Dell PowerConnect W AirWave 7.
Copyright © 2011 Aruba Networks, Inc. Aruba Networks trademarks include , Aruba Networks®, Aruba Wireless Networks®, the registered Aruba the Mobile Edge Company logo, Aruba Mobility Management System®, Mobile Edge Architecture®, People Move. Networks Must Follow®, RFProtect®, Green Island®. All rights reserved. All other trademarks are the property of their respective owners. Dell™, the Dell™ logo, and PowerConnect™ are trademarks of Dell Inc.
Contents About This Guide ....................................................................................................................................................11 Document Organization................................................................................................................... 11 Notice Icons ...................................................................................................................................... 12 Contacting Support ........................
Resetting Pagination Records........................................................................................................ 31 Using the Pagination Widget.......................................................................................................... 31 Using CSV Export for Lists and Reports........................................................................................ 31 Defining Graph Display Preferences...........................................................................
Configuring Group Security Settings............................................................................................. 80 Configuring Group SSIDs and VLANs ........................................................................................... 83 Configuring Radio Settings for Device Groups............................................................................ 87 An Overview of Cisco WLC Configuration....................................................................................
Auditing Device Configuration ............................................................................................. 130 Using Device Folders (Optional) .......................................................................................... 131 Configuring and Managing Devices............................................................................................ 132 Moving a Device from Monitor Only to Manage Read/Write Mode.............................. 132 Configuring AP Settings ..........
Viewing and Configuring RAPIDS Rules............................................................................. 171 Deleting or Editing a Rule.............................................................................................. 173 Recommended RAPIDS Rules.............................................................................................. 173 Using RAPIDS Rules with Additional AWMS Functions .................................................. 174 Viewing Rogues on the RAPIDS > List Page.
Upgrading AWMS .......................................................................................................................... 214 Upgrade Instructions ............................................................................................................. 214 Upgrading Without Internet Access ................................................................................... 214 Backing Up AWMS .................................................................................................
ReefEdge Integration ..................................................................................................................... 257 ReefEdge Configuration ........................................................................................................ 258 HP ProCurve 700wl Series Secure Access Controllers Integration ...................................... 258 Example Network Configuration ..........................................................................................
| Dell PowerConnect W AirWave 7.
About This Guide This preface provides an overview of this guide and contact information for Dell, and includes the following sections: “Document Organization” on page 11 “Notice Icons” on page 12 “Contacting Support” on page 12 Document Organization This user guide includes instructions and examples of the graphical user interface (GUI) for installation, configuration, and daily operation of AirWave Wireless Management Suite.
Table 1 Document Organization and Purposes (Continued) Chapter Description Appendix D, “Initiating a Support Connection” Provides instructions about how to create and use a support connection between AWMS and AirWave Wireless Support. Appendix E, “Cisco Clean Access Integration (Perfigo)” Provides instructions for integrating Cisco Clean Access within AWMS. Appendix F, “HP Insight Install Instructions for AWMS Servers” Provides instructions for installing HP Insight on AWMS servers.
Chapter 1 Introduction Thank you for choosing Dell PowerConnect W AirWave Wireless Management Suite, or AWMS. AWMS makes it easy and efficient to manage your wireless network by combining industry-leading functionality with an intuitive user interface, enabling network administrators and helpdesk staff to support and control even the largest wireless networks in the world. This User Guide provides instructions for the installation, configuration, and operation of the AirWave Wireless Management Suite.
Flexible device support Thin, thick, mesh network architecture Multi-vendor support Current and legacy hardware support Dell PowerConnect W Configuration AWMS supports global and group-level configuration of ArubaOS (AOS), the operating system, software suite, and application engine that operates Dell PowerConnect W mobility and centralizes control over the entire mobile environment. For a complete description of AOS, refer to the ArubaOS User Guide in support.dell.com/manuals.
Multiple tests to eliminate false positive results. Provides rogue discovery that identifies the switch and port to which a rogue device is connected. Master Console and Failover The AWMS Master Console and Failover tools enable network-wide information in easy-to-understand presentation, to entail operational information and high-availability for failover scenarios.
The flexibility of AWMS enables it to integrate seamlessly into your business hierarchy as well as your network topology. AWMS facilitates various administrative roles to match each individual user's role and responsibility. 16 | Introduction A Help Desk user may be given read-only access to monitoring data without being permitted to make configuration changes. A U.S.
Chapter 2 Installing AWMS This chapter contains information and procedures for installing and launching the AirWave Wireless Management Suite (AWMS), and includes the following topics: “AWMS Hardware Requirements and Installation Media” on page 17 “Installing Linux CentOS 5 (Phase 1)” on page 17 “Installing AWMS Software (Phase 2)” on page 18 “Configuring and Mapping Port Usage for AWMS” on page 21 “AWMS Navigation Basics” on page 22 “Getting Started with AWMS” on page 27 CAUTION: A
- To install AWMS and manually configure hard drive settings, type expert . boot: 3. Allow the installation process to continue. Installing the CentOS software (Phase I) takes 10 to 20 minutes to complete. This process formats the hard drive and launches Anaconda to install all necessary packages. Anaconda gauges the progress of the installation. Upon completion, the system will prompt you to eject the installation CD and reboot the system. 4.
The installation program discovered a previous version of the software. Would you like to reinstall AWMS? This will erase AWMS's database. Reinstall (y/n)? Type y and press Enter to proceed. CAUTION: This action erases the current database, including all historical information. To ensure that the AWMS database is backed up prior to reinstallation, answer `n` at the prompt above and contact your Value Added Reseller or directly contact Dell support.
STEP 5: Naming AWMS AWMS name is currently set to: New AWMS Please enter a name for your AWMS: At the prompt, enter a name for your AWMS server and press Enter. Step 6: Assigning a Host Name to the AWMS Upon completion of the previous step, the following message appears on the screen: STEP 6: Assigning AWMS's hostname Does AWMS have a valid DNS name on your network (y/n)? 1. If AWMS does not have a valid host name on the network, enter n at the prompt.
Configuring and Mapping Port Usage for AWMS The following diagram itemizes the communication protocols and ports necessary for AWMS to communicate with wireless LAN infrastructure devices, including access points (APs), controllers, routers, switches, and RADIUS servers. Assign or adjust port usage on the network administration system as required to support these components.
AWMS Navigation Basics Every AWMS page contains three basic sections, as illustrated in : Status Section Navigation Section Activity Section The AWMS pages also contain Help links with GUI-specific help information and certain standard buttons. Status Section The Status section is a snapshot view of overall WLAN performance and provides direct links for immediate access to key system components. The Status section remains at the top of all pages in the AWMS and RAPIDS modules.
