Documentation HiPath Wireless Controller, Access Points and Convergence Software V7.11 User Guide 9034530-02 Communication for the open minded Siemens Enterprise Communications www.siemens.
Copyright © Siemens Enterprise Communications GmbH & Co. KG 2010 Hofmannstr. 51, 80200 München Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG Reference No.: 9034530-02-01 Communication for the open minded Siemens Enterprise Communications www.siemens.
hwc_pref.fm About this Guide Who should use this guide 1 About this Guide This guide describes how to install, configure, and manage the HiPath Wireless Controller, Access Points and Convergence Software system. This guide is also available as an online help system. To access the online help system: 1. In the HiPath Wireless Assistant Main Menu bar, click Help. The About HiPath Wireless Assistant screen is displayed. 2. In the left pane, click Controller Documentation. The online help system is launched.
hwc_pref.fm About this Guide Formatting conventions • Chapter 6, “Configuring a VNS”, provides detailed instructions in how to configure a VNS, either using the Wizards or by manually creating the component parts of a VNS. • Chapter 7, “Availability and session availability”, describes how to set up the features that maintain service availability in the event of a HiPath Wireless Controller failover.
hwc_pref.fm About this Guide Additional documentation • Bold text is used to identify components of the management interface, such as menu items and section of pages, as well as the names of buttons and text boxes. For example: Click Logout. • Monospace font is used in code examples and to indicate text that you type.
hwc_pref.fm About this Guide Safety Information To send comments concerning this document to the Technical Publications Department: techpubs@enterasys.com Please include the document part number in your email message.
hwc_pref.fm About this Guide Sicherheitshinweise • Disconnect all power before working near power supplies unless otherwise instructed by a maintenance procedure. • Exercise caution when servicing hot swappable HiPath Wireless Controller components: power supplies or fans. Rotating fans can cause serious personal injury. • This unit may have more than one power supply cord. To avoid electrical shock, disconnect all power supply cords before servicing.
hwc_pref.fm About this Guide Sicherheitshinweise • Verwenden Sie ausschließlich Originalzubehör oder systemspezifisch zugelassene Komponenten. Die Nichtbeachtung dieser Hinweise kann zur Beschädigung der Ausrüstung oder zur Verletzung von Sicherheits- und EMV-Vorschriften führen. • Das System darf nur von autorisiertem Siemens-Servicepersonal gewartet werden. Warnhinweise • Dieses Gerät darf nicht über Außenverdrahtung an ein LAN-Segment angeschlossen werden.
hwc_pref.fm About this Guide Consignes de sécurité • Verwenden Sie nur Werkzeuge und Ausrüstung in einwandfreiem Zustand. Verwenden Sie keine Ausrüstung mit sichtbaren Beschädigungen. • Tragen Sie bei Arbeiten an Hardwarekomponenten ein Armband, um elektrostatisch gefährdete Bauelemente (EGB) vor Beschädigungen zu schützen. • Verlegen Sie Leitungen so, dass sie keine Unfallquelle (Stolpergefahr) bilden und nicht beschädigt werden. 1.
hwc_pref.fm About this Guide Consignes de sécurité défectueux peut être changé sans éteindre le HiPath Wireless Controller. Toutefois, ce remplacement doit être effectué avec précautions. Portez des gants pour éviter de toucher le module qui peut être très chaud. • Le remplacement non conforme de la batterie au lithium peut provoquer une explosion. Remplacez la batterie au lithium par un modèle identique ou par un modèle recommandé par le revendeur.
hwc_user_guideTOC.fm Nur für den internen Gebrauch Contents Contents 0 1 About this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.1 Who should use this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.2 What is in this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
hwc_user_guideTOC.fm Contents Nur für den internen Gebrauch 3.4.8 Installing certificates on the HiPath Wireless Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.4.8.1 Installing a certificate for a HiPath Wireless Controller interface . . . . . . . . . . . . . . . . . . . . . . . . . 3.4.9 Configuring the login authentication mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.4.9.
hwc_user_guideTOC.fm Nur für den internen Gebrauch Contents 4.5.1.4 Deleting 802.1x credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.5.2 Setting up 802.1x authentication for Wireless APs using Multi-edit . . . . . . . . . . . . . . . . . . . . . . . . . . 4.5.3 Configuring the default Wireless AP settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.
hwc_user_guideTOC.fm Contents Nur für den internen Gebrauch 6.7.3 Deleting a VNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.8 Configuring a Topology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.8.1 Configuring a basic topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.
hwc_user_guideTOC.fm Nur für den internen Gebrauch Contents 6.11.6.1 Tree-like topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.11.6.2 Radio Channels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.11.6.3 Multi-root WDS topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.11.6.
hwc_user_guideTOC.fm Contents Nur für den internen Gebrauch 11.3.3 CDR file format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444 11.3.4 Viewing CDRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446 12 Performing system administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
hwc_intro.
hwc_intro.fm Overview of the HiPath Wireless Controller, Access Points and Convergence Software solution Conventional wireless LANs • Applies filtering policies to the wireless device session • Provides session logging and accounting capability 2.1 Conventional wireless LANs Wireless communication between multiple computers requires that each computer is equipped with a receiver/transmitter—a WLAN Network Interface Card (NIC)—capable of exchanging digital information over a common radio frequency.
hwc_intro.fm Overview of the HiPath Wireless Controller, Access Points and Convergence Software solution Conventional wireless LANs RADIUS Authentication Server DCHP Server Ethernet Router/Switch Wireless AP Wireless AP Ethernet Wireless Devices Wireless Devices Figure 1 Standard wireless network solution example The wireless devices and the wired networks communicate with each other using standard networking protocols and addressing schemes.
hwc_intro.fm Overview of the HiPath Wireless Controller, Access Points and Convergence Software solution Elements of the HiPath Wireless Controller, Access Points and Convergence Software solution 2.
hwc_intro.
hwc_intro.
hwc_intro.fm Overview of the HiPath Wireless Controller, Access Points and Convergence Software solution Elements of the HiPath Wireless Controller, Access Points and Convergence Software solution • Offers centralized management and control – An administrator accesses the HiPath Wireless Controller in its centralized location to monitor and administer the entire wireless network.
hwc_intro.fm Overview of the HiPath Wireless Controller, Access Points and Convergence Software solution Elements of the HiPath Wireless Controller, Access Points and Convergence Software solution The NetSight Suite is a family of products comprised of NetSight Console and a suite of plugin applications, including: • Automated Security Manager – Automated Security Manager is a unique threat response solution that translates security intelligence into security enforcement.
hwc_intro.fm Overview of the HiPath Wireless Controller, Access Points and Convergence Software solution HiPath Wireless Controller, Access Points and Convergence Software and your network – Use the basic installation wizard to complete the HiPath Wireless Controller configuration. 2.
hwc_intro.fm Overview of the HiPath Wireless Controller, Access Points and Convergence Software solution HiPath Wireless Controller, Access Points and Convergence Software and your network RADIUS Server system can be set up for certain standard attributes, such as filter ID, and for the Vendor Specific Attributes (VSAs). In addition, Radius Disconnect (RFC3576) which permits dynamic adjustment of user policy (user disconnect) is supported.
hwc_intro.fm Overview of the HiPath Wireless Controller, Access Points and Convergence Software solution HiPath Wireless Controller, Access Points and Convergence Software and your network • Web Browser – A browser provides access to the HiPath Wireless Controller Management user interface to configure the Controller, Access Points and Convergence Software. • SSH Enabled Device – A device that supports Secure Shell (SSH) is used for remote (IP) shell access to the system.
hwc_intro.
hwc_intro.fm Overview of the HiPath Wireless Controller, Access Points and Convergence Software solution HiPath Wireless Controller, Access Points and Convergence Software and your network 2.3.2 Network security The HiPath Wireless Controller, Access Points and Convergence Software system provides features and functionality to control network access. These are based on standard wireless network security practices. Current wireless network security methods provide protection.
hwc_intro.fm Overview of the HiPath Wireless Controller, Access Points and Convergence Software solution HiPath Wireless Controller, Access Points and Convergence Software and your network 2.3.2.1 Authentication The HiPath Wireless Controller relies on a RADIUS server, or authentication server, on the enterprise network to provide the authentication information (whether the user is to be allowed or denied access to the network). A RADIUS client is implemented to interact with infrastructure RADIUS servers.
hwc_intro.fm Overview of the HiPath Wireless Controller, Access Points and Convergence Software solution HiPath Wireless Controller, Access Points and Convergence Software and your network 2.3.3 Virtual Network Services Virtual Network Services (VNS) provide a versatile method of mapping wireless networks to the topology of an existing wired network. In releases prior to V7.0, a VNS was a collection of operational entities. Starting with Release V7.
hwc_intro.fm Overview of the HiPath Wireless Controller, Access Points and Convergence Software solution HiPath Wireless Controller, Access Points and Convergence Software and your network If the OSPF routing protocol is enabled, the HiPath Wireless Controller advertises the routed topologies as reachable segments to the wired network infrastructure. The controller routes traffic between the wireless devices and the wired network.
hwc_intro.fm Overview of the HiPath Wireless Controller, Access Points and Convergence Software solution HiPath Wireless Controller, Access Points and Convergence Software and your network • Port of presence for the topology on the HiPath Wireless Controller. (This attribute is not required for Routed and Bridged at AP topologies.) • Interface. This attribute is the IP (L3) address assigned to the HiPath Wireless Controller on the network described by the topology. (Optional.) • Type.
hwc_intro.fm Overview of the HiPath Wireless Controller, Access Points and Convergence Software solution HiPath Wireless Controller, Access Points and Convergence Software and your network As mentioned previously, policies can be configured using the NetSight Policy Manager and pushed to the HiPath Wireless Controller, or they can be configured directly on the controller.
hwc_intro.fm Overview of the HiPath Wireless Controller, Access Points and Convergence Software solution HiPath Wireless Controller, Access Points and Convergence Software and your network • Open Shortest Path First (OSPF, version 2) (RFC2328) – Use OSPF to allow the HiPath Wireless Controller to participate in dynamic route selection. OSPF is a protocol designed for medium and large IP networks with the ability to segment routes into different areas by routing information summarization and propagation.
hwc_intro.fm Overview of the HiPath Wireless Controller, Access Points and Convergence Software solution HiPath Wireless Controller, Access Points and Convergence Software and your network 2.3.7 Network availability The HiPath Wireless Controller, Access Points and Convergence Software solution provides availability against Wireless AP outages, HiPath Wireless Controller outages, and even network outages.
hwc_intro.fm Overview of the HiPath Wireless Controller, Access Points and Convergence Software solution HiPath Wireless Controller product family Quality of Service (QoS) management is also provided by: • Assigning high priority to a WLAN service • Adaptive QoS (automatic and all time feature) • Support for legacy devices that use SpectraLink Voice Protocol (SVP) for prioritizing voice traffic (configurable) 2.
hwc_intro.fm Overview of the HiPath Wireless Controller, Access Points and Convergence Software solution HiPath Wireless Controller product family 38 9034530-02, March 2010 HiPath Wireless Controller, Access Points and Convergence Software V7.
hwc_startup.fm Configuring the HiPath Wireless Controller System configuration overview 3 Configuring the HiPath Wireless Controller This chapter describes the steps involved in the initial configuration and setup, of the HiPath Wireless Controller, including: • System configuration overview • Logging on to the HiPath Wireless Controller • Working with the basic installation wizard • Configuring the HiPath Wireless Controller for the first time • Additional ongoing operations of the system 3.
hwc_startup.fm Configuring the HiPath Wireless Controller System configuration overview set port vlan pc.slot.port# vlan-id Note: The VLAN configuration of the PC ports on the DFE module (VLAN ID and tagged vs. untagged) must match the VLAN configuration of the controller’s data ports defined using the HiPath Wireless Assistant.
hwc_startup.fm Configuring the HiPath Wireless Controller System configuration overview Configure for remote access In addition, the first time setup also involves configuring the HiPath Wireless Controller for remote access, which includes: • Setting up an administration station (laptop) on subnet 192.168.10.0/24. By default, the HiPath Wireless Controller's Management interface is configured with the static IP address 192.168.10.1. • Configuring the HiPath Wireless Controller’s management interface.
hwc_startup.fm Configuring the HiPath Wireless Controller System configuration overview Step 8 – Create the VNSs A VNS binds a “WLAN Service” to a “Policy” that will be used for default assignment upon a users’ network attachment. You can create topologies, policies, and WLAN services first, before VNS configuration a VNS, or you can select one of the wizards (such as the VNS wizard), or you can simply select to create new VNS.
hwc_startup.fm Configuring the HiPath Wireless Controller Logging on to the HiPath Wireless Controller 3.2 Logging on to the HiPath Wireless Controller 1. Launch your Web browser (Internet Explorer version 6.0 or higher, or FireFox). 2. In the browser address bar, type the following: https://192.168.10.1:5825 This launches the HiPath Wireless Assistant. The login screen is displayed. 3. In the User Name box, type your user name. 4. In the Password box, type your password.
hwc_startup.fm Configuring the HiPath Wireless Controller Working with the basic installation wizard 3.3 Working with the basic installation wizard The HiPath Wireless Controller, Access Points and Convergence Software system provides a basic installation wizard that can help administrators configure the minimum HiPath Wireless Controller settings that are necessary to deploy a functioning HiPath wireless solution on a network.
hwc_startup.fm Configuring the HiPath Wireless Controller Working with the basic installation wizard 4. In the Time Settings section, configure the HiPath Wireless Controller timezone: • Continent or Ocean – Click the appropriate large-scale geographic grouping for the time zone. • Country – Click the appropriate country for the time zone. The contents of the drop-down list change, based on the selection in the Continent or Ocean drop-down list.
hwc_startup.fm Configuring the HiPath Wireless Controller Working with the basic installation wizard 7. Click Next. The Management screen is displayed. 8. In the Management Port section, confirm the port configuration values that were defined when the HiPath Wireless Controller was physically deployed on the network. If applicable, edit these values: • IP Address – Displays the IP address for the HiPath Wireless Controller’s management port. Revise this as appropriate for the enterprise network.
hwc_startup.fm Configuring the HiPath Wireless Controller Working with the basic installation wizard • User – Enter the name of the user account. • Security Level – Select the security level for this user account. Choices are: authPriv, authNoPriv, noAuthnoPriv. • Auth Protocol – If you have selected a security level of authPriv or authNoPriv, select the authentication protocol. Choices are: MD5, SHA, None.
hwc_startup.fm Configuring the HiPath Wireless Controller Working with the basic installation wizard 11. In the Syslog Server section, select the Enable checkbox to enable the syslog protocol for the HiPath Wireless Controller, if applicable. Syslog is a protocol used for the transmission of event notification messages across networks. Do the following: In the IP Address box, type the IP address of the syslog server. 12. Click Next. The Services screen is displayed. 13.
hwc_startup.fm Configuring the HiPath Wireless Controller Working with the basic installation wizard A dialog is displayed informing you that NTP is required for the mobility feature and prompting you to confirm you want to enable mobility. Note: If the HiPath Wireless Controller is configured as a mobility agent, it will act as an NTP client and use the mobility manager as the NTP server.
hwc_startup.fm Configuring the HiPath Wireless Controller Configuring the HiPath Wireless Controller for the first time 3.4 Configuring the HiPath Wireless Controller for the first time This section describes HiPath Wireless Controller configuration that is typically performed as soon as the HiPath Wireless Controller is deployed.
hwc_startup.fm Configuring the HiPath Wireless Controller Configuring the HiPath Wireless Controller for the first time To change the administrator password: 1. From the main menu, click Wireless Controller Configuration. The HiPath Wireless Controller Configuration screen is displayed. 2. In the left pane, click Login Management. 3. In the Full Administrator table, click the administrator user name. 4. In the Password box, type the new administrator password. 5.
hwc_startup.fm Configuring the HiPath Wireless Controller Configuring the HiPath Wireless Controller for the first time • • C4110 – Adds 25 Wireless APs • C2400 – Adds 25 Wireless APs • C20N – Adds 16 Wireless APs • C20 – Adds 16 Wireless APs External Captive Portal Key – Enables the external Captive Portal for the mobile user’s authentication. For more information on the external Captive Portal, see Section 5.5.1, “Authentication with Captive Portal”, on page 235.
hwc_startup.fm Configuring the HiPath Wireless Controller Configuring the HiPath Wireless Controller for the first time Wireless APs, depending upon the platform type. If you want to connect additional Wireless APs, you have to install a capacity enhancement key. You may even have to install multiple capacity enhancement keys in order to reach the HiPath Wireless Controller’s limit.
hwc_startup.fm Configuring the HiPath Wireless Controller Configuring the HiPath Wireless Controller for the first time To install the license keys: 1. From the main menu, click Wireless Controller Configuration. The HiPath Wireless Controller Configuration screen is displayed. 2. In the left pane, click Software Maintenance. 3. Click the HWC Product Keys tab. The bottom pane displays the license summary. 4.
hwc_startup.fm Configuring the HiPath Wireless Controller Configuring the HiPath Wireless Controller for the first time Topology tabs under HiPath Wireless Controller Configuration. The L2 Ports cannot be removed from the system but their operational status can be changed (together with a few other parameters, as explained below). Note: You can redefine a data port to function as a Third-Party AP Port. Refer to Section 3.4.3.2, “Viewing and changing the L2 port related topologies” for more information. 3.
hwc_startup.fm Configuring the HiPath Wireless Controller Configuring the HiPath Wireless Controller for the first time • CRBT8210 – One data port, displayed as esa0. • CRBT8110 – One data port, displayed as esa0. Also an “Admin” port is created by default. This represents a physical port, separate from the other data ports, being used for management connectivity. Parameters displayed for the L2 Ports are: • Operational status, represented graphically with a green checkmark (UP) or red X (DOWN).
hwc_startup.fm Configuring the HiPath Wireless Controller Configuring the HiPath Wireless Controller for the first time 3. To change any of the associated parameters, click on the topology entry to be modified. An “Edit Topology” pop up window appears. For the data ports predefined in the system, Name and Mode are not configurable. 4. Optionally, configure one of the physical ports for Third Party AP connectivity by clicking the 3rd Party checkbox.
hwc_startup.fm Configuring the HiPath Wireless Controller Configuring the HiPath Wireless Controller for the first time 5. To configure an interface for VLAN assignment, configure the VLAN Settings in the Layer 2 box. When you configure a HiPath Wireless Controller port to be a member of a VLAN, you must ensure that the VLAN configuration (VLAN ID and tagged vs. untagged attribute) is matched with the correct configuration on the network switch. 6.
hwc_startup.fm Configuring the HiPath Wireless Controller Configuring the HiPath Wireless Controller for the first time Note: The local DHCP Server is useful as a general purpose DHCP Server for small subnets. a) In the Domain Name box, type the name of the domain that you want the Wireless APs to use for DNS Server’s discovery. b) In the Lease (seconds) default box, type the time period for which the IP address will be allocated to the Wireless APs (or any other device requesting it).
hwc_startup.fm Configuring the HiPath Wireless Controller Configuring the HiPath Wireless Controller for the first time • In the Address Range: from box, type the starting IP address of the IP address range. • In the Address Range: to box, type the ending IP address of the IP address range. h) Click the Exclusion(s) button to exclude IP addresses from allocation by the DHCP Server. The DHCP Address Exclusion window opens.
hwc_startup.fm Configuring the HiPath Wireless Controller Configuring the HiPath Wireless Controller for the first time i) Click Close to close the DHCP configuration window. Note: The Broadcast (B’cast) Address field is view only. This field is computed from the mask and the IP addresses. 11. You are returned to the L2 port topology edit window. 3.4.4 Setting up Internal VLAN ID and multi-cast support You can configure the Internal VLAN ID, and enable multicast support.
hwc_startup.fm Configuring the HiPath Wireless Controller Configuring the HiPath Wireless Controller for the first time If you are configuring a HiPath Wireless Controller C20N, the data ports are PC.1 and PC.2. If you are configuring a HiPath Wireless Controller C4110, the data ports are Port1, Port2, Port3, and Port4. 6. To save your changes, click Save. 3.4.
hwc_startup.fm Configuring the HiPath Wireless Controller Configuring the HiPath Wireless Controller for the first time 5. In the Gateway box, type the IP address of the specific router port or gateway on the same subnet as the HiPath Wireless Controller to which to forward these packets. This is the IP address of the next hop between the HiPath Wireless Controller and the packet’s ultimate destination. 6. Click Add. The new route is added to the list of routes. 7.
hwc_startup.fm Configuring the HiPath Wireless Controller Configuring the HiPath Wireless Controller for the first time This report displays all defined routes, whether static or OSPF, and their current status. 3. To update the display, click Refresh. 3.4.6 Setting up OSPF Routing To enable OSPF (OSPF RFC2328) routing, you must: • Specify at least one data port on which OSPF is enabled on the Port Settings option of the OSPF tab. This is the interface on which you can establish OSPF adjacency.
hwc_startup.fm Configuring the HiPath Wireless Controller Configuring the HiPath Wireless Controller for the first time To set OSPF Routing Global Settings on the HiPath Wireless Controller: 1. From the main menu, click Wireless Controller Configuration. The HiPath Wireless Controller Configuration screen is displayed. 2. In the left pane, click Routing Protocols. The Static Routes tab is displayed by default. 3. Click the OSPF tab. 4. From the OSPF Status drop-down list, click On to enable OSPF.
hwc_startup.fm Configuring the HiPath Wireless Controller Configuring the HiPath Wireless Controller for the first time 7. To save your changes, click Save. To set OSPF Routing Port Settings on the HiPath Wireless Controller: 1. From the main menu, click Wireless Controller Configuration. The HiPath Wireless Controller Configuration screen is displayed. 2. In the left pane, click Routing Protocols. 3. Click the OSPF tab. 4.
hwc_startup.fm Configuring the HiPath Wireless Controller Configuring the HiPath Wireless Controller for the first time To confirm that ports are set for OSPF: 1. To confirm that the ports are set up for OSPF, and that advertised routes from the upstream router are recognized, click View Forwarding Table. The Forwarding Table is displayed.
hwc_startup.fm Configuring the HiPath Wireless Controller Configuring the HiPath Wireless Controller for the first time Locally at Controller, will no longer be able to target ESA0 to gain management access to the system. In order to allow access for users connected on such a topology, the given topology configuration itself must have allow management traffic enabled and users will only be able to target the topology interface specifically.
hwc_startup.fm Configuring the HiPath Wireless Controller Configuring the HiPath Wireless Controller for the first time 3. On the Interfaces tab, click the appropriate data port topology. The Edit Topology window displays. 4. Select the Management Traffic checkbox if the topology has specified an L3 IP interface presence. 5. To save your changes, click Save. 3.4.7.
hwc_startup.fm Configuring the HiPath Wireless Controller Configuring the HiPath Wireless Controller for the first time To define interface exception filters: 1. From the main menu, click Wireless Controller Configuration. The HiPath Wireless Controller Configuration screen is displayed. 2. In the left pane, click Topology. The Topologies screen is displayed. 3. Select a topology to be configured. The Edit Topology window is displayed. 4.
hwc_startup.fm Configuring the HiPath Wireless Controller Configuring the HiPath Wireless Controller for the first time a) In the IP / subnet:port box, type the destination IP address. You can also specify an IP range, a port designation, or a port range on that IP address. b) In the Protocol drop-down list, click the protocol you want to specify for the filter. This list may include UDP, TCP, GRE, IPsec-ESP, IPsecAH, ICMP. The default is N/A. 6.
hwc_startup.fm Configuring the HiPath Wireless Controller Configuring the HiPath Wireless Controller for the first time Certificate format The HiPath Wireless Controller supports the PKCS#12 certificate format. The PKCS#12 certificate (.pfx) file contains both a certificate and the corresponding private key. Certificate monitoring The HiPath Wireless Controller monitors the expiration date of installed certificates.
