HiPath Wireless Controller, Access Points and Convergence Software, V3.
*1PA31003-W1010-A100-1-7619* 1P A31003-W1010-A100-1-7619 The information provided in this document contains merely general descriptions or characteristics of performance which in case of actual use do not always apply as described or which may change as a result of further development of the products. An obligation to provide the respective characteristics shall only exist if expressly agreed in the terms of contract. The trademarks used are owned by Siemens AG or their respective owners.
HWC_User_GuideTOC.fm Nur für den internen Gebrauch Content Content 0 1 About this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.1 Who should use this guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.2 What is in this guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.3 Formatting conventions . . . . . . . . . . . . . . . . . . .
HWC_User_GuideTOC.fm Content Nur für den internen Gebrauch 4.4 Setting up static routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.5 Setting up OSPF Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.6 Filtering at the interface level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.6.1 Port-based exception filters: built-in . . . . . . . . . . . . . . . . . . .
HWC_User_GuideTOC.fm Nur für den internen Gebrauch Content 7.5 Filtering rules for a VNS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-90 7.5.1 Filtering rules for an exception filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-91 7.5.2 The non-authenticated filter for Captive Portal . . . . . . . . . . . . . . . . . . . . . . . . . . 7-92 7.5.3 Filtering rules for a Filter ID group. . . . . . . . . . . . . . . . . . . . . . . . .
HWC_User_GuideTOC.fm Content Nur für den internen Gebrauch 13 Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-155 13.1 Networking terms and abbreviations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-155 13.2 Controller, Access Points and Convergence Software terms and abbreviations . 13-175 A Controller, Access Points and Convergence Software system states and LEDs A-177 A.
HWC_Pref.fm About this Guide Who should use this guide 1 About this Guide This guide describes how to install, configure, and manage the Controller, Access Points and Convergence Software software. 1.1 Who should use this guide This guide is a reference for system administrators who install and manage the Controller, Access Points and Convergence Software. 1.
HWC_Pref.fm About this Guide Formatting conventions ● Chapter 10, “Setting up third-party access points”, describes how to use the Controller, Access Points and Convergence Software features with third-party wireless APs. ● Chapter 11, “Mitigator: detecting rogue access points”, explains the security tool that scans for, detects and reports on rogue access points.
HWC_Pref.fm About this Guide Documentation feedback 7 1.4 Warnings identify essential information. Ignoring a warning can lead to problems with the application. Documentation feedback If you have any problems using this document, please contact your next level of support: ● Siemens employees should contact the interactive Customer Engagement Team (i-CET). ● Customers should contact the Siemens Customer Support Center. When you call, please have the following information ready.
HWC_Pref.fm About this Guide Regulatory information HiPath Wireless Controller (C10, C100 and C1000): ● IEC 60959-1 ● EN 60950-1 ● UL 60950-1 ● CAN/CSA C22.2 No.60950-1-03 1.6.
HWC_Pref.fm About this Guide Regulatory information 1.6.4 Other Approvals Wireless AP (AP2610 and AP2620): ● UL 2043 (Fire Test for Heat and Visible Smoke) meets plenum rating requirements for use in air-handling spaces A31003-W1010-A100-1-7619, July 2005 HiPath Wireless Controller, Access Points and Convergence Software V3.
HWC_Pref.fm About this Guide Regulatory information 10 A31003-W1010-A100-1-7619, July 2005 HiPath Wireless Controller, Access Points and Convergence Software V3.
HWC_Intro.fm The Controller, Access Points and Convergence Software solution What is the Controller, Access Points and Convergence Software system? 2 The Controller, Access Points and Convergence Software solution The next generation of Siemens wireless networking devices provides a truly scalable WLAN solution. Siemens Wireless APs are thin access points that are controlled through a sophisticated network device, the HiPath Wireless Controller.
HWC_Intro.fm The Controller, Access Points and Convergence Software solution What is the Controller, Access Points and Convergence Software system? 2.1.1 Conventional wireless LANS At its simplest, wireless communication between two or more computers requires that each one is equipped with a receiver/transmitter – a WLAN Network Interface Card (NIC) – capable of exchanging digital information over a common radio frequency. This is called an ad hoc configuration.
HWC_Intro.fm The Controller, Access Points and Convergence Software solution What is the Controller, Access Points and Convergence Software system? Clearly, there must be a better way than setting up each access point individually. 2.1.
HWC_Intro.fm The Controller, Access Points and Convergence Software solution What is the Controller, Access Points and Convergence Software system? Figure 2-2 Controller, Access Points and Convergence Software solution The HiPath Wireless Controller appears to the existing network as if it were an access point, but in fact one HiPath Wireless Controller controls many Wireless APs. The HiPath Wireless Controller has built-in capabilities to recognize and manage the Wireless APs.
HWC_Intro.fm The Controller, Access Points and Convergence Software solution What is the Controller, Access Points and Convergence Software system? Scales up to Enterprise capacity One HiPath Wireless Controller controls as many as 200 Wireless APs. In turn each Wireless AP can handle up to 254 wireless devices. With additional HiPath Wireless Controllers, the number of wireless devices the system can support is in the thousands.
HWC_Intro.fm The Controller, Access Points and Convergence Software solution Controller, Access Points and Convergence Software and your network Offers troubleshooting Controller, Access Points and Convergence Software logs system capability and session activity and provides reports to aid in troubleshooting analysis.
HWC_Intro.fm The Controller, Access Points and Convergence Software solution Controller, Access Points and Convergence Software and your network ● Domain Name Server (DNS), for an alternate mechanism (if present on the enterprise network) for the automatic discovery process. Controller, Access Points and Convergence Software relies on the DNS for Layer 3 deployments and for static configuration of Wireless APs. The Siemens solution relies on registering "controller" as the DNS name.
HWC_Intro.fm The Controller, Access Points and Convergence Software solution Controller, Access Points and Convergence Software and your network 2.2.2 Figure 2-3 Network traffic flow Traffic Flow diagram The diagram above shows a simple configuration with a single HiPath Wireless Controller and two Wireless APs, each supporting a wireless device.
HWC_Intro.fm The Controller, Access Points and Convergence Software solution Controller, Access Points and Convergence Software and your network 2.2.3 Network security The Controller, Access Points and Convergence Software system provides features and functionality to control network access. These are based on standard wireless network security practices. Current wireless network security methods provide a degree of protection.
HWC_Intro.fm The Controller, Access Points and Convergence Software solution Controller, Access Points and Convergence Software and your network In Controller, Access Points and Convergence Software, a RADIUS redundancy feature is provided, where you can define a failover RADIUS server (up to 2 servers) in the event that the active RADIUS server fails. 2.2.3.2 Privacy Privacy is a mechanism that protects data over wireless and wired networks, usually by encryption techniques.
HWC_Intro.fm The Controller, Access Points and Convergence Software solution Controller, Access Points and Convergence Software and your network ● Static routes: Use static routes to set the default route of a HiPath Wireless Controller so that legitimate wireless device traffic can be forwarded to the default gateway. ● Open Shortest Path First (OSPF, version 2) (RFC2328): Use OSPF to specify the next best hop (route) of a HiPath Wireless Controller.
HWC_Intro.fm The Controller, Access Points and Convergence Software solution Controller, Access Points and Convergence Software and your network The HiPath Wireless Controller stores the wireless device’s current session information, such as IP address and MAC address. If the wireless device has not disassociated, then when it requests network access on a different Wireless AP, the HiPath Wireless Controller can match its session information and recognize it as still in a current session.
HWC_Startup.fm HiPath Wireless Controller: Startup HiPath Wireless Controller features and installation 3 HiPath Wireless Controller: Startup 3.1 HiPath Wireless Controller features and installation The HiPath Wireless Controller is a network device designed to be integrated into an existing wired Local Area Network (LAN).
HWC_Startup.fm HiPath Wireless Controller: Startup HiPath Wireless Controller features and installation Model Number Specifications HiPath Wireless Controller C1000 ● ● ● ● 3.1.
HWC_Startup.fm HiPath Wireless Controller: Startup First-time setup of HiPath Wireless Controller 4. Perform initial setup of the HiPath Wireless Controller to change its factory default IP address. 5. After that, connect the HiPath Wireless Controller to the enterprise LAN. 3.2 First-time setup of HiPath Wireless Controller 3.2.
HWC_Startup.fm HiPath Wireless Controller: Startup First-time setup of HiPath Wireless Controller 4. Point the browser to the URL https://192.168.10.1:5825. This URL launches the webbased GUI on the HiPath Wireless Controller. The login screen appears. 5. Key in the factory default User Name (“admin”) and Password (“abc123”). Click on the Login button. The main menu screen appears. 6.
HWC_Startup.fm HiPath Wireless Controller: Startup First-time setup of HiPath Wireless Controller 7. In the left-hand list, click on the IP Addresses option. The Management Port Settings area (top portion of the screen) displays the factory settings for the HiPath Wireless Controller. 8. To modify Management Port Settings, click the Modify button. The System Port Configuration screen appears. 9.
HWC_Startup.fm HiPath Wireless Controller: Startup The graphical user interface (GUI): overview Subnet mask For the IP address, the appropriate subnet mask to separate the network portion from the host portion of the address (typically 255.255.255.0) Management Gateway The default gateway of the network. Primary DNS The primary name server used by the network. Secondary DNS The secondary name server used by the network 10. Click OK to return to the HiPath Wireless Controller Configuration screen.
HWC_Startup.fm HiPath Wireless Controller: Startup The graphical user interface (GUI): overview The main areas in the Controller, Access Points and Convergence Software user interface are accessed from the main menu, or by clicking on the appropriate tab across the top of each screen. Within each area, to access the associated subscreens, click on the screen name in the left-hand list. Tab Screen Function Logs & Traces Logs normal events and alarm events Trace logs are by component.
HWC_Startup.fm HiPath Wireless Controller: Startup The graphical user interface (GUI): overview 30 A31003-W1010-A100-1-7619, July 2005 HiPath Wireless Controller, Access Points and Convergence Software V3.
HWC_SoftwareConfig.fm Controller, Access Points and Convergence Software configuration Configuration steps: overview 4 Controller, Access Points and Convergence Software configuration 4.1 Configuration steps: overview To set up and configure the HiPath Wireless Controller and Wireless APs, follow these steps: 1. First-time Setup: Perform “First-Time Setup” of the HiPath Wireless Controller on the physical network to modify the Management Port IP address for the enterprise network. 2.
HWC_SoftwareConfig.fm Controller, Access Points and Convergence Software configuration Enabling the product key 4.2 Enabling the product key Once the “First-Time Setup” is complete, the next step in the initial setup of the HiPath Wireless Controller is to enter your product key. This is a one-time event. The Product Key file is provided with your HiPath Wireless Controller in a downloaded file. For assistance, if you cannot find the product key, contact your local represenative.
HWC_SoftwareConfig.fm Controller, Access Points and Convergence Software configuration Setting up the data ports 4.3 Setting up the data ports The next step in the initial setup of the HiPath Wireless Controller is to configure the physical data ports. Configuring the data port interfaces on the HiPath Wireless Controller 1. Click on the HiPath Wireless Controller tab. In the HiPath Wireless Controller Configuration screen, click on the IP Address option.
