menu, click Summit Spy. The Summit Spy screen is displayed. 2 Click the Friendly APs tab.
Maintaining the Summit WM Series Spy List of APs Maintaining the Summit WM Series Spy List of APs To maintain the Wireless APs: 1 From the main menu, click Summit Spy. The Summit Spy screen is displayed. 2 Click the WAP Maintenance tab. Inactive APs and known third-party APs are displayed. 3 Select the applicable APs. Summit WM20 User Guide, Software Release 4.
Working With the Summit WM Series Spy 4 To delete the selected APs, click Delete marked WAPs. NOTE The selected APs are deleted from the Summit WM series Spy database, not from the Summit WM Controller database. You can delete the APs from the Summit WM Controller database after you delete them from the Altitude APs Configuration Access Approval screen of the corresponding RF Data Collector Engine.
Viewing the Scanner Status Report The boxes display the IP address of the Data Collector engine. The status of the Data Collector engine is indicated by one of the following colors: ● Green – The Analysis Engine has connection with the Data Collector on that Summit WM Controller. ● Yellow – The Analysis Engine has connected to the communication system of the other controller, but has not synchronized with the Data Collector. Ensure that the Data Collector is running on the remote controller.
Working With the Summit WM Series Spy 184 Summit WM20 User Guide, Software Release 4.
9 Working With Reports and Displays This chapter describes the various reports and displays available in the Summit WM Controller, Access Points and Software system.
Working With Reports and Displays To view reports and displays: 1 From the main menu, click Reports & Displays. The Reports & Displays screen is displayed. 2 In the List of Displays, click the display you want to view (some examples will follow): NOTE Statistics are expressed in relation to the AP. Therefore, Packets Sent means the AP has sent that data to a client and Packets Rec’d means the AP has received packets from a client.
Viewing the Displays In normal operations, when the Summit WM Controller Availability feature is enabled, the local Wireless APs are green, and the foreign Wireless APs are red. If the other Summit WM Controller fails, and the foreign Wireless APs connect to the current Summit WM Controller, the display will show all Wireless APs as green. If the Wireless APs are not connected they show up as red.
Working With Reports and Displays To view Wireless Statistics by Altitude AP: 1 From the main menu, click Reports & Displays. The Reports & Displays screen is displayed. 2 Click the Wireless Statistics by Altitude AP display option. The Wireless Statistics by Altitude APs display opens in a new browser window. 3 In the Wired Statistics by Altitude APs display, click a registered Wireless AP to display its information. 4 Click the appropriate tab to display information for each radio on the Wireless AP.
Viewing the Displays To view Active Clients by Altitude AP statistics: 1 From the main menu, click Reports & Displays. The Reports & Displays screen is displayed. 2 Click the Active Clients by Altitude APs display option. The Active Clients by Altitude APs display opens in a new browser window. ● Statistics are expressed in respect of the AP. Therefore, Packets Sent means the AP has sent that data to a client and Packets Rec’d means the AP has received packets from a client.
Working With Reports and Displays To view manufacturing information: 1 From the main menu, click Reports & Displays. The Reports & Displays screen is displayed. 2 Click the Manufacturing Information display option. The Manufacturing Information display opens in a new browser window.
Viewing Reports To view reports: 1 From the main menu, click Reports & Displays. The Reports & Displays screen is displayed. 2 In the Reports list, click the report you want to view: ● Forwarding Table ● OSPF Neighbor ● OSPF Linkstate ● WAP Inventory NOTE The WAP Inventory report opens in a new browser window. All other reports appear in the current browser window.
Working With Reports and Displays The following is an example of the AP Inventory report: The following is a description of the column names and abbreviations found in the AP Inventory report: 192 ● Rdo – Radio ● Ra – 802.11a radio. The data entry for an Wireless AP indicates whether the a radio is on or off. ● Rb – 802.11b protocol enabled. Possible values are on or off. ● Rg – 802.11g protocol enabled. Possible values are on or off.
Viewing Reports ● HW – Hardware version of the Wireless AP. ● SW – Software version executing on theWireless AP. ● TA – Telnet access (enabled or disabled). ● BD – Broadcast disassociation (enabled or disabled). If enabled, whenever the Wireless AP is going offline in a controlled fashion it will send the disassociation frame to all its clients as a broadcast. ● DV – Diversity ● P/To – Poll timeout. If polling is enabled, a numeric value. ● P/I – Poll interval.
Working With Reports and Displays 194 Summit WM20 User Guide, Software Release 4.