hwc_startup.fm Configuring the HiPath Wireless Controller Configuring the HiPath Wireless Controller for the first time 4. In the Interface Certificates table, click the topology (which has an L3 interface) for which you want to install a certificate. Note: The interface identified in the certificate must correspond to the HiPath Wireless Controller’s interface for which the certificate is being installed. 5.
hwc_startup.fm Configuring the HiPath Wireless Controller Configuring the HiPath Wireless Controller for the first time 3.4.9 Configuring the login authentication mode You can configure either local login authentication mode or the RADIUS login authentication mode to authenticate user login attempts. Local login authentication mode uses locally configured login credentials and passwords, while RADIUS login authentication mode uses a RADIUS server to authenticate user login attempts.
hwc_startup.fm Configuring the HiPath Wireless Controller Configuring the HiPath Wireless Controller for the first time 3. In the Authentication mode section, select Local. 4. In the Add User section, select one of the following: • Full Administrator – Grants the administrator’s access rights to the administrator. • Read-only Administrator – Grants read-only access right to the administrator. • GuestPortal Manager – Grants the user GuestPortal manager rights. 5.
hwc_startup.fm Configuring the HiPath Wireless Controller Configuring the HiPath Wireless Controller for the first time 3.4.9.2 Configuring the RADIUS login authentication mode The local login authentication mode is enabled by default. You can change the local login authentication mode to RADIUS-based authentication. Note: Before you change the default local login authentication to RADIUS-based authentication, you must configure the RADIUS Server on the Global Settings screen.
hwc_startup.fm Configuring the HiPath Wireless Controller Configuring the HiPath Wireless Controller for the first time 4. In the Authentication mode section, select Radius. 5. From the drop-down list, located next to the Use button, select the RADIUS Server that you want to use for the RADIUS login authentication, and then click Use. The RADIUS Server’s name is displayed in the Configured Servers box, and in the Auth section, and the following default values of the RADIUS Server are displayed.
hwc_startup.fm Configuring the HiPath Wireless Controller Configuring the HiPath Wireless Controller for the first time Primary Server is not available, it tries to connect to the second and third server according to their order in the Configured Servers box. You can change the order of RADIUS servers in the Configured Servers box by clicking on the Up and Down buttons. 7. To test connectivity to the RADIUS Server, click Test. The following window is displayed. 8.
hwc_startup.fm Configuring the HiPath Wireless Controller Configuring the HiPath Wireless Controller for the first time 9. If the RADIUS connectivity test displays ‘Successful’ result, you must click Save on the RADIUS Authentication screen (as depicted in Step 4) to save your configuration. After you save your changes, you will be logged out of the HiPath Wireless Controller. You must use the RADIUS login user name and password to log on the HiPath Wireless Controller. 3.4.
hwc_startup.fm Configuring the HiPath Wireless Controller Configuring the HiPath Wireless Controller for the first time 3.4.10.1 Configuring the network time using the system’s time To configure the network time, using the system’s time: 1. From the main menu, click Wireless Controller Configuration. The Wireless Controller Configuration screen is displayed. 2. In the left pane, click Network Time. The Network Time screen is displayed. 3.
hwc_startup.fm Configuring the HiPath Wireless Controller Configuring the HiPath Wireless Controller for the first time 1. From the main menu, click Wireless Controller Configuration. The Wireless Controller Configuration screen is displayed. 2. In the left pane, click Network Time. The Network Time screen is displayed. 3. From the Continent or Ocean drop-down list, click the appropriate large-scale geographic grouping for the time zone. 4.
hwc_startup.fm Configuring the HiPath Wireless Controller Configuring the HiPath Wireless Controller for the first time 11. Click Apply. 12. The WLAN network time is synchronized in accordance with the specified time server. 3.4.
hwc_startup.fm Configuring the HiPath Wireless Controller Additional ongoing operations of the system 3. In the DNs box, type the DNS server’s IP address in the Server Address field and then click Add Server. The new server is displayed in the DNS servers’ list. Note: You can configure up to three DNS servers. 4. To save your changes, click Save. 3.
hwc_startup.fm Configuring the HiPath Wireless Controller Additional ongoing operations of the system 84 9034530-02, March 2010 HiPath Wireless Controller, Access Points and Convergence Software V7.
hwc_apstartup.
hwc_apstartup.fm Configuring the Wireless AP Wireless AP overview Deploying a Wireless AP with external antennas Some Wireless AP models support external antennas. The external antennas are individually certified and determine the available channel list and the maximum transmitting power for the country in which the Wireless AP is deployed. The following Wireless AP models support external antennas: • AP2620 – The Wireless AP 2620 is a HiPath Standard Wireless AP model.
hwc_apstartup.fm Configuring the Wireless AP Wireless AP overview 4.1.1.1 HiPath Standard Wireless AP radios Note: The following access point radio discussion does not apply to the AP4102/4102C access points. For more information on the AP4102/4102C access points, see Section 4.1.1.2, “AP4102/4102C Access Points”, on page 89. The HiPath Standard Wireless AP is equipped with two radios — Radio 1 and Radio 2. • Radio 1 supports the 5 GHz radio, with radio mode a. • Radio 2 supports the 2.
hwc_apstartup.fm Configuring the Wireless AP Wireless AP overview Figure 5 HiPath Standard Wireless AP’s Baseband Figure 5 illustrates the following: 88 • The HiPath Standard Wireless AP has two radios — Radio 1 and Radio 2. • Radio 1 supports the 5 GHz radio, with radio mode a. • Radio 2 supports the 2.4 GHz radio, with radio modes b, g, and b/g. • Radio 1 and Radio 2 are connected to both external antennas — EA1 and EA2.
hwc_apstartup.fm Configuring the Wireless AP Wireless AP overview 5 GHz radio supporting the 802.11a standard – The 802.11a standard is an extension to 802.11 that applies to wireless LANs and provides up to 54 Mbps in the 5-GHz band. The 802.11a standard uses an orthogonal frequency division multiplexing encoding scheme, rather than Frequency-Hopping Spread Spectrum (FHSS) or Direct-Sequence Spread Spectrum (DSSS). 2.4 GHz radio supporting the 802.11b/g standards – The 802.
hwc_apstartup.fm Configuring the Wireless AP Wireless AP overview • Right antenna: • RBT4K - AG - IA, 4 dBi • RBTES - AH - M10M, 110 dBi • RBTES - AH - P23M, 23 dBi • RBTES - AM - M10M, 10 dBi • RBTES - AW - S1590M, 15 dBi 90 Deg • RBTES - AW - S1590M, 16 dBi 60 Deg The antenna selection automatically restricts channels and respective power settings according to certifications. 4.1.2 HiPath Wireless Outdoor AP The HiPath Wireless Outdoor AP is also referred to as the Outdoor AP.
hwc_apstartup.fm Configuring the Wireless AP Wireless AP overview To configure the HiPath Wireless 802.11n AP to achieve this high link rate, see Section 4.4.5.2, “Achieving high throughput with the Wireless 802.11n AP”, on page 150. Note: The Wireless 802.11n AP is backward-compatible with existing 802.11a/b/g networks. Note: The Wireless 802.11n AP cannot operate as a stand-alone access point. MIMO The mainstay of 802.
hwc_apstartup.fm Configuring the Wireless AP Wireless AP overview Figure 6 MIMO in HiPath Wireless 802.11n AP Note: MIMO should not be confused with the Diversity feature. While Diversity is the use of two antennas to increase the odds that a better radio stream is received on either of the antennas, MIMO antennas radiate and receive multistreams of the same packet to achieve the increased throughput.
hwc_apstartup.fm Configuring the Wireless AP Wireless AP overview interference. The radios of 802.11n AP can use two channels at the same time to create a 40 MHz wide channel. By using the two 20 MHz channels in this manner, the 802.11n AP achieves more than double throughput. The 40-MHz channels in 802.11n are two adjacent 20-MHz channels, bonded together. This technique of using two channels at the same time is called channel bonding.
hwc_apstartup.fm Configuring the Wireless AP Wireless AP overview Figure 7 HiPath Wireless 802.11n AP’s Baseband Figure 7 illustrates the following: 94 • The HiPath Wireless 802.11n AP has two radios — Radio 1 and Radio 2. • Radio 1 supports the 5 GHz radio, with radio modes a and a/n. • Radio 2 supports the 2.4 GHz radio, with radio modes b, b/g, and b/g/n. • Radio 1 and Radio 2 are connected to all three antennas — EA1, EA2, and EA3.
hwc_apstartup.fm Configuring the Wireless AP Wireless AP overview 5 GHz radio supporting the 802.11a/n standard — When in legacy 802.11a mode, the AP36xx supports data rates up to 54Mbps, identical to the AP26xx. The modulation used is OFDM. In 802.11n mode there are 2 supported channel bandwidths, 20MHz and 40MHz. The 802.11n AP supports up to 300Mbps in 40MHz channels and 130Mbps in 20MHz channels. The modulation used is MIMO-OFDM with one or two spatial streams. 2.4 GHz radio supporting the 802.
hwc_apstartup.fm Configuring the Wireless AP Wireless AP overview 4.1.5 Wireless AP default IP address and first-time configuration The Wireless APs are shipped from the factory with a default IP address — 192.168.1.20. The default IP address simplifies the first-time IP address configuration process for Wireless APs. If the Wireless AP fails in its discovery process, it returns to its default IP address.
hwc_apstartup.fm Configuring the Wireless AP Discovery and registration overview 4.1.6 Assigning a static IP address to the Wireless AP Depending upon the network condition, you can assign a static IP address to the Wireless AP using the HiPath Wireless Assistant (Controller’s GUI). Refer to Section 4.4.6, “Setting up the Wireless AP using static configuration”, on page 165 for more information. 4.
hwc_apstartup.fm Configuring the Wireless AP Discovery and registration overview You can specify a list of static IP addresses of the HiPath Wireless Controllers on your network. On the Static Configuration tab, add the addresses to the Wireless Controller Search List. Caution: Wireless APs configured with a static Wireless Controller Search List can only connect to HiPath Wireless Controllers in the list.
hwc_apstartup.fm Configuring the Wireless AP Discovery and registration overview • Step 5 – Use a multicast SLP request to find SLP SAs If all of the preceding methods fail to locate a HiPath Wireless Controller, the Wireless AP sends a multicast SLP request, looking for any SLP Service Agents providing the Siemens service. 4.2.
hwc_apstartup.fm Configuring the Wireless AP Discovery and registration overview After the first time you power on and boot the Wireless AP, you can configure LED behavior as described in the following section: • Section 4.2.3.5, “Configuring Wireless AP LED Behavior” 4.2.3.1 HiPath Wireless AP LED status The following figure depicts the location of the three LEDs on the HiPath Wireless AP. Status Left LED LED 2.
hwc_apstartup.
hwc_apstartup.fm Configuring the Wireless AP Discovery and registration overview Composite view of the three LEDs The Center, Left and the Right LEDs work in conjunction to indicate the general, high-level state and the detailed state respectively.
hwc_apstartup.fm Configuring the Wireless AP Discovery and registration overview Note: The Left and Right LEDs turn on after the Center LED. This allows you to distinguish easily between the Center LED and the Left/Right LEDs. Note: If the Center LED begins blinking RED, it indicates that the Wireless AP’s state has failed. Note: Random delays do not occur during normal reboot. A random delay only occurs after a vulnerable period power-down. The Wireless AP can be reset to its factory default settings.
hwc_apstartup.fm Configuring the Wireless AP Discovery and registration overview Figure 9 HiPath Wireless Outdoor AP LEDs. The R1, R2 and F LEDs work in conjunction to indicate the general, high-level and detailed state respectively. The remaining LEDs indicate link status. Table 8 provides a composite view of the R1, R2 and F LEDs: 104 9034530-02, March 2010 HiPath Wireless Controller, Access Points and Convergence Software V7.
hwc_apstartup.fm Configuring the Wireless AP Discovery and registration overview R1 LED Off R2 LED F LED HiPath Wireless Outdoor AP’s detailed status Off Blinking Red Initialization: Power-on-self test (POST) Blinking Green Blinking Red Initialization: Random delay Blinking Red Initialization: Vulnerable Period Solid Red Reset to factory defaults Blinking Red WDS scanning Blinking Red Network discovery: 802.
hwc_apstartup.
hwc_apstartup.fm Configuring the Wireless AP Discovery and registration overview 4.2.3.3 HiPath Wireless 802.11n AP LED status Figure 10 depicts the location of the LEDs on the HiPath Wireless 802.11n. Figure 10 HiPath Wireless 802.11n AP LEDs LEDs L1, L3, and L4 work in conjunction to indicate the general, high-level, and detailed state respectively. LED L2 indicates the status of the Ethernet port. After initialization and discovery is completed and the 802.
hwc_apstartup.fm Configuring the Wireless AP Discovery and registration overview L1 HiPath Wireless 802.
hwc_apstartup.fm Configuring the Wireless AP Discovery and registration overview L3 L4 L1 Off Blink Green Connecting to HWC: Registration / Amber Blink Red HiPath Wireless 802.
hwc_apstartup.fm Configuring the Wireless AP Discovery and registration overview LEDS indicating WDS strength for AP3610, AP3620, AP3630, and AP3640 The AP indicates the WDS signal strength as a bar graph. To avoid confusion with startup LED behavior, the patterns go from right to left and an LED is always blinking at least twice as fast as the LEDs in normal mode. Table 15 illustrates the behavior of the LED behavior in WDS Signal Strength mode for AP models AP3610, AP3620, AP3630, and AP3640.
hwc_apstartup.fm Configuring the Wireless AP Discovery and registration overview Radio B/G LED The Radio B/G LED will show the general high-level state during initialization and discovery for the access point.
hwc_apstartup.fm Configuring the Wireless AP Discovery and registration overview Radio B/G LED Radio A LED Off Blink green Off Solid green Solid green Status LED Blink green Initialization: Power-on self test (POST) Blink green Initialization: Random delay Blink orange Initialization: No Ethernet nor WDS link Blink green Initialization: Vulnerable period Blink orange Reset to factory defaults Blink green WDS scanning Blink green Network discovery: 802.
hwc_apstartup.fm Configuring the Wireless AP Discovery and registration overview LED -84 < RSS < -77 Off Eth state Off Fast Blinking green -77 < RSS < -70 Off Eth state Blinking green Solid green -70 < RSS < -63 Blinking green Eth state Solid green Solid green RSS < -63 Fast Blinking green Eth state Solid green Solid green Table 19 AP4102 and AP2605 LEDs indicating Signal Strength 4.2.3.
hwc_apstartup.fm Configuring the Wireless AP Discovery and registration overview 3. On the AP Properties tab, click the Advanced button. The Advanced window displays. 4. In the LED field, click the arrow and select an LED operational mode. See Table 20 for a description of each option. To set the AP LED operational mode when using the AP mulit-edit feature: 1. From the main menu, click Wireless AP Configuration. The HiPath Wireless AP window displays. 2. In the left-hand pane, click AP Multi-edit.
hwc_apstartup.fm Configuring the Wireless AP Discovery and registration overview • If you are installing the HiPath Wireless 802.11n AP, see the HiPath Wireless 802.11n AP Installation Instructions. • If you are installing the HiPath Wireless Outdoor AP, see the HiPath Wireless Outdoor AP Installation Instructions and the HiPath Wireless Outdoor AP Installation Guide. Once the installations are completed, you can then continue with the Wireless AP initial configuration.
hwc_apstartup.fm Configuring the Wireless AP Discovery and registration overview • • If the HiPath Wireless Controller recognizes the serial number, it indicates that the registering device is pre-registered with the controller. The controller uses the existing registration record to authenticate the AP and the existing configuration record to configure the AP.
hwc_apstartup.fm Configuring the Wireless AP Discovery and registration overview 3. In the Security Mode section, select one of the following: • Allow all Wireless APs to connect • Allow only approved Wireless APs to connect The Allow all Wireless APs to connect option is selected by default. For more information, see Section 4.2.5, “Security mode”, on page 115. 4.
hwc_apstartup.fm Configuring the Wireless AP Adding and registering a Wireless AP manually HiPath Wireless AP The HiPath Wireless AP can be connected and powered in the following ways: • • Power over Ethernet (802.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings To add and register a Wireless AP manually: 1. From the main menu, click Wireless AP Configuration. The HiPath Wireless AP screen is displayed. 2. Click Add Wireless AP. The Add Wireless AP screen is displayed. 3. In the Serial # box, type the unique identifier. 4. In the Hardware Type drop-down list, click the hardware type of the Wireless AP. 5. In the Name box, type a unique name for the Wireless AP. 6.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings You can also locate and select Wireless APs in specific registration states to modify their settings. For example, this feature is useful when approving pending Wireless APs when there are a large number of other Wireless APs that are already registered. On the Access Approval screen, click Pending to select all pending Wireless APs, then click Approve to approve all selected Wireless APs.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings 3. To select the Wireless APs for status change, do one of the following: • For a specific Wireless AP, select the corresponding checkbox. • For Wireless APs by category, click one of the Select Wireless APs options. To clear your Wireless AP selections, click Deselect All. 4.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings • Sensor – The Wireless AP ceases performing RF services and begins performing scanning services. For more information, see Section 4.9, “Configuring an AP as a sensor”, on page 215. Note: Only approve a Wireless AP as a sensor if HiPath HiGuard has been installed on your HiPath Wireless Manager. For more information, see the HiPath Wireless Manager User Guide. Note: Only the Wireless AP 2610/2620 and the Wireless 802.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings • Host Name – This value, which is based on AP Name, cannot be directly edited. This value depicts the AP Host-Name value. If the AP Name value does begin with a number, for example when it is the AP's serial number, the AP's model is prepended to the value. This value is used for tracking purposes on the DHCP server. • Port – Displays the Ethernet port of the HiPath Wireless Controller to which the Wireless AP is connected.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings When a Wireless AP is configured to the sensor role, its configuration data is preserved on the HiPath Wireless Controller. The configuration data can only be modified when the Wireless AP is switched back to the access point role. In addition, if a Wireless AP is assigned to the sensor role, no additional Wireless AP tabs are visible. Note: Only the Wireless AP 2610/2620 and the Wireless 802.11n AP can be configured as a sensor.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings Announcement Interval – This value, measured in seconds, is the time between successive LLDP packets that the Wireless AP advertises. If there are no changes to the Wireless AP configuration that impact the LLDP information, the Wireless AP sends a new LLDP packet according to this schedule.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings • AP Environment – Click the Wireless AP’s environment — Indoor or Outdoor. Note: The AP Environment drop-down is displayed on the AP Properties tab only if the selected Wireless AP is the HiPath Outdoor Wireless AP. The HiPath Outdoor Wireless AP can be deployed in both indoor and outdoor environments. • Role – Click the role for the Wireless AP, either Access Point or Sensor.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings 5. To modify Wireless AP advanced settings, click Advanced. The Advanced dialog is displayed. • Poll Timeout – Type the timeout value, in seconds, for the Wireless AP to re-establish the link with the HiPath Wireless Controller if it (Wireless AP) does not get an answer to its polling. The default value is 10 seconds. Note: If you are configuring session availability, the Poll Timeout value should be 1.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings • Select one of the following: • Proceed (not recommended) – Select this option to enable LLDP and keep SNMP running, and then click OK. • Disable SNMP publishing, and proceed – Select this option to enable LLDP and disable SNMP, and then click OK. For more information on enabling SNMP, see the HiPath Wireless Controller, Access Points and Convergence Software Maintenance Guide.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings 3. Modify the Wireless AP’s information: • Name – Type a unique name for the Wireless AP that identifies the AP. The default value is the Wireless AP’s serial number. • Host Name – This value, which is be based on AP Name, cannot be directly edited. This value depicts the AP Host-Name value. If the AP Name value does begin with a number, for example when it is the AP's serial number, the AP's model is prepended to the value.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings • AP Multi-edit – When you configure multiple Wireless APs simultaneously, you can use the AP Multi-edit feature. For more information, see Section 4.8, “Configuring Wireless APs simultaneously”, on page 213. • Wireless AP configuration – When you configure an individual Wireless AP, you can assign its radios to a specific WLAN Service. Note: To configure foreign Wireless AP radios to a VNS, use the VNS configuration method.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings • For specific information on modifying a Wireless 802.11n AP, see Section 4.4.5.1, “Modifying Wireless 802.11n AP 3610/3620 radio properties”, on page 133. • For specific information on modifying a Wireless AP 2610/2620 or HiPath Wireless Outdoor AP, see Section 4.4.5.3, “Modifying Wireless AP 2610/2620 radio properties”, on page 152.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings • Channel Plan – If ACS is enabled, you can define a channel plan for the Wireless AP. Defining a channel plan allows you to limit which channels are available for use during an ACS scan. For example, you may want to avoid using specific channels because of low power, regulatory domain, or radar interference.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings When you disable ATPC, you are given the option of automatically adjusting the Max Tx Power setting to match the Current Tx Power Level. In the case of AP Multi-edit, if you reply yes, then each individual Wireless AP's Max Tx Power setting will be adjusted to correspond with its Current Tx Power Level in the database. 4.4.5.1 Modifying Wireless 802.11n AP 3610/3620 radio properties The Wireless 802.11n AP 3610/3620 is a 802.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings • • Non-802.11n clients, beacons, and multicasts use the 802.11a/b/g radio protocols. • If the primary channel allows for both bonding types (up and down), you can select the channel bonding type from the Channel Bonding dropdown list. • If the primary channel allows for only one of the bonding types (up or down), that channel bond type is displayed in the Channel Bonding drop-down list.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings Left antenna Right antenna The Wireless 802.11n AP is configured, by default, to transmit on all three antennas. Depending on your deployment requirements, you can configure the Wireless 802.11n AP to transmit on specific antennas. You can configure the Wireless 802.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings • C4110 – Up to 64 VNSs • C2400 – Up to 64 VNSs • C20 – Up to 8 VNSs • C20N – Up to 8 VNSs • CRBT8210 – Up to 16 VNSs • CRBT8110 – Up to 8 VNSs The Wireless AP radios can be assigned to each of the configured VNSs in a system. Each radio can support eight WLAN assignments, corresponding to the number of SSIDs it can support. Once a radio has all 8 slots assigned, it is no longer eligible for further assignment.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings • a/n – Click to enable the 802.11a mode of Radio 1 with 802.11n capability. Note: Depending on the radio modes you select, some of the radio settings may not be available for configuration. The Wireless AP hardware version dictates the available radio modes. • Channel Width – Click the channel width for the radio: • 20MHz – Click to allow 802.11n clients to use the primary channel (20MHz) and non-802.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings • Auto Tx Power Ctrl (ATPC) – Select to enable ATPC. ATPC automatically adapts transmission power signals according to the coverage provided by the Wireless APs. After a period of time, the system will stabilize itself based on the RF coverage of your Wireless APs. Note: If you disable ATPC, you can still choose to maintain using the current Tx power setting ATPC had established.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings assigned against the recommended values your RF plan has provided. Use the Auto Tx Power Ctrl Adjust value to achieve the recommended values. Note: • Current Channel – This field is view only. It displays the actual channel the ACS has assigned to the Wireless AP radio.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings • Antenna Selection – Click the antenna, or antenna combination, you want to configure on this radio. Note: When you configure the Wireless 802.11n AP to use specific antennas, the transmission power is recalculated; the Current Tx Power Level value for the radio is automatically adjusted to reflect the recent antenna configuration.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings • Frag. Threshold – Type the fragment size threshold, in bytes, above which the packets will be fragmented by the Wireless AP prior to transmission. The default value is 2346, which means all packets are sent unfragmented. Reduce this value only if necessary.