Wireless Array Configuring the Wireless Array The following topics include procedures for configuring the Array using the product’s embedded Web Management Interface (WMI). Procedures have been organized into functional areas that reflect the flow and content of the WMI.
Wireless Array Note that the Configuration menu section may be collapsed down to hide the headings under it by clicking it. Click again to display the headings. (See Figure 39 on page 86.) This chapter only discusses using the configuration windows on the Array.
Wireless Array Express Setup Initial Array configuration via XMS sets items such as SSIDs and security, as described in “Zero-Touch Provisioning and Ongoing Management” on page 69. This page allows you to see many of these values, or change them locally. Figure 95.
Wireless Array When finished, click the Save button if you wish to make your changes permanent. Procedure for Performing an Express Setup 1. License Key: An unlicensed Array will automatically contact Xirrus to obtain its license, if it has Internet connectivity. If you need to enter a license manually, enter it here. See “Licensing” on page 74. 2. Configure the Contact Information settings. a.
Wireless Array 4. • Address: Enter a valid IP address for this Array. To use a remote connection (Web, SNMP, or SSH), a valid IP address must be used. • Subnet Mask: Enter a valid IP address for the subnet mask (the default is 255.255.255.0). The subnet mask defines the number of IP addresses that are available on the routed subnet where the Array is located. • Default Gateway: Enter a valid IP address for the default gateway.
Wireless Array source and destination stations can use to alter frame bits to avoid disclosure to eavesdroppers. • WPA (Wi-Fi Protected Access) — A Wi-Fi Alliance standard that contains a subset of the IEEE 802.11i standard, using TKIP or AES as an encryption method and 802.1x for authentication. WPA is the stronger of the two wireless security schemes.
Wireless Array 5. Admin Settings: This section allows you to change the default admin username, password, and privileges for the Array. You may change the password and leave the user name as is, but we suggest that you change both to improve Array security. a. New Admin User (Replaces user “admin”): Enter the name of a new administrator user account.
Wireless Array to your deployment, select it and click Apply. For example, the HighDensity option uses best practices to configure the Array for high density settings such as lecture halls, convention centers, stadiums, etc. 8. IAP Settings: LED on Figure 96. LEDs are Switched On Enable/Configure All IAPs: Click on the Execute button to enable and auto configure all IAPs (a message displays the countdown time — in seconds — to complete the auto-configuration task).
Wireless Array Network This is a status-only window that provides a snapshot of the configuration settings currently established for the Ethernet interfaces. DNS Settings and CDP Settings (Cisco Discovery Protocol) are summarized as well. You must go to the appropriate configuration window to make changes to any of the settings displayed here (configuration changes cannot be made from this window). You can click on any item in the Interface column to “jump” to the associated configuration window.
Wireless Array See Also DNS Settings Network Interfaces Network Status Windows Spanning Tree Status Network Statistics Network Interfaces XR-500, XR-1000, and some XR-2000 Series Arrays have one Gigabit Ethernet interface, while XR- 600, XR-4000 and some XR-2000 Series Arrays have two, and XR-6000 Series models have four. This window allows you to establish configuration settings for these interfaces. Figure 98.
Wireless Array When finished making changes, click the Save button if you wish to make your changes permanent. When the status of a port changes, a Syslog entry is created describing the change. Network Interface Ports For the location of network interface ports on the underside of an XR Series Array, see the illustrations starting with Figure 32 on page 71. Procedure for Configuring the Network Interfaces Configure the Gigabit network interfaces.
Wireless Array because both parties can talk and be heard at the same time). Halfduplex allows data transmission in one direction at a time only (for example, a walkie-talkie is a half-duplex device). If the AutoNegotiate feature is disabled, you can manually choose Half or Full duplex for your data transmission preference. b. MTU: the Maximum Transmission Unit size. This is the largest packet size (in bytes) that the interface can pass along. c. 5.
Wireless Array See Also Bonds and Bridging DNS Settings Network Network Statistics Spanning Tree Status Bonds and Bridging On models with more than one Gigabit port these ports may be bonded, i.e. configured to work together in sets. For example, one port may provide active backup or load balancing for another, or other options as described in this section. XR-6000 Series Arrays have four Gigabit ports, and you may specify which ports are bonded to work together as a pair.
Wireless Array Bond1’s Gigabit ports will be transmitted out of Bond2’s Gigabit ports. This way of duplicating one bond’s traffic to another bond is very useful for troubleshooting with a network analyzer. If a set of Gigabit ports have been bonded, the IP address, IP mask, IP gateway, IP DHCP, and Management settings are shared between bonded ports. Any changes you make to these settings on one member will be reflected in the settings of the other members. Other settings may be configured individually.
Wireless Array Traffic received on Gigx is transmitted by Gigy; similarly, traffic received on Gigy is transmitted by Gigx. The Array acts as a wired bridge—this allows Arrays to be chained and still maintain wired connectivity. Each Array in a chain must have power supplied to its PoE port from a compatible power injector or powered switch port. An Array does not supply power to another Array. When bridging is enabled, it configures the following bond settings for each bond.
Wireless Array may be bonded. You may also include just one single port in a bond—this is useful for mirroring one Gigabit port to another port (Step c on page 174). In Arrays that have four Gigabit ports, you have the option of bonding three or four ports together. In this discussion, we call two ports that are bonded Gigx and Gigy. a. Active Backup (gig ports fail over to each other) — This mode provides fault tolerance and is the default mode. Gigx acts as the primary link.
Wireless Array b. Aggregate Traffic from gig ports using 802.3ad — The Array sends network traffic across all member Gigabit ports to increase link speed to the network. These ports act as a single logical interface, using a load balancing algorithm to balance traffic across the ports. For nonIP traffic (such as ARP), the last byte of the destination MAC address is used to do the calculation.
Wireless Array d. Load balance traffic between gig ports — This option provides trunking, similar to option (b) — Aggregate Traffic from gig1 & gig2 using 802.3ad, but it does not use 802.3ad and it uses a different load balancing algorithm to determine the outgoing Gigabit port. The outgoing port used is based on an exclusive OR of the source and destination MAC address. Like option (b), this mode also provides load balancing and fault tolerance. See Figure 102 (d). 4.
Wireless Array received on Bondx is passed on to the onboard processor as well as out Bondy. All traffic received on Bondy is passed on to the onboard processor as well as out Bondx. This allows a network analyzer to be plugged into Bondy to capture traffic for troubleshooting, while the bonded ports provide network connectivity for data traffic. If each bond contains just one port, then you have the simple case of one port mirroring another. Figure 103. Mirroring Traffic 7.
Wireless Array DNS Settings This window allows you to establish your DNS (Domain Name System) settings. The Array uses these DNS servers to resolve host names into IP addresses. The Array also registers its own Host Name with these DNS servers, so that others may address the Array using its name rather than its IP address. An option allows you to specify that the Array’s DNS servers will be assigned via a DHCP server on the wired network.
Wireless Array server that assigns an IP address to the Array, rather than using the DNS Server fields above. You may also configure that DHCP server to assign a host name to the Array. 6. Click the Save button if you wish to make your changes permanent.
Wireless Array 2. CDP Interval: The Array sends out CDP announcements advertising its presence at this interval. The default is 60 seconds. 3. CDP Hold Time: CDP information received from neighbors is retained for this period of time before aging out of the Array’s neighbor list. Thus, if a neighbor stops sending announcements, it will no longer appear on the CDP Neighbors window after CDP Hold Time seconds from its last announcement. The default is 180 seconds.
Wireless Array Services This is a status-only window that allows you to review the current settings and status for services on the Array, including DHCP, SNMP, Syslog, and Network Time Protocol (NTP) services. For example, for the DHCP server, it shows each DHCP pool name, whether the pool is enabled, the IP address range, the gateway address, lease times, and the DNS domain being used.
Wireless Array “DHCP Server” on page 194 “Proxy Forwarding” on page 196 Time Settings (NTP) This window allows you to manage the Array’s time settings, including synchronizing the Array’s clock with a universal clock from an NTP (Network Time Protocol) server. We recommend that you use NTP for proper operation of SNMP in XMS (the Xirrus Management System), since a lack of synchronization will cause errors to be detected.
Wireless Array 5. Setting Time Manually a. Adjust Time (hrs:min:sec): If you are not using NTP, use this field if you want to adjust the current system time. Enter a revised time (hours, minutes, seconds, am/pm) in the corresponding fields. Click Set Time to apply the changes. b. Adjust Date (month/day/year): If you are not using NTP, use this field if you want to adjust the current system date. Enter a revised date (month, day and year) in the corresponding fields. Click Set Date to apply the changes.
Wireless Array d. NTP Primary Authentication Key: Enter your key, which is a string of characters. e. NTP Secondary Server: Enter the IP address or domain name of an optional secondary NTP server to be used in case the Array is unable to contact the primary server. You may use the authentication fields as described above if you wish to set up authentication for the secondary server.
Wireless Array Procedure for Configuring NetFlow 1. Enable NetFlow: Select one of the Netflow versions to enable NetFlow functionality: v5, v9, or IPFIX. Internet Protocol Flow Information Export (IPFIX) is an IETF protocol (www.ietf.org) performing many of the same functions as Netflow. Choose Disable if you wish to disable this feature. 2. NetFlow Collector Host (Domain or IP): If you enabled NetFlow, enter the domain name or IP address of the collector. 3.
Wireless Array 2. Wi-Fi Tag UDP Port: If Wi-Fi tagging is enabled, enter the UDP port that the Wi-Fi tagging server will use to query the Array for data. When queried, the Array will send back information on tags it has observed. For each, the Array sends information such as the MAC address of the tag transmitting device, and the RSSI and noise floor observed. 3. Wi-Fi Tag Channel BG: If you enabled Wi-Fi tagging, enter the 802.11 channel on which the Array will listen for tags.
Wireless Array Figure 111. Location Procedure for Configuring Location 1. Enable Location Support: Choose Yes to enable the collection and upload of visitor analytic data, or choose No to disable this feature. 2. Location URL: If Location Support is enabled, enter the IP address or hostname of the location/analytics server. If this URL contains the string euclid, then the Array knows that data is destined for a Euclid location server.
Wireless Array System Log This window allows you to enable or disable the Syslog server, define primary, secondary, and tertiary servers, set up email notification, and set the level for Syslog reporting for each server and for email notification — the Syslog service will send Syslog messages at the selected severity or above to the defined Syslog servers and email address.
Wireless Array 2. Console Logging: If you enabled Syslog, select whether or not to echo Syslog messages to the console as they occur. If you enable console logging, be sure to set the Console Logging level (see Step 9 below). 3. Local File Size (1-2000 lines): Enter a value in this field to define how many Syslog records are retained locally on the Array’s internal Syslog file. The default is 2000. 4.
Wireless Array e. Email Syslog SMTP Recipient Addresses: Specify the entire email address of the recipient of the email notification. You may specify additional recipients by separating the email addresses with semicolons (;). 7. Station Formatting: If you are sending event information to a Splunk server, select Key/Value to send data in Splunk’s expected format, otherwise leave this at the default value of Standard. See “About Using the Splunk Application for Xirrus Arrays” on page 189. 8.
Wireless Array console. If you set this level too low, the volume of messages may make it very difficult to work with the CLI or view other output on the console. b. Local File: For records to be stored on the Array’s internal Syslog file, choose your preferred level of Syslog reporting from the pull-down list. The default level is Debugging and more serious. c. Primary Server: Choose the preferred level of Syslog reporting for the primary server. The default level is Debugging and more serious. d.
Wireless Array See Also System Log Window Services SNMP Time Settings (NTP) 190 Configuring the Wireless Array
Wireless Array SNMP This window allows you to enable or disable SNMP v2 and SNMP v3 and define the SNMP parameters. SNMP allows remote management of the Array by the Xirrus Management System (XMS) and other SNMP management tools. SNMP v3 was designed to offer much stronger security. You may enable either SNMP version, neither, or both. Complete SNMP details for the Array, including trap descriptions, are found in the Xirrus MIB, available at support.xirrus.
Wireless Array Procedure for Configuring SNMP SNMPv2 Settings 1. Enable SNMPv2: Choose Yes to enable SNMP v2 functionality, or choose No to disable this feature. When used in conjunction with the Xirrus Management System, SNMP v2 (not SNMP v3) must be enabled on each Array to be managed with XMS. The default for this feature is Yes (enabled). 2. SNMP Read-Write Community String: Enter the read-write community string. The default is xirrus. 3.
Wireless Array 10. SNMP Read-Write Privacy Password: Enter the read-write password for privacy (i.e., a key for encryption). The default is xirrus-rw. 11. SNMP Read-Only Username: Enter the read-only user name. This username and password do not allow configuration changes to be made on the Array. The default is xirrus-ro. 12. SNMP Read-Only Authentication Password: Enter the read-only password for authentication (i.e., logging in). The default is xirrus-ro. 13.
Wireless Array System Log Time Settings (NTP) DHCP Server This window allows you to create, enable, modify and delete DHCP (Dynamic Host Configuration Protocol) address pools. DHCP allows the Array to provide wireless clients with IP addresses and other networking information. The DHCP server will not provide DHCP services to the wired side of the network.
Wireless Array 3. Lease Time — Default: This field defines the default DHCP lease time (in seconds). The factory default is 300 seconds, but you can change the default at any time. 4. Lease Time — Max: Enter a value (in seconds) to define the maximum allowable DHCP lease time. The default is 300 seconds. 5. Network Address Translation (NAT): Check this box to enable the Network Address Translation feature. 6.
Wireless Array Proxy Forwarding Some smaller Arrays/APs have less memory (XR-500/1000 Series and XR-620) and are not able to run all ArrayOS features at the same time. You will receive an error message if you attempt to configure a feature when there is not enough memory left. If your organization uses a proxy server such as Blue Coat or Netbox Blue to control Internet access, use this page to configure proxy forwarding on the Array. About Proxy Forwarding Figure 115.
Wireless Array SSID and client User Name restrictions permit the following characters. — Blue Coat permits only alphanumerics and + and /. — Netbox Blue permits only alphanumerics and dot, hyphen, underscore, and space characters. Proxy forwarding on the Array is designed for proxy servers such as Blue Coat and Netbox Blue whose purpose is restricting Internet access to sites, applications and content, and the monitoring and reporting of this activity.
Wireless Array page 203. Then you must set up browsers on client stations (laptops, smart phones, tablets, ...) to proxy both HTTP and HTTPS traffic to the Array. Each client must also download and install the SSL certificate from the Blue Coat or Netbox Blue proxy server. Follow the procedure below to perform these steps on each client.
Wireless Array Configuring Proxy Forwarding on Clients for HTTPS To set the proxy server on an Apple laptop, skip to Step 3. 1. For Windows laptops, click the desktop Start button. In the Search programs and files field, enter Configure proxy server. The Internet Properties dialog is displayed. (Figure 116) Click the LAN Settings button. The Local Area Network dialog displays. Figure 116. Set up a Proxy Server on each Client (Windows) 2. In the Proxy Server section, click the Advanced button.
Wireless Array address or domain name). You must set the Port to 4388. This is very important! This is the Array port that should receive all HTTPS traffic if you are using a proxy server. For HTTP: HTTP traffic will automatically use the same port that you have configured for HTTPS: 4388. We suggest that you enter www.xirrus.com, Port 4388 here to make it obvious that HTTP traffic is being proxied in this way. Continue to Step 5. Figure 117.
Wireless Array 3. For Apple laptops, open System Preferences and select Network. The Network dialog is displayed. (Figure 118) Click the Advanced button. Figure 118. Set up a Proxy Server on each Client (Apple) 4. Select the Proxies tab. (Figure 119) Check Secure Web Proxy (HTTPS): Under Secure Web Proxy Server, you can enter any valid address. We suggest that you enter www.xirrus.com. (This field is not actually used, but it must be a valid address or domain name). You must set the Port to 4388.
Wireless Array Check Web Proxy (HTTP): Under Web Proxy Server, we suggest that you enter www.xirrus.com Port 4388 to make it obvious that HTTP traffic is being proxied in this way. Figure 119. Specify Proxy Servers (Apple) 5. 202 SSL Certificate: you must download and install the security certificate from your proxy server—Blue Coat or Netbox Blue. It must be installed on each of your client devices.
Wireless Array Procedure for Configuring Proxy Forwarding on the Array 1. Enable: If you wish to use proxy forwarding, select the proxy server type—Blue Coat or Netbox Blue. Figure 120. Proxy Forwarding 2. BlueCoat URL: If you selected Blue Coat above, enter the URL of the proxy server, for example, http://proxy.threatpulse.net. 3. Netbox Blue URL: If you selected Netbox Blue above, enter the actual URL of the proxy server, for example, xirrus.netboxblue.com.
Wireless Array VLANs This is a status-only window that allows you to review the current status of configured VLANs. VLANs are virtual LANs used to create broadcast domains. You should create VLAN entries on the Array for all of the VLANs in your wired network if you wish to make traffic from those VLANs available on the wireless network. Each tagged VLAN should be associated with a wireless SSID (see “VLAN Management” on page 206).
Wireless Array The Array has low overhead and latency for virtual tunnel connections, with high resilience. The Array performs all encryption and decryption in hardware, maintaining wire-rate encryption performance on the tunnel. Virtual Tunnel Server (VTS) Tunneling capability is provided by a Virtual Tunnel Server. You supply the server and deploy it in your network using open-source VTun software, available from vtun.sourceforge.net.
Wireless Array VLAN Management This window allows you to assign and configure VLANs. After creating a new VLAN (added to the list of VLANs), you can modify the configuration parameters of an existing VLAN or delete a selected VLAN. For ArrayOS 6.6 and later releases, you may create up to 64 VLANs (up to 32 on the XR-500 Series and on the XR-620). Figure 122. VLAN Management The Wireless Array supports dynamic VLAN assignments specified by RADIUS policy settings.
Wireless Array Procedure for Managing VLANs 1. Default Route: This option sets a default route from the Array. The Array supports a default route on native and tagged interfaces. Once the default route is configured the Array will attempt to use Address Resolution Protocol (ARP) to find the default router. ARP finds the MAC address of a device with a given IP address by sending out a broadcast message requesting this information.
Wireless Array 10. Gateway: If the DHCP option is disabled, enter the IP gateway address for this VLAN association. 11. Tunnel Server: If this VLAN is to be tunneled, enter the IP address or host name of the tunnel server that will perform the tunneling. For more information on virtual tunnels, please see “Understanding Virtual Tunnels” on page 204. 12. Port: If this VLAN is to be tunneled, enter the port number of the tunnel server. 13. New Secret: Enter the password expected by the tunnel server. 14.
Wireless Array Tunnels This read-only window allows you to review the tunnels that have been defined on the Array. It lists all tunnels and their settings, including the type of authentication and the local and remote endpoints for each tunnel. Figure 123. Tunnel Summary About Xirrus Tunnels Xirrus Arrays offer GRE (Generic Routing Encapsulation) tunneling with VLAN support.
