8 Configuring Guest Access NOTE: If both secured and open access are enabled (mixed-mode of operation) then some third party clients may not be able to access the network using WPA-PSK. All clients will be able to connect to the network using the open authentication correctly. Figure 119 provides a sample illustration of how clients are treated when guest access is implemented without VLANs.
Internal Landing Page VLANs and security privileges are assigned to users by way of service profiles defined for user groups and bound to the network SSID. It is required that the VLAN configuration include DHCP and DNS services. I NOTE: If guest access is configured on a VLAN other than VLAN 1, the DCHP server on the AP cannot be used to provide IP address service for the guest VLAN. Use an external DHCP server.
8 Configuring Guest Access Figure 120: Guest Access - Internal Landing Page Corp VLAN Guest VLAN Corp-VLAN Guest-VLAN VLAN Switch RADIUS Server ID Password Corp Guest Guest Access A0045D 170 Installation and User Guide: Airgo Access Point
External Landing Page External Landing Page An external landing web page can be set up through a corporate web server. The URL for the landing page must use an IP address rather than a domain name. Regardless of the authentication process selected for the external page, it is necessary to forward authentication results to the AP upon completion of successful or unsuccessful guest authentication.1 External landing pages are compatible with the VLAN and non-VLAN options.
8 Configuring Guest Access Open Subnet In an optional open subnet arrangement, shown in Figure 122, unauthenticated guest users are permitted limited access to an open enterprise subnet specified in the Airgo AP. The enterprise open subnet must be part of the Guest VLAN. Extended access requires authentication through an internal or external landing page.
Configuring Guest Access with VLANs Configuring Guest Access with VLANs This section describes the complete process of setting up guest access with VLANs. Use the Guest Access wizard for easy configuration of the major guest access parameters. See “Guest Access Wizard” on page 53 for instructions on using the Guest Access wizard. Task Steps Confirm that Open access is supported as a security option.
8 Configuring Guest Access Task (continued) Steps Create a guest service profile which specifies the guest VLAN and desired COS and security options. 1 Choose SSID Configuration from the Wireless Services menu to open the SSID table. 2 Select SSID Details (“SSID Details” on page 87). 3 Confirm the SSID name, or enter a new SSID name for the Guest Portal, and then click Apply. 4 Click Profile Table to display the current list of service profiles. 5 Click Add to create the guest service profile.
Guest Access Services Panel the SSID Details panel. (The panel is described in “SSID Details” on page 87.) The Guest table presents the following information: Field Description SSID The network to which the guest profile belongs (There can be at most one guest profile per SSID.) Service-Profile The name of the guest service profile bound to the SSID.
8 Configuring Guest Access Perform the following functions from the Guest Table: Function Description Add an entry to the Guest Table One guest profile can be added for each SSID. If a profile is already assigned to an SSID and you add a new one, it replaces the previously defined profile. 1 Click Add to open the Add Guest to SSID entry panel (Figure 124). 2 Select the SSID. 3 Select the service profile from the Profile pull-down list. The profile details are listed at the bottom of the entry panel.
Guest Access Services Panel Figure 125: Guest Access Configuration - Security Auto-Generating Guest Passwords For optional generation of guest passwords automatically at set intervals, use the Guest User tab within the security area of NM Portal (Figure 126).
8 Configuring Guest Access 178 Installation and User Guide: Airgo Access Point
9 Managing the Network This chapter explains how to use the NM Portal features of the Airgo Access Point to manage multiple APs across the network.
9 Managing the Network Using NM Portal To use the Airgo AP for NM Portal services, it is necessary to initialize (bootstrap) the unit in NM Portal mode. Do so when initially configuring the AP, or by resetting the AP to factory defaults prior to booting. Chapter 3, “Installing the Access Point Using the Configuration Interfaces,” explains how to initialize an NM Portal and how to reset to factory defaults.