Navigation Section The Navigation Section displays tabs for all main GUI pages within AWMS. The top bar is a static navigation bar containing tabs for the main components of AWMS, while the lower bar is context-sensitive and displays the subtabs for the highlighted tab. Table 6 Components and Subtabs of the AWMS Navigation Screen Main Tab Description Subtabs Home The Home tab provides basic AWMS information including system name, host name, IP address, current time, running time, and software version.
Table 6 Components and Subtabs of the AWMS Navigation Screen (Continued) Main Tab Description Subtabs Reports The Reports pages list all the standard and custom reports generated by AWMS. AWMS supports 13 reports in the AWMS module. For additional information, refer to Chapter 9, “Creating, Running, and Emailing Reports” on page 219.
Help Links in the GUI The Help link is available on every page within AWMS. When selected, this launches a PDF document with information describing the AWMS page that is currently displayed. NOTE: Adobe Reader must be installed to view the settings and default values in the PDF help file. Common List Settings All of the lists in AWMS have some common options. All lists are paginated with a configurable number of items per page.
Table 7 Standard Buttons and Icons of the AWMS User Page (Continued) Function Imagea Description Down Indicates down devices and radios. Drag and Drop Dragging and dropping objects with this icon changes the sequence of items in relation to each other. Refer to “Using RAPIDS and Rogue Classification” on page 165 as one example of drag-and-drop. Duplicate Duplicates or makes a copy of the configuration of an AWMS object. Edit Edits the object properties. Email Links to email reports.
Table 7 Standard Buttons and Icons of the AWMS User Page (Continued) Function Imagea Description User Indicates a user. View Historical Graph in New Window Displays all data series for the selected graph over the last two hours, last day, last week, last month, and last year in one page. VisualRF Links to VisualRF - real time visualization. XML Links to export XHTML versions of reports. a. Not all AWMS GUI components are itemized in graphic format in this table.
| Installing AWMS Dell PowerConnect W AirWave 7.
Chapter 3 Configuring AWMS This chapter contains the following procedures to deploy initial AWMS configuration: “Formatting the Top Header” on page 29 “Customizing Columns in Lists” on page 30 “Resetting Pagination Records” on page 31 “Using the Pagination Widget” on page 31 “Using CSV Export for Lists and Reports” on page 31 “Defining Graph Display Preferences” on page 32 “Customizing the Overview Subtab Display” on page 32 “Setting Severe Alert Warning Behavior” on page 34
Figure 2 Navigation Bar Displaying Home Subtabs and Down Device Statistics You can control which Top Header Stats links appear from the AMP Setup > General page, as described in “Defining General AWMS Server Settings” on page 34. Top Header Stats can also be customized for individual user on the Home > User Info page. There you can select the statistics to display for certain device types, and override the AMP Setup page.
Figure 5 Table With Choose Columns for Roles Menu Selected Resetting Pagination Records To control the number of records in any individual list, select the link with Records Per Page mouseover text at the top left of the table, as shown in Figure 6. AWMS remembers each list table’s pagination preferences. Figure 6 Records Per Page Dropdown Menu To reset all AMP list Records Per Page preferences, you can select Reset in the Display Preferences section of the Home > User Info page, as shown in Figure 7.
Figure 9 List with Export to CSV Selected AWMS also enables CSV exporting of all report types. For more information, see “Exporting Reports to XML or CSV” on page 246. Defining Graph Display Preferences Many of the graphs in AWMS are Flash-based, which allows you adjust the graph settings attributes, as shown in Figure 10.
Figure 12 Customize Overview Page The Available Widgets section on the left with no gridlines holds all possible (available) graphical elements (widgets). Select any blue widget tile with a verbal description enclosed, and it immediately turns into a graphical element with a description. Drag the widgets you want to appear on the Overview dashboard across to the gridlines and arrange them in the right section, within the gridlines.
Figure 13 Home > User Info Customized Search Preferences Setting Severe Alert Warning Behavior You can control the alert levels users can see on the Alerts statistics hyperlink from the Home > User Info page. These settings will apply unless and until other users change settings for themselves. When a trigger is assigned a severity of Critical, it generates a severe alert. When a severe alert exists, a new component appears at the right of the Status field in bold red font.
Figure 15 AMP Setup > General Page Illustration Perform the following steps to configure AWMS server settings globally across the product (for all users). 1. Browse to the AMP Setup > General page, locate the General area, and enter the information described in Table 8: Table 8 AMP Setup > General > General Section Fields and Default Values Setting Default Description System Name AWMS Defines your name for the AWMS server, with a maximum limit of 20 alphanumeric characters.
Table 8 AMP Setup > General > General Section Fields and Default Values (Continued) Setting Default Description Automatically monitor/manage new devices No Launches a drop-down menu that specifies the behavior AWMS should follow when it discovers a new device. Devices are placed in the default group which is defined in the next field.
Table 9 describes the settings and default values in this section. Table 9 AMP Setup > General > Display Fields and Default Values Setting Default Description Use fully qualified domain names No Sets AWMS to use fully qualified domain names for APs instead of the AP name. For example, "testap.yourdomain.com" would be used instead of "testap." This option is supported only for Cisco IOS, Dell PowerConnect W, Aruba Networks, and Alcatel-Lucent devices.
Table 10 AMP Setup > General > Device Configuration Fields and Default Values (Continued) Setting Default Description Use Global Dell PowerConnect W Configuration Yes Enables Dell PowerConnect W configuration profile settings to be globally configured and then assigned to device groups. If disabled, settings can be defined entirely within Groups > Dell PowerConnect W Config instead of globally. NOTE: Changing this setting may require importing configuration on your devices.
Table 12 AMP Setup > General > Historical Data Retention Fields and Default Values (Continued) Setting Default Description Automatically Acknowledged Alerts (0-550 days, zero disables) 14 Defines automatically acknowledged alerts as the number of days AWMS retains alerts that have been automatically acknowledged. Setting this value to 0 disables this function, and alerts will never expire or be deleted from the database.
Table 13 AMP Setup > General > Default Firmware Upgrade Options Fields and Default Values (Continued) Setting Default Description Failures Before Stopping (0-20) 1 Sets the default number of upgrade failures before AWMS pauses the upgrade process. User intervention is required to resume the upgrade process. Setting this value to 0 disables this function. 8. Locate the Additional AMP Services section, and adjust settings as required. Table 14 describes the settings and default values of this section.
Table 15 AMP Setup > General > Performance Tuning Fields and Default Values (Continued) Setting Default Description Maximum Number of Audit Processes 3 Increases the number of processes that audit configurations for your devices, as an option. The optimal setting for your network depends on the resources available, especially RAM. Contact Dell support if you are considering increasing this setting for your network.