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings • DCS Update Period – Type the time, measured in minutes that determines the period during which the Wireless AP averages the DCS Noise Threshold and DCS Channel Occupancy Threshold measurements. If either one of these thresholds is exceeded, then the Wireless AP will trigger ACS. 10. In the Advanced dialog 11n Settings section, do the following: • Protection Mode – Click a protection mode: Enabled or Disabled.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings 12. Click Save to save your changes. 13. If applicable, click the Radio 2 tab. 14. In the Base Settings section, do the following: • Radio Mode – Click one of the following radio options: • off – Click to disable Radio 2. • b – Click to enable the 802.11b-only mode of Radio 2. If selected, the AP will use only 11b (CCK) rates with all associated clients. • b/g – Click to enable both the 802.11g mode and the 802.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings Click Auto to request the ACS to search for a new channel for the Wireless 802.11n AP, using a channel selection algorithm. This forces the Wireless 802.11n AP to go through the auto-channel selection process again. Note: ACS in the 2.4GHz radio band with 40MHz channels is not recommended due to severe co-channel interference. Depending on the regulatory domain (based on country), some channels may be restricted.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings • Min Tx Power – If ATPC is enabled, click the minimum Tx power level to which the range of transmit power can be adjusted. It is recommended to use the lowest value available to not limit the potential Tx power level range that can be used. Note: The Minimum Tx Power level is subject to the regulatory compliance requirement for the selected country.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings • • Custom – If you want to configure individual channels from which the ACS will select an operating channel, click Configure. The Add Channels dialog is displayed. Click the individual channels you want to add to the channel plan while pressing the CTRL key, and then click OK. Antenna Selection – Click the antenna, or antenna combination, you want to configure on this radio. Note: When you configure the Wireless 802.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings • Frag. Threshold – Type the fragment size threshold, in bytes, above which the packets will be fragmented by the Wireless AP prior to transmission. The default value is 2346, which means all packets are sent unfragmented. Reduce this value only if necessary.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings • DCS Update Period – Type the time, measured in minutes that determines the period during which the Wireless AP averages the DCS Noise Threshold and DCS Channel Occupancy Threshold measurements. If either one of these thresholds is exceeded, then the Wireless AP will trigger ACS. 19. In the Advanced dialog 11b Settings section, do the following: • Preamble – Click a preamble type for 11b-specific (CCK) rates: Short or Long.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings • Protection Mode – Click a protection mode: Enabled or Disabled. This protects high throughput transmissions on primary channels from non11n APs and clients. Click Disabled if non-11n APs and clients are not expected. Click Enabled if you expect many non-11n APs and clients. The overall throughput is reduced when Protection Mode is enabled.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings 4.4.5.2 Achieving high throughput with the Wireless 802.11n AP To achieve link rates of up to 300Mbps with the Wireless 802.11n AP, configure your system as described in the following section. Note: Maximum throughput cannot be achieved if both 802.11n and legacy client devices are to be supported. Note: Some client devices will choose a 2.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings • 40MHz Protection Mode – Click None. Note: Do not disable 802.11n protection mode if you have 802.11b client devices using this Wireless AP; instead, configure only Radio 1 for high throughput unless it is acceptable to achieve less than maximum 802.11n throughput on Radio 2. • Aggregate MSDUs – Click Enabled. • Aggregate MSDU Max Length – Type 4096 • Aggregate MPDU – Click Enabled.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings 6. In the left pane Virtual Networks list, click the VNS you want to configure. The Topology tab is displayed. 7. Click the Privacy tab. Some client devices will not use 802.11n mode if they are using WEP or TKIP for security. Therefore, do one of the following: • Select None. • Select WPA-PSK, and then clear the WPA v.1 option: • Select WPA v.2. • In the Encryption drop-down list, click AES only.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings • C20N – Up to 8 VNSs • CRBT8210 – Up to 16 VNSs • CRBT8110 – Up to 8 VNSs The Wireless AP radios can be assigned to each of the configured VNSs in a system. Each radio can be the subject of 8 VNS assignments (corresponding to the number of SSIDs it can support). Once a radio has all 8 slots assigned, it is no longer eligible for further assignment. The BSS Info section is view only.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings • RF Domain – Type a string that uniquely identifies a group of APs that cooperate in managing RF channels and transmission power levels. The maximum length of the string is 16 characters. The RF Domain is used to identify a group of Wireless APs. • Request New Channel – Click the wireless channel you want the Wireless AP to use to communicate with wireless devices.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings assigned against the recommended values your RF plan has provided. Use the Auto Tx Power Ctrl Adjust value to achieve the recommended values. Note: • Current Channel – This field is view only. It displays the actual channel the ACS has assigned to the Wireless AP radio.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings • Min Basic Rate – Click the minimum data rate that must be supported by all stations in a BSS: 6, 12, or 24 Mbps. If necessary, the Max Basic Rate choices adjust automatically to be higher or equal to the Min Basic Rate. • Max Basic Rate – Click the maximum data rate that must be supported by all stations in a BSS: 6, 12, or 24 Mbps.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings • Max % of non-unicast traffic per Beacon period – Enter the maximum percentage of time that the AP will transmit non-unicast packets (broadcast and multicast traffic) for each configured Beacon Period. For each non-unicast packet transmitted, the system calculates the airtime used by eack packet and drops all packets that exceed the configured maximum percentage.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings • Rx Diversity – Click Best for the best signal from both antennas, or Left or Right to choose either of the two diversity antennas. The default and recommended selection is Best. If only one antennae is connected, use the corresponding Left or Right diversity setting. Do not use Best if two identical antennas are not used.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings 12. In the Base Settings section, do the following: • Radio Mode – Click one of the following radio options: • off – Click to disable Radio 2. • b – Click to enable the 802.11b-only mode of Radio 2. If selected, the AP will use only 11b (CCK) rates with all associated clients. • g – Click to select the 802.11g-only mode of Radio 2.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings • Request New Channel – Click the wireless channel you want the Wireless AP to use to communicate with wireless devices. Click Auto to request the ACS to search for a new channel for the Wireless AP, using a channel selection algorithm. This forces the Wireless AP to go through the auto-channel selection process again. Depending on the regulatory domain (based on country), some channels may be restricted.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings that a Wireless AP’s radio is always operating on the best available channel. • Last Requested Channel – This field is view only. This field displays the last wireless channel that you had selected for the Wireless AP to communicate with the wireless devices. • Current Tx Power Level – This field is view only. It displays the actual Tx power level assigned to the Wireless AP radio.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings • Max Operational Rate – Click the maximum data rate that clients can operate at while associated with the Wireless AP: 11, 12, 18, 24, 36, 48, or 54 Mbps. If necessary, the Max Operational Rate choices adjust automatically to be higher or equal to the Max Basic Rate. 14. To modify Radio 2 advanced settings, click Advanced. The Advanced dialog is displayed. 15.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings • Dynamic Channel Selection – To enable Dynamic Channel Selection, click one of the following: • Monitor Mode – If traffic or noise levels exceed the configured DCS thresholds, an alarm is triggered and an information log is generated. • Active Mode – If traffic or noise levels exceed the configured DCS thresholds, an alarm is triggered and an information log is generated.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings • Total # of Retries for Voice VO – Click the number of retries for the Voice transmission queue. The default value is adaptive (multi-rate). The recommended setting is adaptive (multi-rate). • Total # of Retries for Turbo Voice TVO – Click the number of retries for the Turbo Voice transmission queue. The default value is adaptive (multi-rate). The recommended setting is adaptive (multi-rate). 17.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings 4.4.6 Setting up the Wireless AP using static configuration The Wireless AP static configuration feature provides the HiPath Wireless Controller, Access Points and Convergence Software solution with the capability for a network with either a central office or a branch office model. The static configuration settings assist in the setup of branch office support.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings • Tagged - VLAN ID – Select if you want to assign this AP to a specific VLAN and type the value in the box. • Untagged – Select if you want this AP to be untagged. This option is selected by default. Caution: Caution should be exercised when using this feature. For more information, see Section 4.5, “Configuring VLAN tags for Wireless APs”, on page 169.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings 7. Click Add. The IP address is added to the list. 8. Repeat steps 5 and 6 to add additional HiPath Wireless Controllers. 9. Click Up and Down to modify the order of the HiPath Wireless Controllers. The maximum is three controllers. The Wireless AP attempts to connect to the IP addresses in the order in which they are listed. The Wireless AP is successful when it finds a HiPath Wireless Controller that will allow it to register.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless AP settings 5. To save your changes, click Save. To set up a new telnet/SSH access password: 1. From the main menu, click Wireless AP Configuration. The Wireless AP Configuration screen is displayed. 2. In the left pane, click AP Registration. The Wireless AP Registration screen is displayed. Note: The SSH Access section on the AP Registration screen is applicable to the 11n Wireless APs.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs 4.5 Configuring VLAN tags for Wireless APs Caution: You must exercise caution while configuring a VLAN ID tag. If a VLAN tag is not configured properly, the connectivity between the HiPath Wireless Controller and the Wireless AP will be lost. To configure the VLAN tag for the Wireless AP, you must connect the Wireless AP to a point on the central office network that does not require VLAN tagging.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs 4.5.1 Setting up 802.1x authentication for a Wireless AP 802.1x is an authentication standard for wired and wireless LANs. The 802.1x standard can be used to authenticate access points to the LAN to which they are connected. 802.1x support provides security for network deployments where access points are placed in public spaces. To successfully set up 802.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs • Uses certificates for authentication of access points • HiPath Wireless Controller can operate in either proxy mode or pass through mode. • Proxy mode – The HiPath Wireless Controller generates the public and private key pair used in the certificate. • Pass through mode – The certificate and private key is created by the third-party Certificate Authentication application.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs 4. In the Username drop-down list, click the value you want to assign as the user name credential: • Name – The name of the Wireless AP, which is assigned on the AP Properties tab. The Wireless AP name can be edited. • Serial – The serial number of the Wireless AP. The Wireless AP serial number cannot be edited. • MAC – The MAC address of the Wireless AP. The Wireless AP MAC address cannot be edited.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs The 802.1x PEAP authentication configuration is assigned to the Wireless AP. The Wireless AP can now be deployed to a 802.1x enabled switch port. 4.5.1.2 Configuring 802.1x EAP-TLS authentication EAP-TLS authentication uses certificates for authentication. A third-party Certificate Authentication application is required to configure EAP-TLS authentication. Certificates can be overwritten with new ones at any time.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs 5. Type the criteria to be used to create the certificate request.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs 9. In the third-party Certificate Authentication application, use the content of the generated certificate request file to generate the certificate file (.cer file extension). 10. On the 802.1x tab, click Browse. The Choose file window is displayed. 11. Navigate to the location of the certificate file, and click Open. The name of the certificate file is displayed in the X509 DER / PKCS#12 file box. 12.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs The 802.1x EAP-TLS authentication in pass through mode is assigned to the Wireless AP. The Wireless AP can now be deployed to a 802.1x enabled switch port. 4.5.1.3 Viewing 802.1x credentials When 802.1x authentication is configured on a Wireless AP, the light bulb icon on the 802.1x tab for the configured Wireless AP is lit to indicate which 802.1x authentication method is used.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs 4.5.1.4 Deleting 802.1x credentials Caution: Exercise caution when deleting 802.1x credentials. For example, deleting 802.1x credentials may prevent the Wireless AP from being authenticated or to lose its connection with the HiPath Wireless Controller. To delete current 802.1x credentials: 1. From the main menu, click Wireless AP Configuration. The HiPath Wireless AP screen is displayed. 2.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs To configure 802.1x EAP-TLS authentication in proxy mode using Multi-edit: 1. From the main menu, click Wireless AP Configuration. The HiPath Wireless AP screen is displayed. 2. In the left pane, click AP 802.1x Multi-edit. 3. In the Wireless APs list, click one or more Wireless APs to configure. To select multiple Wireless APs, click the Wireless APs from the list while pressing the CTRL key. 4.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs • • MAC – The MAC address of the Wireless AP. The Wireless AP MAC address cannot be edited. Email address – The email address of the organization 5. Click Generate Certificates. The AP 802.1x Multi-edit progress window is displayed, which provides the status of the configuration process. Once complete, the File Download dialog is displayed. 6. Click Save. The Save as window is displayed. 7.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs • • All .pfx files created by the third-party Certificate Authentication application must be zipped into one file. Generate one certificate, using the third-party Certificate Authentication application, to be applied to all Wireless APs. When generating the certificate, use the Common name value (either Name, Serial, or MAC) of the Wireless AP to name the generated certificate. To configure 802.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs • • MAC – The MAC address of the Wireless AP. The Wireless AP MAC address cannot be edited. In the Password drop-down list, click the value you want to assign as the password credential: • Name – The name of the Wireless AP, which is assigned on the AP Properties tab. The Wireless AP name can be edited. • Serial – The serial number of the Wireless AP. The Wireless AP serial number cannot be edited.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs To configure common configuration default AP settings: 1. From the main menu, click Wireless AP Configuration. The HiPath Wireless AP screen is displayed. 2. In the left pane, click AP Default Settings. The Common Configuration tab is displayed. 3. In the Static Configuration section, do one of the following: • To allow each Wireless AP to provide its own HWC Search List, select the Learn HWC Search List from AP checkbox.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs The DHCP function for wireless clients must be provided locally by a local DHCP server, unless each wireless client has a static IP address. For the initial Wireless AP deployment, it is necessary to use one of the described options in Section 4.2, “Discovery and registration overview”, on page 97. 4. In the WLAN Assignments section, assign the Radios for each VNS in the list by selecting or clearing the option boxes. 5.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs • Select one of the following: • Proceed (not recommended) – Select this option to enable LLDP and keep SNMP running, and then click OK. • Disable SNMP publishing, and proceed – Select this option to enable LLDP and disable SNMP, and then click OK. For more information on enabling SNMP, see the HiPath Wireless Controller, Access Points and Convergence Software Maintenance Guide.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs • Radio 2 – off, b, g, or b/g. Note: Depending on the radio modes you select, some of the radio settings may not be available for configuration. • RF Domain – Type a string that uniquely identifies a group of APs that cooperate in managing RF channels and transmission power levels. The maximum length of the string is 16 characters. The RF Domain is used to identify a group of Wireless APs.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs • Custom – To configure individual channels from which the ACS will select an operating channel, click Configure. The Custom Channel Plan dialog displays. By default, all channels participate in the channel plan. Click the individual channels you want to include in the channel plan. To select contiguous channels, use the Shift key. To select multiple, non-contiguous channels in the list, use the CTRL key.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs Wireless Controller is lost. If this option is enabled, it allows the Wireless AP to start a bridged at AP VNS even in the absence of a HiPath Wireless Controller. • Use broadcast for disassociation – Click to Enable or Disable if you want the Wireless AP to use broadcast disassociation when disconnecting all clients, instead of disassociating each client one by one.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs Do not change the default setting for the radio that provides service to 802.11 clients only. • 188 Dynamic Channel Selection – Click one of the following: • Off – Disables DCS. • Monitor Mode – If traffic or noise levels exceed the configured DCS thresholds, an alarm is triggered and an information log is generated.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs • Protection Mode – Click a protection mode: None, Auto, or Always. The default and recommended setting is Auto. Click None if 11b APs and clients are not expected. Click Always if you expect many 11b-only clients. • Protection Rate – Click a protection rate: 1, 2, 5.5, or 11 Mbps. The default and recommended setting is 11.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs • Best Effort BE – For each radio, click the number of retries for the Best Effort transmission queue. The default value is adaptive (multi-rate). The recommended setting is adaptive (multi-rate). • Video VI – For each radio, click the number of retries for the Video transmission queue. The default value is adaptive (multi-rate). The recommended setting is adaptive (multi-rate).
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs • LLDP – Click to enable or disable the Wireless AP from broadcasting LLDP information. This option is disabled by default. If SNMP is enabled on the HiPath Wireless Controller and you enable LLDP, the LLDP Confirmation dialog is displayed. • Select one of the following: • Proceed (not recommended) – Select this option to enable LLDP and keep SNMP running, and then click OK.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs • Radio 1 – off, a or a/n. • Radio 2 – off, b, b/g, or b/g/n. Note: Depending on the radio modes you select, some of the radio settings may not be available for configuration. • 192 Channel Width – Click the channel width for the radio: • 20MHz – Click to allow 802.11n clients to use the primary channel (20MHz) and non-802.11n clients, beacons, and multicasts to use the 802.11b/g radio protocols.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs for each Wireless AP, compare the actual Tx power levels your system has assigned against the recommended values your RF plan has provided. Use the Auto Tx Power Ctrl Adjust value to achieve the recommended values. • Channel Plan – If ACS is enabled, you can define a channel plan for the Wireless AP. Defining a channel plan allows you to limit which channels are available for use during an ACS scan.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs Current Tx Power Level value to be reflected in the HiPath Wireless Assistant. Also, the radio is reset causing client connections on this radio to be lost. 6. To modify default access point advanced settings, click Advanced. The Advanced dialog is displayed. 7. In the Advanced dialog AP Properties section, do the following: • Poll Timeout – Type the timeout value, in seconds.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs • RTS/CTS – Type the packet size threshold, in bytes, above which the packet will be preceded by an RTS/CTS (Request to Send/Clear to Send) handshake. The default value is 2346, which means all packets are sent without RTS/CTS. Reduce this value only if necessary. • Frag. Threshold – For each radio, type the fragment size threshold, in bytes, above which the packets will be fragmented by the AP prior to transmission.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs • DCS Update Period – Type the time, measured in minutes that determines the period during which the Wireless AP averages the DCS Noise Threshold and DCS Channel Occupancy Threshold measurements. If either one of these thresholds is exceeded, then the Wireless AP will trigger ACS. • Preamble – Click a preamble type for 11b-specific (CCK) rates: Short, Long, or Auto. The recommended value is Auto.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs • Aggregate MSDU Max Length – Type the maximum length of the aggregate MSDU. The value range is 2290-4096 bytes. • Aggregate MPDUs – Click an aggregate MPDU mode: Enabled or Disabled. Aggregate MPDU provides a significant improvement in throughput. • Aggregate MPDU Max Length – Type the maximum length of the aggregate MPDU. The value range is 1024-65535 bytes. • Agg.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs 4. In the AP Properties section, do the following: • LLDP – Click to Enable or Disable the Wireless AP from broadcasting LLDP information. This option is disabled by default. If SNMP is enabled on the HiPath Wireless Controller and you enable LLDP, the LLDP Confirmation dialog is displayed.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs • Radio mode – Click the radio mode you want to enable: • Radio 1 – off, b, g, b/g, or a. • Radio 2 – off, b, g, b/g, or a. Note: Depending on the radio modes you select, some of the radio settings may not be available for configuration. • RF Domain – Type a string that uniquely identifies a group of APs that cooperate in managing RF channels and transmission power levels.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs • All Non-DFS Channels – ACS scans all non-DFS channels for an operating channel. This selection is available when there is at least one DFS channel supported for the selected country. • Custom – To configure individual channels from which the ACS will select an operating channel, click Configure. The Custom Channel Plan dialog displays. By default, all channels participate in the channel plan.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs • Restart service in the absence of controller – Select this option (if using a bridged at AP VNS) to ensure the Wireless AP’s radios continue providing service if the Wireless AP’s connection to the HiPath Wireless Controller is lost. If this option is enabled, it allows the Wireless AP to start a bridged at AP VNS even in the absence of a HiPath Wireless Controller.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs APs is greater than 100 meters, configure the maximum distance up to 15,000 meters so that the software increases the timeout value proportionally with the distance between APs. Do not change the default setting for the radio that provides service to 802.11 clients only. • 202 Dynamic Channel Selection – Click one of the following: • Off – Disables DCS.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs • Preamble – Click a preamble type for 11b-specific (CCK) rates: Short, Long, or Auto. The recommended value is Auto. Click Short if you are sure that there is no pre-11b AP or a client in the vicinity of this AP. Click Long if compatibility with pre-11b clients is required. • Protection Mode – Click a protection mode: None, Auto, or Always. The default and recommended setting is Auto.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs • Background BK – For each radio, click the number of retries for the Background transmission queue. The default value is adaptive (multirate). The recommended setting is adaptive (multi-rate). • Best Effort BE – For each radio, click the number of retries for the Best Effort transmission queue. The default value is adaptive (multi-rate). The recommended setting is adaptive (multi-rate).
