October 28, 2009
Wi-Fi Array ™ XN16, XN12, XN8, XN4 XS16, XS12, XS8, XS4 XS-3900, XS-3700, XS-3500 All rights reserved. This document may not be reproduced or disclosed in whole or in part by any means without the written consent of Xirrus, Inc.
Trademarks is a registered trademark of Xirrus, Inc. All other trademarks and brand names are marks of their respective holders. Please see Legal Notices, Warnings, Compliance Statements, and Warranty and License Agreements in “Appendix F: Notices” on page 433. Xirrus, Inc. 2101 Corporate Center Drive Thousand Oaks, CA 91320 USA Tel: Fax: 1.805.262.1600 1.800.947.7871 Toll Free in the US 1.866.462.3980 www.xirrus.
Wi-Fi Array Table of Contents List of Figures.................................................................................... xiii Introduction ......................................................................................... 1 The Xirrus Family of Products ............................................................................... 2 Nomenclature .................................................................................................... 4 About this User’s Guide ...................
Wi-Fi Array Product Specifications—XS16/XS-3900, XS12, and XS8/XS-3700 ........................................................................................................... 34 Product Specifications—XS4/XS-3500 ............................................................... 40 Installing the Wi-Fi Array ................................................................. 45 Installation Prerequisites ......................................................................................
Wi-Fi Array Port Requirements .......................................................................................... 72 Network Management Planning .................................................................. 75 WDS Planning ................................................................................................. 76 Common Deployment Options .................................................................... 79 Installation Workflow ........................................................
Wi-Fi Array LED Boot Sequence ............................................................................... 108 LED Operation when Array is Running ............................................ 109 Establishing Communication with the Array .................................................. 110 Using the Serial Port ..................................................................................... 110 Using the Ethernet Ports ..............................................................................
Wi-Fi Array Station Status Windows ...................................................................................... 150 Stations ........................................................................................................... 151 Location Map ................................................................................................. 152 RSSI .................................................................................................................
Wi-Fi Array Using the Array’s Default Certificate ................................................. 213 Using an External Certificate Authority ............................................. 214 Admin Management .................................................................................... 215 Admin RADIUS ............................................................................................ 216 About Creating Admin Accounts on the RADIUS Server .............. 217 Management Control .............
Wi-Fi Array RF Resilience .......................................................................................... 278 RF Power & Sensitivity ......................................................................... 279 RF Spectrum Management ................................................................... 280 LED Settings .................................................................................................. 283 WDS ...........................................................................
Wi-Fi Array contact-info .................................................................................................... 324 date-time ........................................................................................................ 325 dhcp-server .................................................................................................... 326 dns ................................................................................................................... 327 file .................
Wi-Fi Array Enabling Global IAPs ................................................................................... 359 Disabling Global IAPs .................................................................................. 360 Enabling a Specific IAP ................................................................................ 361 Disabling a Specific IAP ............................................................................... 362 Setting Cell Size Auto-Configuration for All IAPs ..............
Wi-Fi Array Administrator Account and Password ...................................................... 394 Management .................................................................................................. 394 Keyboard Shortcuts ............................................................................................. 394 Appendix C: Technical Support ........................................................................ 397 General Hints and Tips ............................................
Wi-Fi Array Glossary of Terms.......................................................................... 455 Index................................................................................................
Wi-Fi Array xii Table of Contents
Wi-Fi Array List of Figures Figure 1. Figure 2. Figure 3. Figure 4. Figure 5. Figure 6. Figure 7. Figure 8. Figure 9. Figure 10. Figure 11. Figure 12. Figure 13. Figure 14. Figure 15. Figure 16. Figure 17. Figure 18. Figure 19. Figure 20. Figure 21. Figure 22. Figure 23. Figure 24. Figure 25. Figure 26. Figure 27. Figure 28. Figure 29. Figure 30. Figure 31. Figure 32. Figure 33. Figure 34. Xirrus Arrays...............................................................................................
Wi-Fi Array Figure 35. Figure 36. Figure 37. Figure 38. Figure 39. Figure 40. Figure 41. Figure 42. Figure 43. Figure 44. Figure 45. Figure 46. Figure 47. Figure 48. Figure 49. Figure 50. Figure 51. Figure 52. Figure 53. Figure 54. Figure 55. Figure 56. Figure 57. Figure 58. Figure 59. Figure 60. Figure 61. Figure 62. Figure 63. Figure 64. Figure 65. Figure 66. Figure 67. Figure 68. Figure 69. Figure 70. Figure 71. xiv Installation Workflow ..................................................................
Wi-Fi Array Figure 72. Figure 73. Figure 74. Figure 75. Figure 76. Figure 77. Figure 78. Figure 79. Figure 80. Figure 81. Figure 82. Figure 83. Figure 84. Figure 85. Figure 86. Figure 87. Figure 88. Figure 89. Figure 90. Figure 91. Figure 92. Figure 93. Figure 94. Figure 95. Figure 96. Figure 97. Figure 98. Figure 99. Figure 100. Figure 101. Figure 102. Figure 103. Figure 104. Figure 105. Figure 106. Figure 107. Figure 108. Spanning Tree Status...............................................................
Wi-Fi Array Figure 109. Figure 110. Figure 111. Figure 112. Figure 113. Figure 114. Figure 115. Figure 116. Figure 117. Figure 118. Figure 119. Figure 120. Figure 121. Figure 122. Figure 123. Figure 124. Figure 125. Figure 126. Figure 127. Figure 128. Figure 129. Figure 130. Figure 131. Figure 132. Figure 133. Figure 134. Figure 135. Figure 136. Figure 137. Figure 138. Figure 139. Figure 140. Figure 141. Figure 142. Figure 143. Figure 144. Figure 145. xvi Port Modes (e-f) ..................................
Wi-Fi Array Figure 146. Figure 147. Figure 148. Figure 149. Figure 150. Figure 151. Figure 152. Figure 153. Figure 154. Figure 155. Figure 156. Figure 157. Figure 158. Figure 159. Figure 160. Figure 161. Figure 162. Figure 163. Figure 164. Figure 165. Figure 166. Figure 167. Figure 168. Figure 169. Figure 170. Figure 171. Figure 172. Figure 173. Figure 174. Figure 175. Figure 176. Figure 177. Figure 178. Figure 179. Figure 180. Figure 181. Figure 182. .Configuring a WDS Link ...............................
Wi-Fi Array Figure 183. Figure 184. Figure 185. Figure 186. Figure 187. Figure 188. Figure 189. Figure 190. Figure 191. Figure 192. Figure 193. Figure 194. Figure 195. Figure 196. xviii Removing the Chassis Cover ................................................................ 382 Lifting the Integrated Access Point Module ....................................... 383 Disconnect the Integrated Access Point Module ............................... 383 Installing a New Access Panel (with Power Supply) .........
Wi-Fi Array Introduction These topics introduce the Xirrus Wi-Fi Array, including an overview of its key features and benefits, and a detailed listing of the product’s physical, environmental, technology and regulatory specifications. z “The Xirrus Family of Products” on page 2. z “About this User’s Guide” on page 4. z “Why Choose the Xirrus Wi-Fi Array?” on page 7. z “Wi-Fi Array Product Overview” on page 9. z “Key Features and Benefits” on page 16.
Wi-Fi Array The Xirrus Family of Products Figure 1. Xirrus Arrays The Xirrus family of products includes the following: 2 z The XS Series of Xirrus Wi-Fi Arrays (XS16 / XS12 / XS8 / XS4) XS Arrays integrate multiple Integrated Access Points—radios with highgain directional antennas for increased range and coverage.
Wi-Fi Array z Xirrus Management System (XMS) XMS is used for managing large Array deployments from a centralized Web-based interface. The XMS server is available pre-installed on the Xirrus XM-33xx-CC Management Platform Series, or as a software package (XA-3300-CC) to be installed on your own server hardware. Figure 2 illustrates the elements of the Xirrus Management System. Users start the XMS client simply by entering the URL of the XMS server on a web browser.
Wi-Fi Array Nomenclature Throughout this User’s Guide, the Xirrus Wi-Fi Array is also referred to as simply the Array. In some instances, the terms product and unit are also used. When discussing specific products from the Xirrus family, the product name is used (for example, XN16, XS12, or XS-3500). The Wi-Fi Array’s operating system is referred to as the ArrayOS. The Web Management Interface for browser-based management of the Array is referred to as WMI.
Wi-Fi Array z Installing the Wi-Fi Array Defines prerequisites for deploying and installing the Array and provides instructions to help you plan and complete a successful installation. z The Web Management Interface Offers an overview of the product’s embedded Web Management Interface, including its content and structure. It emphasizes what you need to do to ensure that any configuration changes you make are applied, and provides a list of restricted characters.
Wi-Fi Array z Appendix C: Technical Support Offers guidance to resolve technical issues, including general hints and tips to enhance your product experience, and a procedure for isolating problems within an Array-enabled wireless network. Also includes Frequently Asked Questions (FAQs) and Xirrus contact information. z Appendix D: Implementing PCI DSS Discusses meeting security standards with the Array, including FIPS and PCI DSS.
Wi-Fi Array This User’s Guide is also made available as a secure PDF (Portable Document Format) file and can be viewed using the Adobe® Acrobat Reader® product. It cannot be edited or modified. If you don’t have Acrobat Reader, you can downloaded it free-of-charge from: http://www.adobe.com. Hyperlinks If you click on body text that appears in the color TEAL (with the exception of headings or notes) the embedded hyperlink within the text will immediately take you to the referenced destination.
Wi-Fi Array z 802.11a Operates in the 5 GHz range with a maximum speed of 54 Mbps. z 802.11b Operates in the 2.4 GHz range with a maximum speed of 11 Mbps. z 802.11g Supports a higher transmission speed of 54 Mbps in the 2.4 GHz range and is backwards compatible with 802.11b. z 802.11n Uses multiple antennas per radio to boost transmission speed as high as 300 Mbps, increasing throughput, range, and maximum number of users. 802.11n is backwards compatible with 802.11a/b/g.
Wi-Fi Array Wi-Fi Array Product Overview Part of the family of Xirrus products, the Wi-Fi Array is a high capacity, multimode device designed for the Enterprise market, with twice the range and up to eight times the capacity of competitive wireless products. Figure 3. Wi-Fi Array (XN16) The Wi-Fi Array (regardless of the product model) is Wi-Fi® compliant and simultaneously supports 802.11a, 802.11b and 802.11g clients. XN model arrays add the enhanced abilities of 802.11n to this combination.
Wi-Fi Array detection, site monitoring, and RF spectrum analysis are performed in the background by the Array automatically. Wi-Fi Array Product Family The following tables provide an overview of the main features supported by the Wi-Fi Array product family. XN Family of Arrays Feature XN16 XN12 XN8 XN4 4 4 4 4 12 8 4 0 16 12 8 4 48 36 24 12 Integrated Wi-Fi switch ports 16 12 8 4 Integrated RF spectrum analyzer, threat sensors Yes Yes Yes Yes 2 2 2 1 Wi-Fi bandwidth 4.
Wi-Fi Array XS Family of Arrays XS16, XS-3900 XS12 XS8, XS-3700 XS4, XS-3500 4 4 4 4 12 8 4 0 16 12 8 4 Integrated Wi-Fi switch ports 16 12 8 4 Integrated RF spectrum analyzer and threat sensors Yes Yes Yes Yes 2 2 2 1 Wi-Fi bandwidth 864 Mb 648 Mb 432 Mb 216 Mb Users supported 1,024 768 512 256 Feature Number of 802.11a/b/g radios Number of 802.