1. Locate the Primary and Secondary Network Interface sections. The information in these sections should match what you defined during initial network configuration and should not require changes. Table 16 describes the settings and default values. Table 16 Primary and Secondary Network Interface Fields and Default Values Setting Default Description IP Address None Sets the IP address of the AWMS network interface. This address must be a static IP address.
Creating AWMS Users AWMS installs with only one AMP user—the admin, who is authorized to: define additional users with varying levels of privilege, be it manage read/write or monitoring. limit the viewable devices as well as the level of access a user has to the devices. Each general user that you add needs a Username, a Password, and a Role. Use unique and meaningful user names as they are recorded in the log files when you or other users make changes in AWMS.
Table 18 AMP Setup > User > Add/Edit User Fields and Default Values (Continued) Setting Default Description Role None Specifies the User Role that defines the Top viewable folder, type and access level of the user specified in the previous field. The admin user defines user roles on the AMP Setup > Roles page, and each user in the system is assigned to a role. Password None Sets the password for the user being created or edited.
even if they do not share the same top-level folder. Non-admin users are only able to see data and users for devices within their assigned subset of folders. Perform the following steps to view, add, edit, or delete user roles: 1. Go to the AMP Setup > Roles page. This page displays all roles currently configured in AWMS. Figure 19 illustrates the contents and layout of this page. Figure 19 AMP Setup > Roles Page Illustration 2.
Table 19 AMP Setup > Roles > Add/Edit Roles Fields and Default Values (Continued) Setting Default Description Type AP/Device Manager Defines the type of role. AWMS supports the following role types: AMP Administrator—The AMP Administrator has full access to AWMS and all of the devices. Only the AMP Administrator can create new users or access the AMP Setup page.
Enabling AWMS to Manage Your Devices Once AWMS is installed and active on the network, the next task is to define the basic settings that allow AWMS to communicate with and manage your devices. Device-specific firmware files are often required or are highly desirable. Furthermore, the use of Web Auth bundles is advantageous for deployment of Cisco WLC wireless LAN controllers when they are present on the network.
The Edit button edits the default credentials for newly discovered devices. To modify the credentials for existing devices, use the APs/Devices > Manage page or the Modify Devices link on the APs/Devices > List page. NOTE: Community strings and shared secrets must have read-write access for AWMS to configure the devices. Without readwrite access, AWMS may be able to monitor the devices but cannot apply any configuration changes. 2.
6. Locate the ICMP Settings section and adjust the default value as required. Table 23 shows the setting and default value. Table 23 Device Setup > Communication > ICMP Settings Fields and Default Values Setting Default Description Attempt to ping devices that were unreachable via SNMP Yes When Yes is selected, AWMS attempts to ping the AP device. Select No if performance is affected in negative fashion by this function.
Firmware files uploaded to AWMS appear as options in the drop-down menus on the Group > Firmware page and on individual APs/Devices > Manage pages. Use the AMP Setup page to configure AWMS-wide default firmware options. Table 26 below itemizes the contents, settings, and default values for the Upload Firmware & Files page.
Figure 22 Device Setup > Add New Firmware Page Illustration 3. Select Supported Firmware Versions and Features to view supported firmware versions. NOTE: Unsupported and untested firmware may cause device mismatches and other problems. Please contact Dell support before installing non-certified firmware. 4. Enter the appropriate information and select Add. The file uploads to AWMS and once complete, this file appears on the Device Setup > Upload Firmware & Files page.
NOTE: Additional fields may appear for multiple device types. AWMS prompts you for additional firmware information as required. For example, Intel and Symbol distribute their firmware in two separate files: an image file and an HTML file. Both files must be uploaded to AWMS for the firmware to be distributed successfully via AWMS. 6. Select Add to import the firmware file.
Configuring TACACS+ Authentication For TACACS+ capability, you must configure the IP/Hostname of the TACACS+ server, the TCP port, and the server shared secret. This TACACS+ configuration is for AWMS users, and does not affect APs or users logging into APs. 1. Go to the AMP Setup > Authentication page. This page displays current status of TACACS+. Figure 24 illustrates this page when neither TACACS+ nor RADIUS authentication is enabled in AWMS. Figure 24 AMP Setup > Authentication Page Illustration 2.
Enter AMP in the service column and https in the protocol column. Select Save. 5. Edit the existing groups or users in TACACS to use the “AMP service” and define a role for the group or user. The role defined on the Group Setup page in ACS must match the exact name of the role defined on the AMP Setup > Roles page. The defined role should use the following format: role=.
Figure 25 AMP Setup > Authentication Page Illustration 2. Select No to disable or Yes to enable TACACS+ or RADIUS authentication. If you select Yes, several new fields appear. Complete the fields described in Table 29. Table 29 AMP Setup > Authentication Fields and Default Values Field Default Description Primary Server Hostname/IP Address N/A Enter the IP address or the hostname of the primary RADIUS server. Primary Server Port 1812 Enter the TCP port for the primary RADIUS server.
Figure 26 AMP Setup > RADIUS Accounting Page Illustration Figure 27 AMP Setup > RADIUS > Add RADIUS Accounting Client Page Illustration 1. To specify the RADIUS authentication server or network, browse to the AMP Setup > RADIUS Accounting page and select Add, illustrated in Figure 27, and provide the information in Table 30. 2. Select Add. Table 30 AMP Setup > RADIUS Accounting Fields and Default Values Setting Default Description Nickname None Sets a user-defined name for the authentication server.
Introduction to Cisco WLSE Cisco WLSE functions as an integral part of the Cisco Structured Wireless-Aware Network (SWAN) architecture, which includes IOS Access Points, a Wireless Domain Service, an Access Control Server, and a WLSE. In order for AWMS to obtain Rogue AP information from the WLSE, all SWAN components must be properly configured. Table 31 describes these components.
Configuring WLSE to Communicate with APs 1. Go to the Device Setup > Discover page. 2. Configure SNMP Information. 3. Configure HTTP Information. 4. Configure Telnet/SSH Credentials. 5. Configure HTTP ports for IOS access points. 6. Configure WLCCP credentials. 7. Configure AAA information.
Grouping It’s much easier to generate reports or faults if APs are grouped in WLSE. Use these pages to make such configurations. 1. Go to Devices > Group Management. 2. Configure Role and User. Configuring IOS APs for WDS Participation IOS APs (1100, 1200) can function in three roles within SWAN: Primary WDS Backup WDS WDS Member AMP monitors AP WDS role and displays this information on AP Monitoring page.