Wireless Array packets traveling in the other direction. One tunnel is able to transport up to 16 VLANs. Tunnel Management This window allows you to create tunnels. Figure 124. Tunnel Management Procedure for Managing Tunnels 210 1. New Tunnel Name: Enter a name for the new tunnel in this field, then click on the Create button. The new tunnel is added to the list. You may crate up to 250 Layer 3 tunnels. 2. Enabled: The new tunnel is created in the disabled state. Click this checkbox to enable it.
Wireless Array 8. MTU: Set maximum transmission unit (MTU) size. 9. Interval: The tunnel mechanism will ping the current remote endpoint periodically to ensure that it is still reachable. Enter the ping interval (in seconds). 10. Failures: Enter the number of consecutive ping failures that will cause the Array to consider the tunnel to be down. tunnel to failover to the other remote endpoint. 11. Click the Save button if you wish to make your changes permanent. 12.
Wireless Array 1. For each tunnel, select the SSIDs that are to be bridged to the remote endpoint. Clear the checkbox for any SSID that you no longer wish to include in the tunnel. 2. Click the Save button if you wish to make your changes permanent.
Wireless Array Security This status- only window allows you to review the Array’s security parameters. It includes the assigned network administration accounts, Access Control List (ACL) values, management settings, encryption and authentication protocol settings, and RADIUS configuration settings. There are no configuration options available in this window, but if you are experiencing issues with security, you may want to print this window for your records. Figure 126.
Wireless Array Security settings are configured with the following windows: “Admin Management” on page 219 “Admin Privileges” on page 221 “Admin RADIUS” on page 223 “Management Control” on page 226 “Access Control List” on page 234 “Global Settings” on page 236 “External Radius” on page 240 “Internal Radius” on page 244 “Active Directory” on page 246 “Rogue Control List” on page 250 “OAuth 2.
Wireless Array Choosing an encryption method: Wireless data encryption prevents eavesdropping on data being transmitted or received over the airwaves. The Array allows you to establish the following data encryption configuration options: • Open — this option offers no data encryption and is not recommended, though you might choose this option if clients are required to use a VPN connection through a secure SSH utility, like PuTTy.
Wireless Array Otherwise, if multiple security methods are needed, you must define multiple SSIDs. The encryption mode (WEP, WPA, etc.) is selected in the SSIDs >SSID Management window (see “SSID Management” on page 262). The encryption standard used with WPA or WPA2 (AES or TKIP) is selected in the Security>Global Settings window under WPA Settings (see “Global Settings” on page 236). Choosing an authentication method: User authentication ensures that users are who they say they are.
Wireless Array the event of a lost or stolen MAC adapter, enter the affected MAC address in the Deny list. The Wireless Array will accept up to 1,000 ACL entries. Certificates and Connecting Securely to the WMI When you point your browser to the Array to connect to the WMI, the Array presents an X.509 security certificate to the browser to establish a secure channel. One significant piece of information in the certificate is the Array’s host name.
Wireless Array The Array’s certificate is signed by a Xirrus CA that is customized for your Array and its current host name. By default, browsers will not trust the Array’s certificate. You may import the Xirrus certificate to instruct the browser to trust the Xirrus CA on all future connections to Arrays. The certificate for the Xirrus CA is available on the Array, so that you can import it into your browser’s cache of trusted CAs (right alongside VeriSign, for example).
Wireless Array a WPR login page is presented, the user will not see a security error if the Array’s certificate was obtained from an external CA that is already trusted by the user’s browser. WMI provides options for creating a Certificate Signing Request that you can send to an external CA, and for uploading the signed certificate to the Array after you obtain it from the CA. This certificate will be tied to the Array’s host name and private key.
Wireless Array 3. New Password: Enter a password for this ID. The length of the password must be between 5 and 50 characters, inclusive. 4. Verify: Re-enter the password in this field to verify that you typed the password correctly. If you do not re-enter the correct password, an error message is displayed). 5. Click on the Create button to add this administrator ID to the list. 6. Click the Save button if you wish to make your changes permanent.
Wireless Array Admin Privileges This window provides a detailed level of control over the privileges of Array administrators. Administrators may be assigned one of eight Privilege Levels. You may define the privilege level of each major feature (Configuration Section) that may be configured on the Array. For example, say that you set the privilege level to 4 for Reboot Array, Security, Radius Server, and SNMP, and you leave all other configuration sections at the default privilege level of 1.
Wireless Array Privilege level 0 is read-only. As a minimum, all administrators have permission for read access to all areas of Array configuration. Higher privilege levels may be used to define additional privileges for specific configuration sections. If you are using an Admin RADIUS server to define administrator accounts, please see “RADIUS Vendor Specific Attribute (VSA) for Xirrus” on page 503 to set the privilege level for each administrator. Procedure for Configuring Admin Privileges 1.
Wireless Array Admin RADIUS This window allows you to set up authentication of network administrators via RADIUS. Using RADIUS to control administrator accounts for logging in to Arrays has these benefits: Centralized control of administrator accounts. Less effort — you don't have to set up user names and passwords on each Array; just enter them once on the RADIUS server and then all of the Arrays can pull from the RADIUS server. Enforced policies — you may set password rules (e.g.
Wireless Array Figure 130. Admin RADIUS Procedure for Configuring Admin RADIUS Use this window to enable/disable administrator authentication via RADIUS, and to set up primary and secondary servers to use for authentication of administrators attempting to log in to the Array. 1. Admin RADIUS Settings: a. Enable Admin RADIUS: Click Yes to enable the use of RADIUS to authenticate administrators logging in to the Array. You will need to specify the RADIUS server(s) to be used. b.
Wireless Array 2. Admin RADIUS Primary Server: This is the RADIUS server that you intend to use as your primary server. a. Host Name / IP Address: Enter the IP address or domain name of this external RADIUS server. b. Port Number: Enter the port number of this RADIUS server. The default is 1812. c. Shared Secret / Verify Secret: Enter the shared secret that this RADIUS server will be using, then re-enter the shared secret to verify that you typed it correctly. 3.
Wireless Array Management Control This window allows you to enable or disable the Array management interfaces and set their inactivity time-outs. The range is 300 (default) to 100,000 seconds. Figure 131.
Wireless Array Procedure for Configuring Management Control 1. Management Settings: a. Maximum login attempts allowed (1-255): After this number of consecutive failing administrator login attempts via ssh or telnet, the Failed login retry period is enforced. The default is 3. b.
Wireless Array 2. SSH a. On/Off: Choose On to enable management of the Array over a Secure Shell (SSH-2) connection, or Off to disable this feature. Be aware that only SSH-2 connections are supported by the Array. SSH clients used for connecting to the Array must be configured to use SSH-2. b. Connection Timeout 30-100000 (Seconds): Enter a value in this field to define the timeout (in seconds) before your SSH connection is disconnected.
Wireless Array ! Warning: If you disable Xircon access completely on models that have no console port, you must ensure that you do not lose track of the username and password to log in to CLI/WMI! There is no way to recover from a lost password, other than returning the Array to Xirrus. a. On/Off: Choose On to enable Xircon access to the Array at the ArrayOS (CLI) and Xirrus Boot Loader (XBL) levels, or Off to disable access at both levels.
Wireless Array 6. HTTPS a. Connection Timeout 30-100000 (Seconds): Enter a value in this field to define the timeout (in seconds) before your HTTPS connection is disconnected. The value you enter here must be between 30 seconds and 100,000 seconds. Management via HTTPS (i.e., the Web Management Interface) cannot be disabled on this window. To disable management over HTTPS, you must use the Command Line Interface. b. Port: Enter a value in this field to define the port used by SSH.
Wireless Array b. Spanning Tree Protocol: this protocol is used in Layer 2 networks to turn off ports when necessary to prevent network loops. It is Off by default, and is turned on automatically if you are using WDS to interconnect Arrays using wireless links. Use the On button to enable spanning tree if your network topology requires it. See “Spanning Tree Status” on page 105. 8. , HTTPS (X.509) Certificate ArrayOS releases 6.
Wireless Array certificate uses Xirrus as the signing authority. Thus, in order to avoid having certificate errors on your browser when using WMI: • You must have assigned a host name to the Array and rebooted at some time after that. • Use Import Xirrus Authority into Browser • Access WMI by using the host name of the Array rather than its IP address. b. HTTPS (X.509) Certificate Signed By: This read-only field shows the signing authority for the current certificate. 9.
Wireless Array b. Upload Signed Certificate: To use a custom certificate signed by an authority other than Xirrus, use the Browse button to locate the certificate file, then click Upload to copy it to the Array. The Array’s web server will be restarted and will pick up the new certificate. This will terminate any current web sessions, and you will need to reconnect and re-login to the Array. 10. To create a Certificate Signing Request a.
Wireless Array Access Control List This window allows you to enable or disable the use of the global Access Control List (ACL), which controls whether a station with a particular MAC address may associate to the Array. You may create station access control list entries and delete existing entries, and control the type of list. There is only one global ACL, and you may select whether its type is an Allow List or a Deny List, or whether use of the list is disabled.
Wireless Array 2. MAC Address: If you want to add a MAC address to the ACL, enter the new MAC address here, then click on the Add button. The MAC address is added to the ACL. You may use a wildcard (*) for one or more digits to match a range of addresses. You may create up to 1000 entries. 3. Delete: You can delete selected MAC addresses from this list by clicking their Delete buttons. 4. Click the Save button if you wish to make your changes permanent.
Wireless Array Global Settings This window allows you to establish the security parameters for your wireless network, including WEP, WPA, WPA2 and RADIUS authentication. When finished, click the Save button if you wish to make your changes permanent. For additional information about wireless network security, refer to “Security Planning” on page 50 and “Understanding Security” on page 214. Figure 134. Global Settings (Security) Procedure for Configuring Network Security 1.
Wireless Array • Active Directory defines wireless user accounts on an Active Directory server external to the Array. See “Active Directory” on page 246. WPA Settings These settings are used if the WPA or WPA2 encryption type is selected on the SSIDs >SSID Management window or the Express Setup window (on this window, encryption type is set in the SSID Settings: Wireless Security field). 2. TKIP Enabled: Choose Yes to enable TKIP (Temporal Key Integrity Protocol), or choose No to disable TKIP.
Wireless Array WEP Settings These settings are used if the WEP encryption type is selected on the SSIDs > SSID Management window or the Express Setup window (on this window, encryption type is set in the SSID Settings: Wireless Security field). Click the Show Cleartext button to make the text that you type in to the Key fields visible. WEP encryption does not support high throughput rates or features like frame aggregation or block acknowledgments for 802.11n, per the IEEE 802.11n specification.
Wireless Array See Also Admin Management External Radius Internal Radius Access Control List Management Control Security Security Planning SSID Management Configuring the Wireless Array 239
Wireless Array External Radius This window allows you to define the parameters of an external RADIUS server for user authentication. To set up an external RADIUS server, you must choose External Radius as the Authentication Server Mode in “Global Settings” on page 236. Figure 135. External RADIUS Server If you want to include user group membership in the RADIUS account information for users, see “Understanding Groups” on page 280.
Wireless Array About Creating User Accounts on the RADIUS Server A number of attributes of user (wireless client) accounts are controlled by RADIUS Vendor Specific Attributes (VSAs) defined by Xirrus. For example, you would use the VSA named Xirrus-User-VLAN if you wish to set the VLAN for a user account in RADIUS. For more information about the RADIUS VSAs used by Xirrus, see “RADIUS Vendor Specific Attribute (VSA) for Xirrus” on page 503. Procedure for Configuring an External RADIUS Server 1.
Wireless Array 3. Settings (RADIUS Dynamic Authorization): Some RADIUS servers have the ability to contact the Array (referred to as an NAS, see below) to terminate a user with a Disconnect Message (DM). Or RADIUS may send a Change-of-Authorization (CoA) Message to the Array to change a user’s privileges due to changing session authorizations. This implements RFC 5176—Dynamic Authorization Extensions to RADIUS. a.
Wireless Array b. Station MAC Format: Define the format of the Station MAC RADIUS attribute sent from the Array—lower-case or upper-case, hyphenated or not. The default is lower-case, not hyphenated. 5. Accounting Settings: Note that RADIUS accounting start packets sent by the Array will include the client station's Framed-IP-Address attribute. a. Accounting Interval (seconds): Specify how often Interim records are to be sent to the server. The default is 300 seconds. b.
Wireless Array Internal Radius Access Control List Management Control Security Understanding Groups Internal Radius This window allows you to define the parameters for the Array’s internal RADIUS server for user authentication. However, the internal RADIUS server will only authenticate wireless clients that want to associate to the Array. This can be useful if an external RADIUS server is not available.
Wireless Array Procedure for Creating a New User 1. User Name: Enter the name of the user that you want to authenticate to the internal RADIUS server. You may enter up to 1000 users (up to 256 on the XR-500 Series and on the XR-620, or up to 480 on the XR-630 and on the XR-1000 Series). 2. SSID Restriction: (Optional) If you want to restrict this user to associating to a particular SSID, choose an SSID from the pull-down list. 3.
Wireless Array Global Settings (IAP) Access Control List Management Control Security Understanding Groups Active Directory Some smaller Arrays/APs have less memory (XR-500/1000 Series and XR-620) and are not able to run all ArrayOS features at the same time. You will receive an error message if you attempt to configure a feature when there is not enough memory left. This window allows you to configure 802.1x user authentication without needing to set up and use an External Radius server.
Wireless Array Figure 137. Active Directory Server Procedure for Use of an Active Directory Server 1. Choose Active Directory as the Authentication Server Mode in “Global Settings” on page 236. 2. Domain Administrator: Enter the administrator account name for access to the domain controller. The Array will use this (together with the password) to create a machine account on the domain for the Array. This can be the name of any account that can join a machine to the domain. 3.
Wireless Array appears after you have made a change requiring validation (i.e., entering a new hostname or changing an existing entry to a different hostname). If you return to this page at a later time, the checkmark will not be present. 5. Workgroup/Domain: Enter the Pre-Windows 2000 Domain name. This can be found by opening the Active Directory Users and Computers. Right click the domain in the left hand window and select Properties. This will display the Domain name that should be entered. Figure 138.
Wireless Array the Test Tools. The domain controller will give the Array a secret that may be used as a key to fetch information. The secret may be checked with the Check Secret test tool, below. You may click Leave Domain to ask the domain controller to remove the Array from the domain and revoke its secret. 9. You may use the tools below to check that the Array is able to access and use the Active Directory successfully, or to troubleshoot any problems. Active Directory Test Tools 10.
Wireless Array Rogue Control List This window allows you to set up a control list for rogue APs, based on a type that you define. You may classify rogue APs as blocked, so that the Array will take steps to prevent stations from associating with the blocked AP. See “About Blocking Rogue APs” on page 351. The Array can keep up to 5000 list entries. The RF Monitor > Intrusion Detection window provides an alternate method for classifying rogues.
Wireless Array 3. Match Only: Select the match criterion to compare the Rogue BSSID/ SSID string against: BSSID, Manufacturer, or SSID. The BSSID field contains the MAC address. 4. Click Create to add this rogue AP to the Rogue Control List. 5. Rogue Control List: If you want to edit the control type for a rogue AP, just click the radio button for the new type for the entry: Blocked, Known or Approved. 6. To delete rogue APs from the list, click their Delete buttons. 7.
Wireless Array Figure 140. OAuth 2.0 Management - Token List Procedure for Obtaining a Token and Accessing RESTful API on the Array 1. Present User Credentials for a Permanent Token A user-developed application must register by presenting the following information to the URL below: https://[Array hostname or IP address]/oauth/authorize • grant_type: password • username: username of an administrator account on the Array.
Wireless Array Please see “API Documentation” on page 401 for a description of the features available in the API.
Wireless Array SSIDs This status-only window allows you to review SSID (Service Set IDentifier) assignments. It includes the SSID name, whether or not an SSID is visible on the network, any security and QoS parameters defined for each SSID, associated VLAN IDs, radio availability, and DHCP pools defined per SSID. Click on an SSID’s name to jump to the edit page for the SSID.
Wireless Array The read-only Limits section of the SSIDs window allows you to review any limitations associated with your defined SSIDs. For example, this window shows the current state of an SSID (enabled or not), how much SSID and station traffic is allowed, time on and time off, days on and off, and whether each SSID is currently active or inactive.
Wireless Array The Extended Service Set (ESS) refers to the group of BSSIDs that are grouped together to form one ESS. The ESSID (often referred to as SSID or “wireless network name”) identifies the Extended Service Set. Clients must associate to a single ESS at any given time. Clients ignore traffic from other Extended Service Sets that do not have the same SSID. Legacy access points typically support one SSID per access point.
Wireless Array Figure 142. Four Traffic Classes The Wireless Array’s Quality of Service Priority feature (QoS) allows traffic to be prioritized according to your requirements. For example, you typically assign the highest priority to voice traffic, since this type of traffic requires delay to be under 10 ms. The Array has four separate queues for handling wireless traffic at different priorities, and thus it supports four traffic classes (QoS levels). Figure 143. Priority Level—IEEE 802.
Wireless Array tagged with a priority level, i.e., a user priority tag. Since there are eight possible user priority levels and the Array implements four wireless QoS levels, user priorities are mapped to QoS as described below. Figure 144. Priority Level—DSCP (DiffServ - Layer 3) DSCP (Differentiated Services Code Point or DiffServ) uses 6 bits in the IPv4 or IPv6 packet header, defined in RFC2474 and RFC2475. The DSCP value classifies a Layer 3 packet to determine the Quality of Service (QoS) required.
Wireless Array Ingress: Incoming wired packets are assigned QoS priority based on their SSID and 802.1p tag (if any), as shown in the table below. This table follows the mapping recommended by IEEE802.11e. FROM Priority Tag 802.
Wireless Array a. If an SSID has a QoS setting, and an incoming wired packet’s user priority tag is mapped to a higher QoS value, then the higher QoS value is used. b. If a group or filter has a QoS setting, this overrides the QoS value above. See “Groups” on page 280, and “Filters” on page 365. c. Voice packets have the highest priority (see Voice Support, below). d. If DSCP to QoS Mapping Mode is enabled, the IP packet is mapped to QoS level 0 to 3 as specified in the DSCP Mappings table.
Wireless Array High Density 2.4G Enhancement—Honeypot SSID Some situations pose problems for all wireless APs. For example, iPhones will remember every SSID and flood the airwaves with probes, even when the user doesn’t request or desire this behavior. In very high density deployments, these probes can consume a significant amount of the available wireless bandwidth. The Array “honeypot” SSID targets this problem.
Wireless Array SSID Management This window allows you to manage SSIDs (create, edit and delete), assign security parameters and VLANs on a per SSID basis, and configure the Web Page Redirect (WPR captive portal) functionality. Create new SSID Configure parameters Configure WPR Set traffic limits / usage schedule Configure encryption/authentication Configure authentication server Figure 145.