Wi-Fi Array Deployment Flexibility Xirrus’ unique multi-radio architecture generates 360 degrees of sectored highgain 802.11a/b/g/n or 802.11a/b/g coverage that provides extended range and the highest possible data rates for a large volume of clients. Each sector can be controlled automatically or manually, creating a pattern of wireless coverage perfectly tailored to individual customer needs. For example: outside wall Figure 4.
Wi-Fi Array Power over Gigabit Ethernet (PoGE) (Optional) The Xirrus XP1 and XP8 Power over Gigabit Ethernet modules provide power to your Arrays over the same Cat 5e or Cat 6 cable used for data, eliminating the need to run power cables and provide an AC power outlet in proximity to each unit. Figure 5. XP8 - Power over Ethernet Usage Specific models of the Array are compatible with specific PoGE modules. For details, please see “Power over Gigabit Ethernet Compatibility Matrix” on page 414.
Wi-Fi Array Enterprise Class Management The Wi-Fi Array can be configured with its default RF settings, or the RF settings can be customized using the Array’s embedded Web Management Interface (WMI). The WMI enables easy configuration and control from a graphical console, along with a full compliment of troubleshooting tools and statistics. Figure 6. WMI: Array Status In addition, a fully featured Command Line Interface (CLI) offers IT professionals a familiar management and control environment.
Wi-Fi Array Management Protocol) is also supported to allow management from an SNMP compliant management tool, such as the optional Xirrus Management System. # For deployments of more than five Arrays, we recommend that you use the Xirrus Management System (XMS). The XMS offers a rich set of features for fine control over large deployments.
Wi-Fi Array Key Features and Benefits This section describes some of the key product features and the benefits you can expect when deploying the Wi-Fi Array (the XN16 product is highlighted in this section). High Capacity and High Performance an12 an1 an11 abgn4 abgn1 an2 an10 an3 an9 an8 an4 abgn2 abgn3 an7 an5 an6 Mode(s) abgn2 (RF monitoring) IAP number Figure 7.
Wi-Fi Array In the recommended configuration, IAP (radio) abg(n)2 is configured in RF monitoring and rogue AP detection mode. a12 a1 a11 abg4 abg1 a2 a10 a3 a9 a8 a4 abg2 abg3 a7 abg2 (RF monitoring) a5 a6 Mode(s) IAP number Figure 8. Naming of IAPs (XS16) Extended Coverage One XN16 solution enables you to replace up to sixteen access points (includes one omnidirectional IAP for monitoring the network).
Wi-Fi Array Flexible Coverage Schemes Your Wi-Fi Array offers flexible coverage schemes for each wireless technology. 802.11a/n 802.11a/b/g/n Monitor only Figure 9. Coverage Schemes z 802.11a/n, 802.11a Delivers 60° wireless coverage per IAP, with 6 dBi of gain. z 802.11b/g/n, 802.11b/g Delivers 180° wireless coverage, with 3 dBi of gain. z 802.11a/b/g/n, 802.11a/b/g (monitor only) Delivers 360° wireless coverage, with 2 dBi of gain.
Wi-Fi Array Applications Enablement QoS (Quality of Service) functionality combined with true switch capabilities enable high density video and Voice over Wireless LAN deployments. Compliant with 802.1p and 802.1Q standards. SDMA Optimization SDMA (Spatial Division Multiple Access) technology provides full 360° coverage while allowing independent channel and power output customization. Also supports fast inter-zone handoffs for time-sensitive applications and roaming support.
Wi-Fi Array Product Specifications—XN16, XN12, and XN8 Element Number of Users Specifications Maximum of 64 associated users per radio XN16: 1024 users per Array XN12: 768 users per Array XN8: 512 users per Array Physical Diameter: 18.65 inches (47.37 cm) Height: 3.87 inches (9.83 cm) Weight: 10 lbs (3.
Wi-Fi Array Element Electrical Specifications Each Array supports both AC and PoGE AC Input Power: 100-240VAC at 50-60 Hz PoGE (DC) Input Power: Power over Gigabit Ethernet—no splitter required, 48VDC, Maximum 2A Nominal Power: XN16: 90W XN12: 75W XN8: 60W All Models: For PoGE, see “Power over Gigabit Ethernet Compatibility Matrix” on page 414.
Wi-Fi Array Element Management Specifications Xirrus Management System (XMS)—Layer 3 Element Management System HTTPS Web Management Interface (WMI) CLI via SSHv2, Telnet, local serial Console Enable/disable management for any interface Read-write and read-only admin accounts may be authenticated via RADIUS SNMP v2c, v3 Configuration Files—text-based files may be imported, exported, or compared NetFlow—IP flow information (traffic statistics may be sent to an external Collector FTP, TFTP Syslog reporting f
Wi-Fi Array Element Security Specifications Wireless Encryption Line speed, hardware-accelerated encryption modes: WPA TKIP WPA2 AES WEP 40/64 WEP 104/128 Wireless Authentication: Open Pre-shared Key 802.
Wi-Fi Array Element Security (continued) Specifications Time of Day Access: Specify when access is allowed, per SSID or User Group Station-Station Blocking: Station-to-Station traffic blocking option Wireless Wireless Standards: 802.11a 802.11b 802.11d 802.11g 802.11e 802.11h 802.11i 802.11j 802.11n Number of Radios: XN16: 12 x 802.11a/n radios 4 x 802.11a/b/g/n radios Only 12 radios should be used as 802.11a/n radios (i.e., 5 GHz band) concurrently. 48 integrated antennas XN12: 8 x 802.
Wi-Fi Array Element Wireless (continued) Specifications Frequency Bands: 11a/n: 4.945 – 4.985 (restricted Public Safety band) 11a/n: 5.15-5.25 GHz (UNII 1) 11a/n: 5.15-5.25 GHz (TELEC) 11a/n: 5.25-5.35 GHz (UNII 2) 11a/n: 5.470-5.725 (ETSI) 11a/n: 5.725-5.825 GHz (UNII 3) 11b/g/n: 2.412-2.462 GHz (FCC) 11b/g/n: 2.412-2.472 GHz (ETSI) 11b/g/n: 2.412-2.484 GHz (TELEC) Channel Selection: Manual and Automatic 802.11a/n Antennas Integrated 6dBi, sectorized 802.
Wi-Fi Array Element Compliance Specifications Electromagnetic: ICES-003 (Canada) EN 301.893 (Europe) EN 301.489-1 and -17 (Europe) Safety: EN 60950 EN 50371 to 50385 CE Mark Certifications Wi-Fi Alliance: 802.11a/b/g, WPA, WPA2, and extended EAP types. Our certifications may be viewed here.
Wi-Fi Array Product Specifications—XN4 Element Specifications Number of Users Maximum of 64 associated users per radio, 256 users per XN4 Physical Diameter: 12.58 inches (31.95 cm) Height: 2.58 inches (6.55 cm) Weight: 4lbs (1.81 kg) Environmental Operating Temperature: 0°C to 55°C 0% to 90% relative humidity (non-condensing) Storage Temperature: -20°C to 60°C 5% to 95% relative humidity (non-condensing) System 825 MHz CPU 512 MB RAM 1 GB system flash Integrated Switch 2.
Wi-Fi Array Element Interfaces Specifications Serial Console Port: 1 x RS232 – RJ45 connector, for local configuration Ethernet Interfaces: 1 x Gigabit 100/1000 Mbps uplink port Status LEDs: System status, Ethernet, Radio Networking DHCP client, DHCP server (multiple DHCP pools), DNS Client, NTP client, NAT Management Xirrus Management System (XMS)—Layer 3 Element Management System HTTPS Web Management Interface (WMI) CLI via SSHv2, Telnet, local serial Console Enable/disable management for any interf
Wi-Fi Array Element Quality of Service (QoS) Support Specifications Multiple SSIDs: 16 unique SSIDs per Array Each SSID beacons a unique BSSID per radio VLAN and QoS settings for each SSID VLANs: Up to 16 VLANs, 802.1Q, 802.1p Prioritization: 802.11e wireless prioritization 802.
Wi-Fi Array Element Security Specifications Wireless Encryption Line speed, hardware-accelerated encryption modes: WPA TKIP WPA2 AES WEP 40/64 WEP 104/128 Wireless Authentication: Open Pre-shared Key 802.
Wi-Fi Array Element Security (continued) Specifications Time of Day Access: Specify when access is allowed, per SSID or User Group Station-Station Blocking: Station-to-Station traffic blocking option Wireless Wireless Standards: 802.11a 802.11b 802.11d 802.11g 802.11e 802.11h 802.11i 802.11j 802.11n Number of Radios: 4 x 802.
Wi-Fi Array Element Wireless (continued) Specifications Frequency Bands: 11a/n: 4.945 – 4.985 (restricted Public Safety band) 11a/n: 5.15-5.25 GHz (UNII 1) 11a/n: 5.15-5.25 GHz (TELEC) 11a/n: 5.25-5.35 GHz (UNII 2) 11a/n: 5.470-5.725 (ETSI) 11a/n: 5.725-5.825 GHz (UNII 3) 11b/g/n: 2.412-2.462 GHz (FCC) 11b/g/n: 2.412-2.472 GHz (ETSI) 11b/g/n: 2.412-2.484 GHz (TELEC) Channel Selection: Manual and Automatic 802.11a/n Antennas Integrated 6dBi, sectorized 802.
Wi-Fi Array Element Compliance Specifications Electromagnetic: ICES-003 (Canada) EN 301.893 (Europe) EN 301.489-1 and -17 (Europe) Safety: EN 60950 EN 50371 to 50385 CE Mark Certifications Wi-Fi Alliance: 802.11a/b/g, WPA, WPA2, and extended EAP types. Our certifications may be viewed here.
Wi-Fi Array Product Specifications—XS16/XS-3900, XS12, and XS8/XS-3700 Element Number of Users Specifications Maximum of 64 associated users per radio 1024 users per Array (XS16/XS-3900) 768 users per Array (XS12) 512 users per Array (XS8/XS-3700) Physical Diameter: 18.65 inches (47.37 cm) Height: 3.87 inches (9.83 cm) Weight: 8lbs (3.
Wi-Fi Array Element Interfaces Specifications Serial: 1 x RS232 – RJ45 connector Ethernet Interfaces: 2 x Gigabit 100/1000 Mbps w/failover 1 x Fast Ethernet 10/100 Mbps Status LEDs: System status, Ethernet, Radio Electrical XS16/XS8: Each Array supports both AC and PoGE AC Input Power: 90-265VAC at 47-63Hz PoGE Input Power: Power over Gigabit Ethernet— no splitter required, 48VDC Nominal Power: XS16: 70W XS8: 45W XS-3900/XS-3700: Separate AC and DC versions Input Power (AC version): 90VAC to 265VAC at 4
Wi-Fi Array Element Performance Specifications Client Load Balancing Automatic load balancing between system radios Quality of Service: 802.
Wi-Fi Array Element Wireless Specifications Number of Radios: 12 x 802.11a radios 4 x 802.11a/b/g radios Only 12 radios should be used as 802.11a radios concurrently. XS16/XS-3900: XS12: 8 x 802.11a radios 4 x 802.11a/b/g radios XS8/XS-3700: 4 x 802.11a radios 4 x 802.11a/b/g radios Wireless Standards: 802.11a/b/g and g-only mode 802.11e, 802.11i Channel Selection: Manual and Automatic Frequency Bands: 11a: 4.945 – 4.985 (restricted Public Safety band) 11a: 5.15-5.25 GHz (UNII 1) 11a: 5.15-5.