10 Performing System Maintenance This chapter describes system maintenance processes, including: ● “Performing Wireless AP Client Management” on page 195 ● “Resetting the AP to Its Factory Default Settings” on page 199 ● “Performing System Maintenance Tasks” on page 200 ● “Performing Summit WM Controller Software Maintenance” on page 202 ● “Configuring Summit WM Controller, Access Points and Software Logs and Traces” on page 211 Performing Wireless AP Client Management There are times when for ser
Performing System Maintenance To disassociate a wireless device client: 1 From the main menu, click Altitude APs. The Altitude APs screen is displayed. 2 From the left pane, click Client Management. The Disassociate tab is displayed. 3 In the Select WAP list, click the AP you want to disassociate. 4 In the Select Client(s) list, select the checkbox next to the client you want to disassociate, if applicable.
Performing Wireless AP Client Management 3 In the Select WAP list, click the AP you want to disassociate. 4 In the Select Client(s) list, select the checkbox next to the client you want to disassociate, if applicable. NOTE You can search for a client by MAC Address, IP Address or User ID, by selecting the search parameters from the drop-down lists and typing a search string in the Search box and clicking Search. You can also use the Select All or Clear All buttons to help you select multiple clients.
Performing System Maintenance 3 Click the Blacklist tab. 4 To add a new MAC address to the blacklist, in the MAC Address box enter the client’s MAC address. 5 Click Add. The client is displayed in the MAC Addresses list. NOTE You can use the Select All or Clear All buttons to help you select multiple clients. 6 To save your changes, click Save. To clear an address from the blacklist: 1 From the main menu, click Altitude APs. The Altitude APs Configuration screen is displayed.
Resetting the AP to Its Factory Default Settings To import a list of MAC addresses for the blacklist: 1 From the main menu, click Altitude APs. The Altitude APs Configuration screen is displayed. 2 From the left pane, click Client Management. The Disassociate tab is displayed. 3 Click the Blacklist tab. 4 Click Browse and navigate to the file of MAC addresses you want to import and add to the blacklist. 5 Select the file, and then click Import. The list of MAC addresses is imported.
Performing System Maintenance Performing System Maintenance Tasks You can perform various maintenance tasks, including: ● Changing the log level ● Setting a poll interval for checking the status of the Wireless APs (Health Checking) ● Enabling and defining parameters for Syslog event reporting ● Forcing an immediate system shutdown, with or without reboot Syslog event reporting uses the syslog protocol to relay event messages to a centralized event server on your enterprise network.
Performing System Maintenance Tasks example, if you select Minor, you receive all Minor, Major and Critical messages. If you select Major you receive all Major and Critical messages. The default is Information. 3 Click Apply. 4 From the Altitude AP Log Level drop-down list, select the least severe log level for the AP that you want to receive: Information, Minor, Major, Critical. The default is Critical. 5 Click Apply. To set a poll interval: 1 From the main menu, click Summit Switch.
Performing System Maintenance Table 18 displays Syslog and Summit WM Controller, Access Points and Software event log mapping. Table 18: Syslog and Summit WM Controller, Access Points and Software Event Log Mapping Syslog Event Summit WM Controller, Access Points and Software Event LOG_CRIT Critical LOG_ERR Major LOG_WARNING Minor LOG_INFO Information LOG_DEBUG Trace To force an immediate system shutdown: 1 From the main menu, click Summit Switch.
Performing Summit WM Controller Software Maintenance To upgrade Summit WM Controller software: 1 From the main menu, click Summit Switch. The Summit Switch screen is displayed. 2 From the left pane, click Software Maintenance. The SWM Software tab is displayed. The Available SWM Images section displays the list of software versions that have been downloaded and are available. 3 In the Upgrade section, select an image from the Select an image to use drop-down list.
Performing System Maintenance ● FTP Server – The IP of the FTP server to retrieve the image file from. ● User ID – The user ID that the controller should use when it attempts to log in to the FTP server. ● Password – The corresponding password for the user ID. ● Confirm – The corresponding password for the user ID to confirm it was typed correctly. ● Directory – The directory on the server in which the image file that is to be retrieved is stored.
Performing Summit WM Controller Software Maintenance 3 Click the OS Software tab. The Available OS Images section displays the list of software versions that have been downloaded and are available. 4 In the Upgrade section, select an image from the Select an image to use drop-down list. 5 To launch the upgrade with the selected image, click Upgrade Now. 6 In the dialog box that is displayed, confirm the upgrade. At this point, all sessions are closed. The previous software is uninstalled automatically.