Using the Network Topology Menu • Home — Open the Home panel. • Network Topology — Manage AP enrollment, wireless backhaul, IP address status, radio neighbors, and network inventory. • Rogue AP — Classify and manage rogue APs. • NM Services — Set up policies, network discovery, DHCP settings, and portal settings. • Fault Management — View alarm logs and syslog events. • Admin Tools — Upgrade AP software (see “Upgrading Software” on page 251).
9 Managing the Network • Once the authentication is complete, the AP is enrolled. It is not necessary to enroll the AP again, even if power is lost to the unit. NOTE: In order to enroll an AP, it must be in the factory default state. This assures that enrollment will be based on a known configuration. An NM Portal can discover up to 50 APs across up to five subnets, and can enroll and manage up to 20 APs. To access the enrollment panel, choose AP Enrollment from the Network Topology menu.
Using the Network Topology Menu Function Description Refresh Click to update the display. Rediscover Now Scan the network to discover APs and update the Not Enrolled APs table. Figure 130: Network Topology - AP Enrollment - Enroll an AP Entry Panel The Enroll an AP panel contains information that uniquely identifies the AP.
9 Managing the Network Figure 131: Network Topology - AP Enrollment - Enrolled Perform the following functions as needed from the Enrolled APs tab: Function Description Unenroll Remove the AP from the set of enrolled APs. Refresh Update the screen display to reflect the most recent enrollment changes. Reboot Reboot the selected AP. Click the IP address link for an AP Access the web interface for the selected AP in a new browser window.
Using the Network Topology Menu backhaul paths defined for the network. Choose Backhaul Topology from the Network Topology menu to display this information (Figure 132). Figure 132: Network Topology - Backhaul Topology This panel contains the following information for each backhaul link: Field Description Channel ID RF channel over which the backhaul traffic travels. Source AP AP that begins the backhaul trunk.
9 Managing the Network Viewing IP Topology The IP Topology panel lists all the APs discovered by NM Portal and the APs that were manually added to the network topology (see “Configuring Network Discovery” on page 200). Choose IP Topology from the Network Topology menu to display this information (Figure 133).
Using the Network Topology Menu Field Description Portal Services Indication of which portal services are configured on the AP (enrollment and security). Possible values include: • Factory Default - AP has not yet been enrolled or bootstrapped. • Access Point - AP has been enrolled/bootstrapped as an AP. • NM Portal - AP is enrolled/bootstrapped as NM Portal. • SEC Portal - AP is enrolled/bootstrapped as a Security Portal. • NM & SEC Portal - AP is enrolled/bootstrapped as NM Portal and security portal.
9 Managing the Network Figure 134: Network Topology - Discovered Radios The Discovered Radios table contains the following information for each detected device: 188 Field Description MAC Address Address that uniquely identifies the detected device. IP Address IP address of the detected device, if known. Reporting AP The enrolled AP that reported the device to the NM Portal AP. If this field is blank, the AP was reported on a previous scan but not the most recent one.
Using the Network Topology Menu Displaying Network Inventory It is recommended that you run the same software and hardware versions on all the APs in the network. The Inventory Table panel provides a display of hardware and software version information for selected APs and can be used to monitor the consistency of configurations across the network. To open the Inventory Table panel (Figure 135), select Network Inventory from the Network Topology menu.
9 Managing the Network Select one of the following sets of APs, and click Apply to display the version information. Click Reset to return to the previously saved value.
Managing Rogue Access Points IP level discovery requires that the detecting AP be able to determine the IP address of the discovered AP through an IP / SNMP connectivity check and establish IP-level communications with it. NM Portal then performs a series of consistency checks and certification to determine whether the AP is a recognized part of the network.
9 Managing the Network Figure 136: IP Rogue AP - Unclassified Perform the following functions from this tab: Function Steps Classify an AP as known 1 Select the AP from the list. APs are identified by device ID and IP address, if known. 2 Click Classify-Node to open the Classify the Rogue AP panel (Figure 137). 3 Select Our-Network to classify the AP as known within your wireless network. Select Neighbor-Network to classify the AP as known in a neighboring network. 4 Click Apply.