Wi-Fi Array Element Wireless (continued) Specifications Antennas (XS12): 8 x internal 6 dBi 60° 802.11a sectorized 4 x internal 3 dBi 180° 802.11b/g sectorized 1 x internal 2 dBi 360° omni-directional (for RF monitoring) 3 x external RP-TNC connectors for three 802.11a/ b/g radios * Antennas (XS8/XS-3700): 4 x internal 6 dBi 60° 802.11a sectorized 4x internal 3 dBi 180° 802.11b/g sectorized 1 x internal 2 dBi 360° omni-directional (for RF monitoring) 3 x external RP-TNC connectors for three 802.
Wi-Fi Array Element Compliance Specifications UL / cUL 60950 and EN 60950 FCC Part 15.107 and 15109, Class A EN 301.489 (Europe) EN60601 EU medical equipment directive for EMC Certifications Wi-Fi Alliance: 802.11a/b/g, WPA, WPA2, and extended EAP types. Our certifications may be viewed here. Federal Information Processing Standard (FIPS) Publication 140 -2, Level 2.
Wi-Fi Array Product Specifications—XS4/XS-3500 Element Specifications Number of Users Maximum of 64 associated users per radio (256 users per Array) Physical Diameter: 12.58 inches (31.95 cm) Height: 2.58 inches (6.55 cm) Weight: 4lbs (1.
Wi-Fi Array Element Electrical Specifications XS4: Each Array supports both AC and PoGE AC Input Power: 90-265VAC at 47-63Hz Nominal power usage: 27W XS-3500: AC Input Power: 90-265VAC at 47-63Hz Input Power (DC version): 48VDC All Models: Power over Gigabit Ethernet (PoGE): all 4-port models work with all Xirrus PoGE modules, splitter required, 48VDC See “Power over Gigabit Ethernet Compatibility Matrix” on page 414.
Wi-Fi Array Element VLAN Support Specifications 802.1Q, 802.1p VLAN Supports up to 16 VLANs Multiple SSID Support Allows up to 16 separate SSIDs to be defined with map security, VLAN and QoS settings for each SSID Performance Client Load Balancing Automatic load balancing between system radios Quality of Service: 802.
Wi-Fi Array Element Wireless Specifications Number of Radios: 4 x 802.11a/b/g radios Wireless Standards: 802.11a/b/g and g-only mode 802.11e, 802.11i Channel Selection: Manual and Automatic Frequency Bands: 11a: 4.945 – 4.985 (restricted Public Safety band) 11a: 5.15-5.25 GHz (UNII 1) 11a: 5.15-5.25 GHz (TELEC) 11a: 5.25-5.35 GHz (UNII 2) 11a: 5.470-5.725 (ETSI) 11a: 5.725-5825 GHz (UNII 3) 11b/g: 2.412-2.462 GHz (FCC) 11b/g: 2.412-2.472 GHz (ETSI) 11b/g: 2.412-2.
Wi-Fi Array Element Certifications Specifications Wi-Fi Alliance: 802.11a/b/g, WPA, WPA2, and extended EAP types. Our certifications may be viewed here. Federal Information Processing Standard (FIPS) Publication 140 -2, Level 2.
Wi-Fi Array Installing the Wi-Fi Array The instructions for completing a successful installation include the following topics: z “Installation Prerequisites” on page 45. z “Planning Your Installation” on page 48. z “Installation Workflow” on page 80. z “Unpacking the Wi-Fi Array” on page 81. z “Installing Your Wi-Fi Array” on page 83. z “Powering Up the Wi-Fi Array” on page 107. z “Establishing Communication with the Array” on page 110. z “Performing the Express Setup Procedure” on page 112.
Wi-Fi Array z Ethernet port You need at least one 100/1000 BaseT port to establish wired Gigabit Ethernet connectivity (via the product’s Gigabit 1 or Gigabit 2 port) and one 10/100 BaseT port (if desired) for product management. ! ! The Array’s Ethernet ports should be connected to an Ethernet switch, not an Ethernet hub—if a hub is used, we recommend that you connect only one Ethernet port. The Gigabit1 Ethernet interface is the primary port for both data and management traffic.
Wi-Fi Array Use the following settings when establishing a serial connection: Bits per second 115,200 Data bits Parity 8 None Stop bits Flow control 1 None Optional Network Components The following network components are optional. z Xirrus Management System (XMS) The optional XMS offers powerful management features for small or large Wi-Fi Array deployments. z External RADIUS server Although your Array comes with an embedded RADIUS server, for 802.
Wi-Fi Array Planning Your Installation This section provides guidelines and examples to help you plan your Xirrus Wi-Fi Array deployment to achieve the best overall coverage and performance. We recommend you conduct a site survey to determine the best location and settings for each Array you install. The following topics are discussed: z “General Deployment Considerations” on page 48 z “Coverage and Capacity Planning” on page 50 z “IEEE 802.
Wi-Fi Array wireless range from between 3 and 90 feet (1 to 30 meters). Position your devices so that the number of walls or ceilings is minimized. 2. Be aware of the direct line between each device. For example, a wall that is 1.5 feet thick (half a meter) at 90° is actually almost 3 feet thick (or 1 meter) when viewed at a 45° angle.
Wi-Fi Array Coverage and Capacity Planning This section considers coverage and capacity for your deployment(s), including placement options, RF patterns and cell sizes, area calculations, roaming considerations, and channel allocations. Placement Use the following guidelines when considering placement options: 1. The best placement option for the Array is ceiling-mounted within an open plan environment (cubicles rather than fixed walls). 2.
Wi-Fi Array RF Patterns The Wi-Fi Array allows you to control—automatically or manually—the pattern of wireless coverage that best suits your deployment needs. You can choose to operate with full coverage, half coverage, or custom coverage (by enabling or disabling individual sectors). Full (Normal) Coverage In normal operation, the Array provides a full 360 degrees of coverage. Figure 12.
Wi-Fi Array Custom Coverage Where there are highly reflective objects in proximity to the Array, you can turn off specific radios to avoid interference and feedback. reflective object Figure 14. Custom Coverage Capacity and Cell Sizes Cell sizes should be estimated based on the number of users, the applications being used (for example, data/video/voice), and the number of Arrays available at the location.
Wi-Fi Array # The XS4 and XN4 have a smaller range than the larger Arrays. Fine Tuning Cell Sizes Adjusting the transmit power allows you to fine tune cell sizes. There are four standard sizes—Small, Medium, Large, or Max (the default is Max). There is also an Auto setting that automatically determines the best cell size, and a Manual setting that allows you to choose your power settings directly. Small Medium Large Figure 16.
Wi-Fi Array If you are installing many units in proximity to each other, we recommend that you use Auto Cell Size; otherwise, reduce the transmit power using manual settings to avoid excessive interference with other Arrays or installed APs. See also, “Coverage and Capacity Planning” on page 50. Sharp Cell This patented Xirrus RF management option automatically creates more intelligently defined cells and improves performance by creating smaller, highthroughput cells.
Wi-Fi Array Automatic Channel Selection We recommend that you allow the Array to make intelligent channel allocation decisions automatically. In the automatic mode, channels are allocated dynamically, driven by changes in the environment. Auto Channel assignment is performed by scanning the surrounding area for RF activity on all channels, then automatically selecting and setting channels on the Array to the best channels available.
Wi-Fi Array Maintain channel separation Figure 18.
Wi-Fi Array Deployment Examples The following examples employ 802.11a cells, each offering minimum throughputs of 54 Mbps, 36 Mbps, and 18 Mbps per sector respectively, and assume a floor plan covering a total area of about 60,000 square feet (5574 sq m). Figure 19. Deployment Scenario (54 Mbps)—Per Sector Figure 20.
Wi-Fi Array Figure 21.
Wi-Fi Array IEEE 802.11n Deployment Considerations # IEEE 802.11n features are supported only on XN Array models, and this section applies only to those Arrays. The Xirrus XN Arrays support IEEE 802.11n on all IAPs, in both 2.4 GHz and 5 GHz bands. Use of 802.
Wi-Fi Array 802.11n’s speed improvements and because they are optional and configurable, as opposed to the parts of 802.11n that are fixed. While the settings for 802.11n IAPs come pre-configured on the Array for robust performance in typical usage, you should review the settings for your deployment, especially channel bonding. A global setting is provided to enable or disable 802.11n mode. See “Global Settings .11n” on page 273 to configure 802.11n operation.
Wi-Fi Array MIMO Processed Signal Antenna 1 Signal Attenuation Receiver Antenna 2 Signal Antenna 3 Signal Frequency Across Subcarriers Figure 23. MIMO Signal Processing MIMO signal processing uses multiple antennas to send and receive data. It takes advantage of multipath reflections to improve signal coherence and greatly increase receiver sensitivity (Figure 23). Multipath signals were considered to be interference by 802.11a/b/g radios, and degraded performance. In 802.
Wi-Fi Array Multiple Data Streams—Spatial Multiplexing Spatial Multiplexing transmits completely separate data streams on different antennas (in the same channel) that are recombined to produce new 802.11n data rates. Higher data rates are achieved by splitting the original data stream into separate data streams. Each separate stream is transmitted on a different antenna (using its own RF chain). MIMO signal processing at the receiver can detect and recover each stream.
Wi-Fi Array Channel Bonding Channel bonding increases data rates by combining two adjacent 20 MHz channels into one 40 MHz channel. This increases the data rate to slightly more than double. A bonded 40 MHz channel is specified in terms of the Primary channel and the adjacent channel to Bond. The Bond channel is represented by +1 to use the channel above the Primary channel, or -1 to use the channel below.
Wi-Fi Array Improved MAC Throughput These changes make 802.11n transmission of MAC frames 40% more efficient than legacy transmission: z MAC data frames are combined and given a single PHY header. z Implicit Block ACK acknowledges all data frames within a combined frame. z Spacing between frames is reduced.
Wi-Fi Array inappropriate environment, the signal quality will suffer and throughput will decrease. See “Global Settings .11n” on page 273 to configure the guard interval. Obtaining Higher Data Rates The data rate increase obtained by using 802.11n on an Array is incremental, based on the technologies that are applied and the options that you select: z Higher encoding rates (Mandatory in 802.11n) z Spatial Streams (Mandatory, but multiplier varies directly with number of streams selected.
Wi-Fi Array 802.11n Capacity 802.11n offers major increases in capacity over previous 802.11 standards, as shown in Figure 28. Note that this chart shows figures for 802.11n (with one spatial stream and channel bonding). 802.11a/n Capacity 150 23 channels * 150Mbps = 3.4Gbps 802.11a Capacity 23 channels * 54Mbps = 1.2 Gbps 802.11g/n Capacity 3 channels * 150Mbps = 450 Mbps 802.11g Capacity 3 channels * 54Mbps = 162 Mbps 802.11b Capacity 3 channels * 11Mbps = 33 Mbps Figure 28. 802.
Wi-Fi Array Failover Planning This section discusses failover protection at the unit and port levels. Port Failover Protection To ensure that service is continued in the event of a port failure, you can utilize the Gigabit 1 and Gigabit 2 ports simultaneously. Multiple port connections Ethernet switch Figure 29. Port Failover Protection In addition, the Array has full failover protection between the Gigabit 1 and Gigabit 2 Ethernet ports (see following table).