Performing System Maintenance 5 Click Download. The image is downloaded and added to the list. To delete a Summit WM Controller software image: 1 From the main menu, click Summit Switch. The Summit Switch Configuration screen is displayed. 2 From the left pane, click Software Maintenance. The SWM Software tab is displayed. 3 Click the OS Software tab. 4 To delete a software image from the list, in the Available OS Images list, click the image. 5 Click Delete. The image is removed from the list.
Performing Summit WM Controller Software Maintenance 5 To launch the backup with the selected items, click on the Backup Now button. 6 In the dialog box that is displayed, confirm the backup. The items are backed up. To upload a new backup: 1 From the main menu, click Summit Switch. The Summit Switch Configuration screen is displayed. 2 From the left pane, click Software Maintenance. The SWM Software tab is displayed. 3 Click the Backup tab.
Performing System Maintenance 5 In the What to backup drop-down list, select what you want to backup: ● Config’s, CDRs, Logs, Audit and Rogue ● Configurations only ● CDRs only ● Logs only ● Audit only ● Rogue only 6 In the Schedule task drop-down list, select the frequency of the backup: ● Daily ● Weekly ● Monthly ● Never 7 In the FTP settings section, type the following: ● FTP Server – The IP of the FTP server to where the scheduled backup will be copied to.
Performing Summit WM Controller Software Maintenance The Available Backups section displays the list items that have been backed up and are available. 4 In the Restore section, select an item from the Select an image to use drop-down list. 5 To launch the backup with the selected items, click on the Restore Now button. 6 In the dialog box that is displayed, confirm the restore. The image is restored. To download for restore: 1 From the main menu, click Summit Switch.
Performing System Maintenance To delete a backup available for restore: 1 From the main menu, click Summit Switch. The Summit Switch Configuration screen is displayed. 2 From the left pane, click Software Maintenance. The System Maintenance screen is displayed. 3 Click the Restore tab. 4 To delete a backup from the list, in the Available Backups list, click the backup. 5 Click Delete. The backup is removed from the list.
Performing Summit WM Controller Software Maintenance 4 To complete a Summit WM Controller upgrade or an AP upgrade go to the appropriate Software Maintenance screen. For more information, see “Updating Summit WM Controller Software” on page 202 or “Updating Operating System Software” on page 204. Configuring Summit WM Controller, Access Points and Software Logs and Traces The system stores configuration data and log files.
Performing System Maintenance Examples of events on the Summit WM Controller that generate an alarm message: ● Reboot due to failure ● Software upgrade failure on the Summit WM Controller ● Software upgrade failure on the Wireless AP ● Detection of rogue access point activity without valid ID If SNMP is enabled on the Summit WM Controller, alarm conditions will trigger a trap in SNMP (Simple Network Management Protocol).
Performing Summit WM Controller Software Maintenance 5 To refresh the information in any display, click Refresh. 6 To export information from a display as an HTML file, click the Export button. The component called "Langley" is the term for the inter-process messaging infrastructure on the Summit WM Controller. To view traces: 1 From the main menu, click Logs & Traces. The Logs & Traces screen is displayed. 2 Click one of the Traces tabs.
Performing System Maintenance To view audits: 1 From the main menu, click Logs & Traces. The Logs & Traces screen is displayed. 2 Click the Audit: GUI tab. The Audit screen is displayed. The events are displayed in chronological order, sorted by the Timestamp column. 3 To sort the display by User, Section, Page, or Audit Message, click the appropriate column heading. 4 To clear the audits from the list, click Clear Audits. 5 To refresh the information in any display, click Refresh.
Performing Summit WM Controller Software Maintenance To clear logs: 1 From the main menu, click Logs & Traces. The Logs & Traces screen is displayed. 2 Click one of the Log tabs. The following is an example of the Summit WM Controller logs: The events are displayed in chronological order, sorted by the Timestamp column. 3 To clear the logs, click Clear Log Messages. Summit WM20 User Guide, Software Release 4.
Performing System Maintenance 216 Summit WM20 User Guide, Software Release 4.
Glossary Networking Terms and Abbreviations A AAA Authentication, Authorization and Accounting. A system in IP-based networking to control what computer resources users have access to and to keep track of the activity of users over a network. Access Point (AP) A wireless LAN transceiver or "base station" that can connect a wired LAN to one or many wireless devices. Ad-hoc mode An 802.
Glossary B BSS Basic Service Set. A wireless topology consisting of one Access Point connected to a wired network and a set of wireless devices. Also called an infrastructure network. See also IBSS. Captive Portal A browser-based authentication mechanism that forces unauthenticated users to a Web page. Sometimes called a "reverse firewall".