3. Install a New Certificate by selecting the Install New Certificate button, or skip to the next step if the certificate was previously installed. 4. Select User Setup in the left frame. 5. Enter the Username that will be used to authenticate into the WDS and select Add/Edit. 6. Enter the Password that will be used to authenticate into the WDS and select Submit. 7. Go to the Network Configuration > Add AAA Client page. 8. Add AP Hostname, AP IP Address, and Community String (for the key). 9.
Table 32 AMP Setup > WLSE Fields and Default Values (Continued) Setting Default Description Poll for AP Discovery; Poll for Rogue Discovery Yes Sets the method by which AWMS uses WLSE to poll for discovery of new APs and/or new rogue devices on the network. Last Contacted None Displays the last time AWMS was able to contact the WLSE server. Polling Period 10 minutes Determines how frequently AWMS polls WLSE to gather rogue scanning data. 2. After you have completed all fields, select Save.
Figure 30 AMP Setup > ACS > Add/Edit Details Page Illustration 3. Complete the settings on AMP Setup > ACS > Add/Edit Details. Table 33 describes these fields: Table 33 AMP Setup > ACS > Add/Edit Details Fields and Default Values Field Default Description IP/Hostname None Sets the DNS name or the IP address of the ACS Server. Protocol HTTP Launches a drop-down menu specifying the protocol AWMS uses when it polls the ACS server.
1. Go to AMP Setup > NMS, illustrated in Figure 31. Figure 31 AMP Setup > NMS Page Illustration 2. Select Add to integrate a new NMS server, or select the pencil icon to edit an existing server. Provide the information described in Table 34: Table 34 AMP Setup > NMS Integration Add/Edit Fields and Default Values Setting Default Description Hostname None Cites the DNS name or the IP address of the NMS. Port 162 Sets the port AWMS uses to communicate with the NMS.
Introduction to PCI Requirements AWMS supports wide security standards and functions in the wireless network. One component of network security is the optional deployment of Payment Card Industry (PCI) Auditing. The Payment Card Industry (PCI) Data Security Standard (DSS) establishes multiple levels in which payment cardholder data is protected in a wireless network.
Table 35 PCI Requirements and Support in AWMS (Continued) Requirement Description 2.1 Monitoring the presence of vendor-supplied default security settings When Enabled: PCI Requirement 2 establishes the standard in which all vendor-supplied default passwords are changed prior to a device’s presence and operation in the network. A device fails requirement 2.1 if the username, passwords or SNMP credentials being used by AWMS to communicate with the device are on a list of forbidden default credentials.
3. Create changes as required. Specific credentials can be cited in the Forbidden Credentials section of any Edit page to enforce PCI requirements in AWMS. Figure 33 shows one example. Figure 33 Default Credential Compliance for PCI Requirements 4. Select Save. 5. To view and monitor PCI auditing on the network, use generated or daily reports. See Chapter 9, “Creating, Running, and Emailing Reports” . In addition, you can view the real-time PCI auditing of any given device online. Perform these steps: a.
1. Configure WLAN switches for optimal AWMS monitoring. Disable debugging. Ensure AWMS server is a trap receiver host. Ensure proper traps are enabled. 2. Configure AWMS to optimally monitor the Dell infrastructure. Enable WMS offload. Configure SNMP communication. Create a proper policy for monitoring Dell infrastructure. Discover the infrastructure. 3. Configure device classification. Set up rogue classification. Set up rogue classification override.
| Configuring AWMS Dell PowerConnect W AirWave 7.
Chapter 4 Configuring and Using Device Groups in AWMS This chapter describes the deployment of device groups within AWMS. The section below describes the pages or focused subtabs available on the Groups tab. Note that the available subtabs can vary significantly from one device group to another—one or more subtabs may not appear, depending on the Default Group display option selected on the AMP Setup > General page and the types of devices you add to AMP.
LWAPP APs tab, can now be performed from Modify Devices on the APs/Devices > List page. Refer to “An Overview of Cisco WLC Configuration” on page 92. PTMP—This page defines settings specific to Proxim MP devices when present. Refer to “Configuring Group PTMP Settings” on page 97. Proxim Mesh—This page defines mesh AP settings specific to Proxim devices when present. Refer to “Configuring Proxim Mesh Radio Settings” on page 97.
You can create as many different groups as required. Administrators usually establish groups that range in size from five to 100 wireless devices. Group configuration can be enhanced with the AWMS Global Groups feature, which lets you create Global Groups with configurations that are pushed to individual Subscriber Groups. Viewing All Defined Device Groups To display a list of all defined groups, browse to the Groups > List page, illustrated in Figure 35.
NOTE: When you first configure AWMS, there is only one default group labeled Access Points. If you have no other groups configured, refer to “Configuring Basic Group Settings” on page 72. Configuring Basic Group Settings The first default device group that AWMS sets up is the Access Points group, but you can use this procedure to add and configure any device group. Perform these steps to configure basic group settings, then continue to additional procedures to define additional settings as required. 1.
Figure 37 Groups > Basic Page Illustration 3. Define the settings in the Basic and Global Group sections. Table 37 describes several typical settings and default values of this Basic section. Table 37 Basic and Global Groups Fields and Default Values Setting Default Description Name Defined when first adding the group Displays or changes the group name.
Table 37 Basic and Global Groups Fields and Default Values (Continued) Setting Default Description Missed SNMP Poll Threshold 1 Sets the number of Up/Down SNMP polls that must be missed before AWMS considers a device to be down. The number of SNMP retries and the SNMP timeout of a poll can be set on the Device Setup > Communication page. Regulatory Domain United States Sets the regulatory domain in AWMS, limiting the selectable channels for APs in the group.
6. To configure which options and tabs are visible for the group, complete the settings in the Group Display Options section. Table 39 describes the settings and default values. Table 39 Group Display Options Fields and Default Values Setting Default Description Show device settings for: Only devices on this AMP Drop-down menu determines which Group tabs and options are to be viewable by default in new groups.
Table 41 Spanning Tree Protocol Fields and Default Values (Continued) Setting Default Description Bridge Maximum Age 20 Sets the maximum time, in seconds, that the device stores protocol information. The supported range is from 6 to 40. Bridge Hello Time 2 Sets the time, in seconds, between Hello message broadcasts. Bridge Forward Delay 15 Sets the time, in seconds, that the port spends in listening and learning mode if the spanning tree has changed. 9.
11. To configure settings specific to Cisco WLC, locate the Cisco WLC section and adjust these settings as required. Table 44 describes the settings and default values. Table 44 Cisco WLC Fields and Default Values Setting Default Description SNMP Version 2c Sets the version of SNMP used by AWMS to communicate to WLC controllers. CLI Communication Telnet Sets the protocol AWMS uses to communicate with Cisco IOS devices. Selecting SSH uses the secure shell for command line page (CLI) communication.