Wi-Fi Array z Load Balancing z Broadcast z Link Backup z Bridged z Mirrored For more details on Gigabit port modes and their configuration, please see “Network Interface Ports” on page 184. Switch Failover Protection To ensure that service is continued in the event of a switch failure, you can connect Arrays to more than one Ethernet switch (not a hub). Ethernet connections Backup switch Ethernet switch Figure 30.
Wi-Fi Array Power Planning All XN Series Array models and XS16/12/8/4 Arrays support Power over Gigabit Ethernet (PoGE) with an integrated splitter. AC power is also supported on all XN Arrays and some versions of the XS8, XS12, and XS16. This section discusses the AC and PoGE power options. AC Power The AC power option requires a direct connection between the Array and a dedicated AC power outlet. The power cord is provided with the unit.
Wi-Fi Array Security Planning This section offers some useful guidelines for defining your preferred encryption and authentication method. For additional information, see “Understanding Security” on page 210 and the Security section of “Frequently Asked Questions” on page 398. Wireless Encryption Encryption ensures that no user can decipher another user’s data transmitted over the airwaves.
Wi-Fi Array z Pre-Shared Key Uses a pass-phrase or key that is manually distributed to all authorized users. The same passphrase is given to client devices and entered into each Array. z MAC Access Control Lists (ACLs) MAC access control lists provide a list of client adapter MAC addresses that are allowed or denied access to the wireless network, and can be used in addition to any of the above authentication methods.
Wi-Fi Array Port Requirements A number of ports are used by various Array features and by the Xirrus Management System (XMS). The Port Requirements table on page 73 lists ports and the features that require them (XMS port requirements are included in the table for your convenience). If you are using a feature, please make sure that the ports that it requires are not blocked by firewalls or other policies, and that they do not conflict with any other port assignments.
Wi-Fi Array The following table lists port requirements for the Array and for XMS, how they are used, and whether they may be changed. Port Application Peer Configurable Array 20 tcp 21 udp FTP Client Yes 22 tcp SSH Client Yes 23 tcp Telnet Client Yes 25 tcp SMTP Mail Server No 69 tcp TFTP TFTP Server No 161 tcp/udp SNMP XMS Server No 162 tcp/udp SNMP Traphost Note Up to four Traphosts may be configured.
Wi-Fi Array Port Application Peer Configurable XMS 25 tcp SMTP Mail Server Yes 161 udp SNMP Arrays No 162 udp SNMP Traphost 1 Arrays Via XMS config file HTTPS Arrays No 514 udp Resident Syslog server Internal* Via XMS config file 1099 tcp RMI Registry Internal* No 2000 tcp XMS Back-end Server Internal* No 3306 tcp MySQL Database Internal* No 8001 tcp Status Viewer Internal* No 8007 tcp Tomcat Shutdown Internal* During installation 8009 tcp Web Container Internal*
Wi-Fi Array Network Management Planning Network management can be performed using any of the following methods: z Command Line Interface, using an SSH (Secure Shell) utility, like PuTTY. The utility must be set up to use SSH-2, since the Array will only allow SSH-2 connections. z Web-based management, using the Array’s embedded Web Management Interface (WMI). This method provides configuration and basic monitoring tools, and is good for small deployments (one or two units).
Wi-Fi Array WDS Planning WDS (Wireless Distribution System) creates wireless backhauls between arrays, allowing your wireless network to be expanded using multiple Arrays without the need for a wired backbone to link them (see Figure 32). WDS features include: z One to three IAPs may be used to form a single WDS link, yielding up to 900 Mbps bandwidth per link (up to 162 Mbps for XS model Arrays). Up to three different WDS links may be created on a single Array.
Wi-Fi Array Figure 33. A Multiple Hop WDS Connection z Multiple WDS links can provide link redundancy (failover capability - see Figure 34). A network protocol (Spanning Tree Protocol—STP) prevents Arrays from forming network loops. Figure 34.
Wi-Fi Array WDS links have a Host/Client relationship similar to the usual IAP/station pattern for Arrays: z A WDS Client Link associates/authenticates to a host (target) Array in the same way that a station associates to an IAP. The client side of the link must be configured with the root MAC address of the target (host) Array. z A WDS Host Link acts like an IAP by allowing one WDS Client Link to associate to it. An Array may have both client and host links.
Wi-Fi Array Common Deployment Options The following table lists some typical and recommended deployment options for a number of the features that have been discussed in this chapter.
Wi-Fi Array Installation Workflow This workflow illustrates the steps that are required to install and configure your Wi-Fi Array successfully. Review this flowchart before attempting to install the unit on a customer’s network.
Wi-Fi Array See Also Coverage and Capacity Planning Deployment Examples Common Deployment Options Failover Planning Installation Prerequisites Planning Your Installation Power Planning Wi-Fi Array Product Overview Product Specifications—XN16, XN12, and XN8 Product Specifications—XS16/XS-3900, XS12, and XS8/XS-3700 Product Specifications—XS4/XS-3500 Security Planning Unpacking the Wi-Fi Array When you unpack your Wi-Fi Array, you will find the following items in the carton: Item Quantity Xirrus Wi-Fi Arr
Wi-Fi Array Item Quantity CD-ROM containing: This User’s Guide in PDF format End User License Agreement (EULA) README file 1 Quick Install Guide 1 Registration Card 1 See Also Installation Prerequisites Installation Workflow 82 Installing the Wi-Fi Array
Wi-Fi Array Installing Your Wi-Fi Array This section provides instructions for completing a physical installation of your Xirrus Wi-Fi Array. Choosing a Location Based on coverage, capacity and deployment examples previously discussed, choose a location for the Array that will provide the best results for your needs. The Wi-Fi Array was designed to be mounted on a ceiling where the unit is unobtrusive and wireless transmissions can travel unimpeded throughout open plan areas.
Wi-Fi Array Wiring Considerations If you are using the Xirrus Power over Gigabit Ethernet modules (PoGE) to distribute power, see “Power over Gigabit Ethernet (PoGE) (Optional)” on page 13. If you prefer to use AC power and you have an Array that supports AC, an AC power outlet must be available to the Array.
Wi-Fi Array Important Notes About Network Connections Read the following notes before making any network connections. # ! ! When the unit’s IP address is unknown or a network connection has not been established, the serial cable is used for connecting directly with the Command Line Interface (CLI) via HyperTerminal. When a network connection is established, the Array can be managed from any of the available network connections, either Fast Ethernet, Gigabit 1 or Gigabit 2.
Wi-Fi Array Mounting the Array on a Ceiling Most offices have drop-down acoustical ceiling tiles set into a standard grid. The Wi-Fi Array has been designed to enable mounting to a tiled ceiling via a mounting plate and clamps that attach to the grid. Once the mounting plate is attached, the Array simply rotates onto the plate (similar to a smoke detector). Once the unit is mounted it can be removed and re-attached easily, without the need for tools or modifications to the original installation.
Wi-Fi Array Secure the T-Bar Clips to the Ceiling Support Grid The mounting template should be oriented so that the Array’s abg(n)2 omnidirectional monitoring IAP (radio) is pointing in the direction of the least required wireless signal coverage—for example, a nearby exterior wall or entrance. Ceiling tile grid Template T-bar clips (4 places) Tighten the screw post Figure 38.
Wi-Fi Array Installing the Mounting Plate Locate the mounting plate on the four screw posts. Secure the plate to the four clamps using the nuts provided. Tighten the nuts to 10-12 lbf.ft (1.38-1.66 kgf.m), but do not overtighten. Cut an access hole for the cables in the ceiling tile. Tile grid Mounting Plate Figure 39.
Wi-Fi Array Connecting the Cables—AC Option This section is for Array models that have a separate AC input. If supplying AC to the Array directly (not using PoGE), refer to Figure 40 to connect cables. Otherwise, skip to Connecting the Cables—PoGE Option. Figure 40. Connecting the Cables Feed the power and Ethernet cables through the access hole in the tile and the mounting plate, then connect the cables to the Array. See also, “Wiring Considerations” on page 84.
Wi-Fi Array z Gigabit2 (optional)—may be used for load balancing, fail-over, mirroring, or increasing link speed to the wired network. z Fast Ethernet (optional)—for a management-only connection to the Array. z Serial cable (optional)—for connecting directly with the Array using CLI. Connecting the Cables—PoGE Option For the XS8, XS12, or XS16, use the procedure below and refer to Figure 41. For the XS4, see “Connecting the Cables—AC Option” on page 89.
Wi-Fi Array # z Do not connect the cable from the injector directly to a Gigabit port! It must be connected to the IN port (towards the right in Figure 41). Connect the supplied short orange Cat 5e data cable from the Array’s Data OUT port to Gigabit1, as shown. Connect any additional Ethernet and serial cables as required. For the XS4: Feed the PoGE cable through the access hole in the ceiling tile and the mounting plate, then connect the cable to the Gigabit1 port on the XS4 Array.
Wi-Fi Array Attaching the Array to the Mounting Plate # Before attaching the Array to the mounting plate, verify that it is powering up. The Ethernet link LED lights up and the radio LEDs on the front of the unit will illuminate in rotation, indicating that the Wi-Fi Array software is loading and the unit is functioning correctly.
Wi-Fi Array See Also Installation Workflow Installing Your Wi-Fi Array Mounting the Wi-Fi Array on a Wall (XS4 and XS-3500) Mounting Array on a Wall (All models except 4-port Arrays) Securing the Array Mounting the XS-3900/XS-3700 Align the port recess on the Array with the access hole in the mounting plate, then connect the Array with the lugs on the mounting plate (4 places) and turn the Array clockwise to lock the unit into place (similar to a smoke detector). Figure 44.
Wi-Fi Array Securing the Array For added security, there is a locking bracket incorporated into the mounting plate, which will accept a small luggage-style padlock (if desired). There is also a Kensington lock slot located near the Ethernet ports. In addition, the mounting plate incorporates a positive locking tab that prevents the unit from being inadvertently released. Locking bracket Figure 45.
Wi-Fi Array Dismounting the Array To dismount the XS-3700/3900 To dismount the Array, place your fingers so as to increase the space between the Array and the mounting plate at the positions indicated by the decals on the mounting plate—these are aligned with IAPs (radios) abg(n)1 and abg(n)3, as indicated on the clock-face of the Array. a12 a11 a1 abg4 abg1 a10 a2 a3 a9 a8 a4 abg2 abg3 a7 a5 a6 Figure 46.
Wi-Fi Array Securing the Array Mounting Array on a Wall (All models except 4-port Arrays) This procedure is applicable to the Wi-Fi Array’s 16-radio models, 12-radio models, and 8-radio models. If you are mounting a 4-radio model, go to “Mounting the Wi-Fi Array on a Wall (XS4 and XS-3500)” on page 101.
Wi-Fi Array Mark the Wall Position 1. Use the Wall Mounting Bracket as a template and mark the locations on the wall for the mounting holes. Mark holes (5 places) Figure 47. Wall Mount—Marking the Holes When marking the holes, ensure that the mounting plate is level—you may need assistance. # The bracket must be secured to the wall in 5 places, using the 2 holes at the top and the 3 holes at the bottom (5 toggle bolts are provided).
Wi-Fi Array Install the SNAPTOGGLE™ Toggle Bolts 2. At the locations you marked in Step 1, drill a 1/2 inch (13mm) hole (there must be a minimum clearance behind the wall of 1 7/8 inches—48mm). 3. (Refer to Figure 48, graphic A) Hold the metal channel flat alongside the plastic straps and slide the channel through the hole. A B C D Figure 48. Installing the Toggle Bolts 4.