Wireless Array Procedure for Managing SSIDs 1. New SSID Name: To create a new SSID, enter a new SSID name to the left of the Create button (Figure 145), then click Create. SSID names are case sensitive and may only consist of the characters A-Z, a-z, 0-9, dash, and underscore. You may create up to 16 SSIDs (up to 8 on the XR-500 Series and on the XR-620).
Wireless Array compromising the performance of the network. Use this setting in environments where traffic prioritization is not a concern. • 1 — Medium, with QoS prioritization aggregated across all traffic types. • 2 — High, normally used to give priority to video traffic. • 3 — The highest QoS priority setting, normally used to give priority to voice traffic.
Wireless Array 11. Encryption: Choose the encryption that will be required — specific to this SSID — either None, WEP, WPA, WPA2 or WPA-Both. The None option provides no security and is not recommended; WPA2 provides the best Wi-Fi security. Each SSID supports only one encryption type at a time (except that WPA and WPA2 are both supported on an SSID if you select WPA-Both). If you need to support other encryption types, you must define additional SSIDs.
Wireless Array Additional sections will be displayed to allow you to configure encryption, authentication server, and RADIUS accounting settings. • The WPA Configuration encryption settings have the same parameters as those described in “Procedure for Configuring Network Security” on page 236. • To configure Active Directory settings, see “Active Directory” on page 246).
Wireless Array When using WPR, it is particularly important to adhere to the SSID naming restrictions detailed in Step 1. 15. Fallback: Network Assurance checks network connectivity for the Array. When Network Assurance detects a failure, perhaps due to a bad link or WDS failure, if Fallback is set to Disable the Array will automatically disable this SSID. This will disassociate current clients, and prevent new clients from associating.
Wireless Array 17. Stations: Enter the maximum number of stations allowed on this SSID. This step is optional. Note that the IAPs - Global Settings window also has a station limit option — Max Station Association per IAP, and the windows for Global Settings .11an and Global Settings .11bgn also have Max Stations settings. If multiple station limits are set, all will be enforced. As soon as any limit is reached, no new stations can associate until some other station has terminated its association. 18.
Wireless Array Web Page Redirect (Captive Portal) Configuration If you enable WPR, the SSID Management window displays additional fields that must be configured. If enabled, WPR displays a splash or login page when a user associates to the wireless network and opens a browser to any URL (provided the URL does not point to a resource directly on the user’s machine).
Wireless Array login page with logo and background images and header and footer text. See “Customizing an Internal Login or Splash page” on page 272. The user name and password are obtained by the login page. Authentication occurs according to your selection—PAP, CHAP, or MS-CHAP. Note that if you select CHAP, then you cannot select Active Directory in “Authentication Service Configuration” on page 274. After authentication, the browser is redirected back to the captured URL.
Wireless Array Authentication occurs according to your configured RADIUS information. These parameters are configured as described in “Procedure for Configuring Network Security” on page 236, except that the RADIUS Authentication Type is selected here, as described below. After authentication, the browser is redirected back to the captured URL. If you want the user redirected to a specific landing page instead, enter its address in Landing Page URL.
Wireless Array Customizing an Internal Login or Splash page You may customize these pages with a logo and/or background image, and header and/or footer text, as shown below in Figure 148. Logo Header Internal Login Page Background Footer Figure 148. Customizing an Internal Login or Splash Page 272 Background Image — specify an optional jpg, gif, or png file to display in the background of the page.
Wireless Array Whitelist Configuration for Web Page Redirect On a per-SSID basis, the whitelist allows you to specify Internet destinations that stations can access without first having to pass the WPR (captive portal) login/ splash page. Note that a whitelist may be specified for a user group as well. See “Group Management” on page 282. Figure 149. Whitelist Configuration for WPR To add a web site to the whitelist for this SSID, enter it in the provided field, then click Create.
Wireless Array The station will still be required to pass through the configured WPR flow for all other Internet addresses. The whitelist will work against all traffic -- not just http or https Indirect access to other web sites is not permitted. For example, if you add www.yahoo.com to the whitelist, you can see that page, but not all the ads that it attempts to display. The whitelist feature does not cause traffic to be redirected to the whitelist addresses.
Wireless Array Internal Radius Security Planning SSIDs Understanding QoS Priority on the Wireless Array AirWatch Active IAPs By default, when a new SSID is created, that SSID is active on all IAPs. This window allows you to specify which IAPs will offer that SSID. Put differently, you can specify which SSIDs are active on each IAP. This feature is useful in conjunction with WDS. You may use this window to configure the WDS link IAPs so that only the WDS link SSIDs are active on them. Figure 150.
Wireless Array 4. Toggle All: This button, on the lower left, may be used to allow or deny all SSIDs on all IAPs. 5. Click the Save button if you wish to make your changes permanent. Per-SSID Access Control List This window allows you set up Access Control Lists (ACLs) on a per-SSID basis, to control whether a station with a particular MAC address may associate to a particular SSID. You may create access control list entries and delete existing entries, and control the type of list (allow or deny).
Wireless Array Procedure for Configuring Access Control Lists 1. SSID: Select the line for the SSID whose ACL you wish to manage. Click the line to hide or expand (display) the list. 2. Access Control List Type: Select Disabled to disable use of the Access Control List for this SSID, or select the ACL type — either Allow or Deny. • Allow: Only allows the listed MAC addresses to associate to the Array. All others are denied. The plus symbol before the SSID name for an allow list.
Wireless Array Honeypots Use the honeypot feature carefully as it could interfere with legitimate SSIDs. The Xirrus honeypot SSID feature prevents the airwaves from being crowded with probes for named SSIDs. These probes are automatically generated by some popular wireless devices. When you create and enable a honeypot SSID on an Array, it responds to any station probe looking for a named open SSID (unencrypted and unauthenticated) that is not configured on the Array.
Wireless Array Procedure for Configuring Honeypot Whitelists 1. Create a honeypot: If you have not already created an SSID named honeypot, you will be asked whether you wish to create one. Click Yes. You must have an SSID named honeypot to use this feature. 2. Honeypot Whitelists: This section only appears if you have created an SSID named honeypot. You may define a whitelist of allowed SSIDs which are not to be honeypotted, as described in “High Density 2.4G Enhancement—Honeypot SSID” on page 261.
Wireless Array Groups This is a status-only window that allows you to review user (i.e., wireless client) Group assignments. It includes the group name, Radius ID, Device ID, VLAN IDs and QoS parameters and roaming layer defined for each group, and DHCP pools and web page redirect information defined for the group. You may click on a group’s name to jump to the edit page for the group.
Wireless Array is created, you can apply all of these settings just by making the user a member of the group. The group allows you to apply a uniform configuration to a set of users in one step. In addition, you can restrict the group so that it only applies its settings to group members who are connecting using a specific device type, such as iPad or phone. Thus, you could define a group named Student-Phone with Device ID set to Phone, and set the group’s VLAN Number to 100.
Wireless Array See Also External Radius Internal Radius SSIDs Understanding QoS Priority on the Wireless Array Web Page Redirect (Captive Portal) Configuration Understanding Fast Roaming Group Management This window allows you to manage groups (create, edit and delete), assign usage limits and other parameters on a per group basis, and configure the Web Page Redirect (captive portal) functionality. Figure 154. Group Management Procedure for Managing Groups 1.
Wireless Array 3. Enabled: Check this box to enable this group or leave it blank to disable it. When a group is disabled, users that are members of the group will behave as if the group did not exist. In other words, the options configured for the SSID will apply to the users, rather than the options configured for the group. 4. Fallback: Network Assurance checks network connectivity for the Array.
Wireless Array • 0 — The lowest QoS priority setting, where QoS makes its best effort at filtering and prioritizing data, video and voice traffic without compromising the performance of the network. Use this setting in environments where traffic prioritization is not a concern. • 1 — Medium; QoS prioritization is aggregated across all traffic types. • 2 — High, normally used to give priority to video traffic. • 3 — The highest QoS priority setting, normally used to give priority to voice traffic.
Wireless Array The authentication options that are offered on the SSID Management page are not offered here. Since the group membership of a user is provided to the Array by a Radius server, this means the user has already been authenticated. You may create a WPR Whitelist on a per-group basis if you wish. See “Whitelist Configuration for Web Page Redirect” on page 273 for details of WPR Whitelist usage and configuration.
Wireless Array 15. Traffic per Station: Check the Unlimited checkbox if you do not want to place a restriction on the traffic per station for this group, or enter a value in the Packets/Sec or Kbps field and make sure that the Unlimited box is unchecked to force a traffic restriction. 16. Days Active: Choose Everyday if you want this group to be active every day of the week, or select only the specific days that you want this group to be active.
Wireless Array IAPs This status-only window summarizes the status of the Integrated Access Point (radios). For each IAP, it shows whether it is up or down, the channel and wireless mode, the antenna that it is currently using, its cell size and transmit and receive power, how many users (stations) are currently associated to it, whether a WDS link distance has been set for it, and its BSSID (MAC address). Figure 155.
Wireless Array Arrays have a fast roaming feature, allowing them to maintain sessions for applications such as voice, even while users cross boundaries between Arrays. Fast roaming is set up in the Global Settings (IAP) window and is discussed in: “Understanding Fast Roaming” on page 288 IAPs are configured using the following windows: “IAP Settings” on page 290 “Global Settings (IAP)” on page 295 “Global Settings .11an” on page 311 “Global Settings .
Wireless Array Mobile wireless users are likely to cross multiple roaming domains during a single session (especially wireless users of VoIP phones). Layer 3 roaming allows a user to maintain the same IP address through an entire real-time data session. The user may be associated to any of the VLANs defined on the Array. The Layer 3 session is maintained by establishing a tunnel back to the originating Array. You should decide whether or not to use Layer 3 roaming based on your wired network design.
Wireless Array IAP Settings This window allows you to enable/disable IAPs, define the wireless mode for each IAP, specify the channel and bond width and the cell size for each IAP, lock the channel selection, establish transmit/receive parameters, and reset channels. Buttons at the top of the list allow you to Reset Channels, Enable All IAPs, or Disable All IAPs. When finished, click the Save button if you wish to make your changes permanent. Figure 157.
Wireless Array For all 802.11n settings, go to “Global Settings .11n” on page 322. For all 802.11ac settings, go to “Global Settings .11ac” on page 325. Procedure for Manually Configuring IAPs 1. The row for each IAP summarizes its settings. Click to expand it and display the settings. Click again to collapse the entry. 2. In the Enable field select enabled, or select disabled if you want to turn off the IAP. The state of the channel is displayed with a green dot enabled, and a red dot 3.
Wireless Array while 2.4GHz includes 802.11b and 802.11g choices. When you select a WiFi Mode for an IAP, your selection in the Channel column will be checked to ensure that it is a valid choice for that WiFi Mode. By selecting appropriate WiFi Modes for the radios on your Arrays, you can greatly improve wireless network performance. For example, if you have 802.11n and 802.11ac stations using the same IAP, throughput on that radio is reduced greatly for the 802.11ac stations. By supporting 802.
Wireless Array 7. The Bond field works together with the Channel selected above. (For 802.11n IAPs, it also obeys the bonding options selected on the Global Settings .11n page.) Also see the discussion in “80 MHz and 160 MHz Channel Widths (Bonding)” on page 43. Bonding is available on all Arrays, including two-radio models. For 802.11n, two 20MHz channels may be bonded to create one 40 MHz channel with double the data rate. 802.
Wireless Array When other Arrays are within listening range of this one, setting cell sizes to Auto allows the Array to change cell sizes so that coverage between cells is maintained. Each cell size is optimized to limit interference between sectors of other Arrays on the same channel. This eliminates the need for a network administrator to manually tune the size of each cell when installing multiple Arrays.
Wireless Array See Also Coverage and Capacity Planning Global Settings (IAP) Global Settings .11an Global Settings .11bgn Global Settings .11n Global Settings .11ac Advanced RF Settings IAPs IAP Statistics Summary LED Settings Global Settings (IAP) Figure 158.
Wireless Array This window allows you to establish global IAP settings. Global IAP settings include enabling or disabling all IAPs (regardless of their operating mode), and changing settings for beacons, station management, and advanced traffic optimization — including multicast processing, load balancing, and roaming. Changes you make on this page are applied to all IAPs, without exception. Procedure for Configuring Global IAP Settings 1. Country: This is a display-only value.
Wireless Array Beacon Configuration 6. Beacon Interval: When the Array sends a beacon, it includes with it a beacon interval, which specifies the period of time before it will send the beacon again. Enter the desired value in the Beacon Interval field, between 20 and 1000 Kusecs. A Kusec is 1000 microseconds = 1 millisecond. The value you enter here is applied to all IAPs. 7.
Wireless Array 11. WMM Power Save: Click On to enable Wireless Multimedia Power Save support, as defined in IEEE802.11e. This option saves power and increases battery life by allowing the client device to doze between packets to save power, while the Array buffers downlink frames. The default setting is On. 12. WMM ACM Video: Click On to enable Wireless Multimedia Admission Control for video traffic.
Wireless Array 15. Station Timeout Period: Specify a time (in seconds) in this field to define the timeout period for station associations. 16. Max Station Association per Array: This option allows you to define how many station associations are allowed per Array, or enter unlimited. Note that the Max Station Association per IAP limit (below) may not be exceeded, so entering unlimited, in practice, will stop at the per-IAP limit.
Wireless Array Advanced Traffic Optimization Figure 159. Multicast Processing 20. Multicast Processing: This sets how multicast traffic is handled. Multicast traffic can be received by a number of subscribing stations at the same time, thus saving a great deal of bandwidth. In some of the options below, the Array uses IGMP snooping to determine the stations that are subscribed to the multicast traffic.
Wireless Array • if you have an application where many subscribers need to see the multicast—a large enough number that it would be less efficient to convert to unicast and better just to send out multicast even though it must be sent out at the speed of the slowest connected station. An example of a situation that might benefit from the use of this mode is ghosting all the laptops in a classroom using multicast. One multicast stream at, say, 6 Mbps is probably more efficient than thirty unicast streams.
Wireless Array list contains the IPv4 multicast address for Apple Bonjour mDNS: 224.0.0.251. For an additional discussion of optimizing Apple Bonjour handling, see the Bonjour Director Application Note in the Xirrus Resource Center. To add a new IP address to the list, type it in the top field and click the Add button to its right. You may only enter IP addresses—host names are not allowed. This is because mDNS is a link local multicast address, and does not require IGMP to the gateway.
Wireless Array • In MDNS Filter, specify the mDNS service types that are allowed to be forwarded. • If you leave this field blank, then there is no filter, and mDNS packets for all service types are passed. • If you enter service types, then this acts as an allow filter, and mDNS packets are passed only for the listed service types. Note that mDNS filtering may be used to filter the mDNS packet types that are forwarded within the same VLAN.
Wireless Array select it in the list and click Delete. To remove all entries from the list, click Reset. 23. Multicast VLAN Forwarding: This is a list of VLANs that participate in the multicast forwarding. Please see the description of multicast forwarding in Step 22 above. The VLANs you enter must be explicitly defined (see “VLANs” on page 204) in order to participate in multicast forwarding. In fact, the Array discards packets from undefined VLANs.
Wireless Array Note that Multicast Forwarding and mDNS Filtering capabilities also work if both devices are wireless. For example, let’s say that AppleTV is using wireless to connect to an SSID that is associated with VLAN 56, and the wireless client is on an SSID that is associated with VLAN 58. Normally the wireless client would not be able to use Bonjour to discover the AppleTV because they are on separate VLANs. But if you add 224.0.0.
Wireless Array Apple-TV, iChat, iPhoto, iTunes, iTunes-Home-Sharing, InternetPrinting, Mobile-Device-Sync, and Secure-Telnet. For example, to allow mirroring of an iPad on an Apple-TV, select AppleTV. You may define your own type if you do not see the service you want in the drop-down list. Simply enter the mDNS service name that you would like to allow through. Custom mDNS packet types must be prefixed with an underscore, e.g., _airvideoserver. To remove an entry, select it in the list and click Delete.
Wireless Array designed network (having -70db or better everywhere), where virtually every client should have a 54Mbps connection. In this case, broadcasts and multicasts will all go out at 54Mbps vs. the standard rate. Thus, with broadcast rate optimization on, broadcasts and multicasts use between 2% and 10% of the bandwidth that they would in Standard mode. When set to Standard (the default), broadcasts are sent out at the lowest basic rate only — 6 Mbps for 5GHz clients, or 1 Mbps for 2.4GHz clients.
Wireless Array If you select On and an IAP is not the best choice for network performance, that IAP will send an “AP Full” message in response to Probe, Association, or Authentication requests. This deters persistent clients from forcing their way onto overloaded IAPs. Note that ACExpress load balancing is not used if: • A station is re-associating—if it was already associated to this IAP, it is allowed back on this IAP immediately. This prevents the station from being bounced between different IAPs.
Wireless Array Note that the Array has a broadcast optimization feature that is always on (it is not configurable). Broadcast optimization restricts all broadcast packets (not just ARP broadcasts) to only those radios that need to forward them. For instance, if a broadcast comes in from VLAN 10, and there are no VLAN 10 users on a radio, then that radio will not send out that broadcast. This increases available air time for other traffic. 28.
Wireless Array • Ports 15000 to 17999 — reserved for Layer 3 roaming (tunneling between subnets). 31. Share Roaming Info With: Three options allow your Array to share roaming information with all Arrays; just with those that are within range; or with specifically targeted Arrays. Choose either All, In Range or Target Only, respectively. a. Xirrus Roaming Targets: If you chose Target Only, use this option to add target MAC addresses.
Wireless Array Global Settings .11an This window allows you to establish global 802.11a IAP settings. These settings include defining which 802.11a data rates are supported, enabling or disabling all 802.11an IAPs, auto-configuration of channel allocations for all 802.11an IAPs, and specifying the fragmentation and RTS thresholds for all 802.11an IAPs. Figure 161. Global Settings .11an Procedure for Configuring Global 802.11an IAP Settings 1. 802.
Wireless Array • Supported Rate — data rates that can be used to transmit to clients. 2. Data Rate Presets: The Wireless Array can optimize your 802.11a data rates automatically, based on range or throughput. Click Optimize Range to optimize data rates based on range, or click Optimize Throughput to optimize data rates based on throughput. The Restore Defaults button will take you back to the factory default rate settings. 3. 802.11a IAP Control: Click Enable 802.11a IAPs to enable all 802.
Wireless Array • Non-Radar: give preference to channels that are not required to use dynamic frequency selection (DFS) to avoid communicating in the same frequency range as some radar (also see Step 8 on page 297).
Wireless Array For an overview of RF power and cell size settings, please see “RF Power & Sensitivity” on page 336, “Capacity and Cell Sizes” on page 32, and “Fine Tuning Cell Sizes” on page 33. 6. Auto Cell Period (seconds): You may set up auto-configuration to run periodically, readjusting optimal cell sizes for the current conditions. Enter a number of seconds to specify how often auto-configuration will run. If you select None, then auto-configuration of cell sizing will not be run periodically.