HWC_SoftwareConfig.fm Controller, Access Points and Convergence Software configuration Setting up the data ports > 4. In a “Branch Office” scenario, where the Wireless AP is configured statically on a local network whose MTU is lower than 1500, the HiPath Wireless Controller automatically adjusts the MTU size to prevent packet fragmentation. For the highlighted port, select its Function from the drop-down list: Host Port, 3rd Party AP, Router (defined below).
HWC_SoftwareConfig.fm Controller, Access Points and Convergence Software configuration Setting up static routes Wireless APs must not be attached to a “3rd-Party AP” port. ● Router Port Define as “Router Port” a port that you wish to connect to an upstream next-hop router in the network. Dynamic routing protocol such as OSPF can be turned on for this port type. Wireless APs can be attached to a “Router” port.
HWC_SoftwareConfig.fm Controller, Access Points and Convergence Software configuration Setting up static routes Setting up a static route on the HiPath Wireless Controller 1. Click on the HiPath Wireless Controller tab. In the HiPath Wireless Controller Configuration screen, click on the Routing Protocols option. 2. Click the Static Routes tab. The Static Routes screen appears. 3. To add a new route, click in the Destination Address field and key in the destination IP address of a packet.
HWC_SoftwareConfig.fm Controller, Access Points and Convergence Software configuration Setting up OSPF Routing 7. The Override dynamic routes checkbox is on by default. This means the static routes defined here will have priority over the OSPF learned routes (including default route) that the HiPath Wireless Controller uses for routing. If you wish to remove this priority for static routes, so that routing is controlled dynamically at all times, click the Override dynamic routes checkbox off. > 8.
HWC_SoftwareConfig.fm Controller, Access Points and Convergence Software configuration Setting up OSPF Routing Ensure that the OSPF parameters defined here for the HiPath Wireless Controller are consistent with the adjacent routers in the OSPF area. The parameters include the following: ● If the peer router has different timer settings, the protocol timer settings in the HiPath Wireless Controller must be changed to match, in order to achieve OSPF adjacency.
HWC_SoftwareConfig.fm Controller, Access Points and Convergence Software configuration Filtering at the interface level Port Status: To enable OSPF on the port, select Enabled from the drop-down list. Link Cost: Key in the OSPF standard for your network for this port. Default displayed is 10. (The cost of sending a data packet on the interface. The lower the cost, the more likely the interface is to be used to forward data traffic.
HWC_SoftwareConfig.fm Controller, Access Points and Convergence Software configuration Filtering at the interface level In addition to these built-in filters, the administrator can define specific exception filters at the interface-level to customize network access. These filters do not depend on a VNS definition. 4.6.1 Port-based exception filters: built-in On the HiPath Wireless Controller, various port-based exception filters are built in and invoked automatically.
HWC_SoftwareConfig.fm Controller, Access Points and Convergence Software configuration Filtering at the interface level Exception filtering rules that you will define for a VNS will apply to the wireless device users after their authentication, whereas the filtering rules that you define here apply to all traffic on a physical port. Define port exception filters 1. Click on the HiPath Wireless Controller tab. Click on the Port Exception Filters option. The Port Exception Filters screen appears. 2.
HWC_SoftwareConfig.fm Controller, Access Points and Convergence Software configuration Filtering at the interface level 42 A31003-W1010-A100-1-7619, July 2005 HiPath Wireless Controller, Access Points and Convergence Software V3.
HWC_APStartup.fm Wireless AP: startup Wireless AP features 5 Wireless AP: startup You are now ready to add the Wireless APs to the Controller, Access Points and Convergence Software system and register them with the HiPath Wireless Controller. Before the Wireless APs can handle wireless traffic, you will also need to assign the Wireless APs to a VNS. 5.1 Wireless AP features The Wireless AP is a wireless LAN access point using the 802.11 wireless standards (802.11a, 802.11b and 802.
HWC_APStartup.fm Wireless AP: startup Installing the Wireless APs The 802.11g standard applies to wireless LANs and specifies a transmission rate of 54 Mbps. The 802.11b (High Rate) standard is an extension to 802.11 that specifies a transmission rate of 11 Mbps. Because 802.11g uses the same communication frequency range as 802.11b (2.4 GHz), 802.11g devices can co-exist with 802.11b devices on the same network Either radio on the Wireless AP can be enabled or disabled in the user interface.
HWC_APStartup.fm Wireless AP: startup Connecting and powering the Wireless AP 3. Press the back of the Wireless AP onto the bracket, aligning it with the open notches in the bracket. Then slide it downwards until it clicks into place. To remove the Wireless AP, release the spring clip by inserting the Allen key (provided) into the small hole at the bottom of the bracket. Use the Allen key to depress the spring clip. Then slide the case up the bracket and lift off the Wireless AP.
HWC_APStartup.fm Wireless AP: startup Discovery and registration: Wireless AP registration settings Powering up the Wireless AP initiates its automatic discovery and registration process with the HiPath Wireless Controller, The parameters for this process should be set in the Wireless AP Registration screen.
HWC_APStartup.fm Wireless AP: startup Discovery and registration: Wireless AP registration settings ● Allow approved If the HiPath Wireless Controller does not recognize the serial number, the operator is prompted to create a configuration. If it recognizes the serial number, it sends the configuration for that Wireless AP. > It may be advisable, for the initial set up of the network, to select the "Allow All" option here.
HWC_APStartup.fm Wireless AP: startup Discovery and registration This completes the preparation for the "discovery" process. Now you can go back to the Wireless APs and power them on. 5.5 Discovery and registration When the Wireless AP is powered on, it automatically begins a "discovery" process to determine the IP address of the HiPath Wireless Controller. When successful, it registers with the HiPath Wireless Controller.
HWC_APStartup.fm Wireless AP: startup Discovery and registration Discover step 2: static IP address You can specify a list of static IP addresses of the HiPath Wireless Controllers on your network. On the Wireless AP Configuration screen "Static Configuration" tab, add the addresses to the "Wireless Controller Search List". 7 Care must be taken when setting or changing these values. Wireless APs configured statically will connect only to HiPath Wireless Controllers in the list.
HWC_APStartup.fm Wireless AP: startup Discovery and registration Discovery step 5: the multicast SLP solution If all of the preceding methods fail to locate a HiPath Wireless Controller, then the Wireless AP sends out a multicast SLP request, looking for any SLP Service Agents providing the "siemens" service. Registration after discovery Any of the discovery steps 2 through 5 can inform the Wireless AP of a list of multiple IP addresses to which the Wireless AP may attempt to connect.
HWC_APStartup.fm Wireless AP: startup Discovery and registration 1. When powered on, the Wireless AP status LED turns from dark to green briefly. Status LED: green (solid) then to dark before beginning boot sequence. 2. The Wireless AP performs a self-test. Status LED: red (solid) if POST failed. 3. The "Discovery" mode: the Wireless AP sends a request to the DHCP server on the enterprise network for the location of the HiPath Wireless Controller (as described above.
HWC_APStartup.fm Wireless AP: startup Wireless AP access approval 5.6 Wireless AP access approval You can also view and modify the status of registered Wireless APs. Use this function to modify the status of a Wireless AP from "Pending" to "Approved" for a manual registration. You can also delete the configuration of Wireless APs that are no longer in service. Modify a Wireless AP's registration status (approve access) 1. Click on the Wireless APs tab. The Wireless AP Configuration screen appears.
HWC_APStartup.fm Wireless AP: startup Configuring properties and radios 5.7 Configuring properties and radios Once a Wireless AP has successfully registered on the HiPath Wireless Controller, it appears in the side list in the Wireless AP Configuration: Properties screen, where you can modify its properties and radio parameters. 5.7.1 View and modify properties of registered Wireless APs 1. Select the Wireless APs tab in any screen.
HWC_APStartup.fm Wireless AP: startup Configuring properties and radios Status (Display only) "Approved" = Wireless AP has received its binding key from the HiPath Wireless Controller after the Discovery process. "Pending" = binding key not yet received. You can modify the status of a Wireless AP (for example from "Pending" to "Approved") in the Access Approval screen. Active Clients (Display only) The number of wireless devices currently active on the Wireless AP.
HWC_APStartup.fm Wireless AP: startup Configuring properties and radios 3. Modify these Base Settings where appropriate. BSS Info (Display only) After VNS configuration, the Basic Service Set (BSS) area displays the MAC address on the Wireless AP for each VNS and the SSIDs of the VNSs to which this radio has been assigned. DTIM Delivery Traffic Indication Message period. Default is 1. Beacon Period Time units between beacon transmissions. Default is 100.
HWC_APStartup.fm Wireless AP: startup Configuring properties and radios Short Retry Limit The maximum number of transmission attempts of a frame that is less than or equal to the RTS Threshold, before a failure condition is indicated. Default is 200. Long Retry Limit The maximum number of transmission attempts of a frame that is greater than the RTS Threshold, before a failure condition is indicated. Default is 201.
HWC_APStartup.fm Wireless AP: startup Configuring properties and radios > Radio A Channels 100 to 140 occupy the 5470-5725 MHz band, in the regulatory domains of the European Union and European Union free trade countries. Radio B/G Channels 12 to 14 are not available in North America. Radio Channels 802.
HWC_APStartup.fm Wireless AP: startup Configuring properties and radios 1. Select the Wireless AP tab. In any radio screen, click on the Add Wireless AP button. The Add Wireless AP subscreen appears. 2. Key in, or select from the drop-down list, information in the following fields: 3. Serial # A unique identifier set during manufacture. Name A unique name for the Wireless AP. Description Available for descriptive comments (optional).
HWC_APStartup.fm Wireless AP: startup Configuring properties and radios > In static configuration, if the Wireless AP cannot register with the HiPath Wireless Controller within the specified number of retries), the Wireless AP will use SLP, DNS and SLP multicast as a backup mechanism (as described in the discovery process). If unsuccessful, the Wireless AP resumes the discovery process with the static configuration, followed with SLP, DNS and SLP multicast.
HWC_APStartup.fm Wireless AP: startup Dynamic Radio Frequency Management (DRM) software 3. Click the Bridge Traffic Locally checkbox on to enable this. When authentication of a wireless device user in the Branch Office is complete, the Wireless AP will direct all traffic to the local network. Authentication is 802.1x-AAA. Authentication by Captive Portal is not supported 4.
HWC_APStartup.fm Wireless AP: startup Dynamic Radio Frequency Management (DRM) software Configure DRM software 1. Select the Wireless AP tab in any screen. Click on the DRM option. The DRM Configuration screen appears. 2. The Enable DRM checkbox is on by default., enabling the software globally. 3. From the list of registered Wireless APs, select the Wireless AP you want to configure for DRM by clicking its checkbox on. The fields for DRM populate with default values, with DRM “on”. 4.
HWC_APStartup.fm Wireless AP: startup Dynamic Radio Frequency Management (DRM) software 62 A31003-W1010-A100-1-7619, July 2005 HiPath Wireless Controller, Access Points and Convergence Software V3.
HWC_VNSIntro.fm Virtual network services (VNS): Introduction Overview 6 Virtual network services (VNS): Introduction 6.1 Overview Virtual Network Services (VNS) are the key to the advantages that the Controller, Access Points and Convergence Software system has to offer. This technique provides a versatile means of mapping wireless networks to the topology of an existing wired network.