Wi-Fi Array Attach the Mounting Plate to the Wall Mounting Bracket 6. Secure the Wi-Fi Array’s mounting plate to the Wall Mounting Bracket, in 4 places. Tighten the bolts to a torque of 10–12 lbf.ft (1.38–1.66 kgf.m). Do not overtighten the bolts. Mounting Plate Secure (x4 bolt assemblies) Figure 49. Attaching the Wall Mounting Plate Attach the Wall Mounting Bracket/Plate Assembly to the Wall 7.
Wi-Fi Array Mount the Array 8. Mount the Wi-Fi Array to the Wall Mounting Bracket in the same way that you would mount the Array to a ceiling mount (the procedure is identical). See “Attaching the Array to the Mounting Plate” on page 92 or “Mounting the XS-3900/XS-3700” on page 93. # Figure 50 shows the orientation of the Wi-Fi Array when mounted on a wall. It is not intended to show a fully installed Array. Figure 50.
Wi-Fi Array Mounting the Wi-Fi Array on a Wall (XS4 and XS-3500) This procedure is applicable to the 4 radio models of the Wi-Fi Array (XS4 and XS-3500). If you are mounting a 16-, 12-, or 8-radio model, go to “Mounting Array on a Wall (All models except 4-port Arrays)” on page 96. The wall mounting assembly kit is used to mount a 4-port Wi-Fi Array on a wall, instead of the traditional ceiling mount—where mounting the Array on the ceiling may be impractical at your location.
Wi-Fi Array Mark the Wall Position 1. Use the Wall Mounting Bracket as a template and mark the locations on the wall for the mounting holes. Mark holes (5 places) Figure 51. Wall Mount—Marking the Holes The bracket must be secured to the wall in 5 places, using the top 2 holes and the bottom 3 holes (5 toggle bolts are provided). When marking the holes, ensure that the mounting plate is level—you may need assistance. Install the SNAPTOGGLE™ Toggle Bolts 2.
Wi-Fi Array 3. (Refer to Figure 52, graphic A) Hold the metal channel flat alongside the plastic straps and slide the channel through the hole. A B C D Figure 52. Installing the Toggle Bolts 4. (Refer to Figure 52, graphic B) Hold the strap handle between your thumb and forefinger and pull towards you until the metal channel rests flush behind the wall. Using your other hand, now slide the plastic cap along the straps until the flange of the cap is flush with wall.
Wi-Fi Array Attach the Mounting Plate to the Wall Mounting Bracket 6. Secure the Wi-Fi Array’s mounting plate to the Wall Mounting Bracket, in 4 places. Tighten the bolts to a torque of 10–12 ft-lb (1.38–1.66 kg.m). Do not overtighten the bolts. Mounting Plate Secure (x4 bolt assemblies) Figure 53.
Wi-Fi Array Attach the Wall Mounting Bracket/Plate Assembly to the Wall 7. Secure the Wall Mounting Bracket (with attached Mounting Plate) to the wall at the 5 toggle bolt anchors you created in Steps 2 through 5—using all 5 places. Secure with 5 toggle bolts Figure 54.
Wi-Fi Array Mount the Array 8. Mount the Wi-Fi Array to the Wall Mounting Bracket by positioning the key post (on the underside of the mounting bracket) into the key receptacle on the underside of the Array. When the key post is properly located, gently turn the Array in a clockwise direction to secure the Array to the mounting plate. Key Post (Mounting Bracket) Receptacle Figure 55.
Wi-Fi Array Removing the Array To remove the Array from the Wall Mount Assembly, simply apply a little upward pressure to the Array, then gently turn the Array in a counterclockwise direction to release the unit from the bracket.
Wi-Fi Array Array LED Operating Sequences Use the following tables to review the operating sequences of the Array’s LEDs.
Wi-Fi Array LED Operation when Array is Running The normal LED operation when the Array is running is as follows: LED Status IAP LED is OFF IAP LED is solid ON Reason IAP is down IAP is up, but no associations and no traffic IAP LED heartbeat IAP is up, with stations associated but no traffic IAP LED flashing IAP is up, passing traffic Flashing at 10 Hz Flashing at 5 Hz Flashing at 2.
Wi-Fi Array Establishing Communication with the Array The Array can be configured through the Command Line Interface (CLI) or the graphical Web Management Interface (WMI). You can use the CLI via the serial management port, the Fast Ethernet port, or either of the Gigabit Ethernet ports. You can use the WMI via any of the Array’s Ethernet ports. Serial Fast Ethernet Gigabit 1 Gigabit 2 Figure 57.
Wi-Fi Array Logging In When logging in to the Array, use the default user name and password—the default user name is admin, and the default password is admin.
Wi-Fi Array Performing the Express Setup Procedure The Express Setup procedure establishes global configuration settings that enable basic Array functionality. Changes made in this window will affect all radios. Figure 58.
Wi-Fi Array Procedure for Performing an Express Setup 1. Host Name: Specify a unique host name for this Array. The host name is used to identify the Array on the network. Use a name that will be meaningful within your network environment, up to 64 alphanumeric characters. The default is Xirrus-WiFi-Array. 2. Location Information: Enter a brief but meaningful description that accurately defines the physical location of the Array.
Wi-Fi Array or choose Static if you intend to enter IP addresses manually. If you choose the Static IP option, you must enter the following information: 8. z IP Address: Enter a valid IP address for this Array. To use any of the remote connections (Web, SNMP, or SSH), a valid IP address must be used. z IP Subnet Mask: Enter a valid IP address for the subnet mask (the default is 255.255.255.0).
Wi-Fi Array • WPA (Wi-Fi Protected Access)—A Wi-Fi Alliance standard that contains a subset of the IEEE 802.11i standard, using TKIP or AES as an encryption method and 802.1x for authentication. • WPA2 (Wi-Fi Protected Access 2)—WPA2 is the follow-on security method to WPA for wireless networks and provides stronger data protection and network access control. It offers Enterprise and consumer Wi-Fi users with a high level of assurance that only authorized users can access their wireless networks.
Wi-Fi Array 10. Time and Date Settings: This section specifies an optional time (NTP Network Time Protocol) server or modifies the system time if you’re not using a server. a. Time Zone: Select your time zone from the choices available in the pull-down list. b. Use Network Time Protocol: Check this box if you want to use an NTP server to synchronize the Array’s clock. This ensures that Syslog time-stamping is maintained across all units.
Wi-Fi Array 11. IAP Settings: Enable/Configure All IAPs: Click on the Execute button to enable and auto configure all IAPs (a message displays the countdown time—in seconds—to complete the auto-configuration task). When an IAP is enabled, its LED is switched on. (Figure 59) LED on Figure 59. LEDs are Switched On 12. Click on the Apply button to apply the new settings to this session 13. Click on the Save button to save your changes (otherwise your new settings will not take effect).
Wi-Fi Array 118 Installing the Wi-Fi Array
Wi-Fi Array The Web Management Interface This topic provides an overview of the Xirrus Wi-Fi Array’s embedded Web Management Interface (WMI), used for establishing your network’s configuration settings and wireless operating parameters. It also includes login instructions.
Wi-Fi Array An Overview The WMI is an easy-to-use graphical interface to your Wi-Fi Array. It allows you to configure the product to suit your individual requirements and ensure that the unit functions efficiently and effectively. Figure 60.
Wi-Fi Array Structure of the WMI The content of the WMI is organized by function and hierarchy, shown in the following table. Click on any item below to jump to the referenced destination.
Wi-Fi Array Statistics Windows IAP Statistics Summary Per-IAP Statistics Network Statistics VLAN Statistics WDS Statistics Filter Statistics Station Statistics Per-Station Statistics 122 System Log Window Tool Windows System Tools CLI Logout The Web Management Interface
Wi-Fi Array User Interface The WMI has been designed with simplicity in mind, making navigation quick and easy. In the following example, you’ll see that windows are divided into left and right frames. Left frame Right frame Array info Message counters Click to configure/view statistics Pull-down menu Figure 61.
Wi-Fi Array The left frame contains three main elements: z Configuration menu organized by function (for example, radio interfaces, security, etc.). Click the heading to display a summary of its current configuration, as well as an associated pull-down menu. z Three Log Messages counters are located at the bottom of the menu. They provide a running total of messages generated by the ArrayOS Syslog subsystem during your session—organized into Critical, Warning, and General messages.
Wi-Fi Array z Click on the Feedback button to generate a Web page that allows you to submit your comments to Xirrus, Inc. You can also access the feedback page at http://www.xirrus.com/public/feedback/. Refer to Figure 63 on page 125 to see a sample of the feedback form. z Click on the Print button to send a print file of the active window to your local printer. z Click on the Help button to access the Array’s online help system.
Wi-Fi Array Logging In Use this procedure to log in to the WMI via your Web browser. 1. Establish a network connection and open your Web browser. 2. Connect to the Wi-Fi Array via its default IP address (10.0.2.1 for both Gigabit 1 and Gigabit 2 Ethernet ports) or via a DHCP assigned IP address. 3. To log in to the Array’s Web Management Interface, enter admin when prompted for a user name and password. Figure 64.
Wi-Fi Array Viewing Status on the Wi-Fi Array These windows provide status information and statistics for your Array using the product’s embedded Web Management Interface (WMI). You cannot make configuration changes to your Array from these windows. The following topics have been organized into functional areas that reflect the flow and content of the Status section of the navigation tree in the left frame of the WMI.
Wi-Fi Array Array Summary This is a status only window that provides a snapshot of the global configuration settings for all Wi-Fi Array network interfaces and IAPs. You must go to the appropriate configuration window to make changes to any of the settings displayed here—configuration changes cannot be made from this window. Clicking on an interface or IAP will take you to the proper window for making configuration changes. Figure 65.
Wi-Fi Array z • Status: Shows the current state of each interface, either enabled or disabled. • Link: Shows whether the link on this interface is up or down. • DHCP: Shows whether DHCP on this port is enabled or disabled. • IP Address: Shows the current IP address assigned to each network interface device. • Subnet Mask: Shows the subnet mask, which defines the number of IP addresses that are available on the routed subnet where the Array is located.
Wi-Fi Array • Channel: Shows which channel each IAP is using, and the channel setting. To avoid co-channel interference, adjacent radios should not be using adjacent channels. To make channel selections for a specific IAP, go to “IAP Settings” on page 255. • Antenna: Shows which antenna is being used by each IAP. • Cell Size: Indicates which cell size setting is currently active for each IAP—small, medium, large, max, automatic, or manually defined by you.
Wi-Fi Array • Description: The description (if any) that you set for this IAP. Array Information This is a status only window that shows you the current firmware versions utilized by the Array, the serial numbers assigned to each module, and MAC addresses. You cannot make configuration changes in this window, but if you are experiencing issues with network services, you may want to print the content of this window for your records. Figure 68.
Wi-Fi Array Array Configuration This is a status only window that allows you to display the configuration settings assigned to the Array, based on the following filter options: z Running—displays the current configuration (the one running now). z Saved—displays the saved configuration from this session. z Lastboot—displays the configuration as it was after the last reboot. z Factory—displays the configuration established at the factory. Figure 69.
Wi-Fi Array Admin History It is useful to know who else is currently logged in to an array while you're configuring it. It's also nice to see who has logged in since the array booted. This status-only window shows you all administrator logins to the Array that have occurred since the last reboot. To determine who is currently logged in, check which entries say active in the Logout Time column. Figure 70.