14. To configure Symbol settings, locate the Symbol section and adjust these settings as required. Table 47 describes the settings and default values of this section. Table 47 Symbol Fields and Default Values Setting Default Description SNMP Version 2c Specifies the version of SNMP used by AWMS to communicate to the device. Symbol Client Inactivity Timeout (3-600 min) 3 Sets the minutes of inactivity after which a client associated to a Symbol AP will be considered "inactive.
Table 49 Routers and Switches Fields and Default Values (Continued) Setting Default Description Interface Up/Down Polling Period 5 minutes Sets the frequency in which network interfaces are polled for up/down status. This setting can be disabled, or set to poll from switches in a range from every 15 seconds to 30 minutes. Interface Bandwidth Polling Period 15 minutes Sets the frequency in which network interfaces are polled for bandwidth usage.
Figure 38 Groups > AAA Servers Page Illustration 3. To add a RADIUS server or edit an existing server, select Add New RADIUS Server or the corresponding pencil icon to edit an existing server. Table 50 describes the settings and default values of the Add/Edit page. Table 50 Adding a RADIUS Server Fields and Default Values Setting Default Description Hostname/IP Address None Sets the IP Address or DNS name for RADIUS Server. NOTE: IP Address is required for Proxim/ORiNOCO and Cisco Aironet IOS APs.
Figure 39 Groups > Security Page Illustration Table 51 Groups > Security Page Fields and Default Values Setting Default Description VLAN Tagging and Multiple SSIDs Enabled This field enables support for VLANs and multiple SSIDs on the wireless network. If this setting is enabled, define additional VLANs and SSIDs on the Groups > SSIDs page. Refer to “Configuring Group SSIDs and VLANs” on page 83.
Table 51 Groups > Security Page Fields and Default Values (Continued) Setting Default Description WEP Key Rotation Interval 300 Sets the frequency at which the Wired Equivalent Privacy (WEP) keys are rotated in the device group being configured. The supported range is from 0 to 10,000,000 seconds. Session Key Refresh Rate 0 Sets the frequency at which the general session key is refreshed in the device group being configured. The supported range is from 1 to 40 minutes.
Table 51 Groups > Security Page Fields and Default Values (Continued) Setting Default Description Authorization Lifetime 1800 Sets the amount of time a user can be connected before reauthorization is required. The supported range is from 900 to 43,200 seconds. Primary RADIUS Server Reattempt Period 0 Specifies the time (in minutes) that the AP awaits responses from the primary RADIUS server before communicating with the secondary RADIUS server, and so forth 3.
Table 52 Groups > SSIDs Fields and Descriptions (Continued) Field Description Encryption Mode Displays the encryption on the VLAN. First or Second Radio Enabled Enables the VLAN, SSID and Encryption Mode on the radio control. First or Second Radio Primary Specifies which VLAN to be used as the primary VLAN. A primary VLAN is required. NOTE: If you create an open network (see the Create Closed Network setting below) in which the APs broadcast an SSID, the primary SSID is broadcast.
Table 53 Groups > SSIDs > SSID/VLAN Section Fields and Default Values (Continued) Setting Default Description Service Priority (Cisco VxWorks only) None Identifies the delivery priority which packets receive on the VLAN/SSID (VxWorks only). Maximum Allowed Associations (0-2007) 255 Indicates the maximum number of mobile users which can associate with the specified VLAN/SSID. NOTE: 0 means unlimited for Cisco.
6. Locate the EAP Options area on the Groups > SSIDs page, and complete the settings. Table 55 describes the settings and default values. Table 55 Groups > SSIDs > EAP Options Section Fields and Default Values Setting Default Description WEP Key Rotation Interval 120 Time (in seconds) between WEP key rotation on the AP.
Configuring Radio Settings for Device Groups The Groups > Radio configuration page allows you to specify detailed RF-related settings for devices in a particular group. NOTE: If you have existing deployed devices, you may want to use the current RF settings on those devices as a guide for configuring the settings in your default Group. Perform the following steps to define RF-related radio settings for groups. 1.
3. Locate the Radio Settings area and adjust these settings as required. Table 58 describes the settings and default values. Table 58 Groups > Radio > Radio Settings Fields and Default Values Setting Default Description Allow Automatic Channel Selection (2.4, 5, and 4.9GHz Public Safety) No If enabled, whenever the AP is rebooted it uses its radio to scan the airspace and select its optimal RF channel based on observed signal strength from other radios.
To configure these settings, locate the proprietary settings areas on the Groups > Radio page and continue with the additional steps in this procedure. NOTE: Proprietary settings are only applied to devices in the group from the specific vendor and are not configured on devices from vendors that do not support the functionality. 5. To configure HP ProCurve 420 settings exclusively, locate the HP ProCurve 420 section and adjust these settings as required. Table 59 describes the settings and default values.
Table 61 Groups > Radio > Enterasys AP3000 and Enterasys AP4102 Fields and Default Values (Continued) Setting Default Description Rogue Scan Interval (3010080 min) 720 Specifies the time, in minutes, between rogue scans. Rogue Scan Duration (200-1000 msec) 350 Specifies the amount of time, in milliseconds, the AP listens to rogues before returning to normal operation. 8. Locate the Groups > VxWorks section and adjust these settings as required.
Table 63 Groups > Radio > Proxim/Avaya/Procurve APs Fields and Default Values (Continued) Setting Default Description Distance Between APs Large This setting adjusts the receiver sensitivity. Reducing receiver sensitivity from its maximum may help reduce the amount of crosstalk between wireless stations to better support roaming users. Reducing the receiver sensitivity, user stations will be more likely to connect with the nearest access point. 802.11g Operational Mode 802.11b +802.
An Overview of Cisco WLC Configuration The Groups > Cisco WLC Config page consolidates the settings for Cisco WLC devices from all group pages. The Groups > SSIDs subtab applies to all device types except for Cisco WLC, which have WLANs configured on the Cisco WLC Config page. It is not recommended to have HP Procurve 420s, Symbol 4131 and Proxim APs in the same group as Cisco devices. Also, it is recommended that users set device preferences to Only devices in this group.
Configuring WLANs for Cisco WLC Devices In Cisco WLC Config, WLANs are based on SSIDs or VLANs that are dedicated to Cisco WLC controllers. Perform the following steps to define and configure WLANs for Cisco WLC controllers. 1. Go to the Groups > Cisco WLC Config page, and select WLANs in the navigation pane at left. This page displays the SSIDs or VLANs that are available for use with Cisco WLC devices, and enables you to define new SSIDs or VLANs. Figure 45 illustrates this page. 2.