D D (Continued) Device Server A specialized, network-based hardware device designed to perform a single or specialized set of server functions. Print servers, terminal servers, remote access servers and network time servers are examples of device servers. DHCP Dynamic Host Configuration Protocol. A protocol for assigning dynamic IP addresses to devices on a network. With dynamic addressing, a device can have a different IP address every time it connects to the network.
Glossary D (Continued) DTIM DTIM delivery traffic indication message (in 802.11 standard) Dynamic WEP The IEEE introduced the concept of user-based authentication using per-user encryption keys to solve the scalability issues that surrounded static WEP. This resulted in the 802.1X standard, which makes use of the IETF's Extensible Authentication Protocol (EAP), which was originally designed for user authentication in dial-up networks. The 802.
F F FHSS Frequency-Hopping Spread Spectrum. A transmission technology used in Local Area Wireless Network (LAWN) transmissions where the data signal is modulated with a narrowband carrier signal that "hops" in a random but predictable sequence from frequency to frequency as a function of time over a wide band of frequencies. This technique reduces interference. If synchronized properly, a single logical channel is maintained.
Glossary H Heartbeat message A heartbeat message is a UDP data packet used to monitor a data connection, polling to see if the connection is still alive. In general terms, a heartbeat is a signal emitted at regular intervals by software to demonstrate that it is still alive. In networking, a heartbeat is the signal emitted by a Level 2 Ethernet transceiver at the end of every packet to show that the collision-detection circuit is still connected.
I I (Continued) Infrastructure Mode An 802.11 networking framework in which devices communicate with each other by first going through an Access Point (AP). In infrastructure mode, wireless devices can communicate with each other or can communicate with a wired network. (See ad-hoc mode and BSS.
Glossary I (Continued) isochronous Isochronous data is data (such as voice or video) that requires a constant transmission rate, where data must be delivered within certain time constraints. For example, multimedia streams require an isochronous transport mechanism to ensure that data is delivered as fast as it is displayed and to ensure that the audio is synchronized with the video.
N M (Continued) MIC Message Integrity Check or Code (MIC), also called "Michael", is part of WPA and TKIP. The MIC is an additional 8-byte code inserted before the standard 4-byte integrity check value (ICV) that is appended in by standard WEP to the 802.11 message. This greatly increases the difficulty in carrying out forgery attacks. Both integrity check mechanisms are calculated by the receiver and compared against the values sent by the sender in the frame.
Glossary N (Continued) NTP Network Time Protocol, an Internet standard protocol (built on top of TCP/IP) that assures accurate synchronization to the millisecond of computer clock times in a network of computers. Based on UTC, NTP synchronizes client workstation clocks to the U.S. Naval Observatory Master Clocks in Washington, DC and Colorado Springs CO.
P O (Continued) OSPF Open Shortest Path First, an interior gateway routing protocol developed for IP networks based on the shortest path first or link-state algorithm. Routers use link-state algorithms to send routing information to all nodes in an internetwork by calculating the shortest path to each node based on a topography of the Internet constructed by each node.
Glossary P (Continued) PoE Power over Ethernet. The Power over Ethernet standard (802.3af) defines how power can be provided to network devices over existing Ethernet connection, eliminating the need for additional external power supplies. POST Power On Self Test, a diagnostic testing sequence performed by a computer to determine if its hardware elements are present and powered on. If so, the computer begins its boot sequence.
S R (Continued) RFC Request for Comments, a series of notes about the Internet, submitted to the Internet Engineering Task Force (IETF) and designated by an RFC number, that may evolve into an Internet standard. The RFCs are catalogued and maintained on the IETF RFC website: www.ietf.org/ rfc.html. Roaming In 802.11, roaming occurs when a wireless device (a station) moves from one Access Point to another (or BSS to another) in the same Extended Service Set (ESS) -identified by its SSID.
Glossary S (Continued) SMT (802.11) Station ManagemenT. The object class in the 802.11 MIB that provides the necessary support at the station to manage the processes in the station such that the station may work cooperatively as a part of an IEEE 802.11 network. The four branches of the 802.
S S (Continued) SSL Secure Sockets Layer. A protocol developed by Netscape for transmitting private documents via the Internet. SSL works by using a public key to encrypt data that's transferred over the SSL connection. URLs that require an SSL connection start with https: instead of http. SSL uses a program layer located between the Internet's Hypertext Transfer Protocol (HTTP) and Transport Control Protocol (TCP) layers.