Wi-Fi Array z CDP Neighbors—lists neighboring network devices using Cisco Discovery Protocol. Network Map This window offers detailed information about this Array and all neighboring Arrays, including how the Arrays have been set up within your network. Figure 71. Network Map The Network Map has a number of options at the bottom of the page that allow you to customize your output by selecting from a variety of information that may be displayed.
Wi-Fi Array z IP Address: The Array’s IP address. If DHCP is enabled, the Array’s IP address is assigned by the DHCP server. If DHCP is disabled, you must assign a static IP address. To enable DHCP or to assign a static IP address for the Array, go to “Express Setup” on page 176. z IAP: The number of IAPs on the Array. z IAPs Up: Informs you how many IAPs are currently up and running. To enable or disable all IAPs, go to “Express Setup” on page 176.
Wi-Fi Array Software (enabled by default) z Enable/disable display of the Array OS column. Firmware z Boot Loader: The software version number of the boot loader on each Array. z SCD Firmware: The software version number of the SCD firmware on each Array. IAP Info (enabled by default) z Enable/disable display of the IAP/Up columns. Stations z Stations: Tells you how many stations are currently associated to each Array. To deauthenticate a station, go to “Stations” on page 151.
Wi-Fi Array link by activating the standby path. The spanning tree function is transparent to client stations. Figure 72. Spanning Tree Status This window shows the spanning tree status (forwarding or blocked) for path segments that terminate on the gigabit ports and WDS links of this Array. You may sort the rows based on the VLAN Name or Number columns by clicking the column header. Click Refresh to update the information at any time.
Wi-Fi Array Routing Table This status-only window lists the entries in the Array’s routing table. The table provides the Array with instructions for sending each packet to its next hop on its route across the network. Figure 73. Routing Table See Also VLANs Configuring VLANs on an Open SSID ARP Table This status-only window lists the entries in the Array’s ARP table. For a device with a given IP address, this table lists the device’s MAC address.
Wi-Fi Array See Also Routing Table ARP Filtering DHCP Leases This status-only window lists the IP addresses (leases) that the Array has allocated to client stations. For each, it shows the IP address assigned from one of the defined DHCP pools, and the MAC address and host name of the client station. The start and end time of the lease show how long the allocation is valid. The same IP address is normally renewed at the expiration of the current lease. Figure 75.
Wi-Fi Array Connection Tracking/NAT This status-only window lists the session connections that have been created on behalf of clients. This table may also be used to view information about current NAT sessions. Figure 76. Connection Tracking Click the Show Netbios checkbox at the bottom of the page to display NetBIOS name information for the source and destination location of the connection. The Netbios columns will replace traffic statistics columns.
Wi-Fi Array CDP Neighbors This status-only window lists devices on the Array’s network that support the Cisco Discovery Protocol (CDP). The Array performs discovery on the network on an ongoing basis. This list shows the devices that have been discovered—Cisco devices and other devices on the network that have CDP running. For each, it shows the device’s host name, IP address, manufacturer and model name, the device interface that is connected to the network (i.e.
Wi-Fi Array RF Monitor Windows Every Wi-Fi Array includes an integrated RF spectrum analyzer as a standard feature. The spectrum analyzer allows you to characterize the RF environment by monitoring throughput, signal, noise, errors, and interference levels continually per channel. This capability uses the built-in threat-sensor radio abg(n)2. The associated software is part of the ArrayOS.
Wi-Fi Array IAPs The RF Monitor—IAPs window displays traffic statistics and RF readings observed by each Array IAP (radio). Note that the data is an instantaneous snapshot for the IAP—it is not an average or a cumulative total. Figure 78. RF Monitor—IAPs Figure 78 presents the data as a graphical display, enabled by selecting the Graph checkbox on the lower left. If this option is not selected, data is presented as a numerical table.
Wi-Fi Array Spectrum Analyzer # The RF measurements for this feature are obtained by IAP abg(n)2, which must be set to monitor mode for any data to be available. See “IAP Settings” on page 255. Spectrum analysis on Wi-Fi Arrays is a distributed capability that automatically covers the entire Wi-Fi network, since a sensor is present in every unit. Arrays monitor the network 24/7 and analyze interference anywhere in the network from your desk.
Wi-Fi Array Click Channel number to highlight Select Display Options Figure 79.
Wi-Fi Array The Spectrum Analyzer offers several display options: z To display horizontal bar graphs, click the Rotate checkbox at the bottom of the data window. z In the rotated view, if you wish to view data as a numerical table, click the Text checkbox. Click again to return to a graphical display. The text option is only available in the rotated view. z When viewing a graphical display, click Bars to have the bar graphs displayed against a gray background—you may find this easier on the eyes.
Wi-Fi Array z Signal to Noise: Average SNR (signal to noise ratio) seen on the channel, calculated from the signal seen on valid 802.11 packets less the noise floor level. A dash value “-“means no SNR data was available for the interval. z Noise Floor: Average noise floor reading seen on the channel (ambient noise). A dash value “-“means no noise data was available for the interval. z Error Rate: Percentage of the total number of Wi-Fi packets seen on the channel that have CRC errors.
Wi-Fi Array Intrusion Detection This window displays all detected access points, according to the category you select from the drop-down list at the top—either Unknown, Known or Approved. This includes ad hoc access points (station-to-station connections). You can sort the results based on the following parameters by clicking the desired column header: z SSID z Security z BSSID z Type z Manufacturer z Discovered z Channel z Last Active z RSSI Select the type of AP to display Figure 80.
Wi-Fi Array You can refresh the list at any time by clicking on the Refresh button, or click in the Auto Refresh check box to instruct the Array to refresh the list automatically.
Wi-Fi Array Station Status Windows The following Station Status windows are available: 150 z Stations—this list describes all stations associated to the Array. z Location Map—displays a map showing the approximate locations of all stations associated to the array. z RSSI—for each associated station, this displays the Received Signal Strength Indicator at each of the Array’s IAPs. z Signal-to-Noise Ratio (SNR)—for each associated station, this displays the SNR at each of the Array’s IAPs.
Wi-Fi Array Stations This status-only window shows client stations currently visible to the Array. You may choose to view only stations that have associated to the Array, or only stations that are not associated, or both, by selecting the appropriate checkboxes above the list.
Wi-Fi Array Click on the Refresh button to refresh the station list, or click in the Auto Refresh check box to instruct the Array to refresh this window automatically. See Also Access Control List Station Status Windows Location Map The Location Map shows the approximate locations of stations relative to this Array. You may display stations associated to this Array, unassociated stations (shown in gray), or both. The station count is shown on the left, above the map.
Wi-Fi Array Hover mouse to show details Array Unassociated Station Associated Station Figure 82. Location Map A station is identified by its NetBIOS name if known, or else by its IP or MAC address. Hover the mouse over a station to show detailed information. If multiple stations are near each other, they will be displayed slightly offset so that one station does not completely obscure another. You may minimize a station that is not of interest by clicking it. Click it again for normal display.
Wi-Fi Array Controls and items displayed on the Location Map window # The controls for the Location Map are all at the bottom of the window and take up a fair amount of width. If some of the controls shown in Figure 83 are not visible, resize your browser window to be wider until all of the controls appear. Also, the Location Map has its own scroll bars in addition to the browser’s scroll bars. If you narrow the browser window, the map’s scroll bar may be hidden.
Wi-Fi Array detailed information for the station by hovering over it. To enlarge all rectangles, clear the Minimize All checkbox. Minimized station display Normal station display Figure 84. Minimizing stations z Scale: This view-only value shows the approximate distance represented by each hashmark on the default map background. Scale is the rightmost of the items displayed in the control area - you may need to scroll to the right edge to see it.
Wi-Fi Array z Rotate: Click this button to rotate the orientation of the entire map. It rotates the map 45o counter-clockwise. z Enlarge: Click this button to enlarge (zoom in on) the map. The displayed Scale on the bottom right is updated with the new scale for the map. z Reduce: Click this button to reduce (zoom out on) the map. The displayed Scale on the bottom right is updated with the new scale for the map z Auto Refresh: Instructs the Array to refresh this window automatically.
Wi-Fi Array Array Location Controls are at upper left of Map Click here to move Array to center of map Click an arrow to move the Array Apply Button Figure 85.
Wi-Fi Array RSSI For each station that is associated to the Array, the RSSI (Received Signal Strength Indicator) window shows the station’s RSSI value as measured by each IAP. In other words, the window shows the strength of the station’s signal at each radio. You may choose to display Unassociated Stations as well with a checkbox at the bottom of the window. Figure 86. Station RSSI Values By default, the RSSI is displayed numerically.
Wi-Fi Array Figure 87. Station RSSI Values—Colorized Graphical View In either graphical or tabular view, you may sort the rows based on any column that has an active column header, indicated when the mouse pointer changes to the hand icon . Click on the Refresh button to refresh the station list, or click in the Auto Refresh check box to instruct the Array to refresh this window automatically.
Wi-Fi Array Signal-to-Noise Ratio (SNR) For each station that is associated to the Array, the Signal-to-Noise Ratio (SNR) window shows the station’s SNR value as measured by each IAP. In other words, the window shows the SNR of the station’s signal at each IAP radio. The signalto-noise ratio can be very useful for determining the cause of poor performance at a station.
Wi-Fi Array Figure 89. Station SNR Values—Colorized Graphical View In either graphical or tabular view, you may sort the rows based on any column that has an active column header, indicated when the mouse pointer changes to the hand icon . Click on the Refresh button to refresh the station list, or click in the Auto Refresh check box to instruct the Array to refresh this window automatically.
Wi-Fi Array Noise Floor For each station that is associated to the Array, the Noise Floor window shows the ambient noise affecting a station’s signal as measured by each IAP. The noise floor is the RSSI value when the station is not transmitting, sometimes called a Silence value. In other words, the window shows the noise floor of the station’s signal at each IAP radio. The noise floor value can be very useful for characterizing the environment of a station to determine the cause of poor performance.
Wi-Fi Array Figure 91. Station Noise Floor Values—Colorized Graphical View In either graphical or tabular view, you may sort the rows based on any column that has an active column header, indicated when the mouse pointer changes to the hand icon . Click on the Refresh button to refresh the station list, or click in the Auto Refresh check box to instruct the Array to refresh this window automatically.
Wi-Fi Array Max by IAP This status-only window shows the maximum number of client stations that have historically been associated to the Array. For each IAP, the list shows the IAP’s state and channel number, the current number of stations associated, and the highest number of stations that have been associated over various periods of time: hour, day, week, month, and year.
Wi-Fi Array Statistics Windows The following Array Statistics windows are available: z IAP Statistics Summary—provides an overview of the statistical data associated with all IAPs. Expands to show links for displaying detailed statistics for individual IAPs. z Per-IAP Statistics—provides detailed statistics for an individual IAP. z Network Statistics—displays statistical data associated with each network (Ethernet) interface.
Wi-Fi Array Figure 93. IAP Statistics Summary Page See Also System Log Window Global Settings (IAP) Global Settings .11a Global Settings .11bg IAPs Per-IAP Statistics This is a status only window that provides detailed statistics for the selected IAP. If you click the link for IAP All in the left frame, each detailed statistic field will show the sum of that statistic for all IAPs. For a summary of statistics for all IAPs, see “IAP Statistics Summary” on page 165.