Figure 47 Groups > Cisco WLC Config > WLANs > Add New SSID/VLAN > Security Tab Illustration Figure 48 Groups > Cisco WLC Config > WLANs > Add New SSID/VLAN > QoS Tab Illustration Figure 49 Groups > Cisco WLC Config > WLANs > Add New SSID/VLAN > Advanced Tab Illustration 94 | Configuring and Using Device Groups in AWMS Dell PowerConnect W AirWave 7.
Defining and Configuring LWAPP AP Groups for Cisco Devices The Groups > Cisco WLC Config > WLANs > Advanced > AP Groups page allows you to add/edit/delete AP Groups on the Cisco WLC. LWAPP AP Groups are used to limit the WLANs available on each AP. Cisco thin APs are assigned to LWAPP AP Groups. Viewing and Creating AP Groups 1. Go to the Groups > Cisco WLC Config page, and select WLANs > Advanced > AP Groups in the navigation pane at left. This page displays the configured LWAPP APs.
Configuring Wireless Parameters for Cisco Controllers This section illustrates the configuration of Wireless settings in support of Cisco WLC controllers. The navigation for Wireless settings is illustrated in Figure 52. Figure 52 Groups > Cisco WLC Config > Wireless Navigation Illustration Configuring Security Parameters and Functions AWMS enables you to configure many security settings that are specific to Cisco WLC controllers.
Figure 54 Groups > Cisco WLC Config > Management Navigation Illustration Configuring Group PTMP Settings The Groups > PTMP configuration page configures Point-to-Multipoint (PTMP) for all subscriber and base stations in the device group. Subscriber stations must be in the same group as all base stations with which they might connect. Perform the following steps to configure these functions. 1. Go to the Groups > List page and select the group for which to define PTMP settings by selecting the group name.
Figure 56 Groups > Proxim Mesh Page Illustration The General section contains settings for mesh radio, number of mesh links, RSSI smoothing, roaming threshold and de-auth client. Table 67 Groups > Proxim Mesh > General Fields and Default Values Setting Default Description Mesh Radio 4.9/5Ghz Drop-down selects the radio that acts as the backhaul to the network. Max Number of Mesh Links 6 Sets the maximum number of mesh links allowed on an AP.
Table 69 Groups > Proxim Mesh > Mesh Cost Matrix Fields and Default Values (Continued) Setting Default Description Medium Occupancy Factor 5 Sets the factor associated with Medium Occupancy when calculating the best path to the portal AP. Higher factors will have more impact when deciding the best uplink. Current Medium Occupancy Weight 7 Specifies the importance given to the most recently observed Medium Occupancy against all of the previously viewed medium occupancies.
Figure 58 Groups > Firmware Page Illustration 2. For each device type in the group, specify the minimum acceptable firmware version. If no firmware versions are listed, go to the Device Setup > Firmware configuration page to upload the firmware files to AWMS. 3. Select Upgrade to apply firmware preferences to devices in the group. Refer to the firmware upgrade help under APs/Devices > Manage configuration page for detailed help on Firmware job options. 4.
Figure 59 Comparing Two Devices Groups on the Groups > List > Compare Page (Partial View) 3. Note the following factors when using the Compare page: The Compare page can be very long or very abbreviated, depending on how many configurations the device groups share or do not share. When a configuration differs between two groups, the setting is flagged in red text for the group on the right. The default setting of the Compare page is to highlight settings that differ between two groups.
2. Select the Manage link (the pencil icon) for the group you wish to edit. The Groups > Basic configuration page appears. 3. Select the fields to be edited on the Basic configuration page or go to Radio, Security, VLANs, or MAC ACL configuration page and edit the fields. Use the Save button to store the changes prior to applying them. 4. When all changes for the group are complete select the Save and Apply button to make the changes permanent. Figure 60 illustrates the confirmation message that appears.
devices to another group and/or folder, update credentials, and optimize channels. Perform these steps to modify multiple devices. 1. To modify multiple devices, go to one of the following pages with a device list: APs/Devices > List APs/Devices > Up APs/Devices > Down APs/Devices > Mismatched Groups > Monitor configuration pages Each of these pages displays a list of devices. Controller monitoring pages also have lists of their thin APs which can be modified using Modify Devices. 2.
drop-down menu (one time is the default, but you may select recurring options for many of the actions). Scheduled jobs can be viewed and edited in the System > Configuration Change Jobs tab. 6. Using the neighbor lists, AWMS is able to optimize channel selection for APs. Select the APs to optimize and AWMS minimizes the channel interference while giving channel priority to the most heavily used APs. Table 70 describes these action and controls.
Using Global Groups for Group Configuration To apply group configurations using the AWMS Global Groups feature, first go to the Groups > List configuration page. Select Add to add a new group, or select the name of the group to edit settings for an existing group. Select the Duplicate icon to create a new group with identical configuration to an existing group. To have Global Group status, a group must contain no devices; accordingly, access points can never be added to a Global Group.
appear as fields that can be set at the level of the Subscriber Group. Any changes to a static field must be made on the Global Group. If a Global Group has Subscriber Groups, it cannot be changed to a non-Global Group. A Global Group without Subscriber Groups can be changed to a regular Group by updating the setting on the Groups > Basic configuration interface. The Global Groups feature can also be used with the Master Console.
Chapter 5 Discovering, Adding, and Managing Devices This chapter describes how to add, configure and monitor devices, both wired and wireless, and contains the following sections, corresponding to features of the Device Setup and APs/Devices tabs: “Device Discovery Overview” on page 107 “Discovering and Adding Devices” on page 107 “Monitoring Devices” on page 116 “Configuring and Managing Devices” on page 132 “Troubleshooting a Newly Discovered Device with Down Status” on page 143 “S
SNMP/HTTP scanning information is provided in these sections: Adding Networks for SNMP/HTTP Scanning—explains how to enable networks that have been defined for scanning. Adding Credentials for SNMP/HTTP Scanning—explains how to define network credentials for scanning. Credentials must be defined before using them in scan sets. Defining a SNMP/HTTP Scan Set—explains how to create a scan set by combining networks and credentials when scanning for devices.
Figure 66 Device Setup > Discover > Add/Edit New Scan Credential Section Illustration 3. Enter a name for the credential in the Name field (for example, Default). This field supports alphanumeric characters, both upper and lower case, blank spaces, hyphens, and underscore characters. 4. Choose the type of scan to be completed (SNMPv1, SNMPv2, or HTTP).
Running a Scan Set Once a scan has been defined on the Device Setup > Discover page, AWMS can now scan for devices. Perform these steps. 1. Browse to the Device Setup > Discover page and locate the list of all scan sets that have been defined so far. Figure 67 illustrates this page. Figure 67 Device Setup > Discover Executing a Scan Illustration 2. Check the box next to the scan(s) that you would like to execute. 3. Select Scan to execute the selected scans, and the scan immediately begins.