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs 4. In the AP Properties section, do the following: • LLDP – Click to Enable or Disable the Wireless AP from broadcasting LLDP information. This option is disabled by default. If SNMP is enabled on the HiPath Wireless Controller and you enable LLDP, the LLDP Confirmation dialog is displayed.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs • Announcement Interval – If LLDP is enabled, type how often the Wireless AP advertises its information by sending a new LLDP packet. This value is measured in seconds. If there are no changes to the Wireless AP configuration that impact the LLDP information, the Wireless AP sends a new LLDP packet according to this schedule. Note: The Time to Live value cannot be directly edited.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs • Min Tx Power – If ATPC is enabled, click the minimum Tx power level to which the range of transmit power can be adjusted: 0 to 23 (b/g or b/g/n) or 24 (a or a/n) dBm. It is recommended to use 0 dBm to not limit the potential Tx power level range that can be used. • Auto Tx Power Ctrl Adjust – If ATPC is enabled, click the Tx power level that can be used to adjust the ATPC power levels that the system has assigned.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs • Custom – If you want to configure individual channels from which the ACS will select an operating channel, click Configure. The Add Channels dialog is displayed. Click the individual channels you want to add to the channel plan while pressing the CTRL key, and then click OK. 6. To modify default access point advanced settings, click Advanced. The Advanced dialog is displayed. 7.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs • DTIM – Type the desired DTIM (Delivery Traffic Indication Message) period — the number of beacon intervals between two DTIM beacons. To ensure the best client power savings, use a large number. For example, 5. Use a small number to minimize broadcast and multicast delay. The default value is 5. • Beacon Period – Type the desired time, in milliseconds, between beacon transmissions. The default value is 100 milliseconds.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs 210 • DCS Noise Threshold – If DCS is enabled, type the noise interference level, measured in dBm, after which ACS will scan for a new operating channel for the Wireless AP if the threshold is exceeded. • DCS Channel Occupancy Threshold – If DCS is enabled, type the channel utilization level, measured as a percentage, after which ACS will scan for a new operating channel for the Wireless AP if the threshold is exceeded.
hwc_apstartup.fm Configuring the Wireless AP Configuring VLAN tags for Wireless APs 9. In the Advanced dialog Enhanced Rate Control section, do the following: • Min Basic Rate – For each radio, click the minimum data rate that must be supported by all stations in a BSS: 1, 2, 5.5, or 11 Mbps for 11b and 11b+11g modes. Click 1, 2, 5.5, 6, 11, 12, or 24 Mbps for 11g-only mode. Click 6, 12, or 24 Mbps for 11a mode.
hwc_apstartup.fm Configuring the Wireless AP Modifying a Wireless AP’s properties based on a default AP configuration 4.6 Modifying a Wireless AP’s properties based on a default AP configuration If you have a Wireless AP that is already configured with its own settings, but would like the Wireless AP to be reset to use the system’s default AP settings, use the Reset to Defaults feature on the AP Properties tab. To configure a Wireless AP with the system’s default AP settings: 1.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless APs simultaneously 5. To confirm resetting the system’s default Wireless AP settings, click OK. 4.8 Configuring Wireless APs simultaneously In addition to configuring Wireless APs individually, you can also configure multiple Wireless APs simultaneously by using the AP Multi-edit function. Configuring Wireless APs simultaneously is similar to modifying the system’s default AP settings or individual Wireless APs.
hwc_apstartup.fm Configuring the Wireless AP Configuring Wireless APs simultaneously 3. Do the following: • In the Hardware Types list, click one or more Wireless AP hardware types. • In the Wireless APs list, click one or more Wireless APs to edit. To click multiple Wireless APs, click the APs from the list while pressing the CTRL key. Note: When using the Multi-edit function, any box or option that is not explicitly modified will not be changed by the update.
hwc_apstartup.fm Configuring the Wireless AP Configuring an AP as a sensor • Clear search list – Click to clear previously assigned HiPath Wireless Controllers that were configured to control this Wireless AP. • Re-configure search list – Click to assign HiPath Wireless Controllers to control this Wireless AP. a) In the Add box, type the IP address of the HiPath Wireless Controller that will control this Wireless AP. b) Click Add. The IP address is added to the list.
hwc_apstartup.fm Configuring the Wireless AP Configuring an AP as a sensor • The AP performs scanning services • The AP no longer performs RF services for the HiPath Wireless Controller When an AP is operating as a sensor, it has no interaction with the HiPath Wireless Controller, and it does not perform like an AP: it does not allow devices to associate to it and traffic is not forwarded through it. An AP operating as a sensor is managed by HiPath Wireless Manager HiGuard.
hwc_apstartup.fm Configuring the Wireless AP Performing Wireless AP software maintenance • TFTP Server – The IP address of the TFTP server the AP is to retrieve the sensor image file from. • Path to 26xx Image – The filename and location of the 26xx sensor image. • Path to 36xx Image – The filename and location of the 36xx sensor image. Note: The Path to 36xx image box is only available if the HiPath Wireless Controller is managed by the HiPath Wireless Manager V2R3. 4.
hwc_apstartup.fm Configuring the Wireless AP Performing Wireless AP software maintenance 3. In the AP Images for Platform drop-down list, click the appropriate platform. 4. To select an image to be the default image for a software upgrade, click it in the list, and then click Set as default. 5. In the Upgrade Behavior section, select one of the following: • Upgrade when AP connects using settings from Controlled Upgrade – The Controlled Upgrade tab is displayed.
hwc_apstartup.fm Configuring the Wireless AP Performing Wireless AP software maintenance 4. In the AP Images list, click the image you want to delete. 5. Click Delete. The image is deleted. To download a new Wireless AP software image: 1. From the main menu, click Wireless AP Configuration. The Wireless AP Configuration screen is displayed. 2. In the left pane, click AP Maintenance. The AP Software Maintenance tab is displayed. 3.
hwc_apstartup.fm Configuring the Wireless AP Performing Wireless AP software maintenance Note: The Controlled Upgrade tab is displayed only when the Upgrade Behavior is set to Upgrade when AP connects using settings from Controlled Upgrade on the AP Software Maintenance tab. 4. In the Select AP Platform drop-down list, click the type of AP you want to upgrade. 5. In the Select an image to use drop-down list, click the software image you want to use for the upgrade. 6.
hwc_vnsintro.fm Virtual Network Services concepts VNS overview 5 Virtual Network Services concepts This chapter introduces and describes the concept of Virtual Network Services (VNS), including: • VNS overview • Setting up a VNS checklist • NAC integration with HiPath WLAN • Wireless AP assignment to WLAN Services • Authentication for a VNS • Filtering • Multicast traffic • Data protection — WEP and WPA • QoS Policy • Flexible Client Access (FCA) 5.
hwc_vnsintro.fm Virtual Network Services concepts VNS overview • Topology now allow for VLANs without L3 presence Note: The concepts introduced in V7.0 facilitate the integration between HiPath. WLAN and the Enterasys Policy Manager. However, discussion about their integration, the communication between the two, provisioning model, and so on are not part of this document.
hwc_vnsintro.fm Virtual Network Services concepts VNS overview • – “Admin,” meaning this is the native topology of the HiPath Wireless Controller management port – “Routed,” describing the L3 stub network segments – “Bridged at Controller,” which allows L2 forwarding between the wireless clients and core network, or – “Bridged at AP,” which is implemented by local bridging done at the APs themselves.
hwc_vnsintro.fm Virtual Network Services concepts VNS overview Default Global Policy definitions provide a placeholder for completion of incomplete policies for initial default assignment.
hwc_vnsintro.fm Virtual Network Services concepts VNS overview 5.1.4 New VNS definition The central objective of the newly defined (in V7.0) VNS is to allow for more configuration flexibility by separating reusable components (such as topology, policies, and so forth) and to allow for integration with the Enterasys Policy Manager. Figure 11 on page 225 shows the breakdown of a VNS into its primary components. The direction of the arrows in this diagram indicates the direction of a dependency.
hwc_vnsintro.fm Virtual Network Services concepts VNS overview Breaking the VNS into two main parts, permits a VNS to be created from components that were defined at different times. For example the HWC can ship with predefined WLAN Services that are created by the development team. At a later date a policy can be defined on the HWC (by the administrator or Policy Manager) and combined with the WLAN Service to create a functional SSID. In Release V7.
hwc_vnsintro.fm Virtual Network Services concepts VNS overview • Removal of the distinction between AAA and SSID-based VNS. Instead of this being an explicit attribute that cannot be changed once set, the HWC will determine from the WLAN Service privacy and authentication settings whether EAP or Captive portal is required, and will ensure that the administrator cannot save a configuration that has incomplete or incompatible RADIUS options.
hwc_vnsintro.fm Virtual Network Services concepts Setting up a VNS checklist 5.2 Setting up a VNS checklist When you set up a VNS on the HiPath Wireless Controller, you are defining a topology, policies, and WLAN services for a group of wireless device users. The checklist suggested in this section is focused on strictly necessary parameters and selections an administrator has to consider.
hwc_vnsintro.fm Virtual Network Services concepts Setting up a VNS checklist • Proper definition and selection of the user Policy would define the filters to be applied to the users and user groups in order to control network access. • The quality of service (QoS) definition is part of the WLAN Services requirements. • The privacy mechanisms that should be employed between the Wireless APs and the wireless devices are also configurable at the level of WLAN services.
hwc_vnsintro.fm Virtual Network Services concepts NAC integration with HiPath WLAN 5.3 NAC integration with HiPath WLAN HiPath WLAN supports integration with a NAC (Network Admission Control) Gateway. The NAC Gateway can provide your network with authentication, registration, assessment, remediation, and access control for mobile users. NAC Gateway integration with HiPath WLAN supports SSID VNSs when used in conjunction with MAC-based external captive portal authentication.
hwc_vnsintro.fm Virtual Network Services concepts NAC integration with HiPath WLAN NAC RADIUS DCHP HiPath Wireless Controller Wireless AP Figure 12 HiPath WLAN and NAC integration with external captive portal authentication Step 1 • The client laptop connects to the Wireless AP. • The Wireless AP determines that authentication is required, and sends an association request to the HiPath Wireless Controller.
hwc_vnsintro.fm Virtual Network Services concepts NAC integration with HiPath WLAN Step 3 • The RADIUS server evaluates the access-request and sends an Access-Accept message back to the NAC. • The NAC receives the access-accept packet. Using its local database, the NAC determines the correct policy to apply to this client laptop and updates the access-accept packet with the policy assignment. The updated Access-Accept message is forwarded to the HiPath Wireless Controller and Wireless AP.
hwc_vnsintro.fm Virtual Network Services concepts Wireless AP assignment to WLAN Services 5.4 Wireless AP assignment to WLAN Services The second step in setting up a VNS is to assign Wireless APs to a VNS through the associated WLAN Services. From the Wireless APs box of the WLAN Services tab, you assign APs to a WLAN Service and SSID definitions. Once you have assigned a Wireless AP Radio to eight WLAN Services/VNSs, it will not appear in the list for another WLAN Service setup.
hwc_vnsintro.fm Virtual Network Services concepts Authentication for a VNS enable users to supply their user name and password. The user name and password are sent to the configured RADIUS server for authentication.
hwc_vnsintro.fm Virtual Network Services concepts Authentication for a VNS If a specific filter ID is not defined or returned by the access-accept packet operation, the HiPath Wireless Controller assigns the VNS' default policy for authenticated users. 5.5.
hwc_vnsintro.fm Virtual Network Services concepts Filtering Until the access-accept packet is received from the RADIUS server for a specific user, the user is kept in an unauthenticated state. 802.1x rules dictate no other packets other than EAP are allowed to traverse between the AP and the HiPath Wireless Controller until authentication completes.
hwc_vnsintro.fm Virtual Network Services concepts Filtering • Exception filter – Protect access to a system's own interfaces. VNS exception filters are applied to the traffic intended for the HiPath Wireless Controller's own interface point of presence in the network. These filters are applied after the policy-based assigned filters are evaluated. • Multicast filtering – These filters define a list of multicast groups whose traffic is allowed to be forwarded to and from the VNS.
hwc_vnsintro.fm Virtual Network Services concepts Filtering • Authentication by captive portal The non-authenticated filter will apply before authentication. Specific network access can be defined. The filter should also include a rule to allow all users to get as far as the Captive Portal Web page where the user can enter login identification for authentication. When authentication is returned, the filter ID determines what Policy, and therefore filters, are applied.
hwc_vnsintro.fm Virtual Network Services concepts Multicast traffic The child VNS concept is deprecated, with child VNSs becoming just pure Policy definitions, assigned by the authentication action. The RADIUS client or Security Manager applies legacy decision rules to pick the correct Policy name if the “Restrict Policy Set” feature is selected for the VNS. 5.7 Multicast traffic A mechanism that supports multicast traffic can be enabled as part of a topology definition.
hwc_vnsintro.fm Virtual Network Services concepts QoS Policy • Enterprise – Specifies 802.1x authentication and requires an authentication server • Pre-Shared Key (PSK) – Relies on a shared secret. The PSK is a shared secret (pass-phrase) that must be entered in both the Wireless AP or router and the WPA clients. Note: To achieve the strongest encryption protection for your VNS, it is recommended to use WPA v.1 or WPA v.2. 5.
hwc_vnsintro.fm Virtual Network Services concepts Flexible Client Access (FCA) • • 2 clients @ 6Mbps get media access of 3Mbps each = 6Mbps total • Client1 @ 300Mbps + Client2 @ 6Mbps get media access of 5.88Mbps each = 11.76Mbps total Airtime fairness – Each WLAN participant gets equal time access. – WLAN clients will show throughput proportional to the PHY rate. – Provides better overall throughput.
hwc_vnsintro.fm Virtual Network Services concepts Flexible Client Access (FCA) 242 9034530-02, March 2010 HiPath Wireless Controller, Access Points and Convergence Software V7.
hwc_vnsconfiguration.
hwc_vnsconfiguration.fm Configuring a VNS High level VNS configuration flow You can use the VNS Creation Wizard to guide you through the necessary steps to create a virtual network service (and the necessary subcomponents during the process). The end result is a fully resolved set of elements and an active service. The recommended order of configuration events is: 1.
hwc_vnsconfiguration.fm Configuring a VNS VNS global settings 6.1.1 Controller defaults The default shipping HiPath Wireless Controller configuration does not include any pre-configured WLAN Services, VNSs, or Policies. The HiPath Wireless Controller system does ship with Topology entities representing each of it's physical interfaces, plus an admin interface.
hwc_vnsconfiguration.fm Configuring a VNS VNS global settings • DAS (Dynamic Authorization Service) – • • Wireless QoS, comprising Admission Control Thresholds and Flexible Client Access Fairness Policy. – Admission control thresholds protect admitted traffic against overloads, provide distinct thresholds for VO (voice) and VI (video), and distinct thresholds for roaming and new streams.
hwc_vnsconfiguration.fm Configuring a VNS VNS global settings name of the corresponding configuration object, its synchronization mode, and the status of last synchronization attempt. For more information, see Section 6.2.7, “Using the Sync Summary”, on page 256. 6.2.1 Defining RADIUS servers and MAC address format The Authentication global settings include configuring RADIUS servers and the MAC format to be used. To define RADIUS servers for VNS global settings: 1.
hwc_vnsconfiguration.fm Configuring a VNS VNS global settings 4. In the Server Alias box, type a name that you want to assign to the RADIUS server. Note: You can also type the RADIUS server’s IP address in the Server Alias box in place of a nickname. The RADIUS server will identify itself by the value typed in the Server Alias box in the RADIUS Servers drop down list on the RADIUS Authentication tab of the Login Management screen (Main Menu > Wireless Controller Configuration > Login Management).
hwc_vnsconfiguration.fm Configuring a VNS VNS global settings 7. To proofread your shared secret key, click Unmask. The password is displayed. Note: You should always proofread your Shared Secret key to avoid any problems later when the HiPath Wireless Controller attempts to communicate with the RADIUS server. 8. If desired, change the Default Protocol using the drop down list. Choices are PAP, CHAP, MS-CHAP, or MS-CHAP2. 9.
hwc_vnsconfiguration.fm Configuring a VNS VNS global settings 12. To remove a server from the list, select the checkbox next to the server, and then click Delete Selected. You can not remove a server that is used by any VNS. To configure the global MAC address format: 1. From the main menu, click Virtual Network Configuration. The Virtual Network Configuration screen is displayed. 2. In the left pane, click Global, then Authentication. 3.
hwc_vnsconfiguration.fm Configuring a VNS VNS global settings 3. In the Port box, type the UDP port you want DAS to monitor. By default, DAS is configured for the standard-specified UDP port 3799. It is unlikely this port value needs to be revised. 4. In the Replay Interval box, type how long you want DAS to ignore repeated identical messages. By default, DAS is configured for 300 seconds. This time buffer helps defend against replay network attacks. 5. To save your changes, click Save. 6.2.
hwc_vnsconfiguration.fm Configuring a VNS VNS global settings 3. In the Admission Control Thresholds area, define the thresholds for the following: • Max Voice (VO) BW for roaming streams – The maximum allowed overall bandwidth on the new AP when a client with an active voice stream roams to a new AP and requests admission for the voice stream. • Max Voice (VO) BW for new streams – The maximum allowed overall bandwidth on an AP when an already associated client requests admission for a new voice stream.
hwc_vnsconfiguration.fm Configuring a VNS VNS global settings • Airtime fairness gives each WLAN participant the same (equal) time access. WLAN clients’ throughput will be proportional to their PHY rate. To define flexible client access for VNS global settings: 1. From the main menu, click Virtual Network Configuration. The Virtual Network Configuration screen is displayed. 2. In the left pane, click Global, then click Wireless QoS. 3.
hwc_vnsconfiguration.fm Configuring a VNS VNS global settings The bandwidth control profiles you define on the VNS Global Settings screen are displayed as available choices in the Bandwidth Control Profiles list on the Policy screen. To create a bandwidth control profile: 1. From the main menu, click Virtual Network Configuration. The Virtual Network Configuration screen is displayed. 2. In the left pane, click Global, then click Bandwidth Control. 3.
hwc_vnsconfiguration.fm Configuring a VNS VNS global settings • An Outbound Rate Profile • A set of filters To configure the topology and rate profiles: 1. From the main menu, click Virtual Network Configuration. The Virtual Network Configuration screen is displayed. 2. In the left pane, click Global, then click Default Policy. 3. Select the VLAN & Class of Service tab. 4.
hwc_vnsconfiguration.fm Configuring a VNS VNS global settings Edit or create the rate control profile as described in Section 6.10, “Configuring Policy”, on page 350. To configure the filters: 1. Click the Filter Rules tab. The HWC Filters tab displays, allowing you to create filter rules that will be applied by the controller when default nonauthentication policy does not specify filters. 2. To add a rule, click Add. The fields in the Add Filter area are enabled. 3. Configure the fields as desired.
hwc_vnsconfiguration.fm Configuring a VNS VNS global settings If Synchronization of an object is enabled, then the "Status" field can have the following values: • Synchronized • Not Synchronized • Failed • Conflict (with a button called "Resolve") The checkbox "Enable Synchronization of System Configuration" acts as a global synchronization flag. When it's disabled, synchronization is not performed in the background. When it is enabled, only the objects that have "Sync" enabled are synchronized.
hwc_vnsconfiguration.fm Configuring a VNS Methods for configuring a VNS 6.3 Methods for configuring a VNS To configure a VNS, you can use one of the following methods: • Wizard configuration – The VNS wizard helps create and configure a new VNS by prompting administrators for a minimum amount of configuration information. The VNS is created using minimum parameters. The remaining parameters are automatically assigned in accordance with best practice standards.
hwc_vnsconfiguration.fm Configuring a VNS Working with the VNS wizard to create a new VNS 6.4 Working with the VNS wizard to create a new VNS The VNS wizard helps create and configure a new VNS by prompting administrators for a minimum amount of configuration information during the sequential configuration process. After the VNS wizard completes the VNS creation process, you can then continue to configure or revise any of the VNS configuration to suit your network needs.
hwc_vnsconfiguration.fm Configuring a VNS Working with the VNS wizard to create a new VNS • VNS Name – The name that will be assigned to the VNS and SSID. • IP Address – The IP address of the HiPath Wireless Controller’s interface on the VLAN. • Mask – The subnet mask for the IP address to separate the network portion from the host portion of the address. • VLAN ID – ID number of the VLAN to which the HiPath Wireless Controller is bridged for the VNS.
hwc_vnsconfiguration.fm Configuring a VNS Working with the VNS wizard to create a new VNS 5. Do the following: • In the IP address box, type the IP address of the HiPath Wireless Controller’s interface on the VLAN. • In the Mask box, type the appropriate subnet mask for this IP address to separate the network portion from the host portion of the address (typically 255.255.255.0). • In the VLAN ID box, type the VLAN tag to which the HiPath Wireless Controller will be bridged for the VNS.
hwc_vnsconfiguration.fm Configuring a VNS Working with the VNS wizard to create a new VNS 7. To close the VNS wizard, click Close. 8. If applicable, you can continue to configure or edit the new VNS by clicking the individual VNS configuration tabs. 6.4.2 Creating a voice VNS using the VNS wizard Use the VNS wizard to create a voice-specific VNS that can support various wireless telephones, including optiPoint, Spectralink, Vocera, and Mobile Connect - Nokia.
hwc_vnsconfiguration.fm Configuring a VNS Working with the VNS wizard to create a new VNS To configure a voice VNS using the VNS wizard: 1. From the main menu, click Virtual Network Configuration. The Virtual Network Configuration screen is displayed. 2. In the left pane, expand the New pane, then click START VNS WIZARD. The VNS Creation Wizard screen is displayed. 3. Click Start VNS Wizard. The VNS Creation Wizard screen is displayed. 4. In the Name box, type a name for the voice VNS. 5.
hwc_vnsconfiguration.fm Configuring a VNS Working with the VNS wizard to create a new VNS the VNS) as the default gateway for the VNS subnet. (Mobile users target the HiPath Wireless Controller's interface in their effort to route packets to an external host). b) Mask – Type the appropriate subnet mask for this IP address to separate the network portion from the host portion of the address (typically 255.255.255.0).
hwc_vnsconfiguration.fm Configuring a VNS Working with the VNS wizard to create a new VNS i) Enable DHCP – If applicable, select this checkbox to enable DHCP authentication for the new voice VNS. 7. Click Next. If the Enable Authentication checkbox is selected, you now must configure the Authentication properties of the new voice VNS. Continue with step 8. If the Enable Authentication checkbox is clear, you must now configure the DHCP properties of the new voice VNS. Continue with step 10. 8.
hwc_vnsconfiguration.fm Configuring a VNS Working with the VNS wizard to create a new VNS HiPath Wireless Controller's interface IP as the default Gateway (router) for the subnet. (Users intending to reach devices outside of the subnet will forward the packets to the default gateway (controller) for delivery upstream.) • Local DHCP Server – If applicable, edit the local DHCP server settings. 11. In the DNS Servers box, type the IP Address of the Domain Name Servers to be used. 12.
hwc_vnsconfiguration.fm Configuring a VNS Working with the VNS wizard to create a new VNS accept WMM client associations, and will classify and prioritize the downlink traffic for all WMM clients. WMM clients will also classify and prioritize the uplink traffic. 17. Click Next. The Summary screen is displayed. 18. Confirm your voice VNS configuration. To revise your configuration, click Back. 19. To create your VNS, click Finish, and then click Close. 20.
hwc_vnsconfiguration.fm Configuring a VNS Working with the VNS wizard to create a new VNS • Enabled – By default, the Enabled checkbox for the new VNS is enabled. A VNS must be enabled for it to be able to provide service for mobile user traffic. • Type – Click the type of network assignment for the VNS. There are two options for network assignment, Disabled or 802.1x..
hwc_vnsconfiguration.fm Configuring a VNS Working with the VNS wizard to create a new VNS a) Tagged – Select if you want to assign this VNS to a specific VLAN. b) VLAN ID – Type the VLAN tag to which the HiPath Wireless Controller will be bridged for the data VNS. c) Untagged – Select if you want this VNS to be untagged. This option is selected by default. d) Enable Authentication – If applicable, select this checkbox to enable authentication for the new data VNS.
hwc_vnsconfiguration.fm Configuring a VNS Working with the VNS wizard to create a new VNS • MAC-based Authentication – Select to enable the RADIUS server to perform MAC-based authentication on the data VNS. If applicable, and the MAC-based authentication option is enabled, select to enable MAC-based authorization on roam. 9. Click Next. The DHCP screen is displayed, if DHCP was enabled previously. 10.
hwc_vnsconfiguration.fm Configuring a VNS Working with the VNS wizard to create a new VNS 16. Click Next. The Privacy screen is displayed. 17. On the Privacy screen, select one of the following: • Static Keys – Select to configure static keys. Then enter: – WEP Key Length – Click the WEP encryption key length: 64 bit, 128 bit, or 152 bit. – Select an Input Method: Input Hex – type the WEP key input in the WEP Key box. The key is generated automatically based on the input.
hwc_vnsconfiguration.fm Configuring a VNS Working with the VNS wizard to create a new VNS • In the Pre-shared key box, type the shared secret key to be used between the wireless device and Wireless AP. The shared secret key is used to generate the 256-bit key. – Mask/Unmask – Click to display or hide your shared secret key. 18. Click Next. The Radio Assignment screen is displayed. 19.
hwc_vnsconfiguration.fm Configuring a VNS Working with the VNS wizard to create a new VNS If the HiPath Wireless Controller is configured to be part of an availability pair, you can chose to synchronize the VNS on the secondary HiPath Wireless Controller. See Chapter 7, “Availability and session availability” for more information. 6.4.4 Creating a Captive Portal VNS using the VNS wizard Use the VNS wizard to create a Captive Portal VNS.
hwc_vnsconfiguration.fm Configuring a VNS Working with the VNS wizard to create a new VNS To configure an internal Captive Portal VNS using the VNS wizard: 1. From the main menu, click Virtual Network Configuration. The Virtual Network Configuration screen is displayed. 2. In the left pane, expand the New pane, then click START VNS WIZARD. The VNS Creation Wizard screen is displayed. 3. In the Name box, type a name for the Captive Portal VNS. 4.
hwc_vnsconfiguration.fm Configuring a VNS Working with the VNS wizard to create a new VNS d) Enable Authentication – By default, this option is selected if the VNS Type is Internal Captive Portal, which enables authentication for the new Captive Portal VNS. e) Enable DHCP – By default, this option is selected if the VNS Type is Internal Captive Portal, which enables DHCP authentication for the new Captive Portal VNS.
hwc_vnsconfiguration.fm Configuring a VNS Working with the VNS wizard to create a new VNS – Authentication – By default, this option is selected if the VNS Type is Internal Captive Portal, which enables the RADIUS server to perform authentication on the Captive Portal VNS. – MAC-based Authentication – Select to enable the RADIUS server to perform MAC-based authentication on the Captive Portal VNS.
hwc_vnsconfiguration.fm Configuring a VNS Working with the VNS wizard to create a new VNS • Exception – Protects access to the HiPath Wireless Controller’s own interfaces, including the VNSs own interface. VNS exception filters are applied to user traffic intended for the HiPath Wireless Controller's own interface point on the VNS. These filters are applied after the user's specific VNS state assigned filters.