Glossary T TCP / IP Transmission Control Protocol. TCP, together with IP (Internet Protocol), is the basic communication language or protocol of the Internet. Transmission Control Protocol manages the assembling of a message or file into smaller packets that are transmitted over the Internet and received by a TCP layer that reassembles the packets into the original message. Internet Protocol handles the address part of each packet so that it gets to the right destination.
U U UDP User Datagram Protocol. A connectionless protocol that, like TCP, runs on top of IP networks. Unlike TCP/IP, UDP/IP provides very few error recovery services, offering instead a direct way to send and receive packets over an IP network. It is used primarily for broadcasting messages over a network. U-NII Unlicensed National Information Infrastructure.
Glossary V (Continued) VSA Vendor Specific Attribute, an attribute for a RADIUS server defined by the manufacturer.(compared to the RADIUS attributes defined in the original RADIUS protocol RFC2865). A VSA attribute is defined in order that it can be returned from the RADIUS server in the Access Granted packet to the Radius Client. Walled Garden A restricted subset of network content that wireless devices can access. WEP Wired Equivalent Privacy.
W W (Continued) WPA Wireless Protected Access, or Wi-Fi Protected Access is a security solution adopted by the Wi-Fi Alliance that adds authentication to WEPs’ basic encryption. For authentication, WPA specifies IEEE 802.1x authentication with Extensible Authentication Protocol (EAP). For encryption, WPA uses the Temporal Key Integrity Protocol (TKIP) mechanism, which shares a starting key between devices, and then changes their encryption key for every packet.
Glossary 236 Data Collector The Data Collector is an application on the Summit WM Controller that receives and manages the Radio Frequency (RF) scan messages sent by the Wireless AP. This application is part of the Summit WM series Spy technique, working in conjunction with the scanner mechanism and the Analysis Engine to assist in detecting rogue access points.
A Summit WM20 Controller This chapter describes the hardware specifications for the Summit WM20 Controller, including: ● “Hardware Specifications” on page 237 ● “Summit WM20 Controller Panels” on page 238 ● “Console Port for Summit WM20 Controller” on page 238 ● “Summit WM20 Controller LED Indicators” on page 239 Hardware Specifications This section provides details on the Summit WM20 Controller hardware specifications.
Summit WM20 Controller Summit WM20 Controller Panels Figure 5: Summit WM20 Controller Panels Table 20: Summit WM20 Controller Panel Legend Legend Item Description 1 Power Switch Power socket on the rear panel 2 Management Port (eth0) Used to access WM20 Management via the GUI interface. IP address = 192.168.10.1 3 Data Ports (esa0, esa1) Interface to wired network. 4 USB Control Port Used as the console port for command line interface and to perform diagnostics or a rescue procedure.
Summit WM20 Controller LED Indicators To install the driver and use the port: 1 Install the virtual serial driver by Silicon Laboratories on the host machine. 2 Connect the USB cable between the host machine and the USB Control port. The driver recognizes the connection and installs a serial device. 3 On the Microsoft Windows host, to determine the actual number assigned to the device, navigate to Control Panel>System>Hardware>Device Manager>Ports (COM & LPT).
Summit WM20 Controller ● STATUS LED – Indicates the normal state of the Summit WM Controller as seen by the system’s software. This LED covers all stages of the Summit WM Controller, ranging from restarting, to shutting-down. As long as the Summit WM Controller is running normally, this LED will remain lit. ● HDD Activity LED – Is hardware controlled to report Hard Drive Device (HDD) activity. The LED blinks when the HDD is in use (read/write operation).
B Regulatory Information This section provides the regulatory information for the Summit WM20 series switch and Altitude 350-2 Access Point. Configuration of the Altitude 350-2 frequencies and power output are controlled by the regional software purchased with the Summit WM series switch and are downloaded from the sever upon initial set-up.
Regulatory Information ● AS/NZX 3260 (Australia /New Zealand) EMI/EMC Standards North America EMC for ITE: ● FCC CFR 47 part 15 Class A (USA) ● ICES-003 Class A (Canada) European EMC Standards ● EN 55022:1998/2006 Class A ● EN 55024:1998/2003 Class A includes IEC 61000-4-2, 3, 4, 5, 6, 11 ● EN 61000-3-2,3 (Harmonics & Flicker) ● ETSI EN 300 386:2001 (EMC Telecommunications) ● 89/336/EEC EMC Directive International EMC Certifications: ● CISPR 22 2006 Class A (International Emissions) ● CIS
Summit WM20 ● EN 300 019-2-1 v2.1.2 (2000-09), Storage, Class 1.2 ● EN/ETSI 300 753 (1997-10), Acoustic Noise ● ASTM D3580 Random Vibration 1.5G Operational Environment: ● Temperature Range: 0 C to +40 C (32º F to 104º F) ● Relative Humidity: 10 - 90% RH ● Altitude 0 – 3000 meters (9,850 ft) ● Shock (In Rack)*: 3g, 11ms ● Acoustic Noise: 5.0 bels A 36.4 dBA Storage & Transportation Environment: ● Temp.