Figure 68 APs/Devices > New Page Illustration What Next? To authorize one or more devices to a group, see “Authorizing Devices to AWMS from APs/Devices > New Page” on page 111. To delete a device altogether from AWMS, select the corresponding check box for each device, and select Delete. Dell PowerConnect W thin APs can have a Dell PowerConnect W AP Group specified and Cisco thin APs can have LWAPP AP Group specified when they are authorized.
Figure 69 APs/Devices > New Page Illustration 2. Select the group and folder to which the device will be added from the drop-down menu (the default group appears at the top of the Group listing). Devices cannot be added to a Global Group; groups designated as Global Groups cannot contain access points. 3. Select either the Monitor Only or the Manage Read/Write radio button and select Add.
Figure 70 Device Setup > Add Page Illustration 2. Select Add, and the Device Communications and Location sections appear, illustrated in Figure 71. Figure 71 Device Setup > Add > Device Communications and Location Sections 3. Complete these Device Communications and Location settings for the new device. Table 72 further describes the contents of this page. Settings may differ from device to device.
Table 72 Device Communication and Location Fields and Default Values (Continued) Setting Default Description Privacy Password (Confirm) Taken from Device Setup > Communication SNMPv3 privacy password. SNMPv3 Auth Protocol Taken from Device Setup > Communication Drop-down menu that allows you to enable the SNMPv3 authentication protocol to the device being added.
SNMP Community String Name Type Auth Password SNMPv3 Auth Protocol Privacy Password SNMPv3 Username Telnet Username Telnet Password Enable Password SNMP Port You can download a CSV file and customize it as you like. A sample CSV file is illustrated in Figure 72. Figure 72 Sample CSV File 1. To import a CSV file, go to the Device Setup > Add page. 2. Select the Import Devices via CSV link. The Upload a list of devices page displays; see Figure 73.
Perform the same steps to add universal devices to AWMS that were detailed in “Adding Devices with the Device Setup > Add Page” on page 112. AWMS collects basic information about universal devices including name, contact, uptime and location. Once you have added a universal device, you can view a list of its interfaces on APs/Devices > Manage. By selecting the pencil icon next to an interface, you can assign it to be non-monitored or monitored as Interface 1 or 2.
Viewing Device Monitoring Statistics You can view many useful device monitoring statistics in the APs/Devices > List page. 1. Go to the APs/Devices > List page, which lists all devices that are managed or monitored by AWMS. Using the Go to folder field, you can determine whether to view all devices or only the devices from a specified folder. A lock icon in the Configuration column indicates that the device is in Monitor only mode. Figure 75 illustrates this page.
Understanding the APs/Devices > Monitor Pages for All Device Types You can quickly go to any device’s monitoring page once you go to its specific folder or group on the APs/Devices > List page, by selecting its hyperlinked name in the Device column. All Monitor pages include a section at the top displaying information such as monitoring/configuration status, serial number, total users, firmware version and so on, as shown in Figure 76.
Figure 78 APs/Devices > Monitor Page for Wireless Devices (partial view of an AP) Table 73 describes the fields and information displayed in the Device Info section. The displayed fields vary from device to device.
Table 73 APs/Devices > Monitor > Device Info Fields and Default Values (Continued) Field Description Licenses Appears for Dell controllers. Selecting this link opens a pop-up window that lists the licenses installed for this device, and whether they have expired. Controller Appears for APs. Displays the controller for the associated AP device. Select the controller name hyperlink to display the APs/Devices > Monitor page, which contains detailed controller information.
Table 74 APs/Devices > Monitor > Interface Page Illustration Field Description First Radio Displays the Radio type of the first radio (802.11a, 802.11b or 802.11g). Second Radio Displays the Radio type of the second radio (802.11a, 802.11b or 802.11g. Transmit Power Some devices report transmit power reduction rather than transmit power; no value is reported for those devices. Antenna Type Indicates internal or external radio.
Table 76 describes the fields and information displayed for the Connected Users display. Table 76 APs/Devices > Monitor > Connected Users Fields and Default Values Field Description User Provides the name of the User associated to the AP. AWMS gathers this data in a variety of ways. It can be taken from RADIUS accounting data or traps. MAC Address Displays the Radio MAC address of the user associated to the AP. Also provides a link that redirects to the Users > Detail page.
Evaluating Radio Statistics for an AP The APs/Devices > Monitor > Radio Statistics page contains useful data for pinpointing network issues at the AP radio level for Dell APs and Cisco WLC thin APs (firmware 4.2 or greater). To see radio statistics details, navigate to the APs/Devices > Monitoring page for a supported AP and select the Statistics link in the Interfaces section, as illustrated in Figure 79.
Figure 81 Issues Summary Section Illustration These issues highlighted in this section can be examined in detail using the corresponding interactive graphs on the same page. See the Radio Statistics Interactive graphs section of this chapter for details. 802.11 Radio Counters Summary This table appears for radios with 802.
Table 79 Radio Statistics Interactive Graphs Descriptions (Continued) Graph Title Description Channel An area graph that displays the channel changes (if any) of the radio over time. Frequent, regular channel changes on an Dell or Cisco WLC AP radio usually indicate that the Adaptive Radio Management feature (ARM) in AOS is compensating for high noise levels from interfering devices. Noise An area graph that displays signal interference (noise floor) levels in units of dBm.
Figure 84 ARM Events Table Illustration Table 80 ARM Events table Columns and Values Column Description Time The time of the ARM event. Trap Type The type of trap that delivered the change information. Current ARM trap types that display in AWMS are: Power Change Mode Change Channel Change Values that display in the following columns depend on the Trap Type. Previous Tx Power Old value for transmit power before the Power Change event took place.
Cordless Phone Fixed Freq Video Device Fixed Freq Audio Device Fixed Freq Generic Freq Hopper Cordless Phone Freq Hopper XBox Freq Hopper Microwave Inverter Cordless Base Freq Hopper Unknown Active BSSIDs The Active BSSIDs table maps the BSSIDs on a radio with the SSID it broadcasts to the network, as illustrated in Figure 86. This table appears only for Dell AP radios.
Figure 87 APs/Devices > Monitor Page for Wired Devices All managed wired devices also include an Interfaces subtab, as shown in Figure 88. 128 | Discovering, Adding, and Managing Devices Dell PowerConnect W AirWave 7.
Figure 88 APs/Devices > Interfaces Page for Wired Devices (partial view). The Interfaces page includes a summary of all the interfaces at the top. In case of the stacked switches, the master includes the interfaces of all the members including its own. The physical and the virtual interfaces are displayed in separate tables, labeled Physical and Virtual. AWMS monitors Up/Down status and bandwidth information on all interfaces.