HWC_VNSIntro.fm Virtual network services (VNS): Introduction What is a VNS? > To deploy Controller, Access Points and Convergence Software without a RADIUS server (and without authentication of users on the network), select SSID for network assignment (in the Topology screen). In the Authentication - Configure Captive Portal screen, click on the No Captive Portal radio button. There will be no authentication of users, but Controller, Access Points and Convergence Software is otherwise operational.
HWC_VNSIntro.fm Virtual network services (VNS): Introduction Topology of a VNS 4. A single overall filtering policy applies to all the wireless devices within the VNS. Further filtering can be applied when the wireless user is authenticated by the RADIUS server. 5. When the HiPath Wireless Controller creates the VNS, it also creates a virtual IP subnet for that VNS. 6. Each VNS represents a mobility group that, when configured, can be carried across multiple HiPath Wireless Controllers. 7.
HWC_VNSIntro.fm Virtual network services (VNS): Introduction Network assignment and authentication for a VNS You can view (in the Wireless AP Configuration screen) a list of defined VNSs to which each radio has been assigned. In the Topology area of Virtual Network Configuration, you also define other aspects of the VNS, such as the parameters for DHCP for IP address assignment. You might also configure this VNS for management traffic only, or for Third-Party Access Points, or for Voice Traffic.
HWC_VNSIntro.fm Virtual network services (VNS): Introduction Filtering for a VNS ● EAP-TLS Extensible Authentication Protocol - Transport Layer Security that relies on client-side and server-side certificates to perform authentication and can be used to dynamically generate user-based and session-based WEP keys.
HWC_VNSIntro.fm Virtual network services (VNS): Introduction Filtering for a VNS Within each type of filter, you define a sequence of filtering rules. This sequence must be carefully planned and arranged in the order that you want them to take effect.
HWC_VNSIntro.fm Virtual network services (VNS): Introduction Privacy on a VNS: WEP and WPA Since users have already logged in and have been authenticated, there is no need for a Non-Authenticated filter. When authentication is returned, then the Filter ID group filters are applied. For AAA, a VNS can have a subgoup with Login-LAT-group ID that has its own filtering rules. If no Filter ID matches are found, then the Default filter is applied. 6.
HWC_VNSIntro.fm Virtual network services (VNS): Introduction Setting up a new VNS Configure the new VNS (overview of basic steps) 1. Select the network assignment mechanism from the Assignment by drop-down list: ● SSID ● AAA 2. In the SSID box at the right, key in the SSID that the wireless devices will use to access the Wireless AP. 3. Select the Wireless APs (by radio) to be assigned to this VNS. The displayed list of available Wireless APs has a checkbox for each radio on the Wireless AP.
HWC_VNSIntro.fm Virtual network services (VNS): Introduction Global Settings for a VNS 6.8 Global Settings for a VNS Before defining specific Virtual Network Services (VNS), define various settings that will apply to all VNS definitions.
HWC_VNSIntro.fm Virtual network services (VNS): Introduction Global Settings for a VNS Server Address The IP address of the RADIUS server Shared Secret The password that is required in both directions that is set up on the RADIUS Server. This password is used to validate the connection between the Controller and the RADIUS Server. To display the shared secret (in order to proofread your entry before saving the configuration), click on the Unmask button.
HWC_VNSConfiguration.fm Virtual Network configuration Topology for a VNS 7 Virtual Network configuration For each VNS, you define its topology, authentication, accounting, RADIUS servers, filtering, multicast parameters and privacy mechanism. When you set up a new VNS definition, the additional tabs will appear only after you save the Topology. 7.1 Topology for a VNS In the Topology screen, the key choice for a VNS is the type of network assignment, which determines all the other factors of the VNS.
HWC_VNSConfiguration.fm Virtual Network configuration Topology for a VNS Create an SSID for Captive Portal VNS 1. Using the Assignment by drop-down list, select SSID. 2. In the SSID box, key in the SSID that wireless devices will use to access the Wireless AP. 3. Click the Suppress SSID checkbox on to prevent this SSID from appearing in the beacon message sent by the Wireless AP.
HWC_VNSConfiguration.fm Virtual Network configuration Topology for a VNS Once you have assigned a Wireless AP radio to four VNSs, it will not appear in the list for another VNS setup. You can view the VNSs that each radio is participating in by clicking on each radio tab in the Wireless AP Configuration screen. Enable Management Traffic on this VNS 6. To use this VNS for Management Traffic such as SSH, HTTPS, or SNMP, click the Allow mgmt traffic checkbox on.
HWC_VNSConfiguration.fm Virtual Network configuration Topology for a VNS 13. If there are specific IP addresses to be excluded from this range, click on the Exclusions button. The Address Exclusion subscreen appears. 14. In the Exclusions subscreen, key in the IP addresses or address ranges to exclude. Click on the Add button after each entry. Click on the Save button to save the changes and return to the Topology screen. 15.
HWC_VNSConfiguration.fm Virtual Network configuration Topology for a VNS Use DHCP Relay for the VNS 20. To use an external DHCP server, click the Use DHCP Relay checkbox on. The DHCP Settings area of the screen changes to display only the Gateway IP, Mask and DHCP Server fields. Key in the appropriate IP addresses and mask to reach the enterprise's external DHCP server. Use DHCP Relay to force the HiPath Wireless Controller to forward DHCP requests to an external DHCP server on the enterprise network.
HWC_VNSConfiguration.fm Virtual Network configuration Authentication for a VNS Create an AAA topology 1. Using the Assignment by drop-down list, select AAA. 2. To configure the VNS, follow steps 2 to 20 above, for the Topology for Captive Portal (SSID network assignment), with the exception of step 7. Configuring a VNS for Third-party APs is only available with SSID network assignment. Save the new VNS 3. To save this VNS configuration for AAA, click on the Save button. 7.
HWC_VNSConfiguration.fm Virtual Network configuration Authentication for a VNS The chart below shows the authentication and accounting combinations available: Accounting CDR Internal CP External CP SSID / None Unavailable Unavailable Unavailable Configurable SSID / MAC Unavailable Unavailable Unavailable Configurable SSID / Int. Auth Configurable Configurable Configurable Configurable SSID / Ext.
HWC_VNSConfiguration.fm Virtual Network configuration Authentication for a VNS 7.2.1 Authentication for a VNS for Captive Portal For Captive Portal authentication, the wireless device connects to the network, but can only access the specific network destinations defined in the Non-Authenticated Filter (see Section 7.5.2, “The non-authenticated filter for Captive Portal”, on page 92).
HWC_VNSConfiguration.fm Virtual Network configuration Authentication for a VNS 2. In the right-hand portion of the screen, there are three options: ● Auth. to define authentication servers ● MAC to define servers for MAC-based authentication ● Acct. to define accounting servers Select Auth. A box appears around this area of the screen. 3. From the drop-down list of RADIUS servers that were defined in the Global Settings screen, select the server you wish to use for Captive Portal authentication.
HWC_VNSConfiguration.fm Virtual Network configuration Authentication for a VNS NAS Identifier 5. 6. Network Access Server (NAS) identifier, a RADIUS attribute that identifies the server responsible for passing information to designated RADIUS Servers and then acting on the response returned. [Optional] In the Auth. Type field, select the authentication protocol to be used by the RADIUS server to authenticate the wireless device users (for a VNS with Captive Portal authentication).
HWC_VNSConfiguration.fm Virtual Network configuration Authentication for a VNS 3. To run a test of the HiPath Wireless Controller’s connection to all configured RADIUS servers, click on the Test button. In the pop-up screen, key in your User ID and click on the Test button. 4. To view a summary of the RADIUS test results, click on the View Summary button. 5. To save the authentication parameters for this VNS, click on the Save button. 7.2.1.
HWC_VNSConfiguration.fm Virtual Network configuration Authentication for a VNS 3. Login Label The text that will appear as a label for the user login field Password Label The text that will appear as a label for the user password field Key in the locations of the header and footers. Header URL The location of the file to be displayed in the Header portion of the Captive Portal screen. This page can be customized to suit your company, with logos or other graphics.
HWC_VNSConfiguration.fm Virtual Network configuration Authentication for a VNS > In order for Captive Portal authentication to work, all the URLs referenced in the Captive Portal setup must also be specifically identified and allowed in the NonAuthenticated Filter (see Section 7.5.2, “The non-authenticated filter for Captive Portal”, on page 92). Configure the Captive Portal Settings for External Captive Portal 1. Click on the External Captive Portal radio button in the Captive Portal Settings screen.
HWC_VNSConfiguration.fm Virtual Network configuration Authentication for a VNS 3. To save the authentication parameters for this VNS, click on the Save button. 7.2.3 MAC-based authentication for a VNS MAC-based authentication enables network access to be restricted to specific devices by MAC address. The HiPath Wireless Controller queries a RADIUS server for MAC address when a wireless client attempts to connect to the network.
HWC_VNSConfiguration.fm Virtual Network configuration Accounting for a VNS Alternatively, highlight a server name that has already been used for another type of authentication, or accounting, and click on the checkbox User server for MAC Authentication. 3. Fill in the fields described above for Captive Portal authentication or for AAA authentication. 4. In the Auth.
HWC_VNSConfiguration.fm Virtual Network configuration RADIUS Policy for a VNS ● RADIUS Accounting: enables the HiPath Wireless Controller to generate an "accounting request packet" with an "accounting start record" after successful login by the wireless device user and an "accounting stop record" based on session termination. The HiPath Wireless Controller sends the accounting requests to a remote RADIUS server.
HWC_VNSConfiguration.fm Virtual Network configuration RADIUS Policy for a VNS 7.4.1 1. RADIUS Policy for Captive Portal In the Virtual Network Configuration screen, highlight the VNS name and click on the RAD Policy tab. For a VNS with SSID network assignment, the Captive Portal version of the RADIUS Policy screen appears. Define the Filter ID values on this VNS. 1.
HWC_VNSConfiguration.fm Virtual Network configuration Filtering rules for a VNS Define the Filter ID values on this VNS 1. In the Virtual Network Configuration screen, highlight the VNS name and click on the RAD Policy tab. For a VNS with AAA network assignment, the AAA version of the RADIUS Policy screen appears. 1. In the Filter ID Values entry field, key in the name of a group that you want to define specific filtering rules for, to control network access. Click on the Add button.
HWC_VNSConfiguration.fm Virtual Network configuration Filtering rules for a VNS 3. Group filters (by Filter ID) for designated user groups, that apply after authentication, when the RADIUS server returns the "access-accept" message along with the Filter-ID attribute value associated with the user. 4. Default filter, to control access if there is no matching Filter ID for a user. For an AAA VNS, since users have already been authenticated, there is no need for a NonAuthenticated filter.
HWC_VNSConfiguration.fm Virtual Network configuration Filtering rules for a VNS 7.5.2 The non-authenticated filter for Captive Portal The non-authenticated filter should allow access to the Captive Portal page IP address, as well as to any URLs for the header and footer of the Captive Portal page. The filter should also allow network access to the IP address of the DNS server and to the Network Address, the Gateway, of the VNS (the VNS Gateway is used as the IP for the Captive Portal page).