Regulatory Information ● Operating Relative Humidity1 10 - 90% RH ● Operating Altitude 0 – 3000 meters (9,850 ft) Rack)1 ● Operating Shock (In ● Operational Office Vibration (In Rack)1 5-100-5 Hz @ 2/10G, 0-Peak, 1 Oct./min. 3G, 11ms, 60 shocks ● Operational Random Vibration1 3-500 Hz @ 1.5G rms Storage & Transportation Environment: ● Storage & Transportation Temp.
Altitude 350-2 Int. AP (15958) AP, Altitude 350-2 Detach. AP (15939) interference will not occur. If this equipment does cause harmful interference, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures: ● Reorient or relocate the transceiver antenna. ● Increase the distance between the equipment and transceiver.
Regulatory Information Conditions Under Which a Second Party May Replace a Part 15 Unlicensed Antenna Second party antenna replacement (end user or second manufacturer) is permitted under the conditions listed below, with no testing or filing requirement. The general technical requirement of FCC Part 15.15 (a)(b)(c) still applies, however. ● Replacement antennas must be equal or lower then 4dBi gain within 2.4Ghz range and 5dB gain within 5GHz range.
Altitude 350-2 Int. AP (15958) AP, Altitude 350-2 Detach. AP (15939) This equipment meets the following conformance standards: Table 23: Canada Conformance Standards Safety • cULus Listed Accessory #60950-1-03 1st edition EMC • ICES-003 Class B Radio Transceiver • RSS-210 Other: • RSS-139-1 • IEEE 802.11a (5 GHz) • RSS-102 FR Exposure • IEEE 802.11b/g (2.4 GHz) • ID# 4141A-3502 • IEEE 802.3af Environmental • Plenum Rated Enclosure See Environmental Conditions.
Regulatory Information Declaration of Conformity with regard to R&TTE Directive of the European Union 1999/5/EC The symbol 0891 indicates compliance with the Essential Requirements of the R&TTE Directive of the European Union (1999/5/EC). The Altitude 350-2 Int. AP (15958) and Altitude 350-2 Detach. 15939 models meet the following conformance standards.
Altitude 350-2 Int. AP (15958) AP, Altitude 350-2 Detach. AP (15939) WARNING! The user or installer is responsible to ensure that the Altitude 350-2 AP is operated according to channel limitations, indoor / outdoor restrictions, license requirements, and within power level limits for the current country of operation.
Regulatory Information ● In Italy, the end user must apply for a license from the national spectrum authority to operate this device outdoors. ● In Belgium, outdoor operation is only permitted using the 2.46 - 2.4835 GHz band: Channel 13. ● In France, outdoor operation is only permitted using the 2.4 - 2.454 GHz band: Channels 1 - 7. European Spectrum Usage Rules Table 25 lists the rules and restrictions for operating a 2.4 GHz or 5 GHz device in the European Community.
Altitude 350-2 Int. AP (15958) AP, Altitude 350-2 Detach. AP (15939) Table 25: European Spectrum Usage Rules - Effective as of July 2005 (Continued) 5.47-5.725 (GHz) 5.15-5.25 (GHz) 5.25-5.35 (GHz) Country Channels: 36,40,44,48 Channels: 52,56,60,64 Channels: 100,104,108,112,116,12 0,124,128,132,136,140 2.4-2.4835 (GHz) Portugal Indoor Only Indoor Only Indoor or Outdoor Indoor or Outdoor Slovak Rep.
Regulatory Information Declarations of Conformity Table 26 presents the Extreme Networks declarations of conformity for the languages used in the European Community. Table 26: Declaration of Conformity in Languages of the European Community English Hereby, Extreme Networks, declares that this Radio LAN device is in compliance with the essential requirements and other relevant provisions of Directive 1999/5/EC.