Managing Rogue Access Points Figure 137: IP Rogue AP - Classify Classified Tab The Classified tab (Figure 138) lists all the APs designated as known through IP classification.
9 Managing the Network Figure 138: IP Rogue AP - Classified Wireless Rogue AP Management Wireless rogue management differs from IP rogue management in the type of discovery used to determine whether the AP is authorized to be part of the network. In wireless discovery, each AP scans the beacons sent by other APs within range and attempts to identify the APs from the information in the beacon. Select Wireless Rogue AP from the Rogue AP menu to open the table of unclassified wireless rogue APs.
Managing Rogue Access Points Field Description Reporting Time Time of the last wireless scan Figure 139: Wireless Rogue AP - Unclassified Perform the following functions from this tab: Function Steps Classify an AP as known 1 Select the AP from the list. APs are identified by MAC address. 2 Click Classify-Node to open the Classify the Rogue AP panel (Figure 140). 3 Select Our-Network to classify the AP as known within your wireless network.
9 Managing the Network Figure 140: Wireless Rogue AP - Classify Classified Tab The Classified tab (Figure 141) lists all the APs designated as known through wireless classification.
Using the NM Services Menu Using the NM Services Menu Use the NM Services menu to define and manage policies, configure parameters for network discovery, add information about DHCP servers, and add portals at remote locations. Working with Policies Policy Management provides tools to keep your network configuration synchronized to a defined set of rules. Open the Policy Management panel to manage configuration policies for distribution to the network of enrolled APs.
9 Managing the Network Figure 143: NM Services - Policy Management - Policy Table - Details (excerpt) Define Policy Define a default policy for bootstrapping other APs in the network by selecting the configuration of this AP as a model. The default policy is pushed automatically to newly enrolled APs. Use the Define Policy tab (Figure 144) to choose the default policy. NOTE: The NM Portal AP requires two radios in order to construct a default policy for two-radio APs.
Using the NM Services Menu Figure 144: NM Services - Policy Management - Define Policy Distribute Policy Use the Distribute Policy tab (Figure 145) to direct how policies are shared across the network. Figure 145: NM Services - Policy Management - Distribute Policy Configure the following fields on this tab: Field Description Select Policy to Distribute Select an existing policy from the pull-down list. Select All Policies to Distribute Select to distribute all the existing policies.
9 Managing the Network Field Description Target AP Name Select the APs to receive the policy or policies, or select Target AP Name to distribute to all the APs. Click Distribute Now to send the policies to the designated APs. Configuring Network Discovery Use the Network Discovery panel to set up the rules for AP discovery. The panel contains the following tabs: • Configuration — Specify discovery parameters. • Scope/Seed — Restrict discovery to specified subnetworks or IP address ranges.
Using the NM Services Menu Configure the following values on this tab: Field Description Discovery Interval Restrict discovery to a time interval (in minutes). The range is 60-10080 (default is 60 minutes). NOTE: Based on the default discovery interval, a newly installed AP could take one to two hours to be discovered. Use Force Rediscovery to speed the process. Discovery Limit Restrict discovery to a number of APs. Once this limit is reached, the discovery process stops.
9 Managing the Network Figure 147: NM Services - Discovery Configuration - Scope/Seed Configure the following fields on this tab: Field Description Discovery Scope - IP Network Address Enter the IP address of the subnet that you want to discover. Discovery Scope Subnet Maskbits Enter the subnet prefix length for the discovery scope. Discovery Seed Specify a seed IP, which is the first address NM Portal will attempt to discover in the selected subnetwork.
Using the NM Services Menu Figure 148: NM Services - Discovery Configuration - Rogue AP Configuring Portals The Portal Configuration panel lists all the Airgo Access Point portals that your AP has discovered and permits addition of a standby security portal to ensure that the wireless user authentication service remains available even if the NM Portal AP temporarily loses its connection. The panel contains two tabs: • Portal Table — Add a redundant security portal and synchronize the portal databases.