HWC_VNSConfiguration.fm Virtual Network configuration Filtering rules for a VNS 3. For each filtering rule you are defining: IP / Port: Type in the destination IP address. You can also specify an IP range, a port designation or a port range on that IP address. Protocol: Default is N/A. To specify a protocol, select from the drop-down list (may include UDP, TCP, IPsec-ESP, IPsec-AH, ICMP). 4. For Captive Portal, define a rule to allow access to the default gateway for this VNS.
HWC_VNSConfiguration.fm Virtual Network configuration Filtering rules for a VNS Here is another example of a Non-Authenticated Filter that adds two more filtering rules: one denies access to a specific IP address, and the next rule allows only HTTP traffic, before denying all other access: In Out Allow IP / Port Description x x x IP address of the Default Allow all incoming wireless devices access Gateway to the default gateway of the VNS.
HWC_VNSConfiguration.fm Virtual Network configuration Filtering rules for a VNS Define filtering rules for a Filter ID group 1. In the Virtual Network Configuration screen, click on the Filtering tab. The Filtering screen appears for the highlighted VNS. 2. Using the Filter ID drop-down list, select one of the names you defined in the Filter ID Values field in the Authentication screen [one of your enterprise's user groups, such as Sales, Engineering, Teacher, Guest....
HWC_VNSConfiguration.fm Virtual Network configuration Filtering rules for a VNS Allow: Click checkbox on to allow. Leave unchecked to disallow 6. Edit the order of a filtering rule by highlighting the line and clicking on the Up and Down buttons. The filtering rules are executed in the order defined here 7. To save the filtering rules, click on the Save button. Filtering Rules by Filter ID: Examples Below are two examples of possible filtering rules for a Filter ID.
HWC_VNSConfiguration.fm Virtual Network configuration Filtering rules for a VNS Define the filtering rules for a default filter 1. In the Virtual Network Configuration - Filtering screen, using the Filter ID drop-down list, select Default. 2. Follow Steps 2 to 6, as described above for Filter ID values rules. 3. To save the filtering rules, click on the Save button.
HWC_VNSConfiguration.fm Virtual Network configuration Filtering rules for a VNS In Out Allow IP / Port x Intranet IP 10.3.0.20, ports 10-30 Deny all traffic from the network to the wireless devices on the port range, such as TELNET (port 23) or FTP (port 21) x Intranet IP 10.3.0.20 Allow all other traffic from the wireless devices to the Intranet network x x Intranet IP 10.3.0.20 Allow all other traffic from Intranet network to wireless devices x x *.*.*.*.
HWC_VNSConfiguration.fm Virtual Network configuration Multicast for a VNS 7.6 Multicast for a VNS A mechanism that supports multicast traffic can be enabled as part of a VNS definition. This is provided to support the demands of VoIP and IPTV network traffic, while still providing the network access control. In the Multicast screen, you define a list of multicast groups whose traffic is allowed to be forwarded to and from the VNS. The default behavior is to drop the packets.
HWC_VNSConfiguration.fm Virtual Network configuration Privacy for a VNS 7.7 Privacy for a VNS 7.7.1 Privacy for a VNS for Captive Portal For the Captive Portal VNS, there are three options for the Privacy mechanism: ● None ● Static Wired Equivalent Privacy (WEP) keys for a selected VNS, so that it matches the WEP mechanism used on the rest of the network. You can assign each radio on a Wireless AP to up to four VNSs by SSID. For each VNS, only one WEP key can be specified.
HWC_VNSConfiguration.fm Virtual Network configuration Privacy for a VNS 5. Click on the appropriate radio button to select the Input Method: Input Hex, Input String. 6. Type in the WEP key input, as appropriate to the technique selected. The key is generated automatically, based on the input. 7. To save these settings, click on the Save button. Configure privacy by WPA-PSK for a Captive Portal VNS 1. In the Virtual Network Configuration screen, click on the Privacy tab.
HWC_VNSConfiguration.fm Virtual Network configuration Privacy for a VNS 7.7.2 Privacy for a VNS for AAA For a VNS with authentication by 802.1x (AAA), there are four Privacy options: ● Static keys (WEP) ● Dynamic keys ● Wi-Fi Protected Access (WPA) version 1, with encryption by Temporal Key Integrity Protocol (TKIP) ● Wi-Fi Protected Access (WPA) version 2, with encryption by Advanced Encryption Standard with Counter-Mode/CBC-MAC Protocol (AES-CCMP) Set up static WEP privacy for a VNS for AAA 1.
HWC_VNSConfiguration.fm Virtual Network configuration Privacy for a VNS Set up dynamic WEP privacy for a selected AAA VNS The dynamic key WEP mechanism changes to key for each user and each session. 1. To use dynamic keys, click on the Dynamic Keys radio button. 2. To save these settings, click on the Save button.
HWC_VNSConfiguration.fm Virtual Network configuration Privacy for a VNS ● Cipher Block Chaining Message Authentication Code (CBC-MAC) to provide data integrity The steps in the WPA authentication and encryption process are as follows: 1. The wireless device client associates with Wireless AP. 2. Wireless AP blocks the client's network access while the authentication process is carried out (the HiPath Wireless Controller sends the authentication request to the RADIUS authentication server). 3.
HWC_VNSConfiguration.fm Virtual Network configuration A VNS with no authentication 3. To enable re-keying after a time interval, click the Broadcast re-key interval checkbox on (the default is on). Type in the re-key time interval (the time after which the broadcast encryption key is changed automatically) in seconds. If the box is unchecked, the Broadcast encryption key is never changed and the Wireless AP will always use the same broadcast key for Broadcast/Multicast transmissions.
HWC_VNSConfiguration.fm Virtual Network configuration A VNS for voice traffic VoIP over 802.11 WLANs raises various issues including quality-of-service (QoS), call control, network capacity, and network architecture. Wireless voice data requires a constant transmission rate and must be delivered within a time limit. This type of data is called isochronous data. This requirement for isochronous data is in contradiction to the concepts in the 802.
HWC_VNSConfiguration.fm Virtual Network configuration A VNS for voice traffic For large deployments, an SVP server is required on the enterprise network, if Spectralink devices are to be supported. In Controller, Access Points and Convergence Software, configure the VNS for voice-overinternet traffic as follows: 1. In the Topology screen, set network assignment by SSID 2.
HWC_VNSConfiguration.fm Virtual Network configuration A VNS for voice traffic 108 A31003-W1010-A100-1-7619, July 2005 HiPath Wireless Controller, Access Points and Convergence Software V3.
HWC_ControllerAvailMobility.fm HiPath Wireless Controller Configuration: Availability and Mobility Availability 8 HiPath Wireless Controller Configuration: Availability and Mobility 8.1 Availability The Controller, Access Points and Convergence Software system provides a feature that maintains service availability in the event of a HiPath Wireless Controller outage. The Availability feature links two HiPath Wireless Controllers as a pair, so that they share information about their Wireless APs.
HWC_ControllerAvailMobility.fm HiPath Wireless Controller Configuration: Availability and Mobility Availability 1. In the AP Registration screen, set up each HiPath Wireless Controller in "Stand-alone Mode" and "Secure Mode" (allow only approved Wireless APs to connect). 2. In the VNS Configuration, Topology screen, define a VNS on each HiPath Wireless Controller with the same SSID (but different IP addresses). 3. On one HiPath Wireless Controller, allow all Wireless APs to associate with it.
HWC_ControllerAvailMobility.fm HiPath Wireless Controller Configuration: Availability and Mobility Availability Set up two HiPath Wireless Controllers as a pair, for availability 1. On the HiPath Wireless Controller that is to be the primary, select Wireless APs tab. Click on AP Registration. The Wireless AP Registration Mode screen appears. 2. Click the Paired radio button. 3. Enter the IP address of the physical port of the secondary HiPath Wireless Controller.
HWC_ControllerAvailMobility.fm HiPath Wireless Controller Configuration: Availability and Mobility Availability View the Wireless AP Availability Display When the Wireless AP Configuration: AP Registration Mode screen has been saved for the HiPath Wireless Controller in Paired Mode, the Wireless AP Availability display will show the status of both "local" and "foreign" Wireless APs for that HiPath Wireless Controller.
HWC_ControllerAvailMobility.fm HiPath Wireless Controller Configuration: Availability and Mobility Mobility and the VN Manager Events and actions during a Failover If one of the HiPath Wireless Controllers in a pair fails, the connection between the two HiPath Wireless Controllers is lost. This triggers a "Failover mode" condition, and a critical message appears in the information log of the remaining HiPath Wireless Controller.
HWC_ControllerAvailMobility.fm HiPath Wireless Controller Configuration: Availability and Mobility Mobility and the VN Manager The wireless device will keep the IP address, VNS assignment and filtering rules that it received from the HiPath Wireless Controller that it first connected to - its "home" HiPath Wireless Controller. (This information is collected in the Active Clients by VNS display on the home HiPath Wireless Controller.) The VNS on each HiPath Wireless Controller must have the same SSID.
HWC_ControllerAvailMobility.fm HiPath Wireless Controller Configuration: Availability and Mobility Mobility and the VN Manager Set up a HiPath Wireless Controller as a VN Manager 1. In the HiPath Wireless Controller Configuration screen, click on the VN Manager option. The Virtual Network Settings for VN Manager screen appears. 2. From the Role drop-down list, select VN Manager (other options: None, Agent). 3.
HWC_ControllerAvailMobility.fm HiPath Wireless Controller Configuration: Availability and Mobility Mobility and the VN Manager ● HWC Tunnel Traffic: shows the status of the tunnels between the HiPath Wireless Controllers. To view the status of the tunnels between the HiPath Wireless Controllers, click on the HWC Tunnel Traffic option. This screen displays the HiPath Wireless Controllers known to the VN Manager. If a tunnel is active, a green band is displayed between HiPath Wireless Controllers.
HWC_ControllerConfig.fm HiPath Wireless Controller: configuring other functions Management users 9 HiPath Wireless Controller: configuring other functions 9.1 Management users In this screen you define the login usernames that have access to the GUI, either for Controller, Access Points and Convergence Software Administrators with "read/write" privileges, or users with "read only" privileges. For each user added, you can also define and modify a User ID and Password.
HWC_ControllerConfig.fm HiPath Wireless Controller: configuring other functions Network time 9.2 Network time Use the Network Time screen to synchronize the elements on the network to a universal clock. This ensures accuracy in usage logs. Network time is synchronized in one of two ways: ● using system time ● using Network Time Protocol (NTP), an Internet standard protocol that synchronizes client workstation clocks. Set Network Time parameters 1. Click on the HiPath Wireless Controller tab.
HWC_ControllerConfig.fm HiPath Wireless Controller: configuring other functions Check Point event logging 9.3 Check Point event logging The HiPath Wireless Controller has the capability to forward specified event messages to an ELA server using the OPSEC ELA protocol - Event Logging API (Application Program Interface).
HWC_ControllerConfig.fm HiPath Wireless Controller: configuring other functions Check Point event logging Check Point Server IP: Type in the Check Point fw-1 IP address, the IP address of the ELA Management Station. ELA Port: Default port is 18187. Modify if desired. ELA Log Interval: Type in the amount of time (in milliseconds) you want the system to wait before attempting to log, once there is a connection between HiPath Wireless Controller and the Check Point gateway.