Wireless Array Smaller fragmentation numbers can help to “squeeze” packets through in noisy environments. Enter the desired Fragmentation Threshold value in this field, between 256 and 2346. 12. RTS Threshold: The RTS (Request To Send) Threshold specifies the packet size. Packets larger than the RTS threshold will use CTS/RTS prior to transmitting the packet — useful for larger packets to help ensure the success of their transmission. Enter a value between 1 and 2347. 13.
Wireless Array Global Settings .11bgn This window allows you to establish global 802.11b/g IAP settings. These settings include defining which 802.11b and 802.11g data rates are supported, enabling or disabling all 802.11b/g IAPs, auto-configuring 802.11b/g IAP channel allocations, and specifying the fragmentation and RTS thresholds for all 802.11b/g IAPs. Figure 162. Global Settings .
Wireless Array Procedure for Configuring Global 802.11b/g IAP Settings 1. 802.11g Data Rates: The Array allows you to define which data rates are supported for all 802.11g radios. Select (or deselect) 11g data rates by clicking in the corresponding Supported and Basic data rate check boxes. • Basic Rate — a wireless station (client) must support this rate in order to associate. • Supported Rate — data rates that can be used to transmit to clients. 2. 802.
Wireless Array data about its RF environment. In this case, it will pick a set of compatible channel assignments at random. On the XR-500/600 and XR-1000 Series Arrays, the Factory Defaults button will not restore iap1 to monitor mode. You will need to restore this setting manually. Also, you may need to set Timeshare Mode again - see “RF Monitor” on page 334.
Wireless Array 7. Auto Cell Period (seconds): You may set up auto-configuration to run periodically, readjusting optimal cell sizes for the current conditions. Enter a number of seconds to specify how often auto-configuration will run. If you select None, then auto-configuration of cell sizing will not be run periodically. You do not need to run Auto Cell often unless there are a lot of changes in the environment.
Wireless Array older, slower 802.11b stations. Protection avoids collisions by preventing 802.11b and 802.11g stations from transmitting simultaneously. When Auto CTS or Auto RTS is enabled and any 802.11b station is associated to the IAP, additional frames are sent to gain access to the wireless network. • Auto CTS requires 802.11g stations to send a slow Clear To Send frame that locks out other stations. Automatic protection reduces 802.11g throughput when 802.
Wireless Array 17. RTS Threshold: The RTS (Request To Send) Threshold specifies the packet size. Packets larger than the RTS threshold will use CTS/RTS prior to transmitting the packet — useful for larger packets to help ensure the success of their transmission. Enter a value between 1 and 2347. 18. Max Stations: This defines how many station associations are allowed per 802.11bgn IAP.
Wireless Array Global Settings .11n This window allows you to establish global 802.11n IAP settings. These settings include enabling or disabling 802.11n mode for the entire Array, specifying the number of transmit and receive chains (data stream) used for spatial multiplexing, setting a short or standard guard interval, auto-configuring channel bonding, and specifying whether auto-configured channel bonding will be static or dynamic. Before changing your settings for 802.
Wireless Array Procedure for Configuring Global 802.11n IAP Settings 1. 2. 802.11n Data Rates: The Array allows you to define which data rates are supported for all 802.11n radios. Select (or deselect) 11n data rates by clicking in the corresponding Supported and Basic data rate check boxes. • Basic Rate — a wireless station (client) must support this rate in order to associate. • Supported Rate — data rates that can be used to transmit to clients. 802.
Wireless Array 324 7. 5 GHz channel bonding: Select Dynamic to have auto-configuration for bonded 5 GHz channels be automatically updated as conditions change. For example, if there are too many clients to be supported by a bonded channel, dynamic mode will automatically break the bonded channel into two channels. Select Static to have the bonded channels remain the same once they are selected. The Dynamic option is only available when Auto bond 5 GHz channels is enabled. The default is Dynamic.
Wireless Array Global Settings .11ac This window allows you to establish global 802.11ac IAP settings. These settings include enabling or disabling 802.11ac mode for the entire Array, specifying the number of data streams used in spatial multiplexing, and setting a short or long guard interval. Before changing your settings for 802.11ac, please read the discussion in “About IEEE 802.11ac” on page 37. Figure 164. Global Settings .
Wireless Array Procedure for Configuring Global 802.11ac IAP Settings 1. 802.11ac Mode: Select Enabled to allow the Array to operate in 802.11ac mode. If you select Disabled, then 802.11ac operation is disabled on the Array. 2. 80 MHz Guard interval: This is the length of the interval between transmission of symbols (the smallest unit of data transfer) when you are using 80MHz bonded channels. (See “80 MHz and 160 MHz Channel Widths (Bonding)” on page 43.
Wireless Array Global Settings .11u Understanding 802.11u As the number of access points available in public venues increases, mobile devices users have a harder time distinguishing usable SSIDs from the tens, if not hundreds of access points visible. Using the 802.11u protocol, access points may broadcast information about the services and access that they offer and to respond to queries for additional information related to the facilities that the downstream service network provides.
Wireless Array Cellular Networks. The service network may have arrangements with one or more cellular service providers who can transparently provide wireless and Internet connectivity. Figure 165. 802.11u Global Settings Procedure for Configuring 802.11u Settings Use this window to establish the 802.11u configuration. 328 1. 802.11u Internetworking. Click On to enable 802.11u protocol operation. 2. Access Network Type: This indicates the type of network supported by the access point.
Wireless Array a. Chargeable public network b. Emergency services only network c. Free public network d. Personal device network e. Private network with guest access f. Test or experimental network g. Wildcard—all of the networks above are supported. 3. Internet Connectivity. Click Provided if Internet connectivity is available through the access point from the back end provider to which the mobile user ends up belonging.
Wireless Array 8. IPv4 Availability. Select the type of IPv4 addressing that will be assigned by the network upon connection. NATed addresses are IP addresses that have been changed by mapping the IP address and port number to IP addresses and new port numbers routable by other networks. Double NATed addresses go through two levels of NATing. Port restricted IPv4 addresses refer to specific UDP and TCP port numbers associated with standard Internet services; for example, port 80 for web pages.
Wireless Array and click Add. The OI will appear in the list. An OI may be deleted by selecting it in the list and clicking Delete. All OIs may be deleted by clicking Reset. 11. Domain Names. Use this control to build up a list of domain names. Enter the name in the Add field and click Add, and it will appear in the list. A name may be deleted by selecting it in the list and clicking Delete. All names may be deleted by clicking Reset. 12. Cell Network.
Wireless Array 14. Venue Names. The list of names associated with the venue are specified here. A venue name may be added to the list in English or Chinese. Enter the name in the appropriate field and click Add. The name will appear in the list. A name may be deleted by selecting it in the list and clicking Delete. All names may be deleted by clicking Reset.
Wireless Array Advanced RF Settings This window allows you to establish RF settings, including automatically configuring channel allocation and cell size, and configuring radio assurance and standby modes. Changes you make on this page are applied to all IAPs, without exception. Figure 166.
Wireless Array About Standby Mode Standby Mode supports the Array-to-Array fail-over capability. When you enable Standby Mode, the Array functions as a backup unit, and it enables its radios if it detects that its designated target Array has failed. The use of redundant Arrays to provide this fail-over capability allows Arrays to be used in mission-critical applications. In Standby Mode, an Array monitors beacons from the target Array.
Wireless Array • Timeshare Traffic Threshold (0-50000): when the number of packets per second handled by the monitor radio exceeds this threshold, scanning is halted. RF Resilience 2. Radio Assurance Mode: When this mode is enabled, the monitor radio performs loopback tests on the Array. This mode requires RF Monitor Mode to be enabled (Step 1) to enable self-monitoring functions. It also requires a radio to be set to monitoring mode (see “Enabling Monitoring on the Array” on page 500).
Wireless Array 4. Standby Target Address: If you enabled the Standby Mode, enter the MAC address of the target Array (i.e., the address of the primary Array that is being monitored and backed up by this Array). To find this MAC address, open the Array Info window on the target Array, and use the Gigabit1 MAC Address. RF Power & Sensitivity For an overview of RF power and cell size settings, please see “Capacity and Cell Sizes” on page 32 and “Fine Tuning Cell Sizes” on page 33.
Wireless Array 8. Auto Cell Min Cell Size: Use this setting if you wish to set the minimum cell size that Auto Cell may assign. The values are Default, Large, Medium, or Small. 9. Auto Cell Min Tx Power (dBm): Enter the minimum transmit power that the Array can assign to a radio when adjusting automatic cell sizes. The default value is 10. 10.
Wireless Array Auto band assigns as many IAPs to the 5 GHz band as possible when there are other Arrays within earshot. It does this by determining how many Arrays are in range and then picking the number of radios to place in the 2.4 GHz band.
Wireless Array channel without waiting, and may be used when you know that no other nearby Arrays are configuring their channels. • Full Scan: perform a full traffic scan on all channels on all IAPs to determine the best channel allocation. • Non-Radar: give preference to channels without radar-detect. See table in “Procedure for Configuring Global 802.11an IAP Settings” on page 311. • Include WDS: automatically assign 5GHz to WDS client links.
Wireless Array the optional day specification, channel configuration will run daily at the specified time. If you do not specify am or pm, time is interpreted in 24hour military time. For example, Sat 11:00 pm and Saturday 23:00 are both acceptable and specify the same time. 17. Channel List Selection: This list selects which channels are available to the auto channel algorithm. Channels that are not checked are left out of the auto channel selection process.
Wireless Array Figure 167. Station Assurance (Advanced RF Settings) 19. Enable Station Assurance: This is enabled by default. Click No if you wish to disable it, and click Yes to re-enable it. When station assurance is enabled, the Array will monitor connection quality indicators listed below and will display associated information on the Station Assurance Status page. When a threshold is reached, an event is triggered, a trap is generated, and a Syslog message is logged. 20.
Wireless Array 26. Min Received Signal Strength: (dB) Station assurance detects whether the strength of the signal received from the station falls below this threshold during a period. 27. Min Signal to Noise Ratio: (dB) Station assurance detects whether the ratio of signal to noise received from the station falls below this threshold during a period. 28.
Wireless Array Procedure for Hotspot 2.0 Settings Use this window to establish the Hotspot 2.0 configuration. 1. Hotspot 2.0. Click Enabled to enable Hotspot 2.0 operation. 2. Downstream Group-addressed Forwarding. Click Enabled to allow the access point to forward group-addressed traffic (broadcast and multicast) to all connected devices. Click Disabled to cause the access point to convert group-addressed traffic to unicast messages. 3. WAN Downlink Speed.
Wireless Array 5. English/Chinese Operator Friendly Name. Enter an English or Chinese name into one of the fields. An incorrectly entered name can be deleted by clicking the corresponding Delete. 6. Connection Capabilities. A Hotspot 2.0 access point limits the particular protocols that clients may use. The set of default protocols is shown initially. This table specifies the protocols in terms of: a. A common Name, such as FTP or HTTP. b. A Protocol number.
Wireless Array Figure 169. NAI Realms The NAI Realm is the part of the NAI following the @ sign. For example, you might enter: example.com, 3rd.depts.example.com, and foo-9.example.com. Use the NAI Realms page, in conjunction with the NAI EAP page, to specify the authentication techniques to be used to access that realm with appropriate parameters. Procedure for NAI Realms Settings Use this window to establish the names of the supported realms. 1. Enter the realm name.
Wireless Array NAI EAP This window allows specification of the authentication techniques for a realm. Figure 170. NAI EAP Procedure for NAI Realms Settings 346 1. Select the realm to be configured in the NAI Realm drop down. 2. Select EAP Methods. Each realm may support up to five EAP authentication methods. Beside each of the five numbers (1, 2, 3, 4, 5) select the method from the drop down.
Wireless Array • 3. PEAP Specify Authentication Parameters. Each of the authentication methods may specify up to five authentication parameters. To specify the parameters click on the number corresponding to the authentication method; i.e. 1, 2, 3, 4, or 5. This displays the EAP n Auth Parameter Configuration below the list of EAP Methods. For up to five of the parameters, select the Type and Value or Vendor ID / Type.
Wireless Array Intrusion Detection The Xirrus Array employs a number of IDS/IPS (Intrusion Detection System/ Intrusion Prevention System) strategies to detect and prevent malicious attacks on the wireless network. Use this window to adjust intrusion detection settings. Figure 171.
Wireless Array The Array provides a suite of intrusion detection and prevention options to improve network security. You can separately enable detection of the following types of problems: Rogue Access Point Detection and Blocking Unknown APs are detected, and may be automatically blocked based on a number of criteria. See “About Blocking Rogue APs” on page 351.
Wireless Array Type of Attack Description Disassociation Flood Flooding the Array with forged Disassociation packets. Deauthentication Flood Flooding the Array with forged Deauthenticates. EAP Handshake Flood Flooding an AP with EAP-Start messages to consume resources or crash the target. Null Probe Response Answering a station probe-request frame with a null SSID. Many types of popular NIC cards cannot handle this situation, and will freeze up.
Wireless Array Type of Attack Description Sequence number anomaly A sender may use an Add Block Address request (ADDBA - part of the Block ACK mechanism) to specify a sequence number range for packets that the receiver can accept. An attacker spoofs an ADDBA request, asking the receiver to reset its sequence number window to a new range. This causes the receiver to drop legitimate frames, since their sequence numbers will not fall in that range.
Wireless Array Procedure for Configuring Intrusion Detection RF Intrusion Detection and Auto Block Mode 1. • Standard — enables the monitor radio to collect Rogue AP information. • Off — intrusion detection is disabled. 2. Auto Block Unknown Rogue APs: Enable or disable auto blocking (see “About Blocking Rogue APs” on page 351). Note that in order to set Auto Block RSSI and Auto Block Level, you must set Auto Block Unknown Rogue APs to On. Then the remaining Auto Block fields will be active. 3.
Wireless Array without a controlling Access Point, also called an Independent Basic Service Set — IBSS). • 6. ESS/Infrastructure only — only consider auto blocking rogue APs if they are in infrastructure mode rather than ad hoc mode. Auto Block Whitelist: Use this list to specify channels to be excluded from automatic blocking. If you have enabled Auto Block, it will not be applied to rogues detected on the whitelisted channels.
Wireless Array 8. Duration Attack NAV (ms): For the duration attack, you may also modify the default duration value that is used to determine whether a packet may be part of an attack. If the number of packets having at least this duration value exceeds the Threshold number in the specified Period, an attack is detected. Impersonation Detection Settings 9. Attack/Event: The types of impersonation attack that you may detect are described in Impersonation Attacks page 350.
Wireless Array Choose On Radio Enabled or On First Association, as desired. You may also choose Disabled to keep the LEDs from being lit. The LEDs will still light during the boot sequence, then turn off. 2. LED Blink Behavior: This option allows you to select when the IAP LEDs blink, based on the activities you check here. From the choices available, select one or more activities to trigger when the LEDs blink. For default behavior, see “Array LED Operating Sequences” on page 67. 3.
Wireless Array The DSCP Mappings page shows the default mapping of each of the 64 DSCP values to one of the Array’s four QoS levels, and allows you to change these mappings. For a detailed discussion of the operation of QoS and DSCP mappings on the Array, please see “Understanding QoS Priority on the Wireless Array” on page 256. Procedure for Configuring DSCP Mappings 1.
Wireless Array RSSI of client = -75 -75 < (-5 + -65) : Client will roam Another example: Threshold = -15 RSSI of neighbor Array = -60 RSSI of station = -70 -70 > (-15 + -60) : Client will not roam Procedure for Configuring Roaming Assist 1. Enable Roaming Assist: Use the Yes and No buttons to enable or disable this feature. 2. Backoff Period: After deauthenticating a station, it may re-associate to the same radio.
Wireless Array WDS WDS is not available for Arrays or Access Points featuring 802.11ac IAPs. This is a status-only window that provides an overview of all WDS links that have been defined. WDS (Wireless Distribution System) is a system that enables the interconnection of access points wirelessly, allowing your wireless network to be expanded using multiple access points without the need for a wired backbone to link them.
Wireless Array The configuration for WDS is performed on the client Array only, as described in “WDS Client Links” on page 361. No WDS configuration is performed on the host Array. First you will set up a client link, defining the target (host) Array and SSID, and the maximum number of IAPs in the link. Then you will select the IAPs to be used in the link. When the client link is created, each member IAP will associate to an IAP on the host Array.
Wireless Array WDS is available on all Xirrus Arrays, including XR-500/600 and XR1000 Series Arrays with two radios (WDS will operate on either of the radios). Long Distance Links If you are using WDS to provide backhaul over an extended distance, use the WDS Dist. (Miles) setting to prevent timeout problems associated with long transmission times. (See “IAP Settings” on page 290) Set the approximate distance in miles between this IAP and the connected Array in the WDS Dist. (Miles) column.
Wireless Array WDS Client Links WDS is not available for Arrays or Access Points featuring 802.11ac IAPs. This window allows you to set up a maximum of four WDS client links. Figure 176. WDS Client Links Procedure for Setting Up WDS Client Links WDS Client Link Settings: 1. Host Link Stations: Check the Allow checkbox to instruct the Array to allow stations to associate to IAPs on a host Array that participates in a WDS link.
Wireless Array In situations like the one in the next step, where WDS is used by an Array mounted on a high speed train, STP can add significant delay (often on the order of 30 to 60 seconds) while initially analyzing network topology. In such a situation, it may be desirable to disable STP. See “Management Control” on page 226.
Wireless Array • Enable All Links—this command activates all WDS links configured on the Array. • Disable All Links—this command deactivates all WDS links configured on the Array. It leaves all your settings unchanged, ready to re-enable. • Reset All Links—this command tears down all links configured on the Array and sets them back to their factory defaults, effective immediately. 6. Client Link: Shows the ID (1 to 4) of each of the four possible WDS links. 7.
Wireless Array 15. IAP Channel Assignment: Click Auto Configure to instruct the Array to automatically determine the best channel allocation settings for each IAP that participates in a WDS link, based on changes in the environment. These changes are executed immediately, and are automatically applied.
Wireless Array Filters The Wireless Array’s integrated firewall uses stateful inspection to speed the decision of whether to allow or deny traffic. Filters are used to define the rules used for blocking or passing traffic. Filters can also set the VLAN and QoS level for selected traffic. The air cleaner feature offers a number of predetermined filter rules that eliminate a great deal of unnecessary wireless traffic. See “Air Cleaner” on page 438.
Wireless Array and the list includes information about the type of filter, the protocol it is filtering, which port it applies to, source and destination addresses, and QoS and VLAN assignments. Filter Lists This window allows you to create filter lists. The Array comes with one predefined list, named Global, which cannot be deleted. Filter lists (including Global) may be applied to SSIDs or to Groups.
Wireless Array The Application Control feature is only available if the Array license includes Application Control. If a setting is unavailable (grayed out), then your license does not support the feature. See “About Licensing and Upgrades” on page 387. 3. New Filter List Name: Enter a name for the new filter list in this field, then click on the Create button to create the list. All new filters are disabled when they are created. The new filter list is added to the Filter List table in the window.