Wi-Fi Array Figure 94. Individual IAP Statistics Page (for IAP abg(n)1) You can Refresh the data (update the window with the latest information) or Clear the data (reset all content to zero and begin counting again) at any time by clicking on the appropriate button. You can also click in the Auto Refresh check box to instruct the Array to refresh this window automatically. See Also System Log Window Global Settings (IAP) Global Settings .11a Global Settings .
Wi-Fi Array Network Statistics This is a status only window that allows you to review statistical data associated with each network (Ethernet) interface and its activity. You can Refresh the data (update the window with the latest information) or Clear the data (reset all content to zero and begin counting again) at any time by clicking on the appropriate button. You can also click in the Auto Refresh check box to instruct the Array to refresh this window automatically.
Wi-Fi Array VLAN Statistics This is a status only window that allows you to review statistical data associated with your assigned VLANs. You can refresh the information that is displayed on this page at any time by clicking on the Refresh button, or select the Auto Refresh option for this window to refresh automatically. The Clear All button at the lower left allows you to clear (zero out) all VLAN statistics. Figure 96.
Wi-Fi Array WDS Statistics The main WDS Statistics window provides statistical data for all WDS client and host links. To access data about a specific WDS client or host link, simply click on the desired link in the left frame to access the appropriate window. You may also choose to view a sum of the statistics for all client links, all host links, or all links (both client and host links). Figure 97.
Wi-Fi Array Filter Statistics The Filter Statistics window provides statistical data for all configured filters. The name, state (enabled—on or off), and type (allow or deny) of each filter is shown. For enabled filters, this window shows the number of packets and bytes that met the filter criteria. Click on a column header to sort the rows based on that column. Click on a filter name to edit the filter settings. Figure 98.
Wi-Fi Array You can Refresh the data (update the window with the latest information) at any time by clicking on the appropriate button. You can also click in the Auto Refresh check box to instruct the Array to refresh this window automatically. See Also Per-Station Statistics Per-Station Statistics This window provides detailed statistics for the selected station.
Wi-Fi Array System Log Window This is a status only window that allows you to review the system log, where system alerts and messages are displayed. Although there are no configuration options available in this window, you do have the usual choice of deciding how the event messages are sorted by clicking in the column header for the desired field (Time Stamp, Priority, or Message). z Time Stamp—sorts the list based on the time the event occurred.
Wi-Fi Array 174 Viewing Status on the Wi-Fi Array
Wi-Fi Array Configuring the Wi-Fi Array The following topics include procedures for configuring the Array using the product’s embedded Web Management Interface (WMI). Procedures have been organized into functional areas that reflect the flow and content of the WMI.
Wi-Fi Array Express Setup The Express Setup procedure allows you to establish global configuration settings that will enable basic Array functionality. Any changes you make in this window will affect all radios. When finished, click on the Apply button to apply the new settings to this session, or click Save to apply your changes and make them permanent. Figure 102.
Wi-Fi Array Procedure for Performing an Express Setup 1. Host Name: Specify a unique host name for this Array. The host name is used to identify the Array on the network. Use a name that will be meaningful within your network environment, up to 64 alphanumeric characters. The default is Xirrus-WiFi-Array. 2. Location Information: Enter a brief but meaningful description that accurately defines the physical location of the Array.
Wi-Fi Array on this port. Choose Yes to allow management of the Array via this Gigabit interface, or choose No to deny all management privileges for this interface. c. 8. Configuration Server Protocol: Choose DHCP to instruct the Array to use DHCP to assign IP addresses to the Array’s Ethernet interfaces, or choose Static if you intend to enter IP addresses manually. If you choose the Static IP option, you must enter the following information: • IP Address: Enter a valid IP address for this Array.
Wi-Fi Array required to use a VPN connection through a secure SSH utility, like PuTTy. • WEP (Wired Equivalent Privacy)—An optional IEEE 802.11 function that offers frame transmission privacy similar to a wired network. WEP generates secret shared encryption keys that both source and destination stations can use to alter frame bits to avoid disclosure to eavesdroppers. • WPA (Wi-Fi Protected Access)—A Wi-Fi Alliance standard that contains a subset of the IEEE 802.
Wi-Fi Array write privileges on the Array (i.e., the new user will be able to change the configuration of the Array). The default admin user is deleted. Note that the Array also offers the option of authenticating administrators using a RADIUS server (see “Admin Management” on page 215)). b. New Admin Password: If desired, enter a new administration password for managing this Array. Choose a password that is not obvious, and one that you can remember.
Wi-Fi Array e. NTP Secondary Server: Enter the IP address or domain name of an optional secondary NTP server to be used in case the Array is unable to contact the primary server. f. Set Time (hrs:min:sec): If you are not using NTP, check this box if you want to adjust the current system time. When the box is checked, the time fields become active. Enter the revised time (hours, minutes, seconds, am/pm) in the corresponding fields.
Wi-Fi Array Network This is a status-only window that provides a snapshot of the configuration settings currently established for the 10/100 Ethernet 0 interface and the Gigabit 1 and Gigabit 2 interfaces. DNS Settings and CDP Settings (Cisco Discovery Protocol) are summarized as well. You must go to the appropriate configuration window to make changes to any of the settings displayed here (configuration changes cannot be made from this window).
Wi-Fi Array Network Interfaces This window allows you to establish configuration settings for the 10/100 Fast Ethernet interface and the Gigabit 1 and Gigabit 2 interfaces. Figure 105. Network Settings # Gigabit 2 settings will “mirror” Gigabit 1 settings (except for MAC addresses) and cannot be configured separately.
Wi-Fi Array When finished making changes, click on the Apply button to apply the new settings to this session, or click Save to apply your changes and make them permanent. When the status of an Ethernet or Gigabit port changes, a Syslog entry is created describing the change. Network Interface Ports The following diagram shows the location of each network interface port on the underside of the Array. Serial Fast Ethernet Gigabit 1 Gigabit 2 Figure 106.
Wi-Fi Array 1. Enable Interface: Choose Yes to enable this network interface (Fast Ethernet, Gigabit 1 or Gigabit 2), or choose No to disable the interface. 2. LED Indicator: Choose Enabled to allow the LED for this interface to blink with traffic on the port, or choose Disabled to turn the LED off. The LED will still light during the boot sequence, then turn off. This option is only available for the Gigabit interfaces. 3.
Wi-Fi Array a. Active Backup (gig1/gig2 failover to each other)—This mode provides fault tolerance and is the default mode. Gigabit 1 acts as the primary link. Gigabit2 is the backup link and is passive. Gigabit2 assumes the IP properties of Gigabit1. If Gigabit 1 fails the Array automatically fails over to Gigabit2. When a failover occurs in this mode, Gigabit2 issues gratuitous ARPs to allow it to substitute for Gigabit1 at Layer 3 as well as Layer 2. See Figure 107 (a). b.
Wi-Fi Array c. Bridge traffic between gig1 & gig2—Traffic received on Gigabit1 is transmitted by Gigabit2; similarly, traffic received on Gigabit2 is transmitted by Gigabit1. This allows the Array to act as a wired bridge and allows Arrays to be daisy-chained and still maintain wired connectivity. See Figure 108 (c). d. Transmit Traffic on both gig1 & gig2—Transmits incoming traffic on both Gigabit1 and Gigabit2. Any traffic received on Gigabit1 or Gigabit2 is sent to the onboard processor.
Wi-Fi Array (e) Load balance traffic Gig1 Gig2 Destinations Array load balances outgoing traffic based on source and destination address Switch (f) Mirror traffic Gig1 Gig2 Received wireless traffic is sent to both links Network Analyzer Switch Gig1 Gig2 Traffic from Gig 1 is processed for wireless transmission and copied to Gig 2 Switch Network Analyzer Gig1 Gig2 Traffic from Gig 2 is processed for wireless transmission and copied to Gig 1 Network Analyzer Switch Figure 109.
Wi-Fi Array processor as well as out Gigabit1. This allows a network analyzer to be plugged into one port to capture traffic for troubleshooting, while the other port provides network connectivity for data traffic. See Figure 109 (f). 6. Configuration Server Protocol: Choose DHCP to instruct the Array to use DHCP when assigning IP addresses to the Array, or choose Static IP if you intend to enter IP addresses manually.
Wi-Fi Array DNS Settings This window allows you to establish your DNS (Domain Name System) settings. The Array uses these DNS servers to resolve host names into IP addresses. The Array also registers its own Host Name with these DNS servers, so that others may address the Array using its name rather than its IP address. Note that the DNS servers defined here are not used by wireless clients—servers for stations associated to the Array are defined along with DHCP pools. See “DHCP Server” on page 203.
Wi-Fi Array Network Interfaces Network Statistics Spanning Tree Status CDP Settings CDP (Cisco Discovery Protocol) is a layer 2 network protocol used to share information (such as the device manufacturer and model, network capabilities, and IP address) with other directly connected network devices. Wi-Fi Arrays can both advertise their presence by sending CDP announcements, and gather and display information sent by neighbors (see “CDP Neighbors” on page 141).
Wi-Fi Array 3. CDP Hold Time: CDP information received from neighbors is retained for this period of time before aging out of the Array’s neighbor list. Thus, if a neighbor stops sending announcements, it will no longer appear on the CDP Neighbors window after CDP Hold Time seconds from its last announcement. The default is 180 seconds.
Wi-Fi Array Services This is a status-only window that allows you to review the current settings and status for services on the Array, including DHCP, SNMP, Syslog, and Network Time Protocol (NTP) services. For example, for the DHCP server, it shows each DHCP pool name, whether the pool is enabled, the IP address range, the gateway address, lease times, and the DNS domain being used.
Wi-Fi Array Time Settings (NTP) This window allows you to manage the Array’s time settings, including synchronizing the Array’s clock with a universal clock from an NTP (Network Time Protocol) server. Synchronizing the Array’s clock with an NTP server ensures that Syslog time-stamping is maintained across all units. Figure 113. Time Settings (Manual Time) Procedure for Managing the Time Settings 1. Time Zone: Select the time zone you want to use (normally your local time zone) from the pull-down list.
Wi-Fi Array b. Adjust Date (month/day/year): If you are not using NTP, check this box if you want to adjust the current system date. When the box is checked, the date fields become active. Enter the revised date (month, day and year) in the corresponding fields. If you don’t want to adjust the current date, this box should be left unchecked (default). 5. Using an NTP Server a. NTP Primary Server: If you are using NTP, enter the IP address or domain name of the NTP server. Figure 114.
Wi-Fi Array NetFlow This window allows you to enable or disable the sending of NetFlow information to a designated collector. NetFlow is a proprietary but open network protocol developed by Cisco Systems for collecting IP traffic information. When NetFlow is enabled, the Array will send IP flow information (traffic statistics) to the designated collector. NetFlow sends per-flow network traffic information from the Array.
Wi-Fi Array System Log This window allows you to enable or disable the Syslog server, define primary, secondary, and tertiary servers, set up email notification, and set the level for Syslog reporting for each of the servers and for email notification—the Syslog service will send Syslog messages that are at the selected severity or above to the defined Syslog servers and email address. Figure 116. System Log Procedure for Configuring Syslog 1.
Wi-Fi Array 3. Local File Size (1-500): Enter a value in this field to define how many Syslog records are retained locally on the Array’s internal Syslog file. The default is 500. 4. Primary Server Address (Domain or IP): If you enabled Syslog, enter the domain name or IP address of the primary Syslog server. 5. Secondary/Tertiary Server Address (Domain or IP): If you enabled Syslog, you may enter the domain name or IP address of one or two additional Syslog servers to which messages will also be sent.