Certifications of Other Countries Certifications of Other Countries The Altitude 350-2 Int. AP (15958) and Altitude 350-2 Detach. AP (15939) APs have been certified for use in the countries listed in Table 27. When the Altitude 350-2 AP is connected to the Extreme Networks switch, the user is prompted to enter a country code. Once the correct country code is entered, the switch automatically sets up the Altitude 350-2 AP with the proper frequencies and power outputs for that country code. Go to http://www.
Regulatory Information Optional Approved 3rd Party External Antennas The Altitude 350-2 Detach. AP (15939) APs can also be used with optional certified external antennas. Antenna Diversity There are some limitations for using different antennas and Tx/Rx diversity: ● If Alternate antenna diversity is used for Tx or Rx, then the same antenna model must be used as left and right antennas.
Altitude 350-2 Int. AP (15958) and Altitude 350-2 Detach. (15939) Access Points Table 28: List of FCC Approved Antennas # Model Application Shape Gain (dBi) Frequency (MHz) Coax Cable Length/Type Connector Type Cushcraft # 1 SR2405135 Dxxxxxx indoor Directional 5 2400-2500 3 feet / 19AWG CMP(ETL) C(ETL) 9700851 RPSMA # 2 S24493DSx xxxxx indoor Omni, 2 inputs 3 2400-2500 4900-5990 3 feet / 19AWG CMP(ETL) C(ETL) 9700851 RPSMA, 2ea.
Regulatory Information Table 29: FCC Antenna Channel-Power Information Antenna #1 Cushcraft Antenna 11b 11g 256 SR240513 5Dxxxxxx Antenna #2 Cushcraft S24493DSx xxxxx Antenna #3 Cushcraft SL24513Px xxxxx Antenna #4 Cushcraft S24497Pxx xxxx Antenna #5 Hyperlink Tech HG2458CUxxx Antenna #6 Maxrad MDO24005P Txxxxxx Frequency (MHz) Ch. No.
Altitude 350-2 Int. AP (15958) and Altitude 350-2 Detach. (15939) Access Points Table 29: FCC Antenna Channel-Power Information Antenna #1 Cushcraft Antenna 11a SR240513 5Dxxxxxx Antenna #2 Cushcraft S24493DSx xxxxx Antenna #3 Cushcraft SL24513Px xxxxx Antenna #4 Cushcraft S24497Pxx xxxx Antenna #5 Hyperlink Tech HG2458CUxxx Antenna #6 Maxrad MDO24005P Txxxxxx Frequency (MHz) Ch. No.
Regulatory Information Table 30: Auto Channel Selection Antenna 11a (dBm) 11b/g (dBm) #1 N/S 10 #2 14 13 #3 17 13 #4 14 10 #5 14 12 #6 N/S 13 RF Safety Distance The antennas used for this transmitter must be installed to provide a separation distance of at least 20 cm from all persons and must not be co-located or operating in conjunction with another antenna or transmitter. Optional 3rd Party External Antennas for Canada The Altitude 350-2 Detach.
Altitude 350-2 Int. AP (15958) and Altitude 350-2 Detach. (15939) Access Points Table 31: List of IC (Industry Canada) Approved Antennas # Model Application Shape Gain (dBi) Frequency (MHz) Coax Cable Length/Type Connector Type Cushcraft #1 SR2405135 Dxxxxxx indoor Directional 5 2400-2500 3 feet / 19AWG CMP(ETL) C(ETL) 9700851 RPSMA #2 S24493DSx xxxxx indoor Omni, 2 inputs 3 2400-2500 4900-5990 3 feet / 19AWG CMP(ETL) C(ETL) 9700851 RPSMA, 2ea.
Regulatory Information Table 32: IC Antenna Channel-Power Information SR2405135D xxxxxx Antenna #2 Cushcraft S24493DS xxxxxx Antenna #3 Cushcraft SL24513P xxxxxx Antenna #4 Cushcraft S24497P xxxxxx Antenna #5 Hyperlink Tech HG2458CU xxx Antenna #6 Maxrad MDO24005P Txxxxxx Antenna #1 Cushcraft Antenna 11b 11g 260 Frequency (MHz) Ch. No.
Altitude 350-2 Int. AP (15958) and Altitude 350-2 Detach. (15939) Access Points Table 32: IC Antenna Channel-Power Information SR2405135D xxxxxx Antenna #2 Cushcraft S24493DS xxxxxx Antenna #3 Cushcraft SL24513P xxxxxx Antenna #4 Cushcraft S24497P xxxxxx Antenna #5 Hyperlink Tech HG2458CU xxx Antenna #6 Maxrad MDO24005P Txxxxxx Antenna #1 Cushcraft Antenna 11a Frequency (MHz) Ch. No.