Wireless Array Filter Management This window allows you to create and manage filters that belong to a selected filter list, based on the filter criteria you specify. Filters are an especially powerful feature when combined with the intelligence provided by the “Application Control Windows” on page 146. Filters are applied in order, from top to bottom. Click here to change the order. Figure 179.
Wireless Array Based on Application Control’s analysis of your wireless traffic, you can create filters to enhance wireless usage for your business needs: Usage of non-productive and risky applications like BitTorrent can be restricted. Traffic for mission-critical applications like VoIP and WebEx may be given higher priority (QoS). Non- critical traffic from applications like YouTube may be given lower priority (QoS) or bandwidth allowed may be capped per station or for all stations.
Wireless Array different filter list. Two filters with the same name in different filter lists will be completely unrelated to each other — they may be defined with different parameter values. Viewing or modifying existing filter entries: 4. Filter: Select a filter entry if you wish to modify it. Source and destination details are displayed below the bottom of the list. 5. On: Use this field to enable or disable this filter. 6. Log: Log usage of this filter to Syslog. 7.
Wireless Array priority; level 63 has the highest priority. By default, this field is blank and the filter does not modify DSCP level. See “Understanding QoS Priority on the Wireless Array” on page 256. 13. QoS: (Optional) Set packets ingressing from the wired network that match the filter criteria to this QoS level (0 to 3) before sending them out on the wireless network. Select the level from the pull-down list. Level 0 has the lowest priority; level 3 has the highest priority.
Wireless Array You may also specify a time of day for the filter to be active by entering a Start and Stop time in 24:00 hour format (i.e., 6:30 PM is 18:30). To use this feature, you must enter both a Start and a Stop time. You cannot apply one filter for two or more scheduled periods, but you can create two filters to achieve that. For example, one filter could deny the category Games from 9:00 to 12:00, and another could deny them from 13:00 to 18:00.
Wireless Array 23. Applications: If you wish this filter to apply to a specific application, such as WebEx, click the letter or number that it starts with. Then select the desired application. You may select a Category or an Application, but not both. 24. Click the Save button if you wish to make your changes permanent.
Wireless Array Clusters An XR-500 or XR-600 or XR-1000 Series Array cannot act as the Cluster controller. It will operate correctly as a member of a cluster. Clusters allow you to configure multiple Arrays at the same time. Using WMI (or CLI), you may define a set of Arrays that are members of the cluster. Then you may enter Cluster mode for a selected cluster, which sends all successive configuration commands issued via CLI or WMI to all of the member Arrays.
Wireless Array Cluster Definition An XR-500 or XR-1000 Series Array cannot act as the Cluster controller. It will operate correctly as a member of a cluster. This window allows you to create clusters. All existing clusters are shown, along with the number of Arrays currently in each. Up to 16 clusters may be created, with up to 50 Arrays in each. Figure 182. Cluster Definition Procedure for Managing Cluster Definition 1.
Wireless Array Cluster Management An XR-500 or XR-1000 Series Array cannot act as the Cluster controller. It will operate correctly as a member of a cluster. This window allows you to add Arrays to or delete them from a selected cluster. A cluster may include a maximum of 50 Arrays. Note that the Array on which you are currently running WMI is not automatically a member of the cluster. If you would like it to be a member, you must add it explicitly. Figure 183.
Wireless Array Cluster Operation This window puts WMI into Cluster Mode. In this mode, all configuration operations that you execute in WMI or CLI are performed on the members of the cluster. They are not performed on the Array where you are running WMI, unless it is a member of the cluster. An XR-500 or XR-1000 Series Array cannot act as the Cluster controller. It will operate correctly as a member of a cluster.
Wireless Array 4. Some Status and Statistics windows will present information for all Arrays in the cluster. 5. Click the Save button when done if you wish to save changes on the cluster member Arrays. 6. Exit: Click the Exit button to the right of the operating cluster to terminate Cluster Mode. The WMI returns to normal operation — managing only the Array to which it is connected.
Wireless Array You may terminate cluster mode operation by clicking the Exit button to the right of the Group by Array check box.
Wireless Array Mobile Mobile Device Management (MDM) servers enable you to manage large-scale deployments of mobile devices. They may include capabilities to handle tasks such as enrolling devices in your environment, configuring and updating device settings over-the-air, enforcing security policies and compliance, securing mobile access to your resources, and remotely locking and wiping managed devices.
Wireless Array steps to access the wireless network, as described in “User Procedure for Wireless Access” on page 382. Procedure for Managing AirWatch If you have configured the Mobile Device Management setting on one or more SSIDs to use AirWatch, then the API specified below will be used to determine the admissibility of a mobile device requesting a connection to the wireless network. 1. API URL: Obtain this from your AirWatch server’s System / Advanced / Site URLs page.
Wireless Array AirWatch attempts to connect to the Array, the device displays a page directing the user to install the AirWatch agent and go to the AirWatch enrollment page. Note that Android devices will need another form of network access (i.e. cellular) to download the agent, since un-enrolled devices will not have access to download it via the Array. See “User Procedure for Wireless Access” on page 382 for more details. 9.
Wireless Array though that allows the user to go through the enrollment process. The user will need to enter your organization’s AirWatch Group ID and individual account credentials when requested. Once the agent is installed, the user must start again at Step 1. Android devices must go to the PlayStore to install the agent BEFORE they can go through the enrollment process. This means un-enrolled devices need another form of network access (i.e.
Wireless Array 384 Configuring the Wireless Array
Wireless Array Using Tools on the Wireless Array These WMI windows allow you to perform administrative tasks on your Array, such as upgrading software, rebooting, uploading and downloading configuration files, and other utility tasks.
Wireless Array System Tools Progress is shown here Status is shown here Figure 188.
Wireless Array This window allows you to manage files for software images, configuration, and Web Page Redirect (WPR), manage the system’s configuration parameters, reboot the system, and use diagnostic tools. About Licensing and Upgrades If you are a customer using XMS, when you upgrade an Array from XMS, your license will automatically be updated for you first. The Array’s license determines some of the features that are available on the Array.
Wireless Array Web Page Redirect (Captive Portal) Network Tools Progress and Status Frames System 1. Save & Reboot or Reboot: Use Save & Reboot to save the current configuration and then reboot the Array. The LEDs on the Array indicate the progress of the reboot, as described in “Powering Up the Wireless Array” on page 66. Alternatively, use the Reboot button to discard any configuration changes which have not been saved since the last reboot.
Wireless Array If you have difficulty upgrading the Array using the WMI, see “Upgrading the Array via CLI” on page 506 for a lower-level procedure you may use. Software Upgrade always uploads the file in binary mode. If you transfer any image file to your computer to have it available for the Software Upgrade command, it is critical to remember to transfer it (ftp, tftp) in binary mode! 3.
Wireless Array Trial licenses: If you enter a trial license to try new premium features, then when the trial expires the perpetual license will be restored automatically without requiring a reboot. When the trial expires, the current Array configuration will not be lost. Automatic Updates from Remote Image or Configuration File The Array software image or configuration file can be downloaded from an external server.
Wireless Array 6. The Remote Boot Image or Remote Configuration update happens every time that the Array reboots. If you only want to fetch the remote image or configuration file one time, be sure to turn off the remote option (blank out the field on the System Tools page) after the initial download. When a remote boot image is used, the image is transferred directly into memory and is never written to the compact flash.
Wireless Array • history/saved-yyyymmdd-pre-update.conf: history/saved-yyyymmdd-post-update.conf: Two files are automatically saved for a software upgrade or for a license change (including the setting values from just before the upgrade/change was performed, and the initial values afterward. The filename includes the date. • history/saved-yyyymmdd-auto.conf: Each time you use the Save button, an “auto” file is saved with the settings current at that time. • history/saved-yyyymmdd-pre-reset.
Wireless Array • Click Set Restore Point to save a copy of the current configuration, basing the file name on the current date and time. For example: history/saved-20100318-1842.conf Note that the configuration is automatically saved to a file in a few situations, as described in Step 8 above.
Wireless Array Diagnostics 12. Diagnostic Log: Click the Create button to save a snapshot of Array information for use by Xirrus Customer Support personnel. The Progress and Status Frames show the progress of this operation. When the process is complete, the filename xs_diagnostic.log will be displayed in blue and provides a link to the newly created log file. Click the link to download this file. You will be asked to specify the location for saving the file.
Wireless Array whatsoever. When a health log exists, the filename xs_health.log.bz2 is displayed in blue and provides a link to the log file. Click the link to download this file or to open it with your choice of application. This file is normally only used at the request of Customer Support. Application Control Signature File Management Application Control recognizes applications using a file containing the signatures of hundreds of applications.
Wireless Array Web Page Redirect (Captive Portal) The Array uses a Perl script and a cascading style sheet to define the default splash/login Web page that the Array delivers for WPR. You may replace these files with files for one or more custom pages of your own. See Step 17 below to view the default files. See Step 14 page 266 for more information about WPR and how the splash/login page is used. Each SSID that has WPR enabled may have its own page.
Wireless Array 16. Remove File: Enter the name of the WPR file you want to remove, then click on the Delete button. You can use the List Files button to show you a list of files that have been saved on the Array for WPR. The list is displayed in the Status section at the bottom of the WMI window. You must reboot to make your changes take effect. 17. Download Sample Files: Click on a link to access the corresponding sample WPR files: • wpr.pl — a sample Perl script. • hs.
Wireless Array accessing the network, you can quickly determine if there is a basic RADIUS problem by using the RADIUS Ping tool. For example, in Figure 193 (A), RADIUS Ping is unable to contact the server. In Figure 193 (B), RADIUS Ping verifies that the host information and secret for a RADIUS server are correct, but that the user account information is not. Select RADIUS allows you to select a RADIUS server that you have already configured.
Wireless Array 21. Execute System Command: Click Execute to start the specified command. Progress of command execution is displayed in the Progress frame. Results are displayed in the Status frame. Progress and Status Frames The Progress frame displays a progress bar for commands such as Software Upgrade and Ping. The Status frame presents the output from system commands (Ping and Trace Route), as well as other information, such as the results of software upgrade. 22.
Wireless Array To enter a command, simply type it in. The command is echoed and output is shown in the normal way — that is, the same way it would be if you were using the CLI directly. You may use the extra scroll bar inside the right edge of the window to scroll through your output. If output runs past the right edge of the screen, there is also a horizontal scroll bar at the bottom of the page.
Wireless Array API Documentation Arrays provide an API interface conforming to the RESTful API model. Developers may use this read-only API to read status, statistics, and settings from the Array. The interactive API Documentation page provides documentation for the API. You may use the Array’s API for purposes such as integrating with third party applications or creating your own applications for network monitoring and analysis.
Wireless Array The API Documentation page lists all of the APIs that are available, lists their calling parameters, if any, and allows you to perform sample calls and view sample output. Status/Settings The RESTful API on the Array is broken into these two main headings: status and settings. Each is a node that may be clicked to expand or collapse the list of corresponding API requests available on the Array. Since this is a read-only API, the list consists exclusively of GET operations.
Wireless Array The figure above shows the GET request for ethernet-stats{name}. Click again to collapse (hide) the API details. High-level details are shown, including the Response Class name and the Response Content Type (limited to JSON at this time). Trying a GET Request The Try it out! button allows you to send the GET request to the Array API and see its response. Developers can use this feature to design and implement applications that use this response.
Wireless Array Figure 197. API — GET Request Response The figure above shows the response for ethernet-stats{name}. The response is produced in the human-readable JSON format. The status and statistics data shown are as described in “Viewing Status on the Wireless Array” on page 91. Click Hide Response if you wish to hide the output. The Response Code and the Response Header are standard for HTTP(S).
Wireless Array API Documentation Toolbar Figure 198. API Documentation Toolbar The Status and Settings sections each have a toolbar as shown above, offering the following options. Show/Hide—expands or collapses this list of GET requests. Hiding and then showing again displays the requests as they were before, i.e., expanded GET requests will still be expanded when displayed again. List Operations—expands this list of GET requests. Each individual entry is collapsed.
Wireless Array Options This window allows you to customize the behavior of the WMI. Array Figure 199. WMI Display Options Procedure for Configuring Options 1. 406 Refresh Interval in Seconds: Many of the windows in the Status section of the WMI have an Auto Refresh option. You may use this setting to change how often a status or statistics window is refreshed, if its auto refresh option is enabled. Enter the desired number of seconds between refreshes. The default refresh interval is 30 seconds.
Wireless Array Logout Click on the Logout button to terminate your session. When the session is terminated, you are presented with the login window. Figure 200.
Wireless Array 408 Using Tools on the Wireless Array
Wireless Array The Command Line Interface This section covers the commands and the command structure used by the Wireless Array’s Command Line Interface (CLI), and provides a procedure for establishing an SSH connection to the Array. Topics discussed include: “Establishing a Secure Shell (SSH) Connection” on page 409. “Getting Started with the CLI” on page 411. “Top Level Commands” on page 413. “Configuration Commands” on page 422. “Sample Configuration Tasks” on page 466.
Wireless Array network administrator assign a reserved address to the Array for ease of access in the future. • 2. If the network does not use DHCP, use the factory default address 10.0.2.1 to access either the Gigabit 1 or Gigabit 2 Ethernet port. You may need to change the IP address of the port on your computer that is connected to the Array — change that port’s IP address so that it is on the same 10.0.2.xx subnet as the Array port.
Wireless Array Getting Started with the CLI The root command prompt (Root Command Prompt) is the first prompt you see after logging in to the CLI. If you are at a level other than the root command prompt you can return to this prompt at any time by using the exit command to step back through each command prompt level. The root command prompt you see in the CLI window is determined by the host name you assigned to your Array.
Wireless Array ? Command This command is available at any prompt and provides either FULL or PARTIAL help. Using the ? (question mark) command when you are ready to enter an argument will display all the possible arguments (full help). Partial help is provided when you enter an abbreviated argument and you want to know what arguments will match your input. Figure 203.
Wireless Array Top Level Commands This section offers an at-a-glance view of all top level commands — organized alphabetically. Top level commands are defined here as commands that are directly accessible from the root command prompt that consists of the name of the Array followed by a “#” sign (e.g. MyAP#). When inputting commands, be aware that all commands are case-sensitive.
Wireless Array Command show Description Display information about the selected item. See “show Commands” on page 417. statistics Display statistical data about the Array. See “statistics Commands” on page 420. uptime Display the elapsed time since the last boot. xms-override Override XMS managed mode and allow local configuration changes according to your user privileges. See “Managing Arrays Locally or via XMS” on page 81.
Wireless Array Command Description end Exit the configuration mode. exit Go UP one mode level. file Manage the file system. filter Define protocol filter parameters. group Define user groups with parameter settings help Description of the interactive Help system. history List history of commands that have been executed. hostname Host name for this Array. interface Select the interface to configure.
Wireless Array Command reboot Reboot the Array. reset Reset all settings to their factory default values and reboot. restore Reset all settings to their factory default values and reboot. revert Revert to saved configuration after specified delay in seconds if configuration not saved. run-tests save search security Run selective tests. Save the running configuration to FLASH. Search for pattern in show command output. Set the security parameters for the Array.
Wireless Array show Commands The following table shows the second level commands that are available with the top level show command [MyAP# show]. Command acl admin Description Display the Access Control List. Display the administrator list or login information. array-info Display system information. associatedstations Display stations that have associated to the Array. boot-env capabilities cdp channel-list Display Boot loader environment variables. Display detailed station capabilities.
Wireless Array Command error-numbers ethernet Display the detailed error number in error messages. Display Ethernet interface summary information. external-radius Display summary information for the external RADIUS server settings. factory-config Display the Array factory configuration information. filters iap Display filter information. Display IAP configuration information. internal-radius Display the users defined for the embedded RADIUS server.
Wireless Array Command spanning-tree spectrumanalyzer ssid Description Display spanning tree information. Display spectrum analyzer measurements. Display SSID summary information. stations Display station information. statistics Display statistics. syslog Display the system log. syslog-settings Display the system log (Syslog) settings. temperature Display the current board temperatures. unassociatedstations Display unassociated station information. vlan Display VLAN information.
Wireless Array statistics Commands The following table shows the second level commands that are available with the top level statistics command [MyAP# statistics]. Command ethernet Ethernet Name eth0, gig1, gig2 filter filter-list iap 420 Description Display statistical data for all Ethernet interfaces. Display statistical data for the defined Ethernet interface (either eth0, gig1 or gig2). FORMAT: statistics gig1 Display statistics for defined filters (if any).
Wireless Array Command Description wds Display statistical data for the defined active WDS (Wireless Distribution System) links. FORMAT: statistics wds 1 Display configuration or status information.
Wireless Array Configuration Commands All configuration commands are accessed by using the configure command at the root command prompt (MyAP#). This section provides a brief description of each command and presents sample formats where deemed necessary. The commands are organized alphabetically. When inputting commands, be aware that all commands are case-sensitive. To see examples of some of the key configuration tasks and their associated commands, go to “Sample Configuration Tasks” on page 466.
Wireless Array admin The admin command [MyAP(config-admin)#] is used to configure the Administrator List. Command Description add Add a user to the Administrator List. FORMAT: admin add [userID] del Delete a user to the Administrator List. FORMAT: admin del [userID] edit Modify user in the Administrator List. FORMAT: admin edit [userID] radius reset Define a RADIUS server to be used for authenticating administrators.
Wireless Array auth The auth command [MyAP(config)# auth] is used to configure Oauth tokens. See Command Description add Add an Oauth token. FORMAT: auth add client grant expiration code type [agent ] [scope ] del Delete an Oauth token. FORMAT: auth del reset Delete all Oauth tokens. FORMAT: auth reset also, “OAuth 2.0 Management” on page 251.
Wireless Array Command Description hold-time Select CDP message hold time before messages received from neighbors expire. FORMAT: cdp hold-time [# seconds] interval The Array sends out CDP announcements at this interval.
Wireless Array clear The clear command [MyAP(config)# clear] is used to clear requested elements. Command arp authentication 426 Description Clear the arp table entry for a requested IP address, or clear all entries if no IP address is entered. FORMAT: clear arp [ipaddress] Deauthenticate a station (specified by MAC address, hostname, or IP address). If you specify the permanent option, then the station is deauthenticated and put on the access control list.
Wireless Array Command Description syslog Clear all Syslog messages, but continue to log new messages.
Wireless Array cluster The cluster command [Xirrus_Wi-Fi_Array(config)# cluster] is used to create and operate clusters. Clusters allow you to configure multiple Arrays at the same time. Using CLI (or WMI), you may define a set of Arrays that are members of the cluster. Then you may switch the Array to Cluster operating mode for a selected cluster, which sends all successive configuration commands issued via CLI or WMI to all of the member Arrays.
Wireless Array Command operate reset Description Enter Cluster operation mode. All configuration commands are applied to all of the selected cluster’s member Arrays until you give the end command (see above). FORMAT: cluster operate [cluster-name] Delete all clusters. FORMAT: cluster reset contact-info The contact-info command [MyAP(config)# contact-info] is used for managing administrator contact information.