HWC_ControllerConfig.fm HiPath Wireless Controller: configuring other functions Setting up SNMP ● A connection request failed to authenticate with the CM messaging server. (This may indicate port-scanning the HiPath Wireless Controller, or a backdoor access attempt.) ● Unauthorized client attempting to connect. 9.
HWC_ControllerConfig.fm HiPath Wireless Controller: configuring other functions Setting up SNMP ● INET-ADDRESS-MIB ● IP-FORWARD-MIB ● SNMPv2-MIB ● SNMPv2-SMI ● SNMPv2-TC The Siemens Enterprise MIB includes: ● SIEMENS-BM-MIB ● SIEMENS-PRODUCTS-MIB ● SIEMENS-SMI ● SIEMENS-DOT11-EXTNS-MIB ● SIEMENS-BEACON-CELL-MIB ● SIEMENS-BRANCH-OFFICE-MIB The MIB is provided for compilation into an external NMS. No support has been provided for automatic device discovery by an external NMS.
HWC_ControllerConfig.fm HiPath Wireless Controller: configuring other functions Setting up SNMP Setting SNMP Parameters 1. Click on the Wireless Controller tab. Click on the SNMP option. The Simple Network Management Protocol screen appears. 2. Key in: Contact Name: The name of SNMP administrator. Location: Location of the SNMP administration machine (descriptive). Read Community Name: Key in the password for Read activity. Read/Write Community Key in the password for Read/Write activity.
HWC_ControllerConfig.fm HiPath Wireless Controller: configuring other functions Setting up SNMP 124 A31003-W1010-A100-1-7619, July 2005 HiPath Wireless Controller, Access Points and Convergence Software V3.
HWC_3rdPartyAPs.fm Setting up third-party access points 10 Setting up third-party access points Your enterprise's WLAN may have existing third-party access points that you would like to integrate into the Controller, Access Points and Convergence Software WLAN solution. You can set up the HiPath Wireless Controller to handle wireless device traffic from third-party access points, providing the same policy and network access control. Set up third-party access points on the HiPath Wireless Controller 1.
HWC_3rdPartyAPs.fm Setting up third-party access points In the Topology screen, select Assignment by SSID. Click on the Use 3rd Party AP checkbox to select it. Fill in the IP Address and MAC Address entry fields that appear on the right (the addresses of the third party access points, and click on the Add button. They will appear in the list of access points known to the HiPath Wireless Controller. Follow the remaining steps described in the setting up a VNS for Captive Portal earlier in this Guide. 5.
HWC_3rdPartyAPs.fm Setting up third-party access points ● Disable the third-party access point's layer-3 IP routing capability and set the access point to work as a layer-2 bridge. Here are the differences between third-party access points and Wireless APs on the Controller, Access Points and Convergence Software system: ● A third-party access point exchanges data with the HiPath Wireless Controller's data port using standard IP over ethernet protocol.
HWC_3rdPartyAPs.fm Setting up third-party access points 128 A31003-W1010-A100-1-7619, July 2005 HiPath Wireless Controller, Access Points and Convergence Software V3.
HWC_Mitigator.fm Mitigator: detecting rogue access points Overview 11 Mitigator: detecting rogue access points 11.1 Overview The Controller, Access Points and Convergence Software system includes a mechanism that assists in the detection of rogue access points. The function is called the Mitigator. The Mitigator feature has three components: ● a radio frequency (RF) scanning task that runs on the Wireless AP. The Wireless AP itself functions as a scan device.
HWC_Mitigator.fm Mitigator: detecting rogue access points Enabling the Analysis and RFDC Engines 11.2 Enabling the Analysis and RFDC Engines Enable and configure the Mitigator Analysis Engine 1. In the HiPath Wireless Controller Configuration screen, click on the Mitigator option. The Mitigator Configuration screen appears. 2. To enable the Mitigator Analysis Engine, click the checkbox on. Define the Mitigator RF Data Collector Engines 3.
HWC_Mitigator.fm Mitigator: detecting rogue access points Mitigator: running scans > For each remote RF Data Collection Engine you define here, you must also: ● enable it (click the checkbox on) in the same screen on the remote HiPath Wireless Controller ● ensure that static routes are defined between the HiPath Wireless Controllers. 7. To clear the entry fields and add a new Collection Engine, click on the Add Collection Engine option. Repeat steps 4 to 6 above. 8.
HWC_Mitigator.fm Mitigator: detecting rogue access points Mitigator: running scans A Wireless AP can participate in only one Scan Group at a time. It is recommended that the Scan Groups represent geographical groupings of Wireless APs. 4. In the Radio field, from the drop-down list select which radios on the Wireless AP are to perform the scan function: Both, A only, B/G only. 5. In the Channel List field, from the drop-down list select the radio channels to scan on: All or Current. 6.
HWC_Mitigator.fm Mitigator: detecting rogue access points The Analysis Engine 11.4 The Analysis Engine The Analysis Engine relies on a database of known devices on the Controller, Access Points and Convergence Software system as follows: ● Wireless APs registered with any HiPath Wireless Controller that has its RF Data Collector enabled and has been associated with the Analysis Engine on this HiPath Wireless Controller.
HWC_Mitigator.fm Mitigator: detecting rogue access points The Analysis Engine View the Mitigator scan results and build list of friendly APs 1. Click on the Mitigator tab in any screen Then click on the Rogue Detection tab. The Rogue Detection screen appears displaying all access points and Wireless APs that were found in the scan but are not in the database of known devices (as defined above). 2.
HWC_Mitigator.fm Mitigator: detecting rogue access points The Analysis Engine 5. Click the Rogue Summary button to view the Rogue Summary popup report. 6. To view the Friendly list, click on the Friendly APs tab. The Friendly AP Definitions screen appears. 7. To add friendly access points manually to the Friendly AP Definitions list, key in the MAC Address, SSID, Channel, and a text description of the access point. Click on the Add button. The new access point appears in the list above. 8.
HWC_Mitigator.fm Mitigator: detecting rogue access points The Analysis Engine > To avoid the Mitigator's database becoming too large, it is recommended that you either delete Rogue APs or add them to Friendly AP list, rather than leaving them in the Rogue list. View the Mitigator list of Third-Party APs To view the list of the known third-party access points, click on the 3rd Party APs tab. The 3rd Party APs screen appears.
HWC_Mitigator.fm Mitigator: detecting rogue access points Viewing the Scanner Status report 1. To view the AP Maintenance screen, click on the AP Maintenance tab. The deleted access points and Wireless APs will be marked with a "Deleted" flag. 2. To delete the marked access points and Wireless APs from the Mitigator's database, click on the Delete marked APs button. This will only delete them from the Mitigator's database, not from the HiPath Wireless Controller's database. 11.
HWC_Mitigator.fm Mitigator: detecting rogue access points Viewing the Scanner Status report ● Connected (green box) - the Analysis Engine has connection with the RFDC on that HiPath Wireless Controller. ● Connected but not serviced (yellow box) - the Analysis Engine has connection with the RFDC but is not synchronized with it yet. ● Not connected (red box) - the Analysis Engine is aware of the RFDC and attempting connection.
HWC_Ongoing.fm Ongoing operation Wireless AP maintenance: software 12 Ongoing operation 12.1 Wireless AP maintenance: software Periodically, the software used by the Wireless APs is altered, either for reasons of upgrade or security. The new version of the software is installed from the HiPath Wireless Controller, using the Wireless AP Maintenance option.
HWC_Ongoing.fm Ongoing operation Wireless AP maintenance: software 3. To select an image as the default image to be used for software upgrade, highlight the image name in the list and click on the Set as default button. 4. To delete a software image from the list, highlight the version in the displayed list of Current AP Images and click on the Delete button. 5.
HWC_Ongoing.fm Ongoing operation Wireless AP client management The screen displays the steps to initiate a software upgrade. 3. Step 1: From the drop-down list, select the software version you wish to use for the upgrade. (This list is maintained in the AP Software Maintenance screen.) 4. Step 2: In the list of the registered Wireless APs and the current software image on each one, select a Wireless AP for software upgrade by clicking its checkbox on.
HWC_Ongoing.fm Ongoing operation Wireless AP client management ● add a selected wireless device's MAC address to a Blacklist of wireless clients that will not be allowed to associate with the Wireless AP. 12.2.1 Client disassociate Disassociate a wireless device client 1. Click on the Wireless APs tab. Click on the Client Management option. Click on the Disassociate tab. The Disassociate screen appears. 2. Click on the checkbox to select the wireless device to be disassociated. 3.
HWC_Ongoing.fm Ongoing operation Wireless AP client management 12.2.2 Client blacklist Add a wireless device client to a blacklist 1. Click on the Client Management option in the Wireless AP Configuration screen. Click on the Blacklist tab. The Blacklist screen appears. The Blacklist screen displays the current list of MAC addresses that will be not be allowed to associate. Clients selected in the Disassociate screen for the Blacklist will appear here. 2.
HWC_Ongoing.fm Ongoing operation Wireless AP client management Syslog event reporting uses the syslog protocol to relay event messages to a centralized event server on your enterprise network. In the protocol a device generates messages, a relay receives and forwards the messages, and a collector (a syslog server) receives the messages without relaying them. 1. Click on the Wireless Controller tab. Click on the System Maintenance option. The System Maintenance screen appears. Health Checking 1.
HWC_Ongoing.fm Ongoing operation Wireless AP client management Change the system log level 1. From the Log Level drop-down list, select the desired log level (Trace, Info, Minor, Major, Critical). Click on the Apply button. Enable and configure Syslog 1. Click the checkbox on to enable the Syslog function for up to three syslog servers. 2. For each enabled syslog server, key in a valid IP address for the server on the network. The default port for syslog is 514. 3.
HWC_Ongoing.fm Ongoing operation HiPath Wireless Controller software maintenance 12.3 HiPath Wireless Controller software maintenance You can update the core HiPath Wireless Controller software files, and the Operating System (OS) software using the Software Maintenance function in the HiPath Wireless Controller Configuration area of the user interface. This function is also provided in the Command Line Interface (CLI). See Appendix B, “CLI command reference”.
HWC_Ongoing.fm Ongoing operation HiPath Wireless Controller software maintenance 5. Click on the Download button. 6. In the Upgrade area, select an image from the drop-down list. 7. To launch the upgrade with the selected image, click on the Upgrade Now button. 8. In the dialog box that appears, confirm the upgrade. At this point, all sessions will be logged. The previous software will be uninstalled automatically. The new software will be installed.
HWC_Ongoing.fm Ongoing operation HiPath Wireless Controller software maintenance Back up the HiPath Wireless Controller software 1. Click on the Wireless Controller tab. Click on the Software Maintenance option. Click on the Backup tab. The Backup screen appears. 2. Follow the steps described for the Software Maintenance screen. In the Backup area, select what to backup from the drop-down list. Restore the HiPath Wireless Controller software 1. Click on the Wireless Controller tab.
HWC_Ongoing.fm Ongoing operation Controller, Access Points and Convergence Software logs and traces 12.4 Controller, Access Points and Convergence Software logs and traces Controller, Access Points and Convergence Software log and data files The Controller, Access Points and Convergence Software system stores configuration data and log files.
HWC_Ongoing.fm Ongoing operation Controller, Access Points and Convergence Software logs and traces ● Reboot due to failure ● Software upgrade failure on the HiPath Wireless Controller ● Software upgrade failure on the Wireless AP ● Detection of rogue access point activity without valid ID If SNMP is enabled on the HiPath Wireless Controller, alarm conditions will trigger a trap in SNMP (Simple Network Management Protocol).
HWC_Ongoing.fm Ongoing operation Controller, Access Points and Convergence Software logs and traces View the Traces 1. To view the list of Traces, messages by component, click on its tab. You can sort, refresh and export the Trace information, as described for Log displays. View the Audits 1. To view the GUI Audit display, click on the GUI Audit tab. A31003-W1010-A100-1-7619, July 2005 HiPath Wireless Controller, Access Points and Convergence Software V3.
HWC_Ongoing.fm Ongoing operation Reports and displays 12.5 Reports and displays 12.5.1 View displays To view Controller, Access Points and Convergence Software reports and displays, click on the Reports tab. The List of Displays screen appears, with a menu of available displays. The three options on the right-hand side of the screen appear only if the VNManager function has been enabled.
HWC_Ongoing.fm Ongoing operation Reports and displays View statistics for Wireless APs Two displays are snapshots of activity at that point in time on a selected Wireless AP: ● Wired Ethernet Statistics by Wireless APs ● Wireless Statistics by Wireless APs The statistics displayed are those defined in the 802.11 MIB, in the IEEE 802.11 standard. In the Wired Ethernet Statistics by Wireless APs display, click on one of the registered Wireless APs to display its information.
HWC_Ongoing.fm Ongoing operation Reports and displays The displays lists the registered Wireless APs Click on the selected Wireless AP. Then click on the appropriate tab to display information for each radio on the Wireless AP. If there are associated clients on this radio, you can view information on a selected client. Click on the View Client button. The Associated Clients popup window appears. 12.5.
HWC_Glossary.fm Glossary Networking terms and abbreviations 13 Glossary 13.1 Networking terms and abbreviations Term Explanation AAA Authentication, Authorization and Accounting. A system in IP-based networking to control what computer resources users have access to and to keep track of the activity of users over a network. Access Point (AP) A wireless LAN transceiver or "base station" that can connect a wired LAN to one or many wireless devices. Ad-hoc mode An 802.
HWC_Glossary.fm Glossary Networking terms and abbreviations Term Explanation asynchronous Asynchronous transmission mode (ATM). A start/stop transmission in which each character is preceded by a start signal and followed by one or more stop signals. A variable time interval can exist between characters. ATM is the preferred technology for the transfer of images. BSS Basic Service Set. A wireless topology consisting of one Access Point connected to a wired network and a set of wireless devices.
HWC_Glossary.fm Glossary Networking terms and abbreviations Term Explanation Datagram A datagram is "a self-contained, independent entity of data carrying sufficient information to be routed from the source to the destination computer without reliance on earlier exchanges between this source and destination computer and the transporting network." (RFC1594). The term has been generally replaced by the term packet.
HWC_Glossary.fm Glossary Networking terms and abbreviations Term Explanation EAP-TLS EAP-TTLS EAP-TLS Extensible Authentication Protocol - Transport Layer Security. A general protocol for authentication that also supports multiple authentication methods, such as token cards, Kerberos, onetime passwords, certificates, public key authentication and smart cards. IEEE 802.1x specifies how EAP should be encapsulated in LAN frames.
HWC_Glossary.fm Glossary Networking terms and abbreviations Term Explanation Fit, thin and fat APs A thin AP architecture uses two components: an access point that is essentially a stripped-down radio and a centralized management controller that handles the other WLAN system functions. Wired network switches are also required.
HWC_Glossary.fm Glossary Networking terms and abbreviations Term Explanation HTTP Hypertext Transfer Protocol is the set of rules for transferring files (text, graphic images, sound, video, and other multimedia files) on the World Wide Web. A Web browser makes use of HTTP. HTTP is an application protocol that runs on top of the TCP/IP suite of protocols. (RFC2616: Hypertext Transfer Protocol -- HTTP/1.
HWC_Glossary.fm Glossary Networking terms and abbreviations Term Explanation Internet or IP telephony IP or Internet telephony are communications, such as voice, facsimile, voice-messaging applications, that are transported over the Internet, rather than the public switched telephone network (PSTN). IP telephony is the two-way transmission of audio over a packet-switched IP network (TCP/IP network).
HWC_Glossary.fm Glossary Networking terms and abbreviations Term Explanation isochronous Isochronous data is data (such as voice or video) that requires a constant transmission rate, where data must be delivered within certain time constraints. For example, multimedia streams require an isochronous transport mechanism to ensure that data is delivered as fast as it is displayed and to ensure that the audio is synchronized with the video.
HWC_Glossary.fm Glossary Networking terms and abbreviations Term Explanation MIC Message Integrity Check or Code (MIC), also called "Michael", is part of WPA and TKIP. The MIC is an additional 8-byte code inserted before the standard 4-byte integrity check value (ICV) that is appended in by standard WEP to the 802.11 message. This greatly increases the difficulty in carrying out forgery attacks.
HWC_Glossary.fm Glossary Networking terms and abbreviations Term Explanation NTP Network Time Protocol, an Internet standard protocol (built on top of TCP/IP) that assures accurate synchronization to the millisecond of computer clock times in a network of computers. Based on UTC, NTP synchronizes client workstation clocks to the U.S. Naval Observatory Master Clocks in Washington, DC and Colorado Springs CO.
HWC_Glossary.fm Glossary Networking terms and abbreviations Term Explanation OSI Layer 3 The Network layer (OSI Layer 3) provides switching and routing technologies, creating logical paths, known as virtual circuits, for transmitting data from node to node. Routing and forwarding are functions of this layer, as well as addressing, internetworking, error handling, congestion control and packet sequencing.
HWC_Glossary.fm Glossary Networking terms and abbreviations Term Explanation PEAP PEAP (Protected Extensible Authentication Protocol) is an IETF draft standard to authenticate wireless LAN clients without requiring them to have certificates. In PEAP authentication, first the user authenticates the authentication server, then the authentication server authenticates the user.
HWC_Glossary.fm Glossary Networking terms and abbreviations Term Explanation RADIUS Remote Authentication Dial-In User Service. An authentication and accounting system that checks User Name and Password and authorizes access to a network. The RADIUS specification is maintained by a working group of the IETF (RFC2865 RADIUS, RFC2866 RADIUS Accounting, RFC2868 RADIUS Attributes for Tunnel Protocol Support).
HWC_Glossary.fm Glossary Networking terms and abbreviations Term Explanation SLP Service Location Protocol. A method of organizing and locating the resources (such as printers, disk drives, databases, e-mail directories, and schedulers) in a network. Using SLP, networking applications can discover the existence, location and configuration of networked devices. With Service Location Protocol, client applications are 'User Agents' and services are advertised by 'Service Agents'.
HWC_Glossary.fm Glossary Networking terms and abbreviations Term Explanation SNMP Simple Network Management Protocol. A set of protocols for managing complex networks. SNMP works by sending messages, called protocol data units (PDUs), to different parts of a network. SNMP-compliant devices, called agents, store data about themselves in Management Information Bases (MIBs) and return this data to the SNMP requesters. SNMP includes a limited set of management commands and responses.
HWC_Glossary.fm Glossary Networking terms and abbreviations Term Explanation SSL Secure Sockets Layer. A protocol developed by Netscape for transmitting private documents via the Internet. SSL works by using a public key to encrypt data that's transferred over the SSL connection. URL's that require an SSL connection start with https: instead of http. SSL uses a program layer located between the Internet's Hypertext Transfer Protocol (HTTP) and Transport Control Protocol (TCP) layers.
HWC_Glossary.fm Glossary Networking terms and abbreviations Term Explanation TCP / IP Transmission Control Protocol. TCP, together with IP (Internet Protocol), is the basic communication language or protocol of the Internet. Transmission Control Protocol manages the assembling of a message or file into smaller packets that are transmitted over the Internet and received by a TCP layer that reassembles the packets into the original message.
HWC_Glossary.fm Glossary Networking terms and abbreviations Term Explanation Tunnelling Tunnelling (or encapsulation) is a technology that enables one network to send its data via another network's connections. Tunnelling works by encapsulating packets of a network protocol within packets carried by the second network. The receiving device then decapsulates the packets and forwards them in their original format. UDP User Datagram Protocol.
HWC_Glossary.fm Glossary Networking terms and abbreviations Term Explanation VoIP Voice Over Internet Protocol. An internet telephony technique. With VoIP, a voice transmission is cut into multiple packets, takes the most efficient path along the Internet and is reassembled when it reaches the destination. VPN Virtual Private Network. A private network that is constructed by using public wires to connect nodes.
HWC_Glossary.fm Glossary Networking terms and abbreviations Term Explanation WMM Wi-Fi Multimedia (WMM), a Wi-Fi Alliance certified standard that provides multimedia enhancements for Wi-Fi networks that improve the user experience for audio, video, and voice applications. This standard is complicant with the IEEE 802.11e Quality of Service (QoS) extensions for 802.11 networks. WMM provides prioritized media access by shortening the time between transmitting packets for higher priority traffic.
HWC_Glossary.fm Glossary Controller, Access Points and Convergence Software terms and abbreviations 13.2 Controller, Access Points and Convergence Software terms and abbreviations Term Explanation CTP CAPWAP Tunnelling Protocol (CTP). The Wireless AP uses a UDP (User Datagram Protocol) based tunnelling protocol called CAPWAP Tunnelling Protocol (CTP) to encapsulate the 802.11 packets and forward them to the HiPath Wireless Controller.
HWC_Glossary.fm Glossary Controller, Access Points and Convergence Software terms and abbreviations Term Explanation RFDC The RF Data Collector (RFDC) is an application on the HiPath Wireless Controller that receives and manages the Radio Frequency (RF) scan messages sent by the Wireless AP. This application is part of the Mitigator technique, working in conjunction with the scanner mechanism and the analysis engine to assist in detecting rogue access points.
HWC_AppendixA.fm Controller, Access Points and Convergence Software system states and LEDs HiPath Wireless Controller system states and LEDs A Controller, Access Points and Convergence Software system states and LEDs A.1 HiPath Wireless Controller system states and LEDs The HiPath Wireless Controller has the two system states: Standby and Active. It enters "Standby" when shut down in the HiPath Wireless Controller Configuration – System Maintenance screen.
HWC_AppendixA.fm Controller, Access Points and Convergence Software system states and LEDs Wireless AP system states The sequence of the Status and Activity LEDs is as follows: System State Status LED Activity LED Power up Off Off Services started: WDTSTAT installed (init.
HWC_AppendixA.fm Controller, Access Points and Convergence Software system states and LEDs Wireless AP system states State / Process Description LEDs Registration Wireless AP learns the HiPath Wireless Controller's IP address, and can begin the Registration process Orange (blink) Failed Registration Wireless AP fails to learn the HiPath Wireless Controller's Red (blink) IP address. Standby 1.
HWC_AppendixA.fm Controller, Access Points and Convergence Software system states and LEDs Wireless AP system states 180 A31003-W1010-A100-1-7619, July 2005 HiPath Wireless Controller, Access Points and Convergence Software V3.