hwc_vnsconfiguration.fm Configuring a VNS Working with the VNS wizard to create a new VNS • • To enable WPA v2-type encryption, select WPA v.2. The other options for this drop-down list are: – Auto – If you click Auto, the Wireless AP advertises both TKIP and CCMP (counter mode with cipher block chaining message authentication code protocol). CCMP is an IEEE 802.11i encryption protocol that uses the encryption cipher AES (Advanced Encryption Standard).
hwc_vnsconfiguration.fm Configuring a VNS Working with the VNS wizard to create a new VNS • If applicable, select the WMM checkbox. WMM (Wi-Fi Multimedia), if enabled on an individual VNS, provides multimedia enhancements that improve the user experience for audio, video, and voice applications. WMM is part of the 802.11e standard for QoS. If enabled, the AP will accept WMM client associations, and will classify and prioritize the downlink traffic for all WMM clients.
hwc_vnsconfiguration.fm Configuring a VNS Working with the VNS wizard to create a new VNS If configuring a routed external Captive Portal VNS Do the following: a) Gateway – Type the HiPath Wireless Controller's own IP address in that VNS. This IP address is the default gateway for the VNS. The HiPath Wireless Controller advertises this address to the wireless devices when they sign on.
hwc_vnsconfiguration.fm Configuring a VNS Working with the VNS wizard to create a new VNS d) VLAN ID – Type the VLAN tag to which the HiPath Wireless Controller will be bridged for the VNS. e) HWC Connection – Click the HiPath Wireless Controller IP address. Also type the port of the HiPath Wireless Controller in the accompanying box.
hwc_vnsconfiguration.fm Configuring a VNS Working with the VNS wizard to create a new VNS • MAC-based Authentication – Select to enable the RADIUS server to perform MAC-based authentication on the Captive Portal VNS. If the MAC-based authentication option is enabled, select to enable MAC-based authorization on roam, if applicable. • Accounting – Select to enable the RADIUS server to perform accounting on the Captive Portal VNS. 8. Click Next. 9.
hwc_vnsconfiguration.fm Configuring a VNS Working with the VNS wizard to create a new VNS • Exception – Protects access to the HiPath Wireless Controller’s own interfaces, including the VNSs own interface. VNS exception filters are applied to user traffic intended for the HiPath Wireless Controller's own interface point on the VNS. These filters are applied after the user's specific VNS state assigned filters.
hwc_vnsconfiguration.fm Configuring a VNS Working with the VNS wizard to create a new VNS – To enable WPA v2-type encryption, select WPA v.2. The other options for this drop-down list are: Auto – If you click Auto, the Wireless AP advertises both TKIP and CCMP (counter mode with cipher block chaining message authentication code protocol). CCMP is an IEEE 802.11i encryption protocol that uses the encryption cipher AES (Advanced Encryption Standard).
hwc_vnsconfiguration.fm Configuring a VNS Working with a GuestPortal VNS • If applicable, select the WMM checkbox. WMM (Wi-Fi Multimedia), if enabled on an individual VNS, provides multimedia enhancements that improve the user experience for audio, video, and voice applications. WMM is part of the 802.11e standard for QoS. If enabled, the AP will accept WMM client associations, and will classify and prioritize the downlink traffic for all WMM clients.
hwc_vnsconfiguration.fm Configuring a VNS Working with a GuestPortal VNS • Filter settings • Privacy settings • Radio assignment settings • Summary Setting up a GuestPortal Use the following high-level description to set up a GuestPortal on your system: Step 1 – Create a GuestPortal VNS The GuestPortal VNS can be created as a new VNS or can be configured from an already existing VNS. For more information, see Section 6.5.1, “Creating a GuestPortal VNS”, on page 286.
hwc_vnsconfiguration.fm Configuring a VNS Working with a GuestPortal VNS 3. Click on the VNS you want to configure as a GuestPortal VNS. The VNS configuration window Core tab is displayed. 4. Select a preconfigured WLAN Service and click Edit, or press New to create a new WLAN Service. 5. In the Edit WLAN Service window, click the Auth & Acct tab. 6. In the Authentication Mode drop-down list, click GuestPortal. 7. To save your changes, click Save. To create a new GuestPortal VNS using the VNS wizard: 1.
hwc_vnsconfiguration.fm Configuring a VNS Working with a GuestPortal VNS – In the Gateway box, type the HiPath Wireless Controller's own IP address in that VNS. This IP address is the default gateway for the VNS. The HiPath Wireless Controller advertises this address to the wireless devices when they sign on. For routed VNSs, it corresponds to the IP address that is communicated to mobile users (in the VNS) as the default gateway for the VNS subnet.
hwc_vnsconfiguration.fm Configuring a VNS Working with a GuestPortal VNS 7. Configure the DHCP settings. In the DHCP Option drop-down list, click one of the following: • Use DHCP Relay – Using DHCP relay forces the HiPath Wireless Controller to forward DHCP requests to an external DHCP server on the enterprise network. DHCP relay bypasses the local DHCP server for the HiPath Wireless Controller and allows the enterprise to manage IP address allocation to a VNS from its existing infrastructure.
hwc_vnsconfiguration.fm Configuring a VNS Working with a GuestPortal VNS 11. Configure the VNS filtering settings: 12. In the Filter ID drop-down list, click one of the following: • Authenticated – Controls network access after the user has been authenticated. • Non-authenticated – Controls network access and to direct users to a Captive Portal Web page for login. 13.
hwc_vnsconfiguration.fm Configuring a VNS Working with a GuestPortal VNS • Input String – If you select Input String, type the secret WEP key string used for encrypting and decrypting in the Strings box. The WEP Key box is automatically filled by the corresponding Hex code. • WPA-PSK – Select to use a Pre-Shared Key (PSK), or shared secret for authentication. WPA-PSK (Wi-Fi Protected Access Pre-Shared key) is a security solution that adds authentication to enhanced WEP encryption and key management.
hwc_vnsconfiguration.fm Configuring a VNS Working with a GuestPortal VNS 18. Configure the radio assignments: • In the AP Default Settings section, select the radios of the AP default settings profile that you want to broadcast the VNS. • In the AP Selection section, select the group of APs that will broadcast the VNS: • • all radios – Click to assign all of the APs’ radios. • radio 1 – Click to assign only the APs’ Radio 1. • radio 2– Click to assign only the APs’ Radio 2.
hwc_vnsconfiguration.fm Configuring a VNS Creating a VNS using the advanced method 20. Confirm your VNS configuration. To revise your configuration, click Back. 21. To create your VNS, click Finish, and then click Close. If the HiPath Wireless Controller is configured to be part of an availability pair, you can chose to synchronize the VNS on the secondary HiPath Wireless Controller. 22. If applicable, you can continue to configure or edit the new VNS by clicking the individual VNS configuration tabs. 6.
hwc_vnsconfiguration.fm Configuring a VNS Working with existing VNSs The following procedure lists the steps necessary to create a VNS in advanced mode. Each step references a section in this document that describes the full details. Follow the links provided to go directly to the appropriate sections. To create a VNS using advanced configuration: 1. From the main menu, click Virtual Network Configuration. The Virtual Network Configuration screen is displayed. 2.
hwc_vnsconfiguration.fm Configuring a VNS Working with existing VNSs • Deleting a VNS Also, as with creating a new VNS, you can: • Configure a topology for the VNS • Configure a policy for the VNS • Configure WLAN services for the VNS • Configure additional policies for the VNS 6.7.1 Enabling and disabling a VNS By default, when a new VNS is created, the VNS is added to the system as an enabled VNS. A VNS can be enabled or disabled.
hwc_vnsconfiguration.fm Configuring a VNS Configuring a Topology 6.7.2 Renaming a VNS To rename a VNS: 1. From the main menu, click Virtual Network Configuration. The Virtual Network Configuration screen is displayed. 2. In the left pane expand the Virtual Networks pane, then select the VNS you want to rename. 3. On the Core tab, in the VNS Name field, enter the new name. 4. Click Save. The VNS is renamed. 6.7.3 Deleting a VNS You can delete a VNS that is no longer necessary. To delete a VNS: 1.
hwc_vnsconfiguration.
hwc_vnsconfiguration.fm Configuring a VNS Configuring a Topology • Bridge Traffic Locally at HWC – Requires Layer 2 configuration. May optionally have Layer 3 configuration. Layer 3 configuration would be necessary if services (such as DHCP, captive portal, etc.) are required over the configured network segment, or if controller management operations are intended to be done through the configured interface. 5. Configure the Layer 2 parameters, depending on the previously selected Mode.
hwc_vnsconfiguration.fm Configuring a VNS Configuring a Topology To enable management traffic for a topology: 1. From the main menu, click either Wireless Controller Configuration or Virtual Network Configuration. Then, in the left pane, select Topology or Topologies. The Topologies window displays. 2. Select the desired physical or routed topology. If the Layer 3 parameters are not displayed, check the Layer 3 checkbox. 3. Select the Management Traffic checkbox. 4. To save your changes, click Save. 6.8.
hwc_vnsconfiguration.fm Configuring a VNS Configuring a Topology devices when they sign on. For routed VNSs, it corresponds to the IP address that is communicated to MUs (in the VNS) as the default gateway for the VNS subnet. (MUs target the HiPath Wireless Controller's interface in their effort to route packets to an external host). b) In the Mask field, type the appropriate subnet mask for the IP address. to separate the network portion from the host portion of the address (typically, 255.255.255.0).
hwc_vnsconfiguration.fm Configuring a VNS Configuring a Topology To configure DHCP options: 1. On the Topology page, from the DHCP drop-down list, select one of the following options and click the Configure button. • Local Server if the HiPath Wireless Controller's local DHCP server is used for managing IP address allocation. • Use Relay if the HiPath Wireless Controller forwards DHCP requests to an external DHCP server on the enterprise network.
hwc_vnsconfiguration.fm Configuring a VNS Configuring a Topology as the default gateway for the subnet. (wireless clients target the HiPath Wireless Controller's interface in their effort to route packets to an external host). For a Bridge traffic locally at the HWC topology, the IP address corresponds to the HiPath Wireless Controller's own point of presence on the VLAN. In this case, the controller's interface is typically not the gateway for the subnet.
hwc_vnsconfiguration.fm Configuring a VNS Configuring a Topology 3. If you selected Use Relay, the following window displays. a) in the DHCP Servers box, type the IP address of the DHCP server to which DHCP discover and request messages will be forwarded for clients on this VNS. The HiPath Wireless Controller does not handle DHCP requests from users, but instead forwards the requests to the indicated DHCP server. Note: The DHCP Server must be configured to match the topology settings.
hwc_vnsconfiguration.fm Configuring a VNS Configuring a Topology 3. In the Layer 3 area, click the Configure button. The DHCP configuration dialog window displays. 4. In the Next Hop Address box, type the IP address of the next hop router on the network through which you wish all traffic on the VNS using this Topology to be directed. 5. In the OSPF Route Cost box, type the OSPF cost of reaching the VNS subnet.
hwc_vnsconfiguration.fm Configuring a VNS Configuring a Topology is handled directly behind the scenes by the system, rolling and un-rolling canned filters as the system's topology and defined access privileges for an interface change. Note: An interface for which Allow Management is enabled, can be reached by any other interface. By default, Allow Management is disabled and shipped interface filters will only permit the interface to be visible directly from it's own subnet.
hwc_vnsconfiguration.fm Configuring a VNS Configuring a Topology 3. For each filtering rule you are defining, do the following: • In the IP/subnet:port box, type the destination IP address. You can also specify an IP range, a port designation, or a port range on that IP address. • In the Protocol drop-down list, click the applicable protocol. The default is N/A. • Click OK to add the user-defined rule to the rule table. 4.
hwc_vnsconfiguration.fm Configuring a VNS Configuring a Topology 6.8.4 Multicast filtering A mechanism that supports multicast traffic can be enabled as part of a topoloty definition. This mechanism is provided to support the demands of VoIP and IPTV network traffic, while still providing the network access control. Note: To use the mobility feature with this topology, you must select the Enable Multicast Support checkbox for the data port.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services 5. To enable the wireless multicast replication for this group, select the corresponding Wireless Replication checkbox. 6. To modify the priority of the multicast groups, click the group row, and then click the Up or Down buttons. A Deny All rule is automatically added as the last rule, IP = *.*.*.* and the Wireless Replication checkbox is not selected. This rule ensures that all other traffic is dropped. 7.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services 6.9.1 Configuring a WLAN Service This section describes how to create a new or edit an existing WLAN Service, including assigning Wireless APs to the service. Following sections describe how to configure Privacy, Authentication and Accounting, and QoS for a WLAN Service. 6.9.1.1 Third-party AP WLAN Service Type For more information, see Chapter 9, “Working with third-party APs”.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services 3. In the Core area, enter the Name and SSID of the service and select the service Type. 4. In the Status area, select Synchronize if desired. Enabling this feature allows availability pairs to be automatically synchronized. 5. The service is enabled by default. 6. Click Save. If you are creating a new service, the WLAN Services configuration window is redisplayed, allowing you to assign Wireless APs to the service. 6.9.1.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services You can also use the Select APs list, to select APs and their radios by grouping: • all radios – Click to assign all of the APs’ radios. • radio 1 – Click to assign only the APs’ Radio 1. • radio 2– Click to assign only the APs’ Radio 2. • local APs - all radios – Click to assign only the local APs. • local APs - radio 1 – Click to assign only the local APs’ Radio 1.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services 6. In the Timeout area, do the following: • Idle: (pre) – Specify the amount of time in minutes that a Mobile user can have a session on the controller in pre-autheticated state but no active traffic is passed. The session will be terminated if no active traffic is passed within this time. The default value is 5 minutes.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services 6.9.2 Configuring privacy Privacy is a mechanism that protects data over wireless and wired networks, usually by encryption techniques. The HiPath Wireless Controller provides several privacy mechanism to protect data over the WLAN. There are five privacy options: • None • Static Wired Equivalent Privacy (WEP) – Keys for a selected VNS, so that it matches the WEP mechanism used on the rest of the network.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services • Uses RADIUS protocols for authentication and key distribution • Centralizes management of user credentials The encryption portion of WPA v1 is Temporal Key Integrity Protocol (TKIP).
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services • Step five – If the wireless device client is authenticated, the HiPath Wireless Controller distributes encryption keys to the Wireless AP and the wireless client. • Step six – The wireless device client gains network access via the Wireless AP, sending and receiving encrypted data. The traffic is controlled with permissions and policy applied by the HiPath Wireless Controller. 6.9.2.2 Wireless 802.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services • Pre-authentication • Opportunistic Keying & Pre-auth The following sections explain the key management options. None The wireless client device performs a complete 802.1x authentication each time it associates or tries to connect to a Wireless AP. Opportunistic Keying Opportunistic Keying or opportunistic key caching (OKC) enables the client devices to roam fast and securely from one Wireless AP to another in 802.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services 6.9.2.4 Configuring WLAN Service privacy To configure privacy: 1. If the WLAN Service configuration page is not already displayed, from the main menu, click either Wireless Controller Configuration or Virtual Network Configuration. Then, in the left pane, select WLAN Services. The WLAN Services window displays. 2. Select the desired service to edit from the left pane. The WLAN Service configuration page is displayed. 3.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services c) To save your changes, click Save. 5. If you select Dynamic Keys, click Save to save your changes. 6. If you select WPA, do the following: a) To enable WPA v1 encryption, select WPA v.1. Then, click one of the following encryption types from the Encryption drop-down list: • Auto – The AP will advertise both TKIP and CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) for WPAv1. CCMP is an IEEE 802.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services • None – The mobile units (client devices) performs a complete 802.1X authentication each time it associates or connects to a Wireless AP. • Opportunistic Keying – Enables secure fast roaming (SFR) of mobile units. For more information, see Opportunistic Keying on page 316. • Pre-authentication – Enables seamless roaming. For more information, see Pre-authentication on page 316.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services b) To enable WPA v2-type encryption, select WPA v.2. Then, click one of the following encryption types from the Encryption drop-down list: • Auto – If you click Auto, the Wireless AP advertises both TKIP and CCMP (counter mode with cipher block chaining message authentication code protocol). CCMP is an IEEE 802.11i encryption protocol that uses the encryption cipher AES (Advanced Encryption Standard). Auto is the default.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services 6.9.3.1 Vendor Specific Attributes In addition to the standard RADIUS message, you can include Vendor Specific Attributes (VSAs). The Controller, Access Points and Convergence Software authentication mechanism provides six VSAs for RADIUS and other authentication mechanisms.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services • HiPath Wireless Controller accounting – Enables the HiPath Wireless Controller to generate Call Data Records (CDRs), containing usage information about each wireless session. CDR generation is enabled on a per VNS basis. For more information on CDRs, refer to section Section 11.3, “Call Detail Records (CDRs)”, on page 443.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services The server name is added to the Server table of assigned RADIUS servers. The selected server is no longer available in the RADIUS servers drop-down list. The RADIUS servers are defined on the Global Settings screen. For more information, see Section 6.2.1, “Defining RADIUS servers and MAC address format”, on page 247. 6. In the Server table, select the checkbox in the Acct column to enable accounting for each applicable RADIUS server. 7.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services AP. The wireless device's client utility must support 802.1x. The user's EAP packets request for network access along with login identification or a user profile is forwarded by the HiPath Wireless Controller to a RADIUS server. Captive Portal authentication For Captive Portal authentication, the wireless device connects to the network, but can only access the specific network destinations defined in the nonauthenticated filter.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services MAC-based authentication can be set up on any type of WLAN Service. To set up a RADIUS server for MAC-based authentication, you must set up a user account with UserID=MAC and Password=MAC (or a password defined by the administrator) for each user. Specifying a MAC address format and policy depends on which RADIUS server is being used. If MAC-based authentication is to be used in conjunction with the 802.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services MAC-based authorization on roam – If MAC-based authentication is enabled, select the MAC-based authorization on roam checkbox. Note: Only select this checkbox if you want your clients to be authorized every time they roam to another Wireless AP. If this option is not enabled, and MAC-based authentication is in use, the client is authenticated only at the start of a session. 5.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services 6.9.3.5 Configuring assigned RADIUS servers Configuring assigned RADIUS servers for a VNS can include the following: • Defining common RADIUS settings • Defining RADIUS settings for individual RADIUS servers • Testing RADIUS server connections • Viewing the RADIUS server configuration summary • Removing assigned RADIUS servers To define common RADIUS settings: 1. From the main menu, click Virtual Network Configuration.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services 5. For NAS IP Address, accept the default of “Use VNS IP address” or de-select the checkbox and type the IP address of a Network Access Server (NAS). 6. For NAS Identifier, accept the default of “Use VNS name” or type the Network Access Server (NAS) identifier. The NAS identifier is a RADIUS attribute that identifies the server responsible for passing information to designated RADIUS servers and then acting on the response returned. 7.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services The RADIUS test is a test of connectivity to the RADIUS server, not of full RADIUS functionality. The HiPath Wireless Controller’s RADIUS connectivity test initiates an Access-Request, to which the RADIUS server will respond. If a response is received (either Access-Reject or Access-Accept), then the test is deemed to have succeeded. If a response is not received, then the test is deemed to have failed.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services 8. Click Close. 9. To save your changes, click Save. To view the RADIUS server configuration summary: 1. From the main menu, click Virtual Network Configuration. The Virtual Network Configuration screen is displayed. 2. In the left pane expand the WLAN Services pane, then click the WLAN Servicer. The WLAN Services configuration page is displayed. 3. Click the Auth & Acct tab. 4.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services 6.9.3.6 Defining a WLAN Service with no authentication You can set up a WLAN Service that will bypass all authentication mechanisms and run the HiPath Wireless Controller, Access Points and Convergence Software with no authentication of a wireless device user. A WLAN Service with no authentication can still control network access using filtering rules.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services for user id and password fields are not present since login information is not required when the user is re-directed to the authorization Web page. This type of Captive Portal could be used where the user is expected to read and accept some terms and conditions before being granted network access. To configure the Captive Portal settings for internal Captive Portal: 1. From the main menu, click Virtual Network Configuration.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services a) In the Header URL box, type the server location of the file to be displayed in the Header portion of the Captive Portal page. This page can be customized to suit your organization, with logos or other graphics. Caution: If you use logos or graphics, ensure that the graphics or logos are appropriately sized. Large graphics or logos may force the login section out of view.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services 10. In the right pane, select the appropriate checkboxes in both Header and Footer columns, if applicable, to include the following VSA Attributes in the message to the authentication server: • AP Serial • AP Name • VNS Name • SSID • MAC Address The selections influence what URL is returned in either section.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services 4. In the Authentication Mode drop-down list, click External, and then click Configure. The Captive Portal Settings screen is displayed. 5. In the HWC Connection drop-down list, click the IP address of the external Web server. 6. Type the port of the HiPath Wireless Controller.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services 4. In the Authenticationi Mode drop-down list, click GuestPortal, and then click Configure. The Captive Portal Settings screen is displayed. 5. In the GuestPortal section, do the following: • To add and configure guest user accounts, click Manage Guest Users. For more information, see Section 12.2.1, “Working with GuestPortal Guest administration”, on page 455. • To configure the GuestPortal ticket, click Configure Ticket Page.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services • In the Password Label box, type the text that will be displayed as a label for the user password field. • In the Submit Label box, type the text that will be displayed as a label for the submit button. 7. In the Communication Options section, do one of the following: • Manual Settings – Select this option if you want to manually define the location of the files that will be used for the header and footer of the Captive Portal page.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services 8. In the Replace Gateway IP with FQDN box, type the appropriate name if a Fully Qualified Domain Name (FQDN) is used as the gateway address. 9. In the Default Redirection URL box, type the URL to which the wireless device user will be directed to after authentication. 10. In the Specific Message URL box, type the URL of a document that will be displayed in a text frame on the Captive Portal login page.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services 5. In the Login Credentials section, do the following: • In the Submit Label box, type the text that will be displayed as a label for the submit button. This text should be “Accept” or something similar, since pressing the button will indicate that the user accepts the terms and conditions. 6.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services • Content to be used in the Captive Portal header must be in a file named portalheader.htm. • Content to be used in the Captive Portal footer must be in a file named portalfooter.htm. • The number of graphics and the size of the graphics is unlimited, and can be either .gif, .jpg, or .png. Note: The html files must only contain html. JavaScript, redirects, or dynamic CS is not permitted. 7.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services 13. To install a certificate for the internal Captive Portal page, refer to Section 3.4.8, “Installing certificates on the HiPath Wireless Controller”, on page 71. 14. Click Apply. 15. To see how the Captive Portal page you have designed will look, click View Sample Portal Page.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services • If Turbo Voice is enabled, together with QoS modes Legacy, WMM, or 802.11e, DL voice traffic is sent via Turbo Voice queue instead of voice queue. A separate turbo voice queue allows for some VNSs to use the Turbo Voice parameters for voice traffic, while other VNSs use the voice parameters for voice traffic. • If WMM mode is also enabled, WMM clients use Turbo Voice-like contention parameters for UL voice traffic. • If 802.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services • Works in conjunction with WMM and/or 802.11e, and it is automatically disabled if both WMM and 802.11e are disabled Step 6 – Configure Global Admission Control: • Enable admission control. Admission control protects admitted traffic against new bandwidth demands. Admission control is available for Voice and Video. • If admission control is enabled, you can configure the UL and DL policer action.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services • WMM (Wi-Fi Multimedia) – Enabled on individual WLAN Services, is a standard that provides multimedia enhancements that improve the user experience for audio, video, and voice applications. WMM is part of the 802.11e standard for QoS. • IP ToS (Type of Service) or DSCP (Diffserv Codepoint) – The ToS/DSCP field in the IP header of a frame is used to indicate the priority and Quality of Service for each frame.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services 6.9.4.3 Configuring the priority override Priority override allows you to define and force the traffic to a desired priority level. Priority override can be used with any combination, as displayed in Table 25. You can configure the service class and the DSCP values. When Priority Override is enabled, the configured service class overrides the queue selection in the downlink and uplink direction, the 802.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services To legacy client Traffic that is classified and prioritized x x x x x x x x From legacy client To WMM client x From WMM client To 802.11e client x From 802.11e client Table 25 x x x x x x x x x x x x x x QoS mode combinations The APs are capable of supporting 5 queues. The queues are implemented per radio. For example, 5 queues per radio.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services . VNS type Packet Source Packet type L2 L3 Tunneled Wired Untagged No Yes Branch Wired VLAN tagged Yes Yes Branch Wired Untagged No Yes Branch or Tunneled Wireless WMM Yes Yes Branch or Tunneled Wireless non-WMM No Yes Table 27 Traffic prioritization To configure QoS Policy: 1. From the main menu, click Virtual Network Configuration. The Virtual Network Configuration screen is displayed. 2.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services • 802.11e – Select to enable the AP to accept WMM client associations, and classify and prioritize the downlink traffic for all 802.11e clients. The 802.11e clients will also classify and prioritize the uplink traffic.