Wireless Array date-time The date-time command [MyAP(config-date-time)#] is used to configure the date and time parameters. Your Array supports the Network Time Protocol (NTP) in order to ensure that the Array’s internal time is accurate. NTP is set to UTC time by default; however, you can set the time zone so that your Array will display local time. This is done by defining an offset from the UTC value. For example, Pacific Standard Time is 8 hours behind UTC time, so the offset from UTC time would be -8.
Wireless Array dhcp-server The dhcp-server command [MyAP(config-dhcp-server)#] is used to add, delete and modify DHCP pools. Command Description add Add a DHCP pool. FORMAT: dhcp-server add [dhcp pool] del Delete a DHCP pool. FORMAT: dhcp-server del [dhcp pool] edit Edit a DHCP pool FORMAT: dhcp-server edit [dhcp pool] reset Delete all DHCP pools.
Wireless Array dns The dns command [MyAP(config-dns)#] is used to configure your DNS parameters. Command 432 Description domain Enter your domain name. FORMAT: dns domain [www.mydomain.com] server1 Enter the IP address of the primary DNS server. FORMAT: dns server1 [1.2.3.4] server2 Enter the IP address of the secondary DNS server. FORMAT: dns server1 [2.3.4.5] server3 Enter the IP address of the tertiary DNS server. FORMAT: dns server1 [3.4.5.
Wireless Array file The file command [MyAP(config-file)#] is used to manage files. Command active-image backup-image check-image chkdsk copy cp dir erase format ftp Description Validate and commit a new array software image. Validate and commit a new backup software image. Validate a new array software image. Check flash file system. Copy a file to another file. FORMAT: file copy [sourcefile destinationfile] List the contents of a directory.
Wireless Array Command Description http-get Perform an HTTP file download. This is the preferred method of downloading files for XMS Cloud. FORMAT: http-get [no-cert-check] [] no-cert-check causes the array to download the file even if the SSL certificate is invalid, expired, or not signed by a recognized CA is a standard HTTP URL, e.g. https:// file.example.com:8080/mydir/myfile.ext.
Wireless Array Command Description remote-config When the Array boots up, it fetches the specified configuration file from the TFTP server defined in the file remote-server command, and uses this configuration. This must be an Array configuration file with a .conf extension. A partial configuration file may be used. For instance, if you wish to use a single configuration file for all of your Arrays but don't want to have the same IP address for each Array, you may remove the ipaddr line from the file.
Wireless Array Command 436 Description scp Copy a file to or from a remote system. You may specify the port to use. tftp Open a TFTP connection with a remote server. FORMAT: file tftp host { |} [port ] [user {anonymous | password } ] { put [] | get [] } Note: Any time you transfer any kind of software image file for the Array, it must be transferred in binary mode, or the file may be corrupted.
Wireless Array filter The filter command [MyAP(config-filter)#] is used to manage protocol filters and filter lists. Command add add-list del del-list edit Description Add a filter. Details about the air cleaner feature are after the end of this table. FORMAT: filter add [air-cleaner |name] Add a filter list. FORMAT: filter add-list [name] Delete a filter. FORMAT: filter del [name] Delete a filter list. FORMAT: filter del-list [name] Edit a filter.
Wireless Array Command Description off Disable a filter list. FORMAT: filter off on Enable a filter list. FORMAT: filter on reset stateful Delete all protocol filters and filter lists. FORMAT: filter reset Enable or disable stateful filtering (firewall). FORMAT: Stateful [enable | disable | on |off] Air Cleaner The air cleaner feature offers a number of predetermined filter rules that eliminate a great deal of unnecessary wireless traffic, resulting in improved performance.
Wireless Array operation. If you find that there is a particular type of multicast or broadcast traffic that you want to allow, just add a specific allow filter for it before the deny filter in this list that would normally block it. Add or delete any of the Multicast rules as necessary for a specific site. Remember that the order of the rules is important. Figure 205. Air Cleaner Filter Rules Explanations of some sample rules are below. Air-cleaner-Arp.
Wireless Array 440 Air-cleaner-Mcast.1 drops all multicast traffic with a destination MAC address starting with 01. This filters out a lot of IP multicast traffic that starts with 224. Air-cleaner-Mcast.2 drops all multicast traffic with a destination MAC address starting with 33. A lot of IPv6 traffic and other multicast traffic is blocked by this filter. Air-cleaner-Mcast.3 drops all multicast traffic with a destination MAC address starting with 09.
Wireless Array group The group command [MyAP(config)# group] is used to create and configure user groups. User groups allow administrators to assign specific network parameters to users through RADIUS privileges rather than having to map users to a specific SSID. Groups provide flexible control over user privileges without the need to create large numbers of SSIDs. For more information, see “Groups” on page 280. Command Description add Create a new user group.
Wireless Array interface The interface command [MyAP(config)# interface] is used to select the interface that you want to configure. To see a listing of the commands that are available for each interface, use the ? command at the selected interface prompt. For example, using the ? command at the MyAP(config-gig1}# prompt displays a listing of all commands for the gig1 interface. Command console Description Select the console interface. The console interface is used for management purposes only.
Wireless Array Command Description lastboot.conf Load the configuration file from the last boot-up. FORMAT: load [lastboot.conf] [myfile].conf If you have saved a configuration, enter its name to load it. FORMAT: load [myfile.conf] saved.conf Load the configuration file with the last saved settings. FORMAT: load [saved.conf] location The location command [MyAP(config)# location] is used to set the location descriptive string for the Array. Command Description Set the location for the Array.
Wireless Array location-reporting The location-reporting command [MyAP(config)# location-reporting] is used to configure Location Server settings. See also, “Location” on page 184. Command cust-key Set Location Server customer key. FORMAT: location-reporting cust-key enc disable Disable location-reporting. FORMAT: location-reporting disable enable Enable location-reporting. FORMAT: location-reporting enable period Set Location Server reporting period (seconds).
Wireless Array management The management command [MyAP(config)# management] enters management mode, where you may configure management parameters. Command Description Enter management mode.
Wireless Array mdm The mdm command [MyAP(config)# mdm] is used to configure Mobile Device Management Server settings. See also, “Mobile” on page 380. Command Description airwatch api Set Location Server customer key.
Wireless Array more The more command [MyAP(config)# more] is used to turn terminal pagination ON or OFF. Command Description off Turn OFF terminal pagination. FORMAT: more off on Turn ON terminal pagination.
Wireless Array netflow The netflow command [MyAP(config-netflow)#] is used to enable or disable, or configure sending IP flow information (traffic statistics) to the collector you specify. Command disable Disable netflow. FORMAT: netflow disable enable Enable netflow. FORMAT: netflow enable off Disable netflow. FORMAT: netflow off on Enable netflow. FORMAT: netflow on collector 448 Description Set the netflow collector IP address or fully qualified domain name (host.domain).
Wireless Array no The no command [MyAP(config)# no] is used to disable a selected element or set the element to its default value. Command acl dot11a dot11bg https Description Disable the Access Control List. FORMAT: no acl Disable all 802.11an IAPs (radios). FORMAT: no dot11a Disable all 802.11bgn IAPs (radios). FORMAT: no dot11bg Disable https access. FORMAT: no https intrude-detect Disable intrusion detection. FORMAT: no intrude-detect management Disable management on all Ethernet interfaces.
Wireless Array Command snmp ssh Disable SNMP features. FORMAT: no snmp Disable ssh access. FORMAT: no ssh syslog Disable the Syslog services. FORMAT: no syslog telnet Disable Telnet access. FORMAT: no telnet ETH-NAME 450 Description Disable the selected Ethernet interface (eth0, gig1 or gig2). You cannot disable the console interface. with this command.
Wireless Array quick-config The quick-config command is used to apply configuration templates to the Array for typical deployment scenarios. Command Description Classroom Configure Array for classroom deployment. FORMAT: quick-config Classroom Configures the array for use in classroom settings (K-12 schools, Higher education, etc.) High-density Configure Array for high density deployment.
Wireless Array quit The quit command [MyAP(config)# quit] is used to exit the Command Line Interface. Command Description Exit the Command Line Interface. FORMAT: quit If you have made any configuration changes and your changes have not been saved, you are prompted to save your changes to Flash. At the prompt, answer Yes to save your changes, or answer No to discard your changes.
Wireless Array reboot The reboot command [MyAP(config)# reboot] is used to reboot the Array. If you have unsaved changes, the command will notify you and give you a chance to cancel the reboot. Command Description Reboot the Array. FORMAT: reboot delay Reboot the Array after a delay of 1 to 60 seconds. FORMAT: reboot delay [n] reset The reset command [MyAP(config)# reset] is used to reset all settings to their default values then reboot the Array.
Wireless Array restore The restore command [MyAP(config)# restore] is used to restore configuration to a version that was previously saved locally. 454 Command Description ? Use this to display the list of available config files. FORMAT: restore ? Enter the name of the locally saved configuration to restore.
Wireless Array roaming-assist The roaming-assist command [MyAP(config)# roaming-assist] is used to configure roaming assistance settings. See also, “Roaming Assist” on page 356. Command Description data-rate Set minimum packet data rate before roaming, in Mbps. FORMAT: roaming-assist data-rate <1-99> devices Set device types or classes to assist. FORMAT: roaming-assist devices all | unidentified | DEVICE-CLASS | DEVICE-TYPE disable Disable roaming assist.
Wireless Array run-tests The run-tests command [MyAP(run-tests)#] is used to enter run-tests mode, which allows you to perform a range of tests on the Array. Command Description Enter run-tests mode. FORMAT: run-tests iperf Execute iperf utility. FORMAT: run-tests iperf kill-beacons Turn off beacons for selected single IAP. FORMAT: run-tests kill-beacons [off | iap-name] kill-proberesponses led Turn off probe responses for selected single IAP.
Wireless Array Command radius-ping Description Special ping utility to test the connection to a RADIUS server.
Wireless Array Command telnet Description Execute telnet utility. FORMAT: run-tests telnet [hostname | ip-addr] [command-line-switches (optional)] traceroute Execute traceroute utility. FORMAT: run-tests traceroute [host-name | ip-addr] security The security command [MyAP(config-security)#] is used to establish the security parameters for the Array. Command 458 Description wep Set the WEP encryption parameters. FORMAT: security wep wpa Set the WEP encryption parameters.
Wireless Array snmp The snmp command [MyAP(config-snmp)#] is used to enable, disable, or configure SNMP. Command Description v2 Enable SNMP v2. FORMAT: snmp v2 v3 Enable SNMP v3. FORMAT: snmp v3 trap Configure traps for SNMP. Up to four trap destinations may be configured, and you may specify whether to send traps for authentication failure.
Wireless Array ssid The ssid command [MyAP(config-ssid)#] is used to establish your SSID parameters. Command 460 Description add Add an SSID. FORMAT: ssid add [newssid] del Delete an SSID. FORMAT: ssid del [oldssid] edit Edit an existing SSID. FORMAT: ssid edit [existingssid] reset Delete all SSIDs and restore the default SSID.
Wireless Array syslog The syslog command [MyAP(config-syslog)#] is used to enable, disable, or configure the Syslog server. Command Description console Enable or disable the display of Syslog messages on the console, and set the level to be displayed. All messages at this level and lower (i.e., more severe) will be displayed. FORMAT: syslog console [on/off] level [0-7] disable Disable the Syslog server. FORMAT: syslog disable email Disable the Syslog server.
Wireless Array Command Description off Disable the Syslog server. FORMAT: syslog off on Enable the Syslog server. FORMAT: syslog on primary secondary Set the IP address of the primary Syslog server and/or the severity level of messages to be logged. FORMAT: syslog primary [1.2.3.4] level [0-7] Set the IP address of the secondary (backup) Syslog server and/or the severity level of messages to be logged. FORMAT: syslog primary [1.2.3.
Wireless Array Command Description edit Modify an existing tunnel. FORMAT: tunnel edit [existingtunnel] reset Delete all existing tunnels. FORMAT: tunnel reset uptime The uptime command [MyAP(config)# uptime] is used to display the elapsed time since you last rebooted the Array. Command Description Display time since last reboot. FORMAT: uptime vlan The vlan command [MyAP(config-vlan)#] is used to establish your VLAN parameters. Command add default-route Description Add a VLAN.
Wireless Array Command delete edit native-vlan Description Delete a VLAN. FORMAT: vlan delete [oldvlan] Modify an existing VLAN. FORMAT: vlan edit [existingvlan] Assign a native VLAN (traffic is untagged). FORMAT: vlan native-vlan [nativevlan] no Disable the selected feature. FORMAT: vlan no [feature] reset Delete all existing VLANs. FORMAT: vlan reset wifi-tag The wifi-tag command [MyAP(config-wifi-tag)#] is used to enable or disable Wi-Fi tag capabilities.
Wireless Array Command Description off Disable wifi-tag. FORMAT: wifi-tag off on Enable wifi-tag. FORMAT: wifi-tag on tag-channel-bg Set an 802.11b or g channel for listening for tags. FORMAT: wifi-tag tag-channel-bg <1-255> udp-port Set the UDP port which a tagging server will use to query the Array for tagging information.
Wireless Array Sample Configuration Tasks This section provides examples of some of the common configuration tasks used with the Wireless Array, including: “Configuring a Simple Open Global SSID” on page 467. “Configuring a Global SSID using WPA-PEAP” on page 468. “Configuring an SSID-Specific SSID using WPA-PEAP” on page 469. “Enabling Global IAPs” on page 470. “Disabling Global IAPs” on page 471. “Enabling a Specific IAP” on page 472. “Disabling a Specific IAP” on page 473.
Wireless Array Configuring a Simple Open Global SSID This example shows you how to configure a simple open global SSID. Figure 206.
Wireless Array Configuring a Global SSID using WPA-PEAP This example shows you how to configure a global SSID using WPA-PEAP encryption in conjunction with the Array’s Internal RADIUS server. Figure 207.
Wireless Array Configuring an SSID-Specific SSID using WPA-PEAP This example shows you how to configure an SSID-specific SSID using WPAPEAP encryption in conjunction with the Array’s Internal RADIUS server. Figure 208.
Wireless Array Enabling Global IAPs This example shows you how to enable all IAPs (radios), regardless of the wireless technology they use. Figure 209.
Wireless Array Disabling Global IAPs This example shows you how to disable all IAPs (radios), regardless of the wireless technology they use. Figure 210.
Wireless Array Enabling a Specific IAP This example shows you how to enable a specific IAP (radio). In this example, the IAP that is being enabled is a1 (the first IAP in the summary list). Figure 211.
Wireless Array Disabling a Specific IAP This example shows you how to disable a specific IAP (radio). In this example, the IAP that is being disabled is a2 (the second IAP in the summary list). Figure 212.
Wireless Array Setting Cell Size Auto-Configuration for All IAPs This example shows how to set the cell size for all enabled IAPs to be autoconfigured (auto). (See “Fine Tuning Cell Sizes” on page 33.) The auto_cell option may be used with global_settings, global_a_settings, or global_bg_settings. It sets the cell size of the specified IAPs to auto, and it launches an autoconfiguration to adjust the sizes.
Wireless Array Setting the Cell Size for All IAPs This example shows you how to establish the cell size for all IAPs (radios), regardless of the wireless technology they use. Be aware that if the intrude-detect feature is enabled on the monitor radio the cell size cannot be set globally — you must first disable the intrude-detect feature on the monitor radio. In this example, the cell size is being set to small for all IAPs. You have the option of setting IAP cell sizes to small, medium, large, or max.
Wireless Array Setting the Cell Size for a Specific IAP This example shows you how to establish the cell size for a specific IAP (radio). In this example, the cell size for a2 is being set to medium. You have the option of setting IAP cell sizes to small, medium, large, or max (the default is max). See also, “Fine Tuning Cell Sizes” on page 33. Figure 215.
Wireless Array Configuring VLANs on an Open SSID This example shows you how to configure VLANs on an Open SSID. Setting the default route enables the Array to send management traffic, such as Syslog messages and SNMP information to a destination behind a router. Figure 216.
Wireless Array Configuring Radio Assurance Mode (Loopback Tests) The Array uses its built-in monitor radio to monitor other radios in the Array. Tests include sending probes on all channels and checking for a response, and checking whether beacons are received from the other radio. If a problem is detected, corrective actions are taken to recover. Loopback mode operation is described in detail in “Array Monitor and Radio Assurance Capabilities” on page 500.
Wireless Array Figure 217.
Wireless Array 480 The Command Line Interface
Wireless Array Appendices Appendices 481
Wireless Array Page is intentionally blank 482 Appendices
Wireless Array Appendix A: Quick Reference Guide This section contains product reference information. Use this section to locate the information you need quickly and efficiently. Topics include: “Factory Default Settings” on page 483. “Keyboard Shortcuts” on page 489. Factory Default Settings The following tables show the Wireless Array’s factory default settings. Host Name Setting Host name Default Value Serial Number (e.g.
Wireless Array Gigabit 1 and Gigabit 2 Setting Default Value Enabled Yes DHCP Yes Default IP Address 10.0.2.1 Default IP Mask 255.255.255.0 Default Gateway None Auto Negotiate On Duplex Full Speed 1000 Mbps MTU Size 1500 Management Enabled Yes Server Settings NTP Setting Default Value Enabled No Primary time.nist.gov Secondary pool.ntp.
Wireless Array Setting Local Syslog Level Maximum Internal Records Primary Server Default Value Information 500 None Primary Syslog Level Secondary Server Secondary Syslog Level Information None Information SNMP Setting Enabled Default Value Yes Read-Only Community String xirrus_read_only Read-Write Community String xirrus Trap Host null (no setting) Trap Port 162 Authorization Fail Port On DHCP Setting Enabled Default Value No Maximum Lease Time 300 minutes Default Lease Time 300 min
Wireless Array Setting NAT Default Value Disabled IP Gateway None DNS Domain None DNS Server (1 to 3) None Default SSID Setting Default Value ID xirrus VLAN None Encryption Off Encryption Type QoS None 2 Enabled Yes Broadcast On Security Global Settings - Encryption Setting Enabled Yes WEP Keys null (all 4 keys) WEP Key Length null (all 4 keys) Default Key ID 486 Default Value 1
Wireless Array Setting Default Value WPA Enabled No TKIP Enabled Yes AES Enabled Yes EAP Enabled Yes PSK Enabled No Pass Phrase null Group Rekey Disabled External RADIUS (Global) Setting Enabled Default Value Yes Primary Server None Primary Port 1812 Primary Secret Secondary Server Secondary Port Secondary Secret Time Out (before primary server is retired) Accounting Interval xirrus null (no IP address) 1812 null (no secret) 600 seconds Disabled 300 seconds Primary Server None Pr
Wireless Array Setting Primary Secret Default Value null (no secret) Secondary Server None Secondary Port 1813 Secondary Secret null (no secret) Internal RADIUS Setting Enabled Default Value No The user database is cleared upon reset to the factory defaults. For the Internal RADIUS Server you have a maximum of 1,000 entries.