HWC_AppendixB.fm CLI command reference B CLI command reference Category Top Level Syntax # Comment ip interface exit quit ssh session logout logs out of system shutdown requires confirmation # reset requires confirmation # reset requires confirmation System State # System Maintenance # loglevel <1|2|3|4|5> # syslog :syslog# syslogip #
HWC_AppendixB.fm CLI command reference Category OSPF Syntax Comment :ip# show routes displays a numbered table of static routes :ip# no route #n clears static route #n OR no route clears static route; has to match an existing route with address x.y.z.
HWC_AppendixB.fm CLI command reference Category esa Ports Syntax Comment :interface: eth0# domain '' domain name :interface :eth0# ip / mask enter management IP address OR ip enter network mask mask <255.255.255.255> :interface: eth0# gateway enter gateway address :interface: eth0# (no) nameserver #
HWC_AppendixB.
HWC_AppendixB.
HWC_AppendixB.fm CLI command reference 186 A31003-W1010-A100-1-7619, July 2005 HiPath Wireless Controller, Access Points and Convergence Software V3.
HWC_AppendixC.fm DHCP, SLP, and Option 78 reference C DHCP, SLP, and Option 78 reference For the Wireless AP’s process to "discover" the HiPath Wireless Controller, the Controller, Access Points and Convergence Software system relies on a DHCP server that supports Option 78 and 79 for Service Location Protocol (SLP).
HWC_AppendixC.fm DHCP, SLP, and Option 78 reference Service Location Protocol (SLP) (RFC2608) C.1 Service Location Protocol (SLP) (RFC2608) Service Location Protocol (RFC2608) is a method of organizing and locating the resources (such as printers, disk drives, databases, e-mail directories, and schedulers) in a network. Using SLP, networking applications can discover the existence, location and configuration of networked devices.
HWC_AppendixC.fm DHCP, SLP, and Option 78 reference SLP Service Scope Option (Option 79) The Length value must include one for the 'Mandatory' byte and include four for each Directory Agent address which follows. The address of the Directory Agent is given in network byte order. The 'Mandatory' byte in the Directory Agent option may be set to either 0 or 1. If it is set to 1, the SLP User Agent or Service Agent so configured must not employ either active or passive multicast discovery of Directory Agents.
HWC_AppendixC.fm DHCP, SLP, and Option 78 reference SLP Service Scope Option (Option 79) 190 A31003-W1010-A100-1-7619, July 2005 HiPath Wireless Controller, Access Points and Convergence Software V3.
HWC_AppendixD.fm Reference lists of standards RFC list D Reference lists of standards D.1 RFC list Listed below are the Internet Engineering Task Force (IETF) Request for Comments (RFCs) standards supported by Controller, Access Points and Convergence Software. The Request for Comments, a series of notes about the Internet, submitted to the Internet Engineering Task Force (IETF) and designated by an RFC number, that may evolve into an Internet standard.
HWC_AppendixD.fm Reference lists of standards RFC list RFC Number Title RFC 1901 Introduction to Community-based SNMPv2 (SNMPv2c). RFC 2011 SNMPv2 Management Information Base for the Internet Protocol using SMIv2. RFC 2012 SNMPv2 Management Information Base for the Transmission Control Protocol using SMIv2. RFC 2013 SNMPv2 Management Information Base for the User Datagram Protocol using SMIv2. RFC 2578 Structure of Management Information Version 2 (SMIv2).
HWC_AppendixD.fm Reference lists of standards 802.11 standards list D.2 802.11 standards list Also supported are the following 802.11 standards: Standard Name 802.11 Wireless LAN MAC and PHY Specifications 802.11a Wireless LAN High Speed Physical Layer in 5 GHz band 802.11b Wireless LAN High Speed Physical Layer in 2.4 GHz band 802.11d 802.11 Extensions to Operate in Additional Regulatory Domains 802.11g Wireless LAN 802.11h Spectrum managed 802.11a (in 5 GHz band in Europe) 802.
HWC_AppendixD.fm Reference lists of standards 802.11 standards list 194 A31003-W1010-A100-1-7619, July 2005 HiPath Wireless Controller, Access Points and Convergence Software V3.
HWC_AppendixE.fm Support for Wireless AP Wireless AP diagnostics by Telnet E Support for Wireless AP E.1 Wireless AP diagnostics by Telnet 7 For security reasons, Telnet is disabled by default. Only enable it in order to perform a diagnostic session. When finished, disable Telnet again. As a support tool to perform diagnostic debugging of the Wireless AP, the capability to access the Wireless AP by Telnet has been provided. Normally Telnet is disabled and should be disabled again after diagnostics.
HWC_AppendixE.fm Support for Wireless AP Wireless AP diagnostics by Telnet 1. Highlight the selected Wireless AP in the left-hand list. 2. In the Telnet Access field, select “Enable” from the drop-down list. 3. Click on the Save button. You can now begin a Telnet session on this Wireless AP. When the diagnostics are finished, disable Telnet access as follows: 1. In the Telnet Access field, select “Disable” from the drop-down list. 2. Click on the Save button.
HWC_AppendixF.fm RADIUS Attributes RADIUS Vendor-Specific Attributes (VSAs) F RADIUS Attributes Remote Authentication Dial-In User Service (RADIUS) is an industry standard for providing identification, authentication, authorization, and accounting services for distributed dial-up/ remote access networking. F.
HWC_AppendixF.fm RADIUS Attributes RADIUS Accounting F.2 RADIUS Accounting F.2.1 Account-Start Packet The following table lists the information elements (including VSAs) supported in a RADIUS Start message, issued by Controller, Access Points and Convergence Software, with RADIUS Accounting enabled: Attribute NO. RAD.
HWC_AppendixF.fm RADIUS Attributes RADIUS Accounting Attribute NO. RAD.
HWC_AppendixF.fm RADIUS Attributes RADIUS Accounting F.2.
HWC_AppendixG.fm Logs and Events Overview G Logs and Events G.1 Overview The HiPath Wireless Controller is designed to behave like an appliance. It is either in an operational state, or it has failed due to a hardware problem or low level packet processing issue. In general, the system will self recover by rebooting if the system fault is recoverable.
HWC_AppendixG.fm Logs and Events Critical G.2 Critical The following subsections contain tables describing all Critical log messages. The sections are listed alphabetically by Component Name. G.2.1 ACCESSPOINT ACCESSPOINT Severity Critical Log Message AccessPoint software upgrade failed. Cannot find out flash free space. Description AccessPoint software upgrade failed. Action Make sure to have the proper Access Point software file on AC for downloading .
HWC_AppendixG.fm Logs and Events Critical ACCESSPOINT Severity Critical Log Message AccessPoint software upgrade failed. Writing backup file failed Description AccessPoint software upgrade failed. Action Make sure to have the proper Access Point software file on AC for downloading . Table G-4 ACCESSPOINT Severity Critical Log Message AccessPoint software upgrade failed. File small or ELF header corrupted. Description AccessPoint software upgrade failed.
HWC_AppendixG.fm Logs and Events Critical ACCESSPOINT Action Check software and configuration compatibility. Check the connection to AP. Table G-7 ACCESSPOINT Severity Critical Log Message AccessPoint configuration failed. Wassp config rcv: config missing from tlv packet. Description AccessPoint configuration failed Action Check software and configuration compatibility. Check the connection to AP. Table G-8 ACCESSPOINT Severity Critical Log Message AccessPoint configuration failed.
HWC_AppendixG.fm Logs and Events Critical ACCESSPOINT Severity Critical Log Message AccessPoint configuration failed. Wassp config rcv: received error in Response from SNMP Agent. Description AccessPoint configuration failed Action Check software and configuration compatibility. Check the connection to AP. Table G-11 ACCESSPOINT Severity Critical Log Message AccessPoint Rebooting. Radio Interference detected in channel 2. Description AccessPoint Rebooting.
HWC_AppendixG.fm Logs and Events Critical ACCESSPOINT Severity Critical Log Message AccessPoint Rebooting. AP-AC poll timeout. Description AccessPoint Rebooting. Action AP detected a problem and rebooted automatically. Check the log message detail. No action is normally needed. Table G-15 ACCESSPOINT Severity Critical Log Message AccessPoint Rebooting. ChipReset: Error resetting WLAN HW. Description AccessPoint Rebooting. Action AP detected a problem and rebooted automatically.
HWC_AppendixG.fm Logs and Events Critical ACCESSPOINT Severity Critical Log Message AccessPoint Rebooting. AP Unable to allocate memory. Description AccessPoint Rebooting. Action AP detected a problem and rebooted automatically. Check the log message detail. No action is normally needed. Table G-19 ACCESSPOINT Severity Critical Log Message AccessPoint Running Backup image File size is 1500222. Description AccessPoint Running Backup image.
HWC_AppendixG.fm Logs and Events Critical CDR_COLLECTOR Log Message Memory allocation failure - unable to generate accounting record. CDR Manager will halt. Description Indicates that the system memory has been corrupted. Action In normal operating circumstances, the entire system behaves erratically, if functioning at all. Contact service as the system may need to be replaced. Table G-22 CDR_COLLECTOR Severity Critical Log Message File storage limit has been reached for the accounting files.
HWC_AppendixG.fm Logs and Events Critical G.2.3 CONFIG_MANAGER CONFIG_MANAGER Severity Critical Log Message Config Manager has suffered a critical error and will halt. Description Indicates a memory allocation failure. Action In normal operating circumstances, the entire system behaves erratically, if functioning at all. Contact service as the system may need to be replaced. Table G-25 CONFIG_MANAGER Severity Critical Log Message Access point controlled software upgrade has failed.
HWC_AppendixG.fm Logs and Events Critical G.2.4 EVENT_SERVER EVENT_SERVER Severity Critical Log Message Cannot access logging file. Unable to save any system log messages. Description Unable to open log files for message storage. Action Indicates a low level file system problem, or the file permissions may have been altered. Check the file permissions first. If they appear to be correct, the file system may be corrupted.
HWC_AppendixG.fm Logs and Events Critical EVENT_SERVER Severity Critical Log Message Unable to initialize internal program thread. Event server will halt. Description Internal service failure Action In normal operating circumstances, the entire system behaves erratically, if functioning at all. Contact service as the system may need to be replaced. Table G-31 EVENT_SERVER Severity Critical Log Message Memory allocation failure. Unable to log last event.
HWC_AppendixG.fm Logs and Events Critical EVENT_SERVER Description Internal communication error. Action Shell into the O/S and kill the process. Report event to service. Table G-34 EVENT_SERVER Severity Critical Log Message The evaluation license for the controller has expired. Please contact your customer representative and purchase licenses to continue using the controller. If you do not purchase a license, the legal requirement is to put the system out of service.
HWC_AppendixG.fm Logs and Events Critical RADIUS_ACCOUNTING Description External RADIUS Accounting server access has been interrupted. Action Indicates that network connectivity needs to be checked. The system is operating correctly, but the external connections have been lost. Therefore, no RADIUS accounting records can be saved for the client sessions. Table G-37 G.2.7 RADIUS_CLIENT RADIUS_CLIENT Severity Critical Log Message A file system error occurred. Unable to open RADIUS dictionary file.