9 Managing the Network Portal Table Use the Portal Table (Figure 149) to manage the security portals for the network. Figure 149: NM Services - Portal Configuration - Portal Table Perform the following functions on this tab: Field Description Add Redundant Security Portal Specify the IP address, and click Apply. Only an already-enrolled AP can be configured to be a redundant security portal. Portal Table View the list of currently identified NM Portal APs.
Using the NM Services Menu Field Description Sync Frequency Select to automatically synchronize the database between the portals. The sync frequency represents the duration in minutes at which NM Portal cross checks the portals in the network to make sure their databases are synchronized with the NM Portal database. Click Apply to save the settings, or click Reset to return to the default values (autonomous selected, period five minutes).
9 Managing the Network Portal Backup Use the Portal Backup tab (Figure 151) to back up the portal databases and configuration to a TFTP server and to restore the configuration from the TFTP server. To back up and restore, enter the server IP address and specify a backup file name. To restore, enter the same TFTP server address and file name. If you want to reboot the AP once the configuration file has been copied, select Reboot.
Using the NM Services Menu DHCP Options Select the DHCP Options tab (Figure 152) to activate and configure the DHCP server. Figure 152: NM Services - DHCP Configuration - DHCP Options To activate the server, Enable DHCP Server and configure the following information: Field Description Lease Time Specify the maximum number of leases that the server should assign. This is used to restrict the number of IP addresses served even though the IP subnet served by the DHCP server may be large.
9 Managing the Network Field Description NTP Server Enter the IP address of the server or servers used to synchronize network clocks. There is no default. More than one NTP IP address may be specified (space separated). If you delete NTP servers, only those added manually are deleted. DHCPassigned NTP servers continue to be available. Click Add to save the configuration information. IP Range Select IP Range to configure address ranges for DHCP leases (Figure 153).
Using the NM Services Menu Click Apply to save the address information. Add additional interfaces if desired. The added interfaces are listed in the DHCP Address Range table at the bottom of the panel. To delete a DHCP interface, select the interface in the DHCP IP Address Range table, and click Delete. Leases The Leases tab (Figure 154) lists each network computer serviced by DHCP and its lease information.
9 Managing the Network Static IP Use the Static IP tab (Figure 155) to reserve static IP addresses for specific nodes. Figure 155: NM Services - DHCP Configuration - Static IP Enter the following information on this tab: Field Description Client Fully Qualified Domain Name Enter an alphanumeric name for the node, which is fully qualified by DNS. Client MAC Address Enter the MAC address that uniquely identifies the client station.
Managing Network Faults The Alarm Summary panel contains three tabs: • Alarm Summary — View counts of system alarms in the managed network. • Alarm Table — View a detailed list of alarms. • Filter Table — Select events that should be filtered out of the reported alarm list. Alarm Summary The Alarm Summary tab (Figure 156) provides an aggregate count of alarms across the network managed by NM Portal.
9 Managing the Network Field Description Alarm From Device ID of the AP that reported the alarm Description Text description of the event Log Time Time the alarm occurred and was logged From Module The subsystem that is the source of the alarm.
Managing Network Faults Figure 157: Fault Management - Alarm Summary - Alarm Table Configure the following fields to define a viewing filter: Field Description Alarm ID Select an alarm from the list to view only those specific alarms. Logging Module Name Select from the list to filter all the alarms from a specific system logging module. Alarms From (Host Address) Select an AP to view only the alarms generated by that AP.
9 Managing the Network Table 16: Airgo Access Point Alarms Alarm ID Description Discovered New Node Generated when a new Airgo Access Point is discovered by NM Portal for the first time. Node Deleted from Network Generated when a previously-discovered node is deleted from the system. When the node is deleted, all information about that node is deleted from NM Portal.
Managing Network Faults Table 16: Airgo Access Point Alarms (continued) Alarm ID Description STA Association Failed Generated when an 802.11 client station fails in its attempt to associate to the AP radio.