Wi-Fi Array b. Local File: For records to be stored on the Array’s internal Syslog file, choose your preferred level of Syslog reporting from the pull-down list. The default level is Debugging and more serious. c. Primary Server: Choose the preferred level of Syslog reporting for the primary server. The default level is Debugging and more serious. d. Secondary/Tertiary Server: Choose the preferred level of reporting for the secondary/tertiary server. The default level is Information and more serious.
Wi-Fi Array SNMP This window allows you to enable or disable SNMP v2 and SNMP v3 and define the SNMP parameters. SNMP v2 allows remote management of the Array by the Xirrus Management System (XMS) and other SNMP management tools. SNMP v3 was designed to offer much stronger security. You may enable either SNMP version, neither, or both. If you enable both, be aware that data and keys are not encrypted when SNMPv2 is used.
Wi-Fi Array Procedure for Configuring SNMP 1. Enable SNMPv2: Choose Yes to enable SNMP v2 functionality, or choose No to disable this feature. When used in conjunction with the Xirrus Management System, SNMP v2 (not SNMP v3) must be enabled on each Array to be managed with XMS. The default for this feature is Yes (enabled). 2. SNMP Read-Write Community String: Enter the read-write community string. The default is xirrus. 3. SNMP Read-Only Community String: Enter the read-only community string.
Wi-Fi Array 11. SNMP Read-Only Username: Enter the read-only user name. This username and password do not allow configuration changes to be made on the Array. The default is xirrus-ro. 12. SNMP Read-Only Authentication Password: Enter the read-only password for authentication (i.e., logging in). The default is xirrus-ro. 13. SNMP Read-Only Privacy Password: Enter the read-only password for privacy (i.e., a key for encryption). The default is xirrus-ro. 14.
Wi-Fi Array DHCP Server This window allows you to create, modify and delete DHCP (Dynamic Host Configuration Protocol) pools and enable or disable DHCP server functionality. DHCP allows the Array to provide wireless clients with IP addresses and other networking information. The DHCP server will not provide DHCP services to the wired side of the network.
Wi-Fi Array 5. Network Address Translation (NAT): Check this box to enable the Network Address Translation feature. 6. Lease IP Range—Start: Enter an IP address to define the start of the IP range that will be used by the DHCP server. The default is 192.168.1.100. 7. Lease IP Range—End: Enter an IP address to define the end of the IP range that will be used by the DHCP server. The DHCP server will only use IP addresses that fall between the start and end range that you define on this page.
Wi-Fi Array VLANs This is a status-only window that allows you to review the current status of assigned VLANs. A VLAN (Virtual LAN) is comprised of a group of devices that communicate as a single network, even though they are physically located on different LAN segments. Because VLANs are based on logical rather than physical connections, they are extremely flexible. A device that is moved to another location can remain on the same VLAN without any hardware reconfiguration.
Wi-Fi Array Virtual Tunnel Server (VTS) Tunneling capability is provided by a Virtual Tunnel Server. You supply the server and deploy it in your network using open-source VTun software, available from vtun.sourceforge.net. To enable the Array to use tunneling for a VLAN, simply enter the IP address, port and secret for the tunnel server as described in Step 10 on page 208. VTun may be configured for a number of different tunnel types, protocols, and encryption types.
Wi-Fi Array VLAN Management This window allows you to assign and configure VLANs. After creating a new VLAN (added to the list of VLANs), you can modify the configuration parameters of an existing VLAN or delete a selected VLAN. Figure 120. VLAN Management # The Wi-Fi Array supports dynamic VLAN assignments specified by RADIUS policy settings. When RADIUS sends these assignments, the Array dynamically assigns wireless stations to VLANs as requested. VLAN tags on traffic are passed through the Array (i.
Wi-Fi Array 3. New VLAN Name/Number: Enter a name and number for the new VLAN in this field, then click on the Create button. The new VLAN is added to the list. 4. VLAN Number: Enter a number for this VLAN (1-4094). 5. Management: Check this box to allow management over this VLAN. 6. DHCP: Check this box if you want the DHCP server to assign the IP address, subnet mask and gateway address to the VLAN automatically, otherwise you must go to the next step and assign these parameters manually. 7.
Wi-Fi Array Security This status- only window allows you to review the Array’s security parameters. It includes the assigned network administration accounts, Access Control List (ACL) values, management settings, encryption and authentication protocol settings, and RADIUS configuration settings. There are no configuration options available in this window, but if you are experiencing issues with security, you may want to print this window for your records. Figure 121.
Wi-Fi Array z “Admin RADIUS” on page 216 z “Management Control” on page 219 z “Access Control List” on page 223 z “Global Settings” on page 225 z “External Radius” on page 228 z “Internal Radius” on page 231 z “Rogue Control List” on page 233 Understanding Security The Xirrus Wi-Fi Array incorporates many configurable security features.
Wi-Fi Array required to use a VPN connection through a secure SSH utility, like PuTTy. • WEP (Wired Equivalent Privacy)—this option provides minimal protection (though much better than using an open network). An early standard for wireless data encryption and supported by all Wi-Fi certified equipment, WEP is vulnerable to hacking and is therefore not recommended for use by Enterprise networks.
Wi-Fi Array z Choosing an authentication method: User authentication ensures that users are who they say they are. For this purpose, the Array allows you to choose between the following user authentication methods: • Pre-Shared Key—users must manually enter a key (passphrase) on the client side of the wireless network that matches the key stored by the administrator in the Array. This method should be used only for smaller networks when a RADIUS server is unavailable.
Wi-Fi Array Certificates and Connecting Securely to the WMI When you point your browser to the Array to connect to the WMI, the Array presents an X.509 security certificate to the browser to establish a secure channel. One significant piece of information in the certificate is the Array’s host name. This ties the certificate to a particular Array and ensures the client that it is connecting to that host.
Wi-Fi Array Figure 122. Import Xirrus Certificate Authority By clicking and opening this file, you can follow your browser’s instructions and import the Xirrus CA into your CA cache (see page 221 for more information). This instructs your browser to trust any of the certificates signed by the Xirrus CA, so that when you connect to any of our Arrays you should no longer see the warning about an untrusted site. Note however, that this only works if you use the host name when connecting to the Array.
Wi-Fi Array WMI provides options for creating a Certificate Signing Request that you can send to an external CA, and for uploading the signed certificate to the Array after you obtain it from the CA. This certificate will be tied to the Array’s host name and private key. See “External Certification Authority” on page 222 for more details. Admin Management This window allows you to manage network administrator accounts (create, modify and delete).
Wi-Fi Array 4. Verify Password: Re-enter the password in this field to verify that you typed the password correctly. If you do not re-enter the correct password, an error message is displayed). 5. Click on the Create button to add this administrator ID to the list. 6. Click Apply to apply modified settings to this session, or click Save to apply your changes and make them permanent.
Wi-Fi Array About Creating Admin Accounts on the RADIUS Server Permissions for RADIUS administrator accounts are controlled by the RADIUS Service-Type attribute (Attribute 6). To grant read-write permission, configure the RADIUS server to send back the Service-Type attribute with a value of Administrative. To grant read-only permission, the RADIUS server should send the Service-Type attribute with a value of NAS Prompt.
Wi-Fi Array 1. Admin RADIUS Settings: a. Enable Admin RADIUS: Click Yes to enable the use of RADIUS to authenticate administrators logging in to the Array. You will need to specify the RADIUS server(s) to be used. b. Timeout (seconds): Define the maximum idle time (in seconds) before the RADIUS server’s session times out. The default is 600 seconds. 2. Admin RADIUS Primary Server: This is the RADIUS server that you intend to use as your primary server. a.
Wi-Fi Array Management Control This window allows the Array management interfaces to be enabled and disabled and their inactivity time-outs set. The supported range is 300 (default) to 100,000 seconds. Figure 125. Management Control Procedure for Configuring Management Control 1. SSH: a. Enable Management: Choose Yes to enable management of the Array over a Secure Shell (SSH-2) connection, or No to disable this feature.
Wi-Fi Array Array. SSH clients used for connecting to the Array must be configured to use SSH-2. b. Connection Timeout 30-100000 (Seconds): Enter a value in this field to define the timeout (in seconds) before your SSH connection is disconnected. The value you enter here must be between 30 seconds and 100,000 seconds. c. 2. Port: Enter a value in this field to define the port used by SSH. The default port is 22. Telnet: a.
Wi-Fi Array 4. HTTPS a. Connection Timeout 30-100000 (Seconds): Enter a value in this field to define the timeout (in seconds) before your HTTPS connection is disconnected. The value you enter here must be between 30 seconds and 100,000 seconds. Management via HTTPS (i.e., the Web Management Interface) cannot be disabled on this window. To disable management over HTTPS, you must use the Command Line Interface. b. Port: Enter a value in this field to define the port used by SSH. The default port is 443.
Wi-Fi Array 5. External Certification Authority This Step and Step 6 allow you to obtain a certificate from an external authority and install it on an Array. “Using an External Certificate Authority” on page 214 discusses reasons for using an external CA. For example, to obtain and install a certificate from VeriSign on the Array, follow these steps: • If you don’t already have the certificate from the external (nonXirrus) Certificate Authority, see Step 6 to create a request for a certificate.
Wi-Fi Array Address. Click the Create button to create the certificate signing request. See Step 5 above to use this request. 7. Click on the Apply button to apply the new settings to this session, or click Save to apply your changes and make them permanent.
Wi-Fi Array Procedure for Configuring Access Control Lists 1. Access Control List Type: Select Disabled to disable the Access Control List, or select the Access Control List type—either Allow List or Deny List. Then click Apply to apply your changes. • Allow List: Only allows these MAC addresses to associate to the Array. • Deny List: Allows all MAC addresses except the addresses defined in this list.
Wi-Fi Array Global Settings This window allows you to establish the security parameters for your wireless network, including WEP, WPA, WPA2 and RADIUS authentication. When finished, click on the Apply button to apply the new settings to this session, or click Save to apply your changes and make them permanent. For additional information about wireless network security, refer to “Security Planning” on page 70 and “Understanding Security” on page 210. Figure 127.
Wi-Fi Array Procedure for Configuring Network Security 1. RADIUS Server Mode: Choose the RADIUS server mode you want to use, either Internal or External. Parameters for these modes are configured in “External Radius” on page 228 and “Internal Radius” on page 231. WPA Settings These settings are used if the WPA or WPA2 encryption type is selected on the SSIDs >SSID Management window or the Express Setup window (on this window, encryption type is set in the SSID Settings: Wireless Security field). 226 2.
Wi-Fi Array WEP Settings These settings are used if the WEP encryption type is selected on the SSIDs > SSID Management window or the Express Setup window (on this window, encryption type is set in the SSID Settings: Wireless Security field). 8. Key Mode / Length: If you enabled WEP, choose the mode (either ASCII or Hex) and the desired key length (either 40 or 104) from the pull-down lists.
Wi-Fi Array Security Planning SSID Management External Radius This window allows you to define the parameters of an external RADIUS server for user authentication. To set up an external RADIUS server, you must choose External as the RADIUS server mode in Global Settings. Refer to “Global Settings” on page 225. Figure 128. External RADIUS Server If you want to include user group membership in the RADIUS account information for users, see “Understanding Groups” on page 247.
Wi-Fi Array Procedure for Configuring an External RADIUS Server 1. Primary Server: This is the external RADIUS server that you intend to use as your primary server. a. Address: Enter the IP address or domain name of this external RADIUS server. b. Port Number: Enter the port number of this external RADIUS server. The default is 1812. c.