Figure 89 Individual Interface Monitoring Page. An individual Interface monitoring page includes is comprised of 2 sections. Specifics of the interface are in the upper section, as depicted in Figure 90. Figure 90 Individual Interface Information Section. Bandwidth, and various standard and enterprise specific error counting information is displayed in the lower section in a tabbed graph. What Next? All device lists in AWMS act as portals to management pages if you have the proper read/write privileges.
5. If the device configuration is Mismatched, select the Mismatched link to go to the APs/Devices > Audit page. The APs/Devices > Audit page lists detailed information on all existing configuration parameters and settings for an individual device. The group configuration settings are displayed on the right side of the page. If the device is moved from Monitor to Manage mode, the settings on the right side of the page overwrite the settings on the left. Figure 91 illustrates this page.
Configuring and Managing Devices This section contains the following topics describing individual device configuration within device groups: “Moving a Device from Monitor Only to Manage Read/Write Mode” on page 132 “Configuring AP Settings” on page 133 “Configuring Device Interfaces for Cisco Catalyst Switches” on page 138 “Individual Device Support and Firmware Upgrades” on page 141 While most device configuration settings can be efficiently managed by AWMS at a Group level, certain setting
2. Locate the General area as shown in Figure 93. Figure 93 APs/Devices > Manage > General Section Illustration 3. Select Manage Read/Write on the Management Mode field. 4. Select Save and Apply, then Confirm Edit on the confirmation page to retain these settings and to push configuration to the device. 5. For device configuration changes that require the device to reboot, use the Schedule function to push the changes at a time when WLAN users will not be affected. 6.
Figure 94 APs/Devices > Manage Page Illustration If any changes are scheduled for this AP, they appear in a Scheduled Changes section at the top of the page above the other fields. The linked name of the job takes you to its System > Configuration Change Job Detail page. 2. Locate the General section for information about the APs current status. Table 81 describes the fields, information, and settings.
Table 81 APs/Devices > Manage > General Fields and Descriptions (Continued) Field Description Status Displays the current status of an AP. If an AP is Up, then AWMS is able to ping it and fetch SNMP information from the AP. If the AP is listed Down then AWMS is either unable to ping the AP or unable to read the necessary SNMP information from the device. Configuration Displays the current configuration status of the AP. To update the status, select Audit on the APs/ Devices > Audit page.
Table 82 APs/Devices > Manage > Settings Fields and Default Values (Continued) Setting Default Device Type Description Group Default Group All Drop-down menu that can be used to assign the device to another Group. Folder Top All Drop-down menu that can be used to assign the device to another Group. Auto Detect Upstream Device Yes All Selecting Yes enables automatic detection of upstream device, which is automatically updated when the device is polled.
Table 83 APs/Devices > Manage Page Illustration, Additional Settings (Continued) Setting Default Device Type Description Antenna Diversity Primary Only Symbol 4131 Drop-down menu provides the following options: Full Diversity—The AP receives information on the antenna with the best signal strength and quality. The AP transmits on the antenna from which it last received information. Primary Only—The AP transmits and receives on the primary antenna only.
Table 84 describes field settings, default values, and additional information for this page. Table 84 APs/Devices > Manage > IOS Template Options Fields and Default Values Setting Default Device Type Description WDS Role Client Cisco IOS Wireless LAN Controllers only Set the WDS role for this AP. Select Master for the WDS master APs and Client for the WDS Client. Once this is done you can use the %if wds_role= % to push the client, master, or backup lines to appropriate WDS APs.
Figure 95 Add Virtual Interfaces Page for Wired Devices . New physical and virtual interfaces are discovered using SNMP polling as described in “SNMP/HTTP Scanning” on page 107. To refresh and reload all current interface information from a device, select Import Interfaces on the bottom of the page as shown in Figure 96. Figure 96 Import Interfaces for Refresh and Reload (lower portion of page) . You can view details for each interface on a wired device from its individual interface page as well.
Figure 97 Physical Interfaces Monitoring and Configuration Sections Figure 98 Virtual Individual Interfaces Configuration Section To configure interfaces as a group, select Edit Interfaces above the Physical or Virtual Interfaces table as shown in Figure 99. 140 | Discovering, Adding, and Managing Devices Dell PowerConnect W AirWave 7.
Figure 99 Edit Multiple Interfaces You will remain on the same page, but will have the option to make changes to the most commonly edited settings in batch mode, as shown in Figure 100. Figure 100 Multiple Interface Editing Page Illustration AWMS assembles the entire running configuration using templates and your modifications to these pages. For a more detailed discussion on templates, see Chapter 6, “Creating and Using Templates” on page 149.
Figure 101 APs/Devices > Manage > Device Communication NOTE: The Device Communication area may appear slightly different depending on the particular vendor and model of the APs being used. 3. Enter and confirm the appropriate Auth Password and Privacy Password. 4. You can disable the View AP Credentials link in AWMS by the root user. Contact Dell support for detailed instructions to disable the link. 5. (Optional.
Figure 102 APs/Devices > Manage Firmware Upgrades Troubleshooting a Newly Discovered Device with Down Status If the device status on the APs/Devices > List page remains Down after it has been added to a group, the most likely source of the problem is an error in the SNMP community string being used to manage the device. Perform the following steps to troubleshoot this scenario. 1. Select the Name of the down device in the list of devices on the APs/Devices > List page.
Figure 103 View device credentials Window NOTE: The View AP Credentials message may appear slightly different depending on the vendor and model. 5. If the credentials are incorrect, return to the Device Communications area on APs/Devices > Manage. 6. Enter the appropriate credentials, and select Apply. 7. Return to the APs/Devices > List page to see if the device appears with a Status of Up.
Controller-level Spectrum Overrides (an alternative to creating new Dell AP groups or new radio profiles for temporary changes) Setting up a Permanent Spectrum Dell AP Group If you have multiple supported Dell APs in multiple controllers that you want to run in Spectrum mode over the long run, you create a special Dell AP group and set up a profile that is set to spectrum-mode and references the default Spectrum profile.
3. Select Yes on the Spectrum Override field for one or both radios, depending on the band and channels you want it to analyze. 4. Select the band that should run in spectrum. If you selected the 5GHz band in the 802.11an Radio section, choose the lower, middle, or upper range of channels that you want to be analyzed by this radio. 5. Select Save and Apply and confirm your edit. This overrides the current Mode setting for that AP (ap-mode or am-mode).
Figure 107 Override Section of a Supported Controller’s Manage Page Perform these steps to override individual profile settings for an Dell controller that is part of a spectrum-mode Dell AP group: 1. Select a Spectrum-supported Dell controller that is referencing a Spectrum