9 Managing the Network Table 16: Airgo Access Point Alarms (continued) Alarm ID Description WDS Failed Generated when wireless backhaul formation fails. The message includes the MAC address of the end node. This alarm can help track losses in network connectivity. Reason Codes: 0 - System failure 1 - Maximum BP count has been reached (this relevant only for AP) 2 - Join attempt to the uplink AP failed (BP side only) WDS Up Generated when a wireless backhaul formation succeeds.
Managing Network Faults Table 16: Airgo Access Point Alarms (continued) Alarm ID Description Management User Login Success Generated when a management user successfully logs in to the local AP. Management User Login Failure Generated when a management user fails to log in to the AP. STA Failed EAPOL MIC Check Generated when the MIC fails during EAPOL key exchange process.
9 Managing the Network Table 16: Airgo Access Point Alarms (continued) Alarm ID Description Premature EAP-Success Receive Generated when an upstream AP sends an EAP success before authentication is complete. This may indicate that a rogue AP is trying to force an AP to join before authentication is complete. Profile Not Configured for User-Group Generated when the AP determines that the station is a member of a group that does not have a service profile defined for this SSID.
Managing Network Faults Table 16: Airgo Access Point Alarms (continued) Alarm ID Description EAP Response Timeout Generated when a station fails to send an EAP Response in time to complete its authentication sequence using the specified authentication type and encryption. The two authentication modes that require the station to send EAP responses are WPA EAP and legacy 8021.x for dynamic WEP. This alarm may mean that a user prompt is not attended to on the client side.
9 Managing the Network Figure 158: Fault Management - Alarm Summary - Alarm Filter Viewing the Syslog Select SYSLOG from the Fault Management menu to view syslog messages used for network troubleshooting. The most recent messages are in the default message file, Messages, with the latest messages at the top. To view older messages, select the appropriate message.x file from the list on the SYSLOG panel (Figure 159).
Using the Security Portal Menu Figure 159: Fault Management - SYSLOG Using the Security Portal Menu Use the Security Portal menu items to manage user access to the wireless network and to configure the RADIUS proxy feature. Managing User Accounts Choose User Management from the Security Portal menu to manage the authentication of users by way of the internal RADIUS database on the NM Portal AP.
9 Managing the Network Figure 160: Security Portal - User Management - Wireless Users To add a new user, click Add to open the Add Wireless User entry panel (Figure 161). Figure 161: Security Portal - User Management - Add Wireless User RADIUS DNS & DHCP Server Server NMS Server Client(s) Enterprise Network Access Point Access Point Access Point Enter the following information: Field Description Login Name Assign a login name for network access (required).
Using the Security Portal Menu • Email — If an SMTP server is configured, the certificate is mailed to the user. To install the emailed certificate on the PC: a Ask the administrator for the password associated with the certificate. This password is displayed in the user details page. b Double click on the certificate obtained through email. When the certificate installation wizard asks for the password, supply the previously-obtained password.
9 Managing the Network Figure 163: Security Portal - User Management - Admin Users The tab opens with a list of current administrative users. To add a new user, click Add, and enter the following information in the Add Administrative User entry panel (Figure 164): Field Description Login Name Assign a login name for network access (required). Password Enter the password and enter it again in the Confirm Password field (required). User First Name Enter the first name of the user.
Using the Security Portal Menu Adding MAC-ACL Users Use the MAC-ACL tab (Figure 165) to identify and authenticate users by the MAC address of the computer rather than by login. This type of authentication is generally used to accommodate legacy equipment that does not support user-based authentication. MAC addresses are checked when the SSID has MAC-ACL enabled and Open access, static WEP keys, or WPA-PSK encryption are used. For more information on security options, see Chapter 7, “Managing Security.
9 Managing the Network Figure 166: Security Portal - User Management - Add MAC Address User Click Add after entering the requested information. From the user list, you can delete an existing MAC-ACL user, modify user information, or view the details in a read-only table. Managing Guest User Passwords For optional generation of guest passwords automatically at set intervals, use the Guest User tab, as explained in “Guest Access Security” on page 176.
Using the Security Portal Menu NOTE: To guard against a single point of failure, it is recommended that you configure a backup security portal in addition to the working security portal. The RADIUS Proxy feature can reduce administrative effort in the following ways: • It is not necessary to configure each AP with knowledge of each external RADIUS server. • It is not necessary to configure the external RADIUS server with each AP as a RADIUS client.
9 Managing the Network and distribute the new list to one or more security portals if you generate a new default policy and distribute it. For more information on SSIDs, authentication zones, and authentication servers, see “Configuring Authentication Zones” on page 155. Configuration Requirements for Backup Security Portal It is highly recommended that you configure one or more backup security-portals when configuring RADIUS proxy.
Using the Mobility Services Menu Figure 167: RADIUS Proxy Configure the following setting on this panel: Item Description Enable RADIUS Proxy Server Select the checkbox to enable the RADIUS Proxy server feature, and click Apply. NOTE: When RADIUS proxy is enabled, the authentication zone configuration is deleted. When APs are enrolled into the network, the configuration policy is distributed to the AP.
9 Managing the Network enabling retention of the same IP address, clients can continue their conversations without interruption. Layer-3 Mobility requires wireless client reauthentication, and delays can occur for some authentication methods. For example, if the clients use WPA-EAP for authentication, then Layer-3 roaming still requires clients to be reauthenticated by an external RADIUS server. Delays can occur while authentication messages are exchanged between the AP and the RADIUS server.
Using the Mobility Services Menu Figure 168: Layer-3 Roaming Using VLANs RADIUS Server (EAP-TLS or EAP-PEAP) DHCP Server (Serving both IP subnets) User-Dir NOC Example: Cisco 3600 Router/Switch IP Routerw/DHCP Relay Agent Corp Network CORP-VLAN 192.168.88.0/24 MGMT-VLAN 192.168.90.0/24 Admin Network VLAN Switch CORP-VLAN MGMT-VLAN CORP-VLAN CORP-VLAN STA2: 192.168.90.200/24 STA2: 192.168.90.200/24 L3 Roaming L3 Roaming STA1: 192.168.88.100/24 STA1: 192.168.88.
9 Managing the Network Figure 169: Layer-3 Mobility - Tunnel Approach WNI NMS AAA Internet Enhanced IAPP • Secure Handoff • Fast Handoff • Lookup Corporate Network Update Frame Tunnel Management 10.1.1.5 10.1.1.x 10.1.1.5 10.1.2.x A0057 The tunneling approach uses mobility agents (MAs) and mobility sub-agents (MSAs). Each MA configures a tunnel to every other MA in the network, thereby creating a fully meshed tunneled infrastructure to carry Layer-3 Mobility traffic between these subnetworks.
Using the Mobility Services Menu Figure 170: Layer-3 Mobility - Mobility Agents and Sub-Agents MA MA L3-Mobility Tunnel MSA MSA MSA MSA MSA IP Subnet-X IP Subnet-Z MA MSA MSA MSA IP Subnet-Y A0061 The wired network AP that is selected as an MA must be attached to one of the following: • Ethernet switch that supports jumbo frames (>1518 bytes). The switches must pass through tagged VLAN packets. • VLAN enabled Ethernet switch that supports switching of VLAN tagged frames.
9 Managing the Network Figure 171: Mobility Configuration This tab contains the following information and settings: Item Description Enable L3 Mobility (Tunneling) Choose Yes to activate the L3 mobility capability, and click Apply. Click Reset to return to the previously saved value. Select Mobility Agent (Wired AP) Select an AP and click Add to enroll the AP as a mobility agent. NOTE: Only one AP in a subnet can be designated as a Mobility Agent.