hwc_vnsconfiguration.fm Configuring a VNS Configuring WLAN Services • • Bronze (2) • Best Effort (1) • Background (0) – The lowest priority level DSCP marking – From the drop-down list, click the DSCP value used to tag the IP header of the encapsulated packets. When Priority Override is enabled, the configured service class forces queue selection in the downlink direction, the 802.1P user priority for the VLAN tagged Ethernet packets and the user priority for the wireless QoS packets (WMM or 802.
hwc_vnsconfiguration.fm Configuring a VNS Configuring Policy • DL Policer Action – If Use Global Admission Control for Voice (VO) or Use Global Admission Control for Video (VI) is enabled, click the action you want the Wireless AP to take when TSPEC violations occurring on the downlink direction are discovered: • Do nothing – Click to allow TSPEC violations to continue when they are discovered. Data transmissions will continue and no action is taken against the violating transmissions.
hwc_vnsconfiguration.fm Configuring a VNS Configuring Policy 6.10.1 Configuring VLAN and Class of Service for a Policy 1. From the main menu, click Virtual Network Configuration. The Virtual Network Configuration screen is displayed. 2. In the left pane expand the Policies pane and click the Policy you want to edit, or click the New button to create a new Policy. The Policy window is displayed. 3. Select the VLAN & Class of Service tab. 4. In the Core area, enter the name of the policy. 5.
hwc_vnsconfiguration.fm Configuring a VNS Configuring Policy 7. In the Add or Edit Rate Control Profile dialog, do the following: a) Enter the name of the new profile. b) Enter a value for the Average Rate (Committed Information Rate) in Kbps. c) Enable or disable synchronization. d) Click Add to save your changes and return to the VLAN & Class of Service tab. Refer to Section 6.2.5, “Working with bandwidth control profiles”, on page 253 for more information. 8.
hwc_vnsconfiguration.fm Configuring a VNS Configuring Policy • Non-authenticated • Default Configuring filtering rules for a Non-authenticated filter The rules for a Non-authenticated filter enable you to identify and manage the destinations to which a mobile device is allowed to gain access without undergoing an authentication redirection. Typically, the recommended default rule is to deny all.
hwc_vnsconfiguration.fm Configuring a VNS Configuring Policy • Default Gateway (VNS Interface IP) Any HTTP streams requested by the client for denied targets will be redirected to the specified location. The non-authenticated filter should allow access to the Captive Portal page IP address, as well as to any URLs for the header and footer of the Captive Portal page. This filter should also allow network access to the IP address of the DNS server and to the network address—the gateway of the Topology.
hwc_vnsconfiguration.fm Configuring a VNS Configuring Policy The HWC Filters tab automatically provides a Deny All rule already in place. Use this rule as the final rule in the non-authenticated filter for Captive Portal. 4. If you do not want the currently applied filter settings to change when this Policy is applied, check the Do not change checkbox. 5. To add a rule, click Add. The fields in the Add Filter area are enabled. 6.
hwc_vnsconfiguration.fm Configuring a VNS Configuring Policy 8. In the Protocol drop-down list, click the applicable protocol. The default is N/A. Refer to Section 6.10.4, “ICMP Type enforcement”, on page 358 for more information when selecting the ICMP protocol. Note: For Captive Portal assignment, define a rule to allow access to the default gateway for this controller. You should also configure a rule denying HTTP on the controller. 9. Click OK.
hwc_vnsconfiguration.fm Configuring a VNS Configuring Policy In Out Allow IP / Port x x x IP address of default Allow all incoming wireless devices gateway (VNS Interface access to the default gateway of the VNS. IP) x x x IP address of the DNS Server Allow all incoming wireless devices access to the DNS server of the VNS. x x *.*.*.* Deny everything else.
hwc_vnsconfiguration.fm Configuring a VNS Configuring Policy • Default filter – If no matching filter ID was returned from the authentication server. 6.10.3.2 Authenticated filter examples Below are two examples of possible filtering rules for authenticated users. The first example disallows some specific access before allowing everything else. In Out Allow IP / Port x x *.*.*.
hwc_vnsconfiguration.fm Configuring a VNS Configuring Policy • No filter ID attribute value is returned by the authentication server for this user. • No Policy match is found on the HiPath Wireless Controller for the filter ID value. The final rule in the default filter should be a catch-all rule for any traffic that did not match a filter. A final Allow All rule in a default filter will ensure that a packet is not dropped entirely if no other match can be found.
hwc_vnsconfiguration.fm Configuring a VNS Configuring Policy In Out Allow IP / Port Description x x x Allow access to the Gateway IP address of the VNS only x x x x Table 34 [Intranet IP] [Intranet IP, range] Deny all access to the VNS subnet range (such as 0/24) x *.*.*.*. Allow everything else Rules between two wireless devices 6.10.6 Defining filter rules for Wireless APs You can also apply filter rules on the Wireless AP.
hwc_vnsconfiguration.fm Configuring a VNS Configuring Policy 3. Click the Filter Rules tab. The HWC Filters tab displays. 4. Select the Enable AP Filtering checkbox. This enables the filter rules defined on the HWC Filters tab to be applied by Wireless APs. 5. If you want to configure additional filters for the APs, select the Custom AP Filters checkbox. An AP Filters tab is added to the window. Click the AP Filters tab to display it. 6. To add a rule, click Add.
hwc_vnsconfiguration.fm Configuring a VNS Working with a Wireless Distribution System 6.11 Working with a Wireless Distribution System A Wireless Distribution System (WDS) enables you to expand the wireless network by interconnecting the Wireless APs through wireless links in addition to the traditional method of interconnecting Wireless APs via a wired network. Note: The Scalance AP W788-2 and AP2605 do not support WDS.
hwc_vnsconfiguration.fm Configuring a VNS Working with a Wireless Distribution System Root Wireless AP Satellite Wireless AP HiPath Wireless Controller Client Devices Figure 14 Simple WDS configuration 6.11.2 Wireless Repeater configuration In Wireless Repeater configuration, a Repeater Wireless AP is installed between the Root Wireless AP and the Satellite Wireless AP. The Repeater Wireless AP relays the user traffic between the Root Wireless AP and the Satellite Wireless AP.
hwc_vnsconfiguration.fm Configuring a VNS Working with a Wireless Distribution System 6.11.3 Wireless Bridge configuration In Wireless Bridge configuration, the traffic between two Wireless APs that are connected to two separate wired LAN segments is bridged via WDS link. You may also install a Repeater Wireless AP between the two Wireless APs connected to two separate LAN segments.
hwc_vnsconfiguration.fm Configuring a VNS Working with a Wireless Distribution System In WDS deployment, one of the radios of every WDS Wireless AP establishes a WDS link on an exclusive WLAN Service. The WDS Wireless AP is therefore limited to seven network WLAN Services on the WDS radio. The other radio can interact with the client-devices on a maximum of eight WLAN Services. Note: The Root Wireless AP and the Repeater Wireless APs can also be configured to interact with the client-devices.
hwc_vnsconfiguration.fm Configuring a VNS Working with a Wireless Distribution System HiPath Wireless Controller Lancaster Ion Minoru Urso Dove Theodore Client Devices Figure 19 WDS setup with a single WDS WLAN Service The tree will operate as a single WDS entity. It will have a single WDS SSID and and a single pre-shared key for WDS links. This tree will have multiple roots. For more information, see Section 6.11.6.3, “Multi-root WDS topology”, on page 369.
hwc_vnsconfiguration.fm Configuring a VNS Working with a Wireless Distribution System HiPath Wireless Controller Lancaster Minoru Ion Urso Theodore Dove Client Devices Figure 20 WDS setup with multiple WDS WLAN Services 6.11.6 Key features of WDS Some key features of WDS are: • Tree-like topology • Radio Channels • Multi-root WDS topology • Automatic discovery of parent and backup parent Wireless APs • Link security 6.11.6.
hwc_vnsconfiguration.fm Configuring a VNS Working with a Wireless Distribution System The nodes in the tree-structure have a parent-child relationship. The Wireless AP that provides the WDS service to the other Wireless APs in the downstream direction is a parent. The Wireless APs that establish a link with the Wireless AP in the upstream direction for WDS service are children.
hwc_vnsconfiguration.fm Configuring a VNS Working with a Wireless Distribution System The WDS system enables you to configure the Wireless AP’s role — parent, child or both — from the HiPath Wireless Controller’s interface. If the WDS Wireless AP will be serving as a parent and a child in a given topology, its role is configured as both. Note: It is recommended to limit the number of APs participating in a WDS tree to 8. This limit guarantees decent performance in most typical situations.
hwc_vnsconfiguration.fm Configuring a VNS Working with a Wireless Distribution System HiPath Wireless Controller Root Wireless AP 1 Root Wireless AP 2 Repeater AP 1 Satellite AP 1 Repeater AP 2 Satellite AP 2 Wireless Devices Figure 22 Root Wireless AP 3 Repeater AP 3 Satellite AP 3 Wireless Devices Multiple-root WDS topology 6.11.6.
hwc_vnsconfiguration.fm Configuring a VNS Working with a Wireless Distribution System 6.11.7 Deploying the WDS system Before you start configuring the WDS Wireless APs, you must ensure the following: • The Wireless APs that are part of the wired HiPath WLAN are connected to the wired network. • The wired Wireless APs that will serve as the Root AP/Root APs of the proposed WDS topology are operating normally. • The HiPath WLAN is operating normally.
hwc_vnsconfiguration.fm Configuring a VNS Working with a Wireless Distribution System 5. Assigning the Satellite Wireless APs’ radios to the network VNSs. 6. Connecting the WDS Wireless APs to the enterprise network via the Ethernet link for provisioning. For more information, see Section 6.11.7, “Provisioning the WDS Wireless APs”, on page 371. 7. Disconnecting the WDS Wireless APs from the enterprise network and moving them to the target location.
hwc_vnsconfiguration.fm Configuring a VNS Working with a Wireless Distribution System 1. Creating a WDS WLAN Service. 2. Defining the SSID name and the pre-shared key. 3. Assigning roles, parents and backup parents to the WDS Wireless APs. For the ease of understanding, the WDS configuration process is explained with the help of an example. The following illustration depicts a site with the following features: • An office building, denoted by a rectangular enclosure.
hwc_vnsconfiguration.fm Configuring a VNS Working with a Wireless Distribution System To configure the WDS Wireless APs through the HiPath Wireless Controller: Note: You must identify and mark the Preferred Parents, Backup Parents and the Child Wireless APs in the proposed WDS topology before starting the configuration process. 1. From the main menu, click Virtual Network Configuration. The Virtual Network Configuration screen is displayed. 2.
hwc_vnsconfiguration.fm Configuring a VNS Working with a Wireless Distribution System 7. In the WDS Pre-shared Key box, type the key. Note: The pre-shared key must be 8 to 63 characters long. The WDS Wireless APs use this pre-shared key to establish a WDS link between them. Note: Changing the pre-shared key after the WDS is deployed can be a lengthy process. For more information, see Section 6.11.8, “Changing the pre-shared key in a WDS WLAN Service”, on page 379. 8.
hwc_vnsconfiguration.fm Configuring a VNS Working with a Wireless Distribution System Wireless AP Radio b/g Radio a Preferred Parent Backup Parent Ardal Parent Parent See the note below. See the note below. Arthur Parent Parent See the note below. See the note below. Athens Parent Parent See the note below. See the note below. Auberon Parent Parent See the note below. See the note below.
hwc_vnsconfiguration.fm Configuring a VNS Working with a Wireless Distribution System To assign the roles, preferred parent and backup parent: a) From the radio b/g drop-down list of the Root Wireless APs — Ardal, Arthur, Athens and Auberon, click Parent. b) From the radio a drop-down list of the Root Wireless APs — Ardal, Arthur, Athens and Auberon, click Parent. c) From the radio a and radio b/g drop-down list of other Wireless APs, click the roles according to Table 35.
hwc_vnsconfiguration.fm Configuring a VNS Working with a Wireless Distribution System To assign the Satellite Wireless APs’ radios to the network WLAN Service: 1. From the main menu, click Virtual Network Configuration. The Virtual Network Configuration screen is displayed. 2. In the left pane, expand the WLAN Services pane and select a network WDS service to edit 3. In the Wireless APs list, select the radios of the Satellite APs — Osborn, Oscar, Orson and Oswald.
hwc_vnsconfiguration.fm Configuring a VNS Working with a Wireless Distribution System 6.11.7.5 Moving the WDS Wireless APs to the target location 1. Disconnect the WDS Wireless APs from the enterprise network, and move them to the target location. 2. Install the WDS Wireless APs at the target location. 3. Connect the Wireless APs to a power source. The discovery and registration processes are initiated.
hwc_vnsconfiguration.fm Configuring a VNS Working with a Wireless Distribution System 380 9034530-02, March 2010 HiPath Wireless Controller, Access Points and Convergence Software V7.
hwc_fastfailover.fm Availability and session availability Availability 7 Availability and session availability This chapter describes the availability feature, including: • Availability • Session availability • Viewing the Wireless AP availability display • Viewing SLP activity 7.1 Availability The HiPath Wireless Controller, Access Points and Convergence Software system provides the ‘availability’ feature to maintain service availability in the event of a HiPath Wireless Controller outage.
hwc_fastfailover.fm Availability and session availability Availability During the failover event when the Wireless AP connects to the secondary controller, the users are disassociated from the Wireless AP. Consequently, the users must log on again and be authenticated on the secondary controller before the wireless service is restored.
hwc_fastfailover.fm Availability and session availability Availability All mobile user’s sessions using the failover Wireless AP will terminate except those associated to a Bridge traffic locally at the AP and if the Maintain client sessions in event of poll failure option is enabled on the AP Properties tab or AP Default Settings screen.
hwc_fastfailover.fm Availability and session availability Configuring availability using the availability wizard If the Poll Timeout value is less than 1.5 to 2 times of Detect link failure value, the Wireless AP failover will not succeed because the secondary controller will not be 'ready' to accept the failover APs. On the other hand, if the Poll Timeout value is more than 1.
hwc_fastfailover.fm Availability and session availability Configuring availability using the availability wizard 4. In the Connection Details section, do the following: • Select Port – Click the port and IP address of the primary controller that is to be used to establish the availability link. • Peer Controller IP – Type the IP address of the peer (secondary) controller. • User – Type the login user name credentials of an account that has full administrative privileges on the peer controller.
hwc_fastfailover.fm Availability and session availability Configuring availability manually • If you are synchronizing topology definitions, the Topology Definitions screen is displayed. Do the following: a) In the Synchronization Settings section, complete the topology properties that are missing. Any topology that did not already exist on the peer controller will have missing properties on the Topology Definitions screen.
hwc_fastfailover.fm Availability and session availability Configuring availability manually 3. On both HiPath Wireless Controllers, on the Wireless AP Registration screen, select the Security Mode Allow only approved Wireless APs to connect option so that no more Wireless APs can register unless they are approved by the administrator. 4.
hwc_fastfailover.fm Availability and session availability Configuring availability manually 3. To enable availability, select the Paired option. 4. Do one of the following: • For a primary controller, in the Wireless Controller IP Address box, type the IP address of the data interface of the secondary HiPath Wireless Controller. This IP address must be on a routable subnet between the two HiPath Wireless Controllers.
hwc_fastfailover.fm Availability and session availability Configuring availability manually 6. On both the primary and secondary controllers, type the Detect link failure value. Note: You must ensure that the Detect link failure value on both the controllers must be identical. 7. On both the primary and secondary controllers, select the Synchronize GuestPortal Guest Users option to synchronize GuestPortal guest accounts between the controllers. 8. From the main menu, click Wireless AP Configuration.
hwc_fastfailover.fm Availability and session availability Configuring availability manually 11. Verify that availability is configured correctly. To verify that availability is configured correctly: a) From the main menu of either of the two controllers, click Reports. The HiPath Reports & Displays screen is displayed. b) From the Reports and Displays menu, click Wireless AP Availability. The Wireless Availability Report is displayed. c) Check the statement at the top of the screen.
hwc_fastfailover.fm Availability and session availability Configuring availability manually If the statement reads Availability link is up, the availability feature is configured correctly. If the statement reads Availability link is down, check the configuration error logs. For more information on logs, see the HiPath Wireless Controller, Access Points and Convergence Software Maintenance Guide. 9034530-02, March 2010 HiPath Wireless Controller, Access Points and Convergence Software V7.
hwc_fastfailover.fm Availability and session availability Session availability 7.4 Session availability Session availability enables Wireless APs to switch over to a standby (secondary) HiPath Wireless Controller fast enough to maintain the mobile user’s session availability in the following scenarios: • The primary HiPath Wireless Controller goes down Figure 24 • The Wireless AP’s network connectivity to the primary HiPath Wireless Controller fails.
hwc_fastfailover.fm Availability and session availability Session availability The secondary HiPath Wireless Controller does not have to detect its link failure with the primary HiPath Wireless Controller for the session availability to kick in. If the Wireless AP loses five consecutive polls to the primary controller either due to the controller outage or connectivity failure, it fails over to the secondary controller fast enough to maintain the user session.
hwc_fastfailover.fm Availability and session availability Session availability Session availability and topologies Session availability applies only to the following topologies: • Bridge Traffic Locally at HWC • Bridge Traffic Locally at AP Session availability is not available to users on conventional Routed VNSs. Note: Session availability is not supported in a VNS that is configured for AAA network assignment. 7.4.
hwc_fastfailover.fm Availability and session availability Session availability 1. Monitor the critical messages for the failover mode message, in the information log of the secondary HiPath Wireless Controller (in the Logs & Traces section of the HiPath Wireless Assistant). 2. After recovery, on the secondary HiPath Wireless Controller, select the foreign Wireless APs, and then click Release on the Access Approval screen.
hwc_fastfailover.fm Availability and session availability Session availability 396 • The primary and secondary HiPath Wireless Controllers are properly configured in ‘availability’ mode. For more information, see Section 7.1, “Availability”, on page 381.
hwc_fastfailover.fm Availability and session availability Session availability • Time on all the network elements — both the HiPath Wireless Controllers in availability pair, Wireless APs, DHCP and RADIUS servers etc.— is synchronized. For more information, see Section 3.4.10, “Configuring network time”, on page 79. Note: The fast failover feature works optimally in fast networks (preferably switched networks). To configure fast failover and enable session availability: 1.
hwc_fastfailover.fm Availability and session availability Session availability For the fast failover feature to work within the time frame of 5 seconds, the Poll Timeout value should be 1.5 to 2 times the Detect link failure value. For example, if you have set the Detect link failure value to 2 seconds, the Poll Timeout value should be set to 3 or 4 seconds. 7. In the Synchronization Option area, select Synchronize System Configuration.
hwc_fastfailover.fm Availability and session availability Session availability d) In the Wireless APs list, select the Wireless APs for which you want to set the Poll Timeout value. You can select multiple Wireless APs by pressing the CTRL key and clicking the Wireless APs in the Wireless APs list. e) In the Poll Timeout box, type/edit the appropriate value. f) To save your changes, click Save.
hwc_fastfailover.fm Availability and session availability Session availability To verify the session availability feature is configured correctly: 1. From the main menu of either of the two controllers, click Reports. The HiPath Reports & Displays screen is displayed. 2. From the Reports and Displays menu, click Wireless AP Availability. The Wireless Availability Report is displayed. 400 9034530-02, March 2010 HiPath Wireless Controller, Access Points and Convergence Software V7.
hwc_fastfailover.fm Availability and session availability Session availability 3. Check the statement at the top of the screen. If the statement reads Availability link is up, the availability feature is configured correctly. If the statement reads Availability link is down, check the configuration error in logs. For more information on logs, see the HiPath Wireless Controller, Access Points and Convergence Software Maintenance Guide. 7.4.2.
hwc_fastfailover.fm Availability and session availability Viewing the Wireless AP availability display Configuration synchronization: • VNS configuration related synchronization will be supported with legacy or fast failover availability configuration as long as there is an availability link established. • Synchronization for VNS, WLAN Services, Policies, Topologies, and Rate Limit Profiles can be enabled/disabled individually.
hwc_fastfailover.fm Availability and session availability Viewing SLP activity 7.6 Viewing SLP activity In normal operations, the primary HiPath Wireless Controller registers as an SLP service called ac_manager. The controller service directs the Wireless APs to the appropriate HiPath Wireless Controller. During an outage, if the remaining HiPath Wireless Controller is the secondary controller, it registers as the SLP service ru_manager. To view SLP activity: 1.
hwc_fastfailover.fm Availability and session availability Viewing SLP activity 404 9034530-02, March 2010 HiPath Wireless Controller, Access Points and Convergence Software V7.
hwc_mobility.fm Configuring Mobility Mobility overview 8 Configuring Mobility This chapter describes the mobility concept, including: • Mobility overview • Mobility domain topologies • Configuring mobility domain 8.1 Mobility overview The HiPath Wireless Controller, Access Points and Convergence Software system allows multiple HiPath Wireless Controllers (up to 12) on a network to discover each other and exchange information about a client session.
hwc_mobility.fm Configuring Mobility Mobility overview • Open mode – A new agent is automatically able to register itself with the mobility manager and immediately becomes part of the mobility domain • Secure mode – The mobility manager does not allow a new agent to automatically register. Instead, the connection with the new agent is placed in pending state until the administrator approves the new device. • Listens for connection attempts from mobility agents.
hwc_mobility.fm Configuring Mobility Mobility domain topologies • New users: • New users become local at attaching controller • Roaming to another controller resets session The mobility network that includes all the HiPath Wireless Controllers and the Wireless APs is called the Mobility Domain. Note: The mobility feature is not backward compatible. This means that all the HiPath Wireless Controllers in the mobility domain must be running the most recent HiPath Wireless Convergence Software release.
hwc_mobility.fm Configuring Mobility Mobility domain topologies • HWC1 and HWC2 are configured for session availability. • HWC1, HWC2, HWC3, Wireless AP1, Wireless AP2 and Wireless AP3 form a Mobility Domain • HWC3 is the Mobility Manager whereas HWC1 and HWC2 are Mobility Agents Figure 27 Mobility Domain with fast failover and session availability features • The user’s home session is with HWC1. • When the user roams from Wireless AP 1 to Wireless AP 2, he establishes his home session with HWC2.
hwc_mobility.fm Configuring Mobility Configuring mobility domain • • In response to the heart beat message from the mobility manager (HWC3), the HWC2 sends updates to the mobility manager on the failover Wireless AP and its user. If a failover takes place, and the user has roamed to Wireless AP 2: • As part of roaming, the user’s home session moves from HWC1 to HWC2. • Wireless AP 1 establishes active session with HWC 2. Wireless AP 2 is not impacted by the failover. 8.
hwc_mobility.fm Configuring Mobility Configuring mobility domain 5. In the Port drop-down list, click the interface on the HiPath Wireless Controller to be used for the mobility manager process. Ensure that the selected interface’s IP address is routable on the network. 6. In the Heartbeat box, type the time interval (in seconds) at which the mobility manager sends a Heartbeat message to a mobility agent.
hwc_mobility.fm Configuring Mobility Configuring mobility domain 5. From the Port drop-down list, click the port on the HiPath Wireless Controller to be used for the mobility agent process. Ensure that the port selected is routable on the network. 6. From the Discovery Method drop-down list, click one of the following: • SLPD – Service Location Protocol Daemon is a background process acting as a SLP server. It provides the functionality of the Directory Agent and Service Agent for SLP.
hwc_mobility.fm Configuring Mobility Configuring mobility domain 412 9034530-02, March 2010 HiPath Wireless Controller, Access Points and Convergence Software V7.
hwc_3rdpartyaps.fm Working with third-party APs 9 Working with third-party APs You can set up the HiPath Wireless Controller to handle wireless device traffic from third-party access points, while still providing policy and network access control. This process requires the following steps: • Define a physical Topology to operate in 3rd Party mode. • Define a WLAN Service of type Third Party AP. • Define a Policy.
hwc_3rdpartyaps.fm Working with third-party APs 3. On the Multicast Filters tab, select Enable Multicast Support and configure the multicast groups whose traffic is allowed to be forwarded to and from the VNS using this topology. For more information, see Section 6.8.4, “Multicast filtering”, on page 307.
hwc_mitigator.fm Working with the Mitigator Mitigator overview 10 Working with the Mitigator This chapter describes Mitigator concepts, including: • Mitigator overview • Enabling the Analysis and data collector engines • Running Mitigator scans • Analysis engine overview • Working with Mitigator scan results • Working with friendly APs • Maintaining the Mitigator list of APs • Viewing the Scanner Status report 10.
hwc_mitigator.fm Working with the Mitigator Enabling the Analysis and data collector engines • Runs an Analysis Engine that processes the scan data from the data collector through algorithms that make decisions about whether any of the detected APs or clients are rogue APs or are running in an unsecure environment (for example, ad-hoc mode).
hwc_mitigator.fm Working with the Mitigator Running Mitigator scans 4. To identify the remote RF Data Collector Engine that the Analysis Engine will poll for data, type the IP address of the HiPath Wireless Controller on which the remote Data Collector resides in the IP Address box. Note: Currently, the HiPath Wireless Controller C20N/C20 does not support the Remote Collection Engines functionality of the HiPath Wireless Controller, Access Points and Convergence Software solution. 5.
hwc_mitigator.fm Working with the Mitigator Running Mitigator scans • AP Maintenance Note: A scan will not run on an inactive AP, even though it is displayed as part of the Scan Group. If it becomes active, it will be sent a scan request during the next periodic scan. To run the Mitigator scan task mechanism: 1. From the main menu, click Mitigator. The Mitigator screen is displayed. 2. Click the Scan Groups tab. 3. In the Scan Group Name box, type a unique name for this scan group. 4.
hwc_mitigator.fm Working with the Mitigator Running Mitigator scans • radio 2 – Only Radio 2 performs the scan function. 6. In the Channel List drop-down list, click one of the following: • All – Scanning is performed on all channels. • Current – Scanning is performed on only the current channel. 7. In the Scan Type drop-down list, click one of the following: • Active – The Wireless AP sends out ProbeRequests and waits for ProbeResponse messages from any access points.
hwc_mitigator.fm Working with the Mitigator Analysis engine overview 10.4 Analysis engine overview The Analysis engine relies on a database of known devices on the Controller, Access Points and Convergence Software system. The Analysis engine compares the data from the RF Data Collector with the database of known devices.
hwc_mitigator.fm Working with the Mitigator Working with Mitigator scan results 10.5 Working with Mitigator scan results When viewing the Mitigator scan results, you can delete individual or all of the access points from the scan results. You can also add access points from the scan results to the Friendly AP list. To view Mitigator scan results: 1. From the main menu, click Mitigator. The Mitigator screen is displayed. 2. Click the Rogue Detection tab. 3.
hwc_mitigator.fm Working with the Mitigator Working with Mitigator scan results 6. To clear all detected rogue devices from the list, click Clear Detected Rogues. Note: To avoid the Mitigator's database becoming too large, it is recommended that you either delete Rogue APs or add them to the Friendly APs list, rather than leaving them in the Rogue list. To add an AP from the Mitigator scan results to the list of friendly APs: 1. From the main menu, click Mitigator. The Mitigator screen is displayed. 2.
hwc_mitigator.fm Working with the Mitigator Working with friendly APs 10.6 Working with friendly APs To view the friendly APs: 1. From the main menu, click Mitigator. The Mitigator screen is displayed. 2. Click the Friendly APs tab. To add friendly APs manually: 1. From the main menu, click Mitigator. The Mitigator screen is displayed. 2. Click the Friendly APs tab. 3.
hwc_mitigator.fm Working with the Mitigator Maintaining the Mitigator list of APs 4. Click Delete. The selected access point is removed from the Friendly AP Definitions list. 5. To save your changes, click Save. To modify a friendly AP: 1. From the main menu, click Mitigator. The Mitigator screen is displayed. 2. Click the Friendly APs tab. 3. In the Friendly AP Definitions list, click the access point you want to modify. 4. Modify the access point by making the appropriate changes. 5.
hwc_mitigator.fm Working with the Mitigator Viewing the Scanner Status report 4. To delete the selected APs, click Delete marked APs. Note: The selected APs are deleted from the Mitigator database, not from the HiPath Wireless Controller database. You can delete the APs from the HiPath Wireless Controller database after you delete them from the Wireless AP Configuration Access Approval screen of the corresponding RF Data Collector Engine.
hwc_mitigator.fm Working with the Mitigator Viewing the Scanner Status report If no box is displayed, the Analysis Engine is not attempting to connect with that Data Collector Engine. Note: If the box is displayed red and remains red, ensure your IP address is correctly set up to point to an active controller. If the box remains yellow, ensure the Data Collector is running on the remote controller. 426 9034530-02, March 2010 HiPath Wireless Controller, Access Points and Convergence Software V7.
hwc_reports.fm Working with reports and displays Viewing the displays 11 Working with reports and displays This chapter describes the various reports and displays available in the HiPath Wireless Controller, Access Points and Convergence Software system. 11.
hwc_reports.fm Working with reports and displays Viewing the displays To view reports and displays: 1. From the main menu, click Reports & Displays. The HiPath Reports & Displays screen is displayed. Note: The Client Location in Mobility Zone and Mobility Tunnel Matrix displays only appear if the mobility manager function has been enabled for the controller. 2. In the List of Displays, click the display you want to view. Note: Statistics are expressed in relation to the AP.
hwc_reports.fm Working with reports and displays Viewing the displays 11.1.1 Viewing the Wireless AP availability display In session availability, the Wireless Availability report displays the state of both the tunnels — active tunnel and backup tunnel — on both the primary and secondary HiPath Wireless Controllers. The report uses the Color Legend to indicate the tunnel state. The description of the colors codes in the legend is given below: • Green – Wireless AP has established an active tunnel.
hwc_reports.fm Working with reports and displays Viewing the displays In the above example, the circled Wireless AP has established a backup tunnel to the foreign (secondary) HiPath Wireless Controller, and an active tunnel to the local (Primary) HiPath Wireless Controller. 11.1.
hwc_reports.fm Working with reports and displays Viewing the displays 3. In the Wired Ethernet Statistics by Wireless APs display, click a registered Wireless AP to display its information. To view Wireless Statistics by Wireless AP: 1. From the main menu, click Reports & Displays. The HiPath Reports & Displays screen is displayed. 2. Click the Wireless Statistics by Wireless AP display option. The Wireless Statistics by Wireless APs display opens in a new browser window.
hwc_reports.fm Working with reports and displays Viewing the displays 3. In the Wireless Statistics by Wireless APs display, click a registered Wireless AP to display its information. 4. Click the appropriate tab to display information for each Radio on the Wireless AP. 5. To view information on the associated clients, click View Clients. The Associated Clients display opens in a new browser window. To view Active Clients by Wireless AP statistics: 1. From the main menu, click Reports & Displays.
hwc_reports.fm Working with reports and displays Viewing the displays • Statistics are expressed in respect of the AP. Therefore, Packets Sent means the AP has sent that data to a client and Packets Rec’d means the AP has received packets from a client. • If the client is authenticated, a green check mark icon is displayed in the first column of the display. • Time Conn is the length of time that a client has been on the system, not just on an AP.
hwc_reports.fm Working with reports and displays Viewing the displays Note: The Rx RSSI value on the WDS VNS Wireless AP Statistics display represents the received signal strength. The minimum value is 1 and maximum value is 60. The higher the RSSI value, the stronger the received signal. To view Admission Control Statistics by Wireless AP: 1. From the main menu, click Reports & Displays. The HiPath Reports & Displays screen is displayed. 2.
hwc_reports.fm Working with reports and displays Viewing the displays 3. In the Admission Control Statistics by Wireless AP display, click a registered Wireless AP to display its information: 4.
hwc_reports.fm Working with reports and displays Viewing the displays To view system information: 1. From the main menu, click Reports & Displays. The HiPath Reports & Displays screen is displayed. 2. Click the System Information display option. The System Information display opens in a new browser window. To view manufacturing information: 1. From the main menu, click Reports & Displays. The HiPath Reports & Displays screen is displayed. 2. Click the Manufacturing Information display option.
hwc_reports.fm Working with reports and displays Viewing the displays 11.1.
hwc_reports.fm Working with reports and displays Viewing the displays • Yellow – The mobility manager is in communication with an agent but the data tunnel is not yet successfully established. • Red – The mobility manager is not in communication with an agent and there is no data tunnel.
hwc_reports.fm Working with reports and displays Viewing reports The Active Clients by AP report on each controller will show both the loading of local and foreign users (users roamed from other controllers) that are taking resources on the AP. Note: Although you can set the screen refresh period less than 30 seconds, the screen will not be refreshed quicker than 30 seconds. The screen will be refreshed according to the value you set only if you set the value above 30 seconds. 11.
hwc_reports.fm Working with reports and displays Viewing reports Note: If you open only automatically refreshed reports, the Web management session timer will not be updated or reset. Your session will eventually time out. The following is an example of the AP Inventory report: The following is a description of the column names and abbreviations found in the AP Inventory report: 440 • Rdo – Radios: 1 or 2. • Ra – 802.11a radio.
hwc_reports.fm Working with reports and displays Viewing reports • Rn – 802.11n protocol enabled. Possible values are on or off. • DP – DTIM period • BP – Beacon Period • SRL – Short Retry Limit • LRL – Long Retry Limit • RT – RTS Threshold • FT – Fragmentation Threshold • Ch – Channel served by the corresponding radio. • PL – Power Level (Defined in the Wireless AP radio properties screens.) • BR – Basic Rate (Only applies to Wireless APs running 3.1 or earlier.
hwc_reports.fm Working with reports and displays Viewing reports • BD – Broadcast disassociation (enabled or disabled). If enabled, whenever the Wireless AP is going offline in a controlled fashion it will send the disassociation frame to all its clients as a broadcast. • DV – Diversity • P/To – Poll timeout. If polling is enabled, a numeric value. • P/I – Poll interval. If polling is enabled, a numeric value. • Wired MAC – The physical address of the Wireless AP's wired Ethernet interface.
hwc_reports.fm Working with reports and displays Call Detail Records (CDRs) 11.3 Call Detail Records (CDRs) You can configure the HiPath Wireless Controller to generate Call Detail Records (CDRs), which contain usage information about each wireless session per VNS. For more information on how to configure the HiPath Wireless Controller to generate CDRs, refer to Section 6.9.3.2, “Defining accounting methods for a WLAN Service”, on page 321.
hwc_reports.fm Working with reports and displays Call Detail Records (CDRs) • .work – This file is the active file that is being updated by the accounting system. The file is closed and renamed with the .dat extension when it attains its maximum size — 16 MB — or it has been open for the maximum allowed duration — 12 hours. You can back up and copy .work file from the HiPath Wireless Controller to a remote server. • .dat – This file is the inactive file that contains the archived account records.
hwc_reports.fm Working with reports and displays Call Detail Records (CDRs) CDR Records Description Acct-Delay-Time Indicates how many seconds the client tried to authenticate send this record for, and can be subtracted from the time of arrival on the server to find the approximate time of the event generating this AccountingRequest. Acct-Authentic Indicates how the user was authenticated, whether by RADIUS (AAA), Local (Internal CP) or Remote (External CP).
hwc_reports.fm Working with reports and displays Call Detail Records (CDRs) CDR Records Description Disassociation_time Indicates the time at which the client was disassociated from the Wireless AP. The time is in the following format: Date hh:mm:ss. For example, April 21 2008 14:57:20. Table 36 CDR Records and their description (Continuation) 11.3.4 Viewing CDRs The following is a high-level overview of how to view CDRs: • Back up the CDR files on the local drive of the HiPath Wireless Controller.
hwc_reports.fm Working with reports and displays Call Detail Records (CDRs) To back up and copy the CDR files to a remote server: 1. From the main menu, click Wireless Controller Configuration. The Wireless Controller Configuration screen is displayed. 2. In the left pane, click Software Maintenance. The Software Maintenance screen is displayed. 3. Click the Backup tab. 4. From the Select what to backup drop-down menu, click CDRs only, and then click Backup Now.
hwc_reports.fm Working with reports and displays Call Detail Records (CDRs) • Server – Type the IP address of the server where the backup will be stored. • User ID – Type the user ID to log in to the server. • Password – The password to log in to the server. • Confirm – The password to confirm the password. • Directory – The directory in which you want to upload the CDR file. • Filename – Type the zipped CDR file name.
hwc_ongoing.fm Performing system administration Performing Wireless AP client management 12 Performing system administration This chapter describes system administration processes, including: • Performing Wireless AP client management • Defining HiPath Wireless Assistant administrators and login groups • Configuring Web session timeouts 12.
hwc_ongoing.fm Performing system administration Performing Wireless AP client management 3. In the Select AP list, click the AP you want to disassociate. 4. In the Select Client(s) list, select the checkbox next to the client you want to disassociate. Note: You can search for a client by MAC Address, IP Address or User ID, by selecting the search parameters from the drop-down lists and typing a search string in the Search box and clicking Search.
hwc_ongoing.fm Performing system administration Performing Wireless AP client management 3. In the Select AP list, click the AP you want to disassociate. 4. In the Select Client(s) list, select the checkbox next to the client you want to disassociate, if applicable. Note: You can search for a client by MAC Address, IP Address or User ID, by selecting the search parameters from the drop-down lists and typing a search string in the Search box and clicking Search.
hwc_ongoing.fm Performing system administration Performing Wireless AP client management 4. To add a new MAC address to the blacklist, in the MAC Address box type the client’s MAC address. 5. Click Add. The client is displayed in the MAC Addresses list. Note: You can use the Select All or Clear All buttons to help you select multiple clients. 6. To save your changes, click Save. To clear an address from the blacklist: 1. From the main menu, click Wireless AP Configuration.
hwc_ongoing.fm Performing system administration Defining HiPath Wireless Assistant administrators and login groups To import a list of MAC addresses for the blacklist: 1. From the main menu, click Wireless AP Configuration. The Wireless AP Configuration screen is displayed. 2. In the left pane, click Client Management. The Disassociate tab is displayed. 3. Click the Blacklist tab. 4. Click Browse and navigate to the file of MAC addresses you want to import and add to the blacklist. 5.
hwc_ongoing.fm Performing system administration Defining HiPath Wireless Assistant administrators and login groups • GuestPortal managers – Users assigned to this login group can only manage GuestPortal user accounts. Any user who logs on to the HiPath Wireless Controller and is assigned to this group can only access the GuestPortal Guest Administration page of the HiPath Wireless Assistant.
hwc_ongoing.fm Performing system administration Defining HiPath Wireless Assistant administrators and login groups • GuestPortal Manager – Users assigned to this login group can only manage GuestPortal user accounts. Any user who logs on to the HiPath Wireless Controller and is assigned to this group can only access the GuestPortal Guest Administration page of the HiPath Wireless Assistant. For more information, see Section 12.2.1, “Working with GuestPortal Guest administration”, on page 455. 4.
hwc_ongoing.fm Performing system administration Defining HiPath Wireless Assistant administrators and login groups A GuestPortal administrator is assigned to the GuestPortal Manager login group and can only create and manage guest user accounts — a GuestPortal administrator cannot access any other area of the HiPath Wireless Assistant. For more information, see Section 12.2, “Defining HiPath Wireless Assistant administrators and login groups”, on page 453.
hwc_ongoing.fm Performing system administration Defining HiPath Wireless Assistant administrators and login groups 2. In the Account Management section, click Add Guest Account. The Add Guest User screen is displayed. 3. To enable the new guest account, select the Enabled checkbox. For more information, see Section 12.2.1.2, “Enabling or disabling guest accounts”, on page 458. 4. In the Credentials section, do the following: • User Name – Type a user name for the person who will use this guest account.
hwc_ongoing.fm Performing system administration Defining HiPath Wireless Assistant administrators and login groups Toggle between Mask/Unmask to hide or see the password. • Description – Type a brief description for the new guest account. 5. In the Account Settings section, do the following: • Start date – Specify the start date and time for the new guest account. • Account lifetime – Specify the account lifetime, in days, for the new guest account.
hwc_ongoing.fm Performing system administration Defining HiPath Wireless Assistant administrators and login groups d) In the GuestPortal section, click Manage Guest Users. The GuestPortal Guest Administration screen is displayed. 2. In the guest account list, select the checkbox next to the user name of the guest account that you want to enable or disable. 3. In the Account Enable/Disable section, click Enable Selected Accounts or Disable Selected Accounts accordingly.
hwc_ongoing.fm Performing system administration Defining HiPath Wireless Assistant administrators and login groups a) From the main menu, click Virtual Network Configuration. The Virtual Network Configuration screen is displayed. b) In the left pane, expand the WLAN Services pane, click the dedicated WLAN Service that provides the temporary guest network services. The WLAN Services configuration window for that service displays. c) Click the Auth & Acct tab, and then click Configure.
hwc_ongoing.fm Performing system administration Defining HiPath Wireless Assistant administrators and login groups To remove a guest account: 1. Do one of the following: • If you have GuestPortal Manager rights, log onto the HiPath Wireless Controller. • If you have full administrator rights: a) From the main menu, click Virtual Network Configuration. The Virtual Network Configuration screen is displayed.
hwc_ongoing.fm Performing system administration Defining HiPath Wireless Assistant administrators and login groups 12.2.1.5 Importing and exporting a guest file To help administrators manage large numbers of guest accounts, you can import and export .csv (comma separated value) guest files for the HiPath Wireless Controller. The following describes the column values of the .csv guest file.
hwc_ongoing.fm Performing system administration Defining HiPath Wireless Assistant administrators and login groups 2. In the File Management section, click Export Guest File. A File Download dialog is displayed. 3. Click Save. The Save As dialog is displayed. 4. Name the guest file, and then navigate to the location where you want to save the file. By default, the exported guest file is named exportguest.csv. 5. Click Save. The File Download dialog is displayed as the file is exported. 6. Click Close.
hwc_ongoing.fm Performing system administration Defining HiPath Wireless Assistant administrators and login groups 2. In the File Management section, click Import Guest File. The Import Guest File dialog is displayed. 3. Click Browse to navigate to the location of the .csv guest file that you want to import, and then click Open. 4. Click Import. The file is imported and a confirmation message is displayed in the Import Guest File dialog. 5. Click Close. 12.2.1.
hwc_ongoing.fm Performing system administration Defining HiPath Wireless Assistant administrators and login groups To view print a GuestPortal account ticket: 1. Do one of the following: • If you have GuestPortal Manager rights, log onto the HiPath Wireless Controller. • If you have full administrator rights: a) From the main menu, click Virtual Network Configuration. The Virtual Network Configuration screen is displayed.
hwc_ongoing.fm Performing system administration Defining HiPath Wireless Assistant administrators and login groups 3. Click Print. The Print dialog is displayed. 4. Click Print. Note: The default GuestPortal ticket page uses placeholder tags. For more information, see Appendix E, “Default GuestPortal source code” 12.2.1.
hwc_ongoing.fm Performing system administration Defining HiPath Wireless Assistant administrators and login groups Working with a custom GuestPortal ticket page A customized GuestPortal ticket page can be uploaded to the HiPath Wireless Controller. When designing your customized GuestPortal ticket page, be sure to use the guest account information placeholder tags that are depicted in the default GuestPortal ticket page. For more information, see Appendix E, “Default GuestPortal source code”.
hwc_ongoing.fm Performing system administration Configuring Web session timeouts 12.3 Configuring Web session timeouts You can configure the time period to allow Web sessions to remain inactive before timing out. To configure Web session timeouts: 1. From the main menu, click Wireless Controller Configuration. The Wireless Controller Configuration screen is displayed. 2. In the left pane, click Web Settings The Wireless Controller Web Management Settings screen is displayed. 3.
hwc_glossary.fm Glossary Networking terms and abbreviations 13 Glossary 13.1 Networking terms and abbreviations Term Explanation AAA Authentication, Authorization and Accounting. A system in IP-based networking to control what computer resources users have access to and to keep track of the activity of users over a network. Access Point (AP) A wireless LAN transceiver or ‘base station’ that can connect a wired LAN to one or many wireless devices. Ad-hoc mode An 802.
hwc_glossary.fm Glossary Networking terms and abbreviations Term Explanation CDR Call Data (Detail) Record In Internet telephony, a call detail record is a data record that contains information related to a telephone call, such as the origination and destination addresses of the call, the time the call started and ended, the duration of the call, the time of day the call was made and any toll charges that were added through the network or charges for operator services, among other details of the call.
hwc_glossary.fm Glossary Networking terms and abbreviations Term Explanation Directory Agent (DA) A method of organizing and locating the resources (such as printers, disk drives, databases, e-mail directories, and schedulers) in a network. Using SLP, networking applications can discover the existence, location and configuration of networked devices. With Service Location Protocol, client applications are 'User Agents' and services are advertised by 'Service Agents'.
hwc_glossary.fm Glossary Networking terms and abbreviations Term Explanation ELA (OPSEC) Event Logging API (Application Program Interface) for OPSEC, a module in Check Point used to enable third-party applications to log events into the Check Point VPN-1/FireWall-1 management system. Encapsulation See tunnelling. ESS Extended Service Set (ESS). Several Basic Service Sets (BSSs) can be joined together to form one logical WLAN segment, referred to as an extended service set (ESS).
hwc_glossary.fm Glossary Networking terms and abbreviations Term Explanation HTTP Hypertext Transfer Protocol is the set of rules for transferring files (text, graphic images, sound, video, and other multimedia files) on the World Wide Web. A Web browser makes use of HTTP. HTTP is an application protocol that runs on top of the TCP/IP suite of protocols. (RFC2616: Hypertext Transfer Protocol -- HTTP/1.
hwc_glossary.fm Glossary Networking terms and abbreviations Term Explanation IPsec IPsec-ESP IPsec-AH Internet Protocol security (IPSec) Internet Protocol security Encapsulating Security Payload (IPsec-ESP). The encapsulating security payload (ESP) encapsulates its data, enabling it to protect data that follows in the datagram.Internet Protocol security Authentication Header (IPsec-AH). AH protects the parts of the IP datagram that can be predicted by the sender as it will be received by the receiver.