Wireless Array Setting Serial Default Value On Serial timeout 300 seconds Management over IAPs http timeout Off 300 seconds Keyboard Shortcuts The following table shows the most common keyboard shortcuts used by the Command Line Interface. Action Shortcut Cut selected data and place it on the clipboard. Ctrl + X Copy selected data to the clipboard. Ctrl + C Paste data from the clipboard into a document (at the insertion point). Ctrl + V Go to top of screen.
Wireless Array 490
Wireless Array Appendix B: FAQ and Special Topics This appendix provides valuable support information that can help you resolve technical difficulties. Before contacting Xirrus, review all topics below and try to determine if your problem resides with the Wireless Array or your network infrastructure.
Wireless Array The Wireless Array should only be used with Wi-Fi certified client devices. See Also Multiple SSIDs Security VLAN Support Frequently Asked Questions This section answers some of the most frequently asked questions, organized by functional area. Multiple SSIDs Q. What Are BSSIDs and SSIDs? A. BSSID (Basic Service Set Identifier) refers to an individual access point radio and its associated clients. The identifier is the MAC address of the access point radio that forms the BSS.
Wireless Array Q. What would I use SSIDs for? A. The creation of different wireless network names allows system administrators to separate types of users with different requirements. The following policies can be tied to an SSID: Minimum security required to join this SSID. The wireless Quality of Service (QoS) desired for this SSID. The wired VLAN associated with this SSID.
Wireless Array 6. If desired (optional), you can select which radios this SSID will not be available on — the default is to make this SSID available on all radios. 7. Click on the Save button if you wish to make your changes permanent. 8. If you need to edit any of the SSID settings, you can do so from the SSID Management page. See Also General Hints and Tips Security SSIDs SSID Management VLAN Support Security Q. How do I know my management session is secure? A.
Wireless Array Configuration auditing Do not change approved configuration settings. The optional Xirrus Management System (XMS) offers powerful management features for small or large Wireless Array deployments, and can audit your configuration settings automatically. In addition, using the XMS eliminates the need for an FTP server. Q. Which wireless data encryption method should I use? A. Wireless data encryption prevents eavesdropping on data being transmitted or received over the airwaves.
Wireless Array older wireless clients). Because AES is the strongest encryption standard currently available, it is highly recommended for Enterprise networks. Any of the above encryption modes can be used (and can be used at the same time). TKIP encryption does not support high throughput rates, per the IEEE 802.11n. Q. Which user authentication method should I use? A. User authentication ensures that users are who they say they are.
Wireless Array number of users — in this case, enter the MAC addresses of each user in the Allow list. In the event of a lost or stolen MAC adapter, enter the affected MAC address in the Deny list. Q. Why do I need to authenticate my Wireless Array units? A. When deploying multiple Wireless Arrays, you may need to define which units are part of which wireless network (for example, if you are establishing more than one network).
Wireless Array VLANs are defined and implemented using the wired network switches that are VLAN capable. Packets are tagged for transmission on a particular VLAN according to the IEEE 802.1Q standard, with VLAN switches processing packets according to the tag. Q. What would I use VLANs for? A. Logically separating different types of users, systems, applications, or other logical division aids in performance and management of different network devices.
Wireless Array General Hints and Tips Multiple SSIDs Security 499
Wireless Array Array Monitor and Radio Assurance Capabilities All models of the Wireless Array have integrated monitoring capabilities to check that the Array’s radios are functioning correctly, and act as a threat sensor to detect and prevent intrusion from rogue access points. Enabling Monitoring on the Array Any radio may be set to monitor the Array or to be a normal IAP radio.
Wireless Array Radio Assurance The Array is capable of performing continuous, comprehensive tests on its radios to assure that they are operating properly. Testing is enabled using the Radio Assurance Mode setting on the Advanced RF Settings window (Step 2 in “Advanced RF Settings” on page 333). When this mode is enabled, the monitor radio performs loopback tests on the Array. Radio Assurance Mode requires Intrusion Detection to be set to Standard (See Step 1 in “Advanced RF Settings” on page 333).
Wireless Array Radio Assurance Options If the monitor detects a problem with an Array radio as described above, it will take action according to the preference that you have specified in the Radio Assurance Mode setting on the Advanced RF Settings window (see Step 2 page 335): 502 Failure alerts only — The Array will issue alerts in the Syslog, but will not initiate repairs or reboots.
Wireless Array RADIUS Vendor Specific Attribute (VSA) for Xirrus A RADIUS VSA is defined for Xirrus Arrays to control administrator privileges settings for user accounts. The RADIUS VSA is used by Arrays to define the following attribute for administrator accounts: Array administrators — the Xirrus-Admin-Role attribute sets the privilege level for this account. Set the value to the string defined in Privilege Level Name as described in “About Creating Admin Accounts on the RADIUS Server” on page 223.
Wireless Array Location Service Data Formats Xirrus Arrays are able to capture and upload visitor analytics data, acting as a sensor network in addition to providing wireless connectivity. This data is sent to the location server in different formats, based on the type of server. The Location Server URL, Location Customer Key, and Location Period for reporting data are configured under Location settings. See “Location” on page 184 for details.
Wireless Array Field Name Description ap AP Flag 1=AP, 0=Station cn Count Count of frames heard from device during this window ot Origin Time Timestamp of first frame in this window (Unix time in seconds) ct Current Time Timestamp of last frame in this window (Unix time in seconds) cf Current Frequency Frequency (MHz) last frame was heard on il Interval Low Minimum interval between frames (within 24 hr period) ih Interval High Maximum interval between frames (within 24 hr period) sl
Wireless Array Upgrading the Array via CLI If you are experiencing difficulties communicating with the Array using the Web Management Interface, the Array provides lower-level facilities that may be used to accomplish an upgrade via the CLI and the Xirrus Boot Loader (XBL). 1. Download the latest software update from the Xirrus FTP site using your Enhanced Care FTP username and password. If you do not have an FTP username and password, contact Xirrus Customer Service for assistance (support@xirrus.com).
Wireless Array Boot your Array and watch the progress messages. When Press space bar to exit to bootloader: is displayed, press the space bar. The rest of this procedure is performed using the bootloader. The following steps assume that you are running DHCP on your local network. 5. Type dhcp and hit return. This instructs the Array to obtain a DHCP address and use it during this boot in the bootloader environment. 6. Type dir and hit return to see what's currently in the compact flash. 7.
Wireless Array L1 cache | Data: 32 KB Inst: 32 KB Status : Enabled Watchdog | Enabled (5 secs) I2C Bus | 400 KHz DTT | CPU:34C RF0:34C RF1:34C RF2:27C RF3:29C RTC | Wed 2007-Nov-05 6:43:14 GMT System DDR | 256 MB, Unbuffered Non-ECC (2T) L2 cache | 256 KB, Enabled FLASH | 4 MB, CRC: OK FPGA | 2 Devices programmed Packet DDR | 256 MB, Unbuffered Non-ECC, Enabled Network | Mot FEC Mot TSEC1 [Primary] Mot TSEC2 IDE Bus 0 | OK CFCard | 122 MB, Model: Hitachi XXM2.3.
Wireless Array XBL>del * [CFCard] Delete : 2 file(s) deleted XBL>update server 192.168.39.102 xs-3.0-0425.bin [TFTP ] Device : Mot TSEC1 1000BT Full Duplex [TFTP ] Client : 192.168.39.195 [TFTP ] Server : 192.168.39.102 [TFTP ] File : xs-3.0-0425.bin [TFTP ] Address : 0x1000000 [TFTP ] Loading : ################################################## [TFTP ] Loading : ################################################## [TFTP ] Loading : ###### done [TFTP ] Complete: 12.9 sec, 2.
Wireless Array L2 cache | 256 KB, Enabled FLASH | 4 MB, CRC: OK FPGA | 2 Devices programmed Packet DDR | 256 MB, Unbuffered Non-ECC, Enabled Network | Mot FEC Mot TSEC1 [Primary] Mot TSEC2 IDE Bus 0 | OK CFCard | 122 MB, Model: Hitachi XXM2.3.0 Environment| 4 KB, Initialized In: serial Out: serial Err: serial Press space bar to exit to bootloader: [CFCard] File : xs*.bin [CFCard] Address : 0x1000000 [CFCard] Loading : ############################################### done [CFCard] Complete: 26.9 sec, 1.
Wireless Array Appendix C: Notices (Arrays except XR-500/600 and -H Models) This Appendix contains Notices, Warnings, and Compliance information for all Array models except for the following: For the XR-500/600 Series, please see “Appendix D: Notices (XR500/600 Series Only)” on page 533. For models ending in H (such as the XR-520H), please see the Quick Installation Guide for that model.
Wireless Array This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate RF energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.
Wireless Array Battery Warning ! Caution! The Array contains a battery which is not to be replaced by the customer. Danger of Explosion exists if the battery is incorrectly replaced. Replace only with the same or equivalent type recommended by the manufacturer. Dispose of used batteries according to the manufacturer's instructions. UL Statement Use only with listed ITE product.
Wireless Array Conformément à la réglementation d'Industrie Canada, le présent émetteur radio peut fonctionner avec une antenne d'un type et d'un gain maximal (ou inférieur) approuvé pour l'émetteur par Industrie Canada. Dans le but de réduire les risques de brouillage radioélectrique à l'intention des autres utilisateurs, il faut choisir le type d'antenne et son gain de sorte que la puissance isotrope rayonnée équivalente (p.i.r.e.
Wireless Array EU Directive 1999/5/EC Compliance Information This Appendix contains Notices, Warnings, and Compliance information for all Array models except for the XR-500/600 Series and models ending in H. For Notices, Warnings, and Compliance information for those models, see the notes at the beginning of this chapter. This section contains compliance information for the Xirrus Wireless Array family of products.
Wireless Array Français [French] Cet appareil est conforme aux exigences essentielles et aux autres dispositions pertinentes de la Directive 1999/5/EC. ĺslenska [Icelandic] Þetta tæki er samkvæmt grunnkröfum og öðrum viðeigandi ákvæðum Tilskipunar 1999/5/EC. Italiano [Italian] Questo apparato é conforme ai requisiti essenziali ed agli altri principi sanciti dalla Direttiva 1999/5/CE. Latviski [Latvian] Šī iekārta atbilst Direktīvas 1999/5/EK būtiskajā prasībām un citiem ar to saistītajiem noteikumiem.
Wireless Array Slovensko [Slovenian] Ta naprava je skladna z bistvenimi zahtevami in ostalimi relevantnimi popoji Direktive 1999/5/EC. Slovensky [Slovak] Toto zariadenie je v zhode so základnými požadavkami a inými prislušnými nariadeniami direktiv: 1999/5/EC. Suomi [Finnish] Tämä laite täyttää direktiivin 1999/5//EY olennaiset vaatimukset ja on siinä asetettujen muiden laitetta koskevien määräysten mukainen.
Wireless Array WEEE Compliance 518 Natural resources were used in the production of this equipment. This equipment may contain hazardous substances that could impact the health of the environment. In order to avoid harm to the environment and consumption of natural resources, we encourage you to use appropriate take-back systems when disposing of this equipment.
Wireless Array National Restrictions In the majority of the EU and other European countries, the 2.4 GHz and 5 GHz bands have been made available for the use of Wireless LANs. The following table provides an overview of the regulatory requirements in general that are applicable for the 2.4 GHz and 5 GHz bands. Frequency Band (MHz) Max Power Level (EIRP) (mW) Indoor Outdoor 2400–2483.
Wireless Array Les liasons sans fil pour une utilisation en extérieur d’une distance supérieure à 300 mèters doivent être notifiées à l’Institut Belge des services Postaux et des Télécommunications (IBPT). Visitez www.bipt.be pour de plus amples détails. Greece A license from EETT is required for the outdoor operation in the 5470 MHz to 5725 MHz band. Xirrus recommends checking www.eett.gr for more details.
Wireless Array Antennas The Xirrus Wireless Array employs integrated antennas that cannot be removed and which are not user accessible. Nevertheless, as regulatory limits are not the same throughout the EU, users may need to adjust the conducted power setting for the radio to meet the EIRP limits applicable in their country or region. Adjustments can be made from the product’s management interface — either Web Management Interface (WMI) or Command Line Interface (CLI).
Wireless Array Compliance Information (Non-EU) This Appendix contains Notices, Warnings, and Compliance information for all Array models except for the XR-500/600 Series and models ending in H. For Notices, Warnings, and Compliance information for those models, see the notes at the beginning of this chapter. This section contains compliance information for the Xirrus Wireless Array family of products.
Wireless Array Safety Warnings This Appendix contains Notices, Warnings, and Compliance information for all Array models except for the XR-500/600 Series and models ending in H. For Notices, Warnings, and Compliance information for those models, see the notes at the beginning of this chapter. ! Safety Warnings ! Explosive Device Proximity Warning ! Lightning Activity Warning ! Circuit Breaker Warning Read all user documentation before powering this device.
Wireless Array Translated Safety Warnings This Appendix contains Notices, Warnings, and Compliance information for all Array models except for the XR-500/600 Series and models ending in H. For Notices, Warnings, and Compliance information for those models, see the notes at the beginning of this chapter. Avertissements de Sécurité 524 ! Sécurité ! Proximité d'appareils explosifs ! Foudre ! Disjoncteur Lisez l'ensemble de la documentation utilisateur avant de mettre cet appareil sous tension.
Wireless Array Software License and Product Warranty Agreement THIS SOFTWARE LICENSE AGREEMENT (THE “AGREEMENT”) IS A LEGAL AGREEMENT BETWEEN YOU (“CUSTOMER”) AND LICENSOR (AS DEFINED BELOW) AND GOVERNS THE USE OF THE SOFTWARE INSTALLED ON THE PRODUCT (AS DEFINED BELOW).
Wireless Array the Product in accordance with the accompanying Documentation and for no other purpose. 2.2 Ownership. The license granted under Sections 2.1 above with respect to the Software does not constitute a transfer or sale of Licensor's or its suppliers' ownership interest in or to the Software, which is solely licensed to Customer. The Software is protected by both national and international intellectual property laws and treaties.
Wireless Array 3.0 LIMITED WARRANTY AND LIMITATION OF LIABILITY 3.1 Limited Warranty & Exclusions. Licensor warrants that the Software will perform in substantial accordance with the specifications therefore set forth in the Documentation for a period of ninety [90] days after Customer's acceptance of the terms of this Agreement with respect to the Software (“Warranty Period”).
Wireless Array 3.4 Limitation of Liability. (a) TOTAL LIABILITY. NOTWITHSTANDING ANYTHING ELSE HEREIN, ALL LIABILITY OF LICENSOR AND ITS SUPPLIERS UNDER THIS AGREEMENT SHALL BE LIMITED TO THE AMOUNT PAID BY CUSTOMER FOR THE RELEVANT SOFTWARE, OR PORTION THEREOF, THAT GAVE RISE TO SUCH LIABILITY OR ONE HUNDRED UNITED STATES DOLLARS (US$100), WHICHEVER IS GREATER. THE LIABILITY OF LICENSOR AND ITS SUPPLIERS UNDER THIS SECTION SHALL BE CUMULATIVE AND NOT PER INCIDENT. (b) DAMAGES.
Wireless Array protective of a party's right in such Confidential Information as those set forth herein. 4.2 Return of Materials. Customer agrees to (i) destroy all Confidential Information (including deleting any and all copies contained on any of Customer's Designated Hardware or the Product) within fifteen (15) days of the date of termination of this Agreement or (ii) if requested by Licensor, return, any Confidential Information to Licensor within thirty (30) days of Licensor's written request. 5.
Wireless Array 6. MISCELLANEOUS If Customer is a corporation, partnership or similar entity, then the license to the Software and Documentation that is granted under this Agreement is expressly conditioned upon and Customer represents and warrants to Licensor that the person accepting the terms of this Agreement is authorized to bind such entity to the terms and conditions herein.
Wireless Array Hardware Warranty Agreement PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THIS PRODUCT BY USING THIS PRODUCT, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD ALL THE TERMS AND CONDITIONS OF THIS AGREEMENT AND THAT YOU ARE CONSENTING TO BE BOUND BY THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, RETURN THE UNUSED PRODUCT TO THE PLACE OF PURCHASE FOR A FULL REFUND. LIMITED WARRANTY.
Wireless Array whether in contract, tort (including negligence), or otherwise, exceed the price paid by Customer. The foregoing limitations shall apply even if the above-stated warranty fails of its essential purpose. SOME STATES DO NOT ALLOW LIMITATION OR EXCLUSION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES. The above warranty DOES NOT apply to any evaluation Equipment made available for testing or demonstration purposes. All such Equipment is provided AS IS without any warranty whatsoever.
Wireless Array Appendix D: Notices (XR500/600 Series Only) This Appendix contains Notices, Warnings, and Compliance information for the XR500/600 Series only. For Notices, Warnings, and Compliance information outdoor products, please see the Quick Installation Guide for that product. For Notices, Warnings, and Compliance information for all other Arrays, please see “Appendix C: Notices (Arrays except XR-500/600 and -H Models)” on page 511.
Wireless Array This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate RF energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.
Wireless Array Modifications to the device will void the warranty and may violate FCC regulations. Cable Runs for Power over Gigabit Ethernet (PoGE) If using PoGE, the Array must be connected to PoGE networks without routing cabling to the outside plant — this ensures that cabling is not exposed to lightning strikes or possible cross over from high voltage. Battery Warning ! Caution! The Array contains a battery which is not to be replaced by the customer.
Wireless Array Ce dispositif est conforme à la norme CNR-210 d'Industrie Canada applicable aux appareils radio exempts de licence. Son fonctionnement est sujet aux deux conditions suivantes: (1) le dispositif ne doit pas produire de brouillage préjudiciable, et (2) ce dispositif doit accepter tout brouillage reçu, y compris un brouillage susceptible de provoquer un fonctionnement indésirable.
Wireless Array EU Directive 1999/5/EC Compliance Information This Appendix contains Notices, Warnings, and Compliance information for the XR500/600 Series only. For other models, see the notes under “Appendix C: Notices (Arrays except XR-500/600 and -H Models)” on page 511. This section contains compliance information for the Xirrus Wireless Array family of products.
Wireless Array Français [French] Cet appareil est conforme aux exigences essentielles et aux autres dispositions pertinentes de la Directive 1999/5/EC. ĺslenska [Icelandic] Þetta tæki er samkvæmt grunnkröfum og öðrum viðeigandi ákvæðum Tilskipunar 1999/5/EC. Italiano [Italian] Questo apparato é conforme ai requisiti essenziali ed agli altri principi sanciti dalla Direttiva 1999/5/CE. Latviski [Latvian] Šī iekārta atbilst Direktīvas 1999/5/EK būtiskajā prasībām un citiem ar to saistītajiem noteikumiem.