HWC_AppendixG.fm Logs and Events Critical RADIUS_CLIENT Severity Critical Log Message Failed to send process status success to Startup Manager. Start-up Manager will reboot the RADIUS client. Description Interprocess communication failure. Action No action required. Table G-40 RADIUS_CLIENT Severity Critical Log Message No radius server available for VNS: %s. Description None of the RADIUS servers configured for a VNS are reachable by the RADIUS client.
HWC_AppendixG.fm Logs and Events Critical G.2.9 RU_MANAGER RU_MANAGER Severity Critical Log Message RU Manager has suffered a critical internal error and will halt (unable to start process thread). Description Indicates an internal service failure. Action In normal operating circumstances, the entire system behaves erratically, if functioning at all. Contact service as the system may need to be replaced.
HWC_AppendixG.fm Logs and Events Critical G.2.10 SECURITY_MANAGER SECURITY_MANAGER Severity Critical Log Message Cannot allocate memory. Will not be able to process Captive portal authentication request. Description Indicates a memory allocation failure. Action In normal operating circumstances, the entire system behaves erratically, if functioning at all. Contact service as the system may need to be replaced.
HWC_AppendixG.fm Logs and Events Critical SECURITY_MANAGER Severity Critical Log Message Error binding to listener socket. Will not be able to communicate with Apache server. Description Inter-component communication failure. Action Verify that the web server is still running. If it is, re-start the security manager process to clear the problem. Table G-49 SECURITY_MANAGER Severity Critical Log Message Listen call failed. Will not be able to communicate with Apache Server.
HWC_AppendixG.fm Logs and Events Critical STARTUP_MANAGER Log Message Failed attempting to start router ports. System reboot initiated. Description Hardware initialization error. Action The router ports could not be initialized. The system reboots to attempt recovery. If the problem does not clear, Contact service as the system may need to be replaced. Table G-52 STARTUP_MANAGER Severity Critical Log Message Internal connection to router ports lost. Restart initiated.
HWC_AppendixG.fm Logs and Events Critical STARTUP_MANAGER Action The process responsible for managing the interface IP stack failed. The system is rebooted automatically to attempt to clear the problem. If failure persists, try installing a previous version of the system software. If this fails to clear the problem, contact service as the operating system has failed or the base line configuration files have been corrupted.
HWC_AppendixG.fm Logs and Events Critical STATS_SERVER Log Message Statistics Server suffered an internal connection failure. Retrying connection in 5 seconds. Description Process could not connect to internal messaging infrastructure. Action Indicates that the process cannot connect to the message bus. The system may behave erratically at this point. Shell into the O/S and kill the process to see if that clears the problem.
HWC_AppendixG.fm Logs and Events Critical VNMGR Severity Critical Log Message Unable to initialize internal program thread. VN Manager will halt. Description Indicates that the process cannot allocate or update process threads. Action If the process did not restart after emitting this error, or if client association, MAC-based authentication, or mobility problems continue to exist, shell into the O/S and kill the process to see if that clears the problem.
HWC_AppendixG.fm Logs and Events Critical VNMGR Action This log may be generated after a normal restart of the process, a normal restart of the controller, or a change in the role for mobility, and in these cases can be ignored. If the log is generated outside of these cases, the process cannot communicate with another process. Shell into the O/S and kill the process to see if that clears the problem. If the problem does not clear, try downgrading to a previous software.
HWC_AppendixG.fm Logs and Events Major G.3 Major The following subsections contain tables describing all Major log messages. The sections are listed alphabetically by Component Name. G.3.1 ACCESSPOINT ACCESSPOINT Severity Major Log Message Communication with Access Controller lost. AP - AC poll timeout. Description AccessPoint poll timed out. Action Check the IP connection between Access controller and Access Point.
HWC_AppendixG.fm Logs and Events Major ACCESSPOINT Severity Major Log Message Beacon Creation Problem. Cannot allocate beacon. Description Beacon Creation Problem. Action Upgrade AP with the proper latest software. Table G-67 G.3.2 CDR_COLLECTOR CDR_COLLECTOR Severity Major Log Message Internal messaging error: %d. Accounting information for one client session will be incomplete. Description Accounting record is incomplete for a single client session.
HWC_AppendixG.fm Logs and Events Major CDR_COLLECTOR Severity Major Log Message Error will be ignored and message re-tried. Description Error sending message on the system messaging infrastructure. Action Recoverable messaging error; the process will recover. Monitor for future occurrences, and contact support if the problem persists. Table G-70 CDR_COLLECTOR Severity Major Log Message Internal messaging error:%d. Error will be ignored and message retried.
HWC_AppendixG.fm Logs and Events Major CDR_COLLECTOR Log Message Internal messaging error - more accounting records were received than expected. Known sessions will be processed; unknown information will be dropped. Description Valid message with unknown client information received. Action Indicates that a valid accounting message was received for an unknown client. The information will be dropped. It is recommended that the RADIUS accounting server be audited to verify accounting data accuracy.
HWC_AppendixG.fm Logs and Events Major CLI Description Software maintenance error. Action Try applying a different patch, or verify that the patch has not been corrupted prior to being uploaded to the controller. Table G-76 G.3.4 CONFIG_MANAGER CONFIG_MANAGER Severity Major Log Message Config Manager has experienced an error which has prevented it from properly processing a request. CM will continue running, however this error may be an indicator of a larger system problem.
HWC_AppendixG.fm Logs and Events Major G.3.5 CPDP_AGENT_ID CPDP_AGENT_ID Severity Major Log Message Possible LAND DoS attack (%s). Description Denial of service attack warning. Action Investigate the source of attack, and block offending system from the network. Table G-79 CPDP_AGENT_ID Severity Major Log Message Possible PING-OF-DEATH DoS attack (%s). Description Denial of service attack warning. Action Investigate source of attack, and block offending system from the network.
HWC_AppendixG.fm Logs and Events Major EVENT_SERVER Log Message Audit message error. Unable to log audit message. Description Logging behavior. Action An event from the web pages could not be logged. If problem persists, check logs for other related error messages. Table G-82 EVENT_SERVER Severity Major Log Message Unknown internal program message received - type %d. Message will be ignored and processing continued. Description Internal communications. Action No action required.
HWC_AppendixG.fm Logs and Events Major EVENT_SERVER Severity Major Log Message Cannot reset audit file pointer to beginning of the audit file - Error no: %d. The message and subsequent messages will be dropped. Description Audit file circular buffer problem. Action Indicates that the audit file may be corrupted, or the logging partition is full or corrupted. Try deleting the audit file and restarting the event server.
HWC_AppendixG.fm Logs and Events Major LANGLEY Severity Major Log Message A connection request from '%s' failed to authenticate with the messaging server. This may indicate that somebody is port-scanning the access controller, or is attempting to gain backdoor access. Description Internal messaging security warning. Action Block network access to the process or user that is attempting to connect to the messaging bus. This is an attempt to compromise the internal operation of the system.
HWC_AppendixG.fm Logs and Events Major G.3.9 OSPF_SERVER OSPF_SERVER Severity Major Log Message OSPF server suffered an internal messaging failure. Re-trying connection. Description Internal communications error. Action No action required. Process should recover. If failure continues, try restarting process. Table G-92 G.3.
HWC_AppendixG.fm Logs and Events Major G.3.12 RADIUS_CLIENT RADIUS_CLIENT Severity Major Log Message Failed to retrieve configuration from the Config Manager. Will retry connection to Config Manager. Description RADIUS client service information. Action No action required. The config manager process has not responded. System should recover. Table G-95 RADIUS_CLIENT Severity Major Log Message Radius server changed: %s Description RADIUS client service information.
HWC_AppendixG.fm Logs and Events Major REDIR_ID Description Data path behavior. Action If this message appears, a client session has attempted to connect to a site with a very large initial target URL. As the buffer size for the URL redirect process has been exceeded, the packet is dropped. The client will not be redirected to the captive portal authentication screen. For the client to be successfully authenticated, they need to connect to a different web site before they will be re-directed.
HWC_AppendixG.fm Logs and Events Major RU_MANAGER Severity Major Log Message AP fails discovery. %s Description Access point registration information Action No action required; AP will come back through discovery. However, this message may also indicate that an unsupported AP version is attempting to connect to the system. If this is the case, an older version of the system software must be installed and the AP upgraded to a software version that can register with the current version.
HWC_AppendixG.fm Logs and Events Major SECURITY_MANAGER Severity Major Log Message Unable to create new session tracking tag (token mapping) based on MAC address. Will not be able to process Captive portal authentication request. Description Security Manager service information. Action If this occurs, a client session will fail captive portal authentication. The end user should try to authenticate again. Alternatively, try restarting to the process to see if this clears the problem.
HWC_AppendixG.fm Logs and Events Major SECURITY_MANAGER Severity Major Log Message Unable to start component [%d]. Services provided by the component will be unavailable. Description System service status message. Action Try restarting the controller to see if that clears the problem. If rebooting does not clear the problem, contact support. Even though the process is down, it may not operationally effect the system. It may impair only parts of the system behavior.
HWC_AppendixG.fm Logs and Events Major VNMGR Log Message Configuration error - missing or bad parameters. VN Manager will retry configuration request. VN Manager will not start-up until configuration is successful. Description VN Manager status message. Action Verify that Config Manager is operational. Re-start if process has stopped. Problem should clear without intervention. Table G-110 VNMGR Severity Major Log Message Set Configuration data failed. The VNMgr may be restarted.
HWC_AppendixG.fm Logs and Events Major VNMGR Severity Major Log Message Received unknown message type %d from Langley (CM socket). Description VN Manager status message. Action No action required. Table G-114 VNMGR Severity Major Log Message Heart-beat interval has expired - have missed too many heart-beats from VN Manager. VN Agent will reset all remote client information and revert to nodal operation. Description VN Manager status message.
HWC_AppendixG.fm Logs and Events Major 240 A31003-W1010-A100-1-7619, July 2005 HiPath Wireless Controller, Access Points and Convergence Software V3.
HWC_User_GuideIX.
HWC_User_GuideIX.
HWC_User_GuideIX.
HWC_User_GuideIX.fm Index Nur für den internen Gebrauch R viewing 4-37 radio 5 GHz (a) and 2.
HWC_User_GuideIX.fm Index Nur für den internen Gebrauch AAA 7-77 Captive Portal 7-73 traces overview of log types and levels 12-149 Type of Service (ToS/DSCP) on a VNS 7-106 part of Quality of Service 2-22 U user name and password for login 3-26 user name and password, changing 9-117 V vendor specific attributes (VSA) in RADIUS message 7-79 RADIUS server vendor specific attributes 7-82 Virtual Network Services (VNS) authentication by AAA (802.
HWC_User_GuideIX.fm Index 6 Nur für den internen Gebrauch A31003-W1010-A100-1-7619, July 2005 HiPath Wireless Controller, Access Points and Convergence Software V3.
Our strengths - Your advantages Siemens is known worldwide as a trailblazer in the advancement of information and communication technologies. No other company offers such a comprehensive and innovative product portfolio. With the one-of-a-kind Siemens convergence architecture, HiPath, guide your customers to a secure and flexible migration into the world of innovative IP convergence solutions. www.siemens.