hwc_glossary.fm Glossary Networking terms and abbreviations Term Explanation MTU Maximum Transmission Unit. The largest packet size, measured in bytes, that a network interface is configured to accept. Any messages larger than the MTU are divided into smaller packets before being sent. MU Mobile Unit, a wireless device such as a PC laptop. multicast, broadcast, unicast Multicast: transmitting a single message to a select group of recipients.
hwc_glossary.fm Glossary Networking terms and abbreviations Term Explanation OSI Layer 2 At the Data Link layer (OSI Layer 2), data packets are encoded and decoded into bits. The data link layer has two sublayers: • the Logical Link Control (LLC) layer controls frame synchronization, flow control and error checking • The Media Access Control (MAC) layer controls how a computer on the network gains access to the data and permission to transmit it.
hwc_glossary.fm Glossary Networking terms and abbreviations Term Explanation push-to-talk (PTT) The push-to-talk (PTT) is feature on wireless telephones that allows them to operate like a walkie-talkie in a group, instead of standard telephone operation. The PTT feature requires that the network be configured to allow multicast traffic. A PTT call is initiated by selecting a channel and pressing the ‘talk’ key on the wireless telephone.
hwc_glossary.fm Glossary Networking terms and abbreviations Term Explanation SLP Service Location Protocol. A method of organizing and locating the resources (such as printers, disk drives, databases, e-mail directories, and schedulers) in a network. Using SLP, networking applications can discover the existence, location and configuration of networked devices. With Service Location Protocol, client applications are 'User Agents' and services are advertised by 'Service Agents'.
hwc_glossary.fm Glossary Networking terms and abbreviations Term Explanation SSL Secure Sockets Layer. A protocol developed by Netscape for transmitting private documents via the Internet. SSL works by using a public key to encrypt data that's transferred over the SSL connection. URLs that require an SSL connection start with https: instead of http. SSL uses a program layer located between the Internet's Hypertext Transfer Protocol (HTTP) and Transport Control Protocol (TCP) layers.
hwc_glossary.fm Glossary Networking terms and abbreviations Term Explanation ToS / DSCP ToS (Type of Service) / DSCP (Diffserv Codepoint). The ToS/DSCP box contained in the IP header of a frame is used by applications to indicate the priority and Quality of Service (QoS) for each frame. The level of service is determined by a set of service parameters which provide a three way trade-off between low-delay, high-reliability, and high-throughput.
hwc_glossary.fm Glossary Networking terms and abbreviations Term Explanation Walled Garden A restricted subset of network content that wireless devices can access. WEP Wired Equivalent Privacy. A security protocol for wireless local area networks (WLANs) defined in the 802.11b standard. WEP aims to provide security by encrypting data over radio waves so that it is protected as it is transmitted from one end point to another. Wi-Fi Wireless fidelity. A term referring to any type of 802.
hwc_glossary.fm Glossary Controller, Access Points and Convergence Software terms and abbreviations 13.2 Controller, Access Points and Convergence Software terms and abbreviations Term Explanation CTP CAPWAP Tunnelling Protocol (CTP). The Wireless AP uses a UDP (User Datagram Protocol) based tunnelling protocol called CAPWAP Tunnelling Protocol (CTP) to encapsulate the 802.11 packets and forward them to the HiPath Wireless Controller.
hwc_glossary.fm Glossary Controller, Access Points and Convergence Software terms and abbreviations Term Explanation Data Collector The Data Collector is an application on the HiPath Wireless Controller that receives and manages the Radio Frequency (RF) scan messages sent by the Wireless AP. This application is part of the Mitigator technique, working in conjunction with the scanner mechanism and the Analysis Engine to assist in detecting rogue access points.
hwc_glossary.fm Glossary Controller, Access Points and Convergence Software terms and abbreviations 484 9034530-02, March 2010 HiPath Wireless Controller, Access Points and Convergence Software V7.
hwc_appendixa.
hwc_appendixa.fm HiPath Wireless Controller’s physical description HiPath Wireless Controller C5110 Call out Feature Function 6 Provides system ID, status information and system error messages. The LCD display lights during normal system operation. Both the systems management software and the identification buttons located on the front and back of the system can cause the LCD to flash blue to identify a particular system.
hwc_appendixa.fm HiPath Wireless Controller’s physical description HiPath Wireless Controller C4110 Callout Feature Function 1 Serial port connector Console Port – Used to get into Rescue mode. 2 NIC2 connector Data port, 10 GbE SR-XFP single port NIC - esa1 3 Video connector Not used in the current release 4 USB connectors (2) Connects USB 2.0-compliant devices to the system.
hwc_appendixa.fm HiPath Wireless Controller’s physical description HiPath Wireless Controller C2400 A.3 HiPath Wireless Controller C2400 A.3.1 Front panel The HiPath Wireless Controller C2400 is composed of the following three cards: • Media/Persistent Storage Card • Network Processor Card • Host HiPath Wireless Controller Card Figure 31 depicts the front panel features of the HiPath Wireless Controller C2400.
hwc_appendixa.fm HiPath Wireless Controller’s physical description HiPath Wireless Controller C2400 The description of the LED states and switches is provided below: • Reset Switch – Reboots the system. • RUN LED – Indicates the CPU’s initialization has completed and the system is ready to provide application level services. • ACT LED – Indicates the system’s software is in active running state. • WARNING/ERROR LEDs – Indicate a problem in the running state of the system.
hwc_appendixa.fm HiPath Wireless Controller’s physical description HiPath Wireless Controller C2400 Note: Although the Active LED will be lit Green during the firmware initialization, this LED state is irrelevant to the SSD display or the condition. Ignore the LED state during the firmware initialization. Application initialization: Active Warning LED LED SSD Code Condition Green 0 Application initialization started. Green C System configuration in progress.
hwc_appendixa.fm HiPath Wireless Controller’s physical description HiPath Wireless Controller C2400 Error conditions: Active Warning LED LED Error LED SSD Code Condition Green Red 1 Failed to identify FDD. Possibly due to removal of FDD card. Green Red 2 Failed to initialize NPE card. Green Red 3 Critical threshold reached (95C for NPE). The system will reboot. Green Red 4 Full fan assembly failure (both trays). The system will reboot. Green Red 5 Application initialization failure.
hwc_appendixa.fm HiPath Wireless Controller’s physical description HiPath Wireless Controller C20 A.4 HiPath Wireless Controller C20 A.4.1 Front panel Figure 34 depicts the front panel features of the HiPath Wireless Controller C20 USB server LAN ports Hot Swap lever Figure 34 Management Reset button USB control LEDs Power switch HiPath Wireless Controller C20 front panel Note: The hot swap lever is not enabled in the current release.
hwc_appendixa.fm HiPath Wireless Controller’s physical description HiPath Wireless Controller C20 • ACTIVITY LED – Indicates the CPU activity, including the amount of traffic carried to and from the Wireless APs. • STATUS LED – Indicates the normal state of the HiPath Wireless Controller as seen by the system’s software. This LED covers all stages of the HiPath Wireless Controller, ranging from restarting to shutting-down.
hwc_appendixa.fm HiPath Wireless Controller’s physical description HiPath Wireless Controller C20N • Solid Blue when the hot swap button is pulled out A.4.3 Back panel Figure 36 depicts the back panel features of the HiPath Wireless Controller C20. Power Supply Figure 36 HiPath Wireless Controller C20 back panel A.
hwc_appendixa.fm HiPath Wireless Controller’s physical description HiPath Wireless Controller CRBT8210/8110 A. Hard drive D. Status/Power activity LED LED G. Power button B. NIC 2 activity LED E. Reset button H. NIC2 connector (10/100/1000 Mbit) CRBT8110 NIC2 RJ-45 connector (10/100/1000 BaseT) CRBT8210 C. NIC 1 activity LED F. Console port connector I.
hwc_appendixa.fm HiPath Wireless Controller’s physical description HiPath Wireless Controller CRBT8210/8110 Note: The HiPath Wireless Controller CRBT8110 is equipped with two USB connectors on the back panel. However, the controller is capable of supporting only one USB device at a time, regardless of what USB connector the device is connected to. If you connect a second USB device while the first is already connected, the system will return an error.
hwc_appendixb.fm Regulatory information B Regulatory information Warning: Warnings identify essential information. Ignoring a warning can lead to problems with the application. This appendix provides regulatory information for the HiPath Wireless Controller C20N/C20/C2400/C4110/C5110 and the HiPath Wireless AP models: • AP 2610/2620 (AP26XX series) • AP 3610/3620 (AP36XX series) Note: Throughout this appendix, the term ‘Wireless AP’ refers to both AP models (AP26XX series and AP36XX series).
hwc_appendixb.fm Regulatory information HiPath Wireless Controller C20N/C20/C2400/C4110/C5110 B.1 HiPath Wireless Controller C20N/C20/C2400/C4110/C5110 Conformance standards and directives Safety • UL 60950-1 (U.S) • CSA C22.2 No.60950-01-03 (Canada) • 2006/95/EC Low Voltage Directive (LVD) • EN 60950-1 (Europe) • IEC 60950-1 with applicable National Differences • AS/NZS 60950.
hwc_appendixb.fm Regulatory information HiPath Wireless Controller C20N/C20/C2400/C4110/C5110 B.1.1 Rack mounting your system Refer to the following guidelines when setting up your HiPath Wireless Controllers and Wireless APs. Elevated operating ambient If installed in a closed or multi-unit rack assembly, the operating ambient temperature of the rack environment may be greater than room ambient.
hwc_appendixb.fm Regulatory information Wireless APs 26XX and 36XX B.2 Wireless APs 26XX and 36XX This device is suitable for use in environmental air space in accordance with Section 300.22.C of the National Electrical Code, and Sections 2-128, 12-010(3) and 12-100 of the Canadian Electrical Code, Part 1, C22.1. B.2.1 Wi-Fi certification The AP26XX is Wi-Fi certified for operation in accordance with IEEE 802.11a/b/g.
hwc_appendixb.fm Regulatory information Wireless APs 26XX and 36XX • If Alternate antenna diversity is used for Tx or Rx, then the same antenna model must be used as left and right antennas. In addition, if cables are used to connect external antennas, the cables must be of the same length and similar attenuation. If these rules are not respected, antenna diversity will not function properly and there will be degradation in the link budget in both directions.
hwc_appendixb.fm Regulatory information Wireless APs 26XX and 36XX B.2.4 United States B.2.4.1 FCC Declaration of Conformity Statement This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operation.
hwc_appendixb.fm Regulatory information Wireless APs 26XX and 36XX • CFR 47 Part 15.407, Subpart E Other • IEEE 802.11a (5 GHz) • IEEE 802.11b/g (2.4 GHz) • IEEE 802.11n (AP36XX) • IEEE 802.3af (PoE) Warning: The Wireless APs must be installed and used in strict accordance with the manufacturer's instructions as described in this guide and related documentation for the device to which the Wireless AP is connected. Any other installation or use of the product violates FCC Part 15 regulations.
hwc_appendixb.fm Regulatory information Wireless APs 26XX and 36XX B.2.4.4 External antennas The AP2620/AP3620 external antenna APs can also be used with certified external antennas. However, in order to comply with the local laws and regulations, an approval may be required by the local regulatory authorities. For a list of approved external antennas, see Section B.2.8, “AP2620/AP3620 approved external antennas”.
hwc_appendixb.fm Regulatory information Wireless APs 26XX and 36XX B.2.5 Canada B.2.5.1 Industry Canada Compliance Statement This digital apparatus does not exceed the Class B limits for radio noise emissions from digital apparatus as set out in the interference-causing equipment standard entitled "Digital Apparatus," ICES-003 of Industry Canada.
hwc_appendixb.fm Regulatory information Wireless APs 26XX and 36XX Other • IEEE 802.11a (5 GHz) • IEEE 802.11b/g (2.4 GHz) • IEEE 802.11n (AP36XX) • IEEE 802.3af (PoE) B.2.5.3 External antennas The AP2620/AP3620 external antenna APs can also be used with certified external antennas. However, in order to comply with the local laws and regulations, an approval may be required by the local regulatory authorities. For a list of approved external antennas, see Section B.2.
hwc_appendixb.fm Regulatory information Wireless APs 26XX and 36XX B.2.6 European community The Wireless APs are designed for use in the European Union and other countries with similar regulatory restrictions where the end user or installer is allowed to configure the Wireless AP for operation by entry of a country code relative to a specific country. Upon connection to the controller, the software will prompt the user to select a country code.
hwc_appendixb.fm Regulatory information Wireless APs 26XX and 36XX B.2.6.1 Declaration of Conformity in Languages of the European Community English Hereby, Siemens, declares that this Radio LAN device is in compliance with the essential requirements and other relevant provisions of Directive 1999/5/EC. Finnish Valmistaja Siemens vakuuttaa täten että Radio LAN device tyyppinen laite on direktiivin 1999/5/EY oleellisten vaatimusten ja sitä koskevien direktiivin muiden ehtojen mukainen.
hwc_appendixb.fm Regulatory information Wireless APs 26XX and 36XX New Member States requirements of Declaration of Conformity Estonian Käesolevaga kinnitab Siemens seadme Radio LAN device vastavust direktiivi 1999/5/EÜ põhinõuetele ja nimetatud direktiivist tulenevatele teistele asjakohastele sätetele. Hungary Alulírott, Siemens nyilatkozom, hogy a Radio LAN device megfelel a vonatkozó alapvetõ követelményeknek és az 1999/5/EC irányelv egyéb elõírásainak.
hwc_appendixb.fm Regulatory information Wireless APs 26XX and 36XX B.2.6.
hwc_appendixb.fm Regulatory information Wireless APs 26XX and 36XX B.2.6.3 External antennas The AP2620/AP3620 external antenna APs can also be used with certified external antennas. However, in order to comply with the local laws and regulations, an approval may be required by the local regulatory authorities. For a list of approved external antennas, see Section B.2.8, “AP2620/AP3620 approved external antennas”.
hwc_appendixb.fm Regulatory information Wireless APs 26XX and 36XX • There is a default group of settings that each Wireless AP receives when it connects to the controller. There is the ability to change these settings. The user or installer is responsible to ensure that each Wireless AP is properly configured. • The software within the controller will automatically limit the allowable channels and output power determined by the selected country code.
hwc_appendixb.fm Regulatory information Wireless APs 26XX and 36XX B.2.6.5 European spectrum usage rules The AP configured with approved internal or external antennas can be used for indoor and outdoor transmissions throughout the European community as displayed in Table 46. Some restrictions apply in Belgium, France, Greece, and Italy. Country 5.15-5.25 (GHz) Channels: 36,40,44,48 5.25-5.35 (GHz) Channels: 52,56,60,64 5.47-5.725 (GHz) Channels: 100,104,108,112,116, 132,136,140 2.4-2.
hwc_appendixb.fm Regulatory information Wireless APs 26XX and 36XX Country 5.15-5.25 (GHz) Channels: 36,40,44,48 5.25-5.35 (GHz) Channels: 52,56,60,64 5.47-5.725 (GHz) Channels: 100,104,108,112,116, 132,136,140 2.4-2.
hwc_appendixb.fm Regulatory information Wireless APs 26XX and 36XX B.2.7 Certifications of other countries The Wireless APs have been certified for use in various other countries. When the Wireless AP is connected to the Siemens HiPath Wireless Controller, the user is prompted to select a country code. Once the correct country code is selected, the controller automatically sets up the Wireless AP with the proper frequencies and power outputs for that country code.
hwc_appendixb.fm Regulatory information Wireless APs 26XX and 36XX B.2.8 AP2620/AP3620 approved external antennas The AP2620/AP3620 external antenna APs can be used with certified external antennas. However, in order to comply with the local laws and regulations, an approval may be required by the local regulatory authorities. The following optional antennas have been tested and approved for use with the external antenna models.
hwc_appendixb.fm Regulatory information Wireless APs 26XX and 36XX RF safety distance The antennas used for this transmitter must be installed to provide a separation distance of at least 25 cm from all persons and must not be co-located or operating in conjunction with another antenna or transmitter. 9034530-02, March 2010 HiPath Wireless Controller, Access Points and Convergence Software V7.
hwc_appendixb.fm Regulatory information Wireless APs 26XX and 36XX 518 9034530-02, March 2010 HiPath Wireless Controller, Access Points and Convergence Software V7.
hwc_appendixc.fm optiPoint WL2 Configuration optiPoint WL2 wireless telephone configuration C optiPoint WL2 Configuration This appendix describes the recommended configuration for the optiPoint WL2 wireless telephone with the HiPath Wireless LAN Solution. In addition, corresponding configurations should be made on the PBX, if applicable. Update your optiPoint WL2 wireless telephone software to the latest available firmware.
hwc_appendixc.fm optiPoint WL2 Configuration optiPoint WL2 wireless telephone configuration To configure Quality of Service protocol settings: 1. In the left pane, click Quality of Service. The Quality of Service: Protocol Settings screen is displayed. 2. Configure the following Quality of Service settings: • In the DSCP Class for Voice drop-down list, click Expedited Forwarding to ensure maximum voice priority. • In the DSCP Class for Signalling drop-down list, click Assured Forwarding 3.
hwc_appendixc.fm optiPoint WL2 Configuration optiPoint WL2 wireless telephone configuration To configure WLAN settings: 1. In the left pane, click Network. The Network: Profile Selection screen is displayed. 2. In the List of Profiles, click Edit for the profile you want to configure. The Network: Profile Name screen is displayed. 3. In the left pane, click WLAN. The Network: WLAN for profile screen is displayed. 4.
hwc_appendixc.fm optiPoint WL2 Configuration optiPoint WL2 wireless telephone configuration A larger value, for example -65 dBm will cause the phone to scan for alternate Wireless APs more often, which will result in more wireless traffic and slightly decreased battery life. A smaller value, for example -75 dBm will cause the phone to roam too late, causing voice interruptions during roaming. • In the Preamble Type section, select Short. The short preamble provides for higher voice capacity.
hwc_appendixc.fm optiPoint WL2 Configuration HiPath Wireless Controller configuration C.2 HiPath Wireless Controller configuration The easiest way to configure a voice VNS is to use the VNS Creation Wizard. Refer to Section 6.4.2, “Creating a voice VNS using the VNS wizard”, on page 262. The following settings must be configured on the HiPath Wireless Controller. • A dedicated VNS must be used for WL2 phones. No other non-voice clients should be allowed in this VNS. • The VNS must be a non-RADIUS VNS.
hwc_appendixc.fm optiPoint WL2 Configuration HiPath Wireless Controller configuration • The privacy settings on the HiPath Wireless Controller must match those on the optiPoint WL2 phone. • If the optiPoint WL2 phone is configured to use WPA-PSK, select the WPA-PSK option for the VNS. 3. Click the QoS tab. 4. Configure the following QoS policy settings: • For good voice quality and battery life, select WMM.
hwc_appendixc.fm optiPoint WL2 Configuration HiPath Wireless Controller configuration • In the DTIM Period box, type 5. Note: A DTIM Period value of 1 may produce better results if significant RF interference exists in your environment. Use a DTIM Period value of 5 unless you notice a significant improvement when using a value of 1. • In the Beacon Period box, type 100 (ms). • In the RTS/CTS Threshold box, ensure that the default value 2346 is used. • In the Frag.
hwc_appendixc.fm optiPoint WL2 Configuration HiPath Wireless Controller configuration • In the Total # of Tries for Voice VO drop-down list, click adaptive (multi-rate). • In the Total # of Tries for Turbo Voice TVO drop-down list, click adaptive (multi-rate). Note: At a minimum, use adaptive (multi-rate) for Total # of Tries for Best Effort BE and Total # of Tries for Voice VO since this will significantly improve voice quality. • In the Protection Mode drop-down list, click Auto.
hwc_appendixd.fm SpectraLink Wireless Telephones Network Topology D SpectraLink Wireless Telephones The HiPath Wireless LAN Solution, consisting of the HiPath Wireless Controller, Wireless APs, and the HiPath Wireless Convergence Software, seamlessly integrates with SpectraLink Wireless Telephones to serve mobile voice and data requirements. The standards-based architecture of HiPath Wireless LAN provides an exceptional infrastructure for voice quality and handset-reliability to the SpectraLink telephones.
hwc_appendixd.fm SpectraLink Wireless Telephones Configuring HiPath Wireless Controller for SpectraLink telephones Note: For a successful deployment, all network elements in the SpectraLink network should be provisioned to prioritize voice data. D.2 Configuring HiPath Wireless Controller for SpectraLink telephones This section describes how to configure the HiPath Wireless Controller and Wireless APs for use with SpectraLink Wireless telephones.
hwc_appendixd.fm SpectraLink Wireless Telephones Configuring HiPath Wireless Controller for SpectraLink telephones 4. In the Default Policies area, select an existing Non-Authenticated and Authenticated policy, or create a new one by clicking the New button. The Policy configuration window is displayed. 5. From the Topology area, select an existing topology from the Assigned Topology drop-down list. or create a new one by clicking the New button.
hwc_appendixd.fm SpectraLink Wireless Telephones Configuring HiPath Wireless Controller for SpectraLink telephones 9. Add the filtering rules for the IP addresses of all network elements as explained in steps 5 to 7. Note: You must ensure that all the filtering rules, including the ones for SVP/ Gateway and other network elements, are moved up, before the filtering rule for the Default filter. 10. Select the Allow option of the Default filter. 11. To save your changes, click Save.
hwc_appendixd.fm SpectraLink Wireless Telephones Configuring HiPath Wireless Controller for SpectraLink telephones D.2.3 Setting up multicast configuration Note: Before you set up multicast configuration, you must specify the physical port for routing multicast traffic on the Wireless Controller configuration screen. To set up multicast configuration: 1. From the main menu, click Virtual Network Configuration. The Virtual Network Configuration screen is displayed. 2.
hwc_appendixd.fm SpectraLink Wireless Telephones Configuring HiPath Wireless Controller for SpectraLink telephones D.2.4 Setting up Security To set up the security: 1. From the main menu, click Virtual Network Configuration. The Virtual Network Configuration screen is displayed. 2. In the left pane, expand the WLAN Services pane, then select the desired WLAN Service. 3. Click the Privacy tab. 4. Select the WPA-PSK option. 5. Select the WPA v.2 option. 6. Under WPA v.
hwc_appendixd.fm SpectraLink Wireless Telephones Configuring HiPath Wireless Controller for SpectraLink telephones Turbo Voice QoS does not have any effect on HiPath Wireless 802.11n APs as these APs provide best voice quality regardless of whether Turbo Voice QoS is selected or not. Note: To achieve “higher call capacity”, you must ensure that WMM QoS is deselected. Note: The HiPath Wireless 802.11n APs support only the WMM QoS. If you are using 802.
hwc_appendixd.fm SpectraLink Wireless Telephones Configuring HiPath Wireless Controller for SpectraLink telephones • Total # of retries for Voice VO: Set the Total # of retries for Voice VO to adaptive (multi-rate). Note: It is recommended that the Tx Diversity should be set to Left. 7. Retain the default values for all other parameters. 8. To save your changes, click Save. To set up the radio for Voice Wireless LAN in HiPath Wireless 802.11n APs (Models AP3610/3620): 1.
hwc_appendixe.fm Default GuestPortal source code Ticket page E Default GuestPortal source code E.1 Ticket page E.1.
hwc_appendixe.fm Default GuestPortal source code Ticket page E.1.2 Default GuestPortal ticket page source code Note: The GuestPortal account information placeholders used in the html code are preceded by the ! character.
hwc_appendixe.
hwc_appendixe.fm Default GuestPortal source code GuestPortal sample header page
- Once connected, launch your Internet browser and you will be redirected to the Guest Access webpage.
- Enter the user ID and password supplied above. By logging into the network, you are accepting the terms and conditions below.
- You're connected!