Using the Mobility Services Menu Roaming Stations Tab When client stations roam across subnets, the MA and the MSAs in the subnet track their movement. The Roaming Stations tab (Figure 172) shows the set of stations that have roamed to the selected subnet. Figure 172: Mobility Configuration - Roaming Stations The table on this panel contains information for the subnet or subnets indicated by the Mobility Agent (or all Mobility Agents) selected from the pull-down list.
9 Managing the Network Figure 173: Mobility Configuration - Roaming Statistics The table on this panel contains information for the subnet or subnets indicated by the Mobility Agent (or all Mobility Agents) selected from the pull-down list.
Using the Mobility Services Menu Figure 174: Mobility Configuration - Tunnel Statistics The following information is presented for each Mobility Agent selected from the pull-down list: Item Description MA IP Address IP address of the selected mobility agent Tunnel Local Subnet Subnet address of the tunnel endpoint terminating on the selected Mobility Agent Tunnel Remote Subnet Subnet address of the tunnel endpoint terminating on a remote Mobility Agent Tunnel Interface Name of the tunnel connect
9 Managing the Network 238 Item (continued) Description Received Error Packets Packets with errors received through the tunnel interface on the selected MA Received Drop Packets Number of received packets dropped by the tunnel interface Misaligned Packets Always equal to 0 FIFO Errors Always equal to 0 Transmit Error Packets Number of packets dropped due to inability to find the route Transmit Drop Packets Number of packets dropped by the tunnel interface upon transmission due to system conge
10 Maintaining the Access Point A variety of tools are available to maintain the Airgo Access Point. This chapter describes the tools in the following sections: • • • • • • Rebooting the AP Saving the AP Configuration Managing the System Configuration Managing the AP Configuration Upgrading Software Common Problems and Solutions Rebooting the AP Choose Save & Reboot AP from the System Services menu to open the Reboot Configuration panel. To begin the process, click Reboot (Figure 177).
10 Maintaining the Access Point Figure 176: System Configuration - Reboot AP Managing the System Configuration Choose System Configuration from the System Services menu to access the network-related configuration features of the Airgo AP and set up syslog parameters. The panel includes the following tabs: • • • • IP Configuration — Configure IP and host settings. Syslog Configuration — Set up and view the syslog. License Management — Configure additional licenses on the AP.
Managing the System Configuration Figure 177: System Configuration - IP Configuration The tab is divided into two sections. Click Apply after configuring each section, or Reset to return to the default values. Configure the following fields: Field Description DHCP Assigned IP Address Enables the AP to obtain an IP address for the AP from the network DHCP server. DNS IP Address Enter the IP address of the DNS server.
10 Maintaining the Access Point The top area of the Syslog panel (Figure 178) provides controls to set the logging level and scope for a variety of functional areas or modules.
Managing the System Configuration The tab contains the following settings: Field Description Syslog Level Select the activity level that triggers a syslog entry. Choose from several levels (Emergency, Alert, Critical, Error, Warning, Notice, Info, or Debug). (required) Syslog-Level Module Select whether to record a specific type of activity, or include all the activities in the list. (required) Remote Syslog Logging Indicate whether to enable a remote server to monitor events across the network.
10 Maintaining the Access Point Figure 180: System Configuration - NMS Configuration Enter the following values to set the NMS configuration: Field Description Primary Manager IP Address Enter the IP address of the NMS server responsible for managing the AP. Auxiliary Manager IP Address If applicable, enter the IP address of the NM Portal AP used to manage the AP at the branch location (in conjunction with an NMS Pro server as a primary manager.
Managing the AP Configuration Figure 181: System Configuration - Hardware Options Select the following parameters on this tab Field Description Enable Real Time Clock Use the real-time clock (RTC). Enable Buzzer Activate the AP buzzer to locate the AP, if necessary. Click Apply to save the entries or Reset to return to the previously saved values. Managing the AP Configuration Choose Configuration Management from the System Services menu to open the Configuration Management feature panel.