Regulatory Information Table 33: Auto Channel Selection Antenna 11a (dBm) 11b/g (dBm) #1 N/S 10 #2 14 13 #3 17 13 #4 14 10 #5 14 12 #6 N/S 13 RF Safety Distance The antennas used for this transmitter must be installed to provide a separation distance of at least 20 cm from all persons and must not be co-located or operating in conjunction with another antenna or transmitter. Optional 3rd Party External Antennas the European Community The Altitude 350-2 Detach.
Altitude 350-2 Int. AP (15958) and Altitude 350-2 Detach. (15939) Access Points Table 34: Approved Antenna List for Europe # Model Location Type Gain (dBi) Frequency (MHz) SOA 2454/360/7/20/DF outdoor-capable Omni 6 2400-2500 8 4900-5875 SPA 2456/75/9/0/DF outdoor-capable 9 2400-2500 SPA 2400/80/9/0/DS outdoor-capable #4 SWA 0859/360/4/10/V outdoor-capable #5 SOA 2400/360/4/0/DS #6 Huber+Suhner #1 #2 #3 #7 Planar 2 or 1 inputs Planar 5150-5875 8.
Regulatory Information Table 35: ETSI Antenna Channel-Power Information Antenna #1 Huber +Suhner SOA 2454/ 360/7/20/ DF Antenna #2 Huber +Suhner SPA 2456/75/ 9/0/DF Antenna #3 Huber +Suhner SPA 2400/ 80/9/0/DS Antenna #4 Huber +Suhner SWA 0859/ 360/4/10/ V Antenna #5 Huber +Suhner SOA 2400/ 360/4/0/ DS Antenna #6 Huber +Suhner SPA 2400/ 40/14/0/DS Antenna #7 Huber +Suhner SWA 2459/ 360/4/45/V Ch. No.
Altitude 350-2 Int. AP (15958) and Altitude 350-2 Detach. (15939) Access Points Table 35: ETSI Antenna Channel-Power Information Antenna #1 Huber +Suhner SOA 2454/ 360/7/20/ DF Antenna #2 Huber +Suhner SPA 2456/75/ 9/0/DF Antenna #3 Huber +Suhner SPA 2400/ 80/9/0/DS Antenna #4 Huber +Suhner SWA 0859/ 360/4/10/ V Antenna #5 Huber +Suhner SOA 2400/ 360/4/0/ DS Antenna #6 Huber +Suhner SPA 2400/ 40/14/0/DS Antenna #7 Huber +Suhner SWA 2459/ 360/4/45/V Ch. No.
Regulatory Information Table 36: Auto Channel Selection Antenna 11a (dBm) 11b/g (dBm) #1 16 15 #2 16 13 #3 N/S 13 #4 16 15 #5 N/S 15 #6 N/S 9 #7 16 15 RF Safety Distance The antennas used for this transmitter must be installed to provide a separation distance of at least 20 cm from all persons and must not be co-located or operating in conjunction with another antenna or transmitter. 266 Summit WM20 User Guide, Software Release 4.
Index A accounting setup on a WM-AD, 120 adding Wireless AP manually, 63 alarms overview of log types and levels, 211 allow all or approved APs for availability setup, 153 allow or deny in a filtering rule, 91 Analysis engine functions, 176 antennae on the Wireless AP, 56 authentication MAC-based, 118 no RADIUS server, 87 none on a WM-AD, 140 on a WM-AD for AAA, 116 on a WM-AD for Captive Portal, 109 overview of types, 108 protocols supported, 89, 111 Authentication, Authorization, Accounting (AAA) set up 8
Index failover of a RADIUS server, 112 filtering default filter, 130 exception filter on a WM-AD, 123 filtering rules, overview of set up, 122 for an AAA group, 132 for Captive Portal authentication, 115 non-authenticated filter for Captive Portal, 124 non-authenticated filtering rules, examples, 127 on a WM-AD for third-party APs, 171 overview, four types, 90 port-based, 50 rules for filter ID values, 128 set filter ID values (RADIUS policy), 121 formatting conventions, 10 forwarding table report, 47 G ga
Index R radio 5 GHz (a) and 2.
Index 153, 156 copy to defaults, 79 international licensing, 56 LED sequence in discovery, 58 maintenance and reboot, 81 radios, 56, 70 static configuration, 75 view statistics, 187 WM Access Domain (WM-AD) multicast, 132 WM Access Domain Services (WM-AD) authentication by AAA (802.