Wireless Array Slovensko [Slovenian] Ta naprava je skladna z bistvenimi zahtevami in ostalimi relevantnimi popoji Direktive 1999/5/EC. Slovensky [Slovak] Toto zariadenie je v zhode so základnými požadavkami a inými prislušnými nariadeniami direktiv: 1999/5/EC. Suomi [Finnish] Tämä laite täyttää direktiivin 1999/5//EY olennaiset vaatimukset ja on siinä asetettujen muiden laitetta koskevien määräysten mukainen.
Wireless Array WEEE Compliance 540 Natural resources were used in the production of this equipment. This equipment may contain hazardous substances that could impact the health of the environment. In order to avoid harm to the environment and consumption of natural resources, we encourage you to use appropriate take-back systems when disposing of this equipment.
Wireless Array National Restrictions In the majority of the EU and other European countries, the 2.4 GHz and 5 GHz bands have been made available for the use of Wireless LANs. The following table provides an overview of the regulatory requirements in general that are applicable for the 2.4 GHz and 5 GHz bands. Frequency Band (MHz) Max Power Level (EIRP) (mW) Indoor Outdoor 2400–2483.
Wireless Array Les liasons sans fil pour une utilisation en extérieur d’une distance supérieure à 300 mèters doivent être notifiées à l’Institut Belge des services Postaux et des Télécommunications (IBPT). Visitez www.bipt.be pour de plus amples détails. Greece A license from EETT is required for the outdoor operation in the 5470 MHz to 5725 MHz band. Xirrus recommends checking www.eett.gr for more details.
Wireless Array Antennas The Xirrus Wireless Array employs integrated antennas that cannot be removed and which are not user accessible. Nevertheless, as regulatory limits are not the same throughout the EU, users may need to adjust the conducted power setting for the radio to meet the EIRP limits applicable in their country or region. Adjustments can be made from the product’s management interface — either Web Management Interface (WMI) or Command Line Interface (CLI).
Wireless Array Compliance Information (Non-EU) This Appendix contains Notices, Warnings, and Compliance information for the XR500/600 Series only. For other models, see the notes under “Appendix C: Notices (Arrays except XR-500/600 and -H Models)” on page 511. This section contains compliance information for the Xirrus Wireless Array family of products.
Wireless Array Safety Warnings This Appendix contains Notices, Warnings, and Compliance information for the XR500/600 Series only. For other models, see the notes under “Appendix C: Notices (Arrays except XR-500/600 and -H Models)” on page 511. ! Safety Warnings ! Explosive Device Proximity Warning ! Lightning Activity Warning ! Circuit Breaker Warning Read all user documentation before powering this device. All Xirrus interconnected equipment should be contained indoors.
Wireless Array Translated Safety Warnings This Appendix contains Notices, Warnings, and Compliance information for the XR500/600 Series only. For other models, see the notes under “Appendix C: Notices (Arrays except XR-500/600 and -H Models)” on page 511. Avertissements de Sécurité 546 ! Sécurité ! Proximité d'appareils explosifs ! Foudre ! Disjoncteur Lisez l'ensemble de la documentation utilisateur avant de mettre cet appareil sous tension.
Wireless Array Software License and Product Warranty Agreement THIS SOFTWARE LICENSE AGREEMENT (THE “AGREEMENT”) IS A LEGAL AGREEMENT BETWEEN YOU (“CUSTOMER”) AND LICENSOR (AS DEFINED BELOW) AND GOVERNS THE USE OF THE SOFTWARE INSTALLED ON THE PRODUCT (AS DEFINED BELOW).
Wireless Array the Product in accordance with the accompanying Documentation and for no other purpose. 2.2 Ownership. The license granted under Sections 2.1 above with respect to the Software does not constitute a transfer or sale of Licensor's or its suppliers' ownership interest in or to the Software, which is solely licensed to Customer. The Software is protected by both national and international intellectual property laws and treaties.
Wireless Array 3.0 LIMITED WARRANTY AND LIMITATION OF LIABILITY 3.1 Limited Warranty & Exclusions. Licensor warrants that the Software will perform in substantial accordance with the specifications therefore set forth in the Documentation for a period of ninety [90] days after Customer's acceptance of the terms of this Agreement with respect to the Software (“Warranty Period”).
Wireless Array 3.4 Limitation of Liability. (a) TOTAL LIABILITY. NOTWITHSTANDING ANYTHING ELSE HEREIN, ALL LIABILITY OF LICENSOR AND ITS SUPPLIERS UNDER THIS AGREEMENT SHALL BE LIMITED TO THE AMOUNT PAID BY CUSTOMER FOR THE RELEVANT SOFTWARE, OR PORTION THEREOF, THAT GAVE RISE TO SUCH LIABILITY OR ONE HUNDRED UNITED STATES DOLLARS (US$100), WHICHEVER IS GREATER. THE LIABILITY OF LICENSOR AND ITS SUPPLIERS UNDER THIS SECTION SHALL BE CUMULATIVE AND NOT PER INCIDENT. (b) DAMAGES.
Wireless Array protective of a party's right in such Confidential Information as those set forth herein. 4.2 Return of Materials. Customer agrees to (i) destroy all Confidential Information (including deleting any and all copies contained on any of Customer's Designated Hardware or the Product) within fifteen (15) days of the date of termination of this Agreement or (ii) if requested by Licensor, return, any Confidential Information to Licensor within thirty (30) days of Licensor's written request. 5.
Wireless Array 6. MISCELLANEOUS If Customer is a corporation, partnership or similar entity, then the license to the Software and Documentation that is granted under this Agreement is expressly conditioned upon and Customer represents and warrants to Licensor that the person accepting the terms of this Agreement is authorized to bind such entity to the terms and conditions herein.
Wireless Array Hardware Warranty Agreement PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THIS PRODUCT BY USING THIS PRODUCT, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD ALL THE TERMS AND CONDITIONS OF THIS AGREEMENT AND THAT YOU ARE CONSENTING TO BE BOUND BY THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, RETURN THE UNUSED PRODUCT TO THE PLACE OF PURCHASE FOR A FULL REFUND. LIMITED WARRANTY.
Wireless Array whether in contract, tort (including negligence), or otherwise, exceed the price paid by Customer. The foregoing limitations shall apply even if the above-stated warranty fails of its essential purpose. SOME STATES DO NOT ALLOW LIMITATION OR EXCLUSION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES. The above warranty DOES NOT apply to any evaluation Equipment made available for testing or demonstration purposes. All such Equipment is provided AS IS without any warranty whatsoever.
Wireless Array Appendix E: Medical Usage Notices Xirrus XR‐1000/2000/4000/6000 Series wireless devices have been tested and found to comply with the requirements of IEC 60601‐1‐2. Section 5.2.1.1 ‐ The Xirrus wireless device needs special precautions regarding EMC and must be installed and put into service according to the EMC information provided in this User’s Guide and in the Quick Installation Guide for the Xirrus Array or AP.
Wireless Array Section 5.2.2.1 (f) Table 2 Guidance and manufacturer’s declaration – electromagnetic immunity Xirrus wireless devices are intended for use in the electromagnetic environment specified below. The customer or the user of the Xirrus wireless device should assure that it is used in such an environment.
Wireless Array Section 5.2.2.1 (g) Xirrus Wireless devices have no essential performance per IEC 60601‐1‐2. Section 5.2.2.2 – Tables 4 and 6 Table 4 for non‐life supporting equipment Guidance and manufacturer’s declaration – electromagnetic immunity Xirrus wireless devices are intended for use in the electromagnetic environment specified below. The customer or the user of the Xirrus device should assure that it is used in such an environment.
Wireless Array NOTE 1 At 80 MHz and 800 MHz, the higher frequency range applies. NOTE 2 These guidelines may not apply in all situations. Electromagnetic propagation is affected by absorption and reflection from structures, objects and people. a Field strengths from fixed transmitters, such as base stations for radio (cellular/cordless) telephones and land mobile radios, amateur radio, AM and FM radio broadcast and TV broadcast cannot be predicted theoretically with accuracy.
Wireless Array Section 5.2.2.5 RF Channels Supported 2.
Wireless Array 560
Wireless Array Glossary of Terms 802.11a A supplement to the IEEE 802.11 WLAN specification that describes radio transmissions at a frequency of 5 GHz and data rates of up to 54 Mbps. 802.11b A supplement to the IEEE 802.11 WLAN specification that describes radio transmissions at a frequency of 2.4 GHz and data rates of up to 11 Mbps. 802.11d A supplement to the Media Access Control (MAC) layer in 802.11 to promote worldwide use of 802.11 WLANs.
Wireless Array authentication The process that a station, device, or user employs to announce its identify to the network which validates it. IEEE 802.11 specifies two forms of authentication, open system and shared key. bandwidth Specifies the amount of the frequency spectrum that is usable for data transfer. In other words, it identifies the maximum data rate a signal can attain on the medium without encountering significant attenuation (loss of power).
Wireless Array cell The basic geographical unit of a cellular communications system. Service coverage of a given area is based on an interlocking network of cells, each with a radio base station (transmitter/receiver) at its center. The size of each cell is determined by the terrain and forecasted number of users. channel A specific portion of the radio spectrum — the channels allotted to one of the wireless networking protocols. For example, 802.11b and 802.11g use 14 channels in the 2.
Wireless Array domain The main name/Internet address of a user's Internet site as registered with the InterNIC organization, which handles domain registration on the Internet. For example, the “domain” address for Google is: http://www.google.com, broken down as follows: http:// represents the Hyper Text Teleprocessing Protocol used by all Web pages. www is a reference to the World Wide Web. google refers to the company. com specifies that the domain belongs to a commercial enterprise.
Wireless Array encryption Any procedure used in cryptography to translate data into a form that can be decrypted and read only by its intended receiver. Fast Ethernet A version of standard Ethernet that runs at 100 Mbps rather than 10 Mbps. FCC (Federal Communications Commission) US wireless regulatory authority. The FCC was established by the Communications Act of 1934 and is charged with regulating Interstate and International communications by radio, television, wire, satellite and cable.
Wireless Array host name The unique name that identifies a computer on a network. On the Internet, the host name is in the form comp.xyz.net. If there is only one Internet site the host name is the same as the domain name. One computer can have more than one host name if it hosts more than one Internet site (for example, home.xyz.net and comp.xyz.net). In this case, comp and home are the host names and xyz.net is the domain name. IPsec A Layer 3 authentication and encryption protocol. Used to secure VPNs.
Wireless Array packet Data sent over a network is broken down into many small pieces — packets — by the Transmission Control Protocol layer of TCP/IP. Each packet contains the address of its destination as well the data. Packets may be sent on any number of routes to their destination, where they are reassembled into the original data. This system is optimal for connectionless networks, such as the Internet, where there are no fixed connections between two locations.
Wireless Array public key In cryptography, one of a pair of keys (one public and one private) that are created with the same algorithm for encrypting and decrypting messages and digital signatures. The public key is made publicly available for encryption and decryption. QoS (Quality of Service) QoS can be used to describe any number of ways in which a network provider prioritizes or guarantees a service's performance.
Wireless Array SSH (Secure SHell) Developed by SSH Communications Security, Secure Shell is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. The Array only allows SSH-2 connections. SSH-2 provides strong authentication and secure communications over insecure channels. SSH-2 protects a network from attacks, such as IP spoofing, IP source routing, and DNS spoofing.
Wireless Array VLAN (Virtual LAN) A group of devices that communicate as a single network, even though they are physically located on different LAN segments. Because VLANs are based on logical rather than physical connections, they are extremely flexible. A device that is moved to another location can remain on the same VLAN without any hardware reconfiguration.
Wireless Array Wi-Fi Alliance A nonprofit international association formed in 1999 to certify interoperability of wireless Local Area Network products based on IEEE 802.11 specification. The goal of the Wi-Fi Alliance's members is to enhance the user experience through product interoperability. Wireless Array A high capacity wireless networking device consisting of multiple radios arranged in a circular array. WPA (Wi-Fi Protected Access) A Wi-Fi Alliance standard that contains a subset of the IEEE 802.
Wireless Array 572 Glossary of Terms
Wireless Array Index Numerics 11ac see 802.11ac 325 802.11a 3, 4, 290, 311 802.11a/b/g 28 802.11a/b/g/n 15 802.11a/n 15, 66, 262 802.11ac WMI page 325 802.11b 3, 4, 316 802.11b/g 290, 316 802.11b/g/n 15, 66, 262 802.11e 17 802.11g 3, 4, 316 802.11i 4, 75, 159 802.11n 4 WMI page 322 802.11p 17 802.11q 17 802.
Wireless Array appearance WMI options 406 application control update (signature file) 395 approved setting rogues 116 APs 60, 116, 250, 251, 494 rogues, blocking 351 APs, rogue see rogue APs 333, 352 APs, XR overview 4 ARP filtering 308 ARP table window 106 Array 30, 66, 82, 159, 166 connecting 66 dismounting 66 management 385 mounting 66 powering up 66 securing 66 Web Management Interface 82 XR-2000 Series 8, 9 XR-2005 Series 8, 9 ArrayOS upgrade 388 Arrays managing in clusters 374 Arrays, XR 1 overview 4
Wireless Array boot 388 bridging APs 169 broadcast 309 fast roaming 309 browser certificate error 217, 231 BSS 492 BSSID 116, 492 buttons 87 C capacity of 802.11n 45 cascading style sheet sample for web page redirect 397 cdp 424 CDP (Cisco Discovery Protocol) settings 177 cdp CLI command 424 CDP neighbors 108 cell sharp cell 333 cell size 30, 290 auto-configuration 333 cell size configuration 333 certificate about 217, 231 authority 217, 231 error 217, 231 install Xirrus authority 231 X.
Wireless Array commands acl 422 admin 423 auth, authentication 424 cdp 424 clear 426 cluster 428 configure 414 contact-info 429 date-time 430 dhcp-server 431 dns 432 file 433 filter 437 group 428, 441 hostname 441 interface 442 load 442 location 443 location-reporting 444, 455 management 445 mdm (mobile device management) Airwatch 446 more 447 netflow 448 no 449 quit 452 radius-server 451, 452 reboot 453, 463 reset 453 restore 454 run-tests 456 security 458 show 417 snmp 459 ssid 460 statistics 420 syslog 4
Wireless Array denial of service see DoS attack 353 deny traffic see filters 365 deployment 28, 56, 60, 63, 494 ease of 17 detection intrusion 352 see DoS attack 353 see impersonation attack 354 see impersonation detection 353 see intrusion detection 353, 354 device management see Mobile Device Management 380 DHCP 30, 69, 71, 75, 159, 166, 484 default settings 485 leases window 107 DHCP Server 179 diagnostics log, create file 394 directory, active 246 display WMI options 406 DNS 75, 159, 176 DNS domain 176
Wireless Array reset configuration to 391 factory.
Wireless Array IEEE 3, 75, 159 IEEE 802.11ac WMI page 325 IEEE 802.11n capacity, increased 45 multiple data streams 39 spatial multiplexing 39 WMI page 322 IEEE 802.
Wireless Array list, SSID access see access control list 276 local management vs.
Wireless Array network interfaces 165 settings 166 network assurance 109, 230 network connections 63, 88, 494 network installation 25, 481 network interface ports 69, 71 network interfaces 166, 483 network status ARP table window 106 connection tracking window 107 routing table window 106 viewing leases 107 Network Time Protocol 75, 159, 180 network tools ping, traceroute, RADIUS ping 397 nomenclature 2 non-overlapping channels 16 NTP 75, 159, 180, 484 NTP Server 180 O Oauth CLI command auth 424 Open (encr
Wireless Array priority 262 SSID 256, 263 about setting QoS 493 default QoS 486 user group 283 quality of user experience 340 Quality of Service 17 see QoS 263, 283 quick reference guide 483 quick start express setup 159 R radio assurance (self-test) 334, 335 radio assurance (loopback testing) 333 radio assurance (loopback) mode 334, 335 radio distribution 14 radios naming 2 RADIUS 4, 25, 50, 60, 213, 234, 276, 484, 494 admin authentication 223 setting admin privileges 223 setting user VSAs 241 Vendor Spec
Wireless Array settings for blocking 349 Rogue AP List 116 rogue APs auto block settings 352 blocking 333 Rogue Control List 250, 251 rogue detection 15 rogues setting as known or approved 116 root command prompt 413 route trace route utility 397 routing table window 106 RPM (RF Performance Manager) 18 RSM (RF Security Manager) 19 RSSI 116 RTS 311, 316 RTS threshold 311, 316 S Safari 26 sample Perl and CSS files for 396 save with reboot 388 Save button 82 saved.
Wireless Array SSH 25, 26, 56, 75, 159, 166, 214, 488, 494 SSH-2 214 SSID 4, 75, 82, 116, 159, 251, 262, 486, 492, 497 about usage 493 active IAPs 275 honeypot 278 honeypot, whitelist 279 QoS 256, 263 about using 493 QoS, about usage 493 rogue control list 250 web page redirect settings 266 web page redirect settings, about 269, 274 web page redirect settings, whitelist 273 whitelist, honeypot 278 SSID Access List 276 SSID address 276 SSID Management 262, 486, 492 standby mode 334 stateful filtering disabli
Wireless Array TKIP encryption and XR Arrays 237 token CLI command auth 424 tool ping, trace route, RADIUS ping 397 Tools 385, 494 tools, network 397 tools, system 386 trace route utility 397 traffic filtering 365 limits and interactions 285 transmit power 30 Trap Host 485 trap port 191, 485 tunnel CLI command 462 tunneled fast roaming 309 Tunnels 209 tunnels see VTun 204, 208 U UDP port requirements 52 unknown setting rogues 116 update signature file (application control) 395 upgrade license key 389 softw
Wireless Array W wall thickness considerations 28 warning messages 86 WDS 358, 361 about 57 long distance 294, 360 planning 57 statistics 140 timeouts 294, 360 WDS Client Links 361 Web interface structure and navigation 85 web interface 81 Web Management Interface 56, 66, 69, 71, 88, 492 Web Management Interface (WMI) 81 web page redirect 396 also called WPR 396 CHAP (Challenge-Handshake Authentication Protocol) 271 customize internal login/splash page 272 HTTPS port 269, 274 install files for 396 internal
Wireless Array see RSM 19 Xirrus Management System 4, 13, 17, 25, 27, 56, 494 SNMP required 191, 192 Xirrus Management System (XMS) 1 Xirrus PoGE Power Injectors 1 Xirrus Roaming Protocol 17, 103, 309 XMS 4, 13, 17, 27 port requirements 52 setting IP address of 191 SNMP required 191, 192 vs.
Wireless Array 588 Index
High Performance Wireless Networks 1.800.947.7871 Toll Free in the US +1.805.262.1600 Sales +1.805.262.1601 Fax 2101 Corporate Center Drive Thousand Oaks, CA 91320, USA © 201 Xirrus, Inc. All Rights Reserved. The Xirrus logo is a registered trademark of Xirrus, Inc. All other trademarks are the property of their respective owners. Content subject to change without notice. To learn more visit: xirrus.com or email info@xirrus.