10 Maintaining the Access Point Task Steps Restore the AP configuration 1 In the Restore Configuration area, click Browse and select the configuration file. 2 Click Apply to restore the configuration and reboot the AP. NOTE: If the AP has been unenrolled or restored to factory defaults, it is not possible to reapply the configuration using this method. The AP must be reenrolled and have a new configuration created. Generate support logs 1 Click Generate Support Logs.
Managing the AP Configuration If an NM Portal AP must be reset to factory defaults on a network with existing enrolled APs, follow these steps to restore the Portal AP: Condition Action A backup of the NM Portal AP exists and the AP is functional After resetting the Portal AP to factory defaults, bootstrap the AP as the NM Portal. Make sure the AP is assigned the same IP address it had originally. Restore the NM Portal Backup to the same AP. This should restore the portal to its configured state.
10 Maintaining the Access Point Figure 183: 248 Configuration Management - Configuration Reports Installation and User Guide: Airgo Access Point
Managing the AP Configuration Reset Configuration Use the Reset Configuration tab to reset the AP configuration or revert to the defaults for individual subsystems (Figure 184).
10 Maintaining the Access Point Perform the following functions on this tab: Function Description Reset Configuration to Default 1 Click Reset to Default or Reset to Factory Defaults. 2 Click Apply to reboot the AP with the selected configuration. Reset Subsystems to Defaults 1 Select one or more individual subsystems to reset. 2 Click Apply to reboot the AP with the selected defaults. Click Reset to clear the selections on the tab.
Upgrading Software Figure 185: Configuration Management - TFTP Backup Upgrading Software From the NM Portal web interface, you can upgrade the software on enrolled APs throughout the network in one operation. You can also upgrade any individual, non-portal AP from the AP web interface. The same interface is used for both situations; however, access to the interface is different for an NM Portal than for a non-portal AP.
10 Maintaining the Access Point Figure 186: Software Upgrade The Software Upgrade panel offers two upgrade options. The Software Image Upgrade option uses https to download the software image to the AP. The Software Download via TFTP option uses TFTP to download the software image. Select only one of these options; it is not possible to use both methods at the same time.
Upgrading Software upgrade, the AP shuts down some services (such as CLI sessions) to create temporary memory and to validate the image prior to writing to AP's flash. NOTE: When you distribute software from NM Portal to enrolled APs, the software distribution retries three times on each of the APs selected. Some management services on the NM Portal AP are shut down to make room for the new image distribution. The NM Portal AP runs through entire list of selected APs before it restarts management services.
10 Maintaining the Access Point Figure 187: Software Upgrade - Download Status The software distribution process begins by sending the software to the first selected AP. As soon as this AP receives the software, it upgrades its image and reboots automatically. The process then moves to the next selected AP. After all the APs have been upgraded, the NM Portal AP is upgraded and rebooted. The administrator must again log in to the NM Portal web interface after an upgrade and reboot.
Upgrading Software Canceling a Distribution To cancel software distribution at any time, you must click Cancel All. This cancels distribution to APs that have not yet been upgraded, restarts services that were shut down during the upgrade, and removes the image file from the AP RAM. Cancellation is performed serially for multiple AP distributions. Canceling during distribution does not damage the APs. If the distribution on a remote AP is cancelled, the AP will be automatically rebooted.
10 Maintaining the Access Point Status Explanation Done. Rebooting The flashing is complete and the AP is rebooting. When the distribution is complete, the message Software Distribution is Complete is displayed, regardless of whether the distribution was successful. If a portal AP is not included in the download, all services are restarted automatically after the distribution. Image Recovery During the upgrade process, care is taken to validate the image integrity and compatibility with AP hardware.
Common Problems and Solutions Table 17: Common Problems and Solutions (continued) Symptom Problem Solution Poor or lower than expected signal strength, as measured by wireless network adapters attempting to connect to the AP The AP may be poorly placed, or external antenna may not be connected properly. The AP and/or its external antenna should not be in an obstructed location. Metallic objects (such as equipment racks) and some construction materials can block wireless signals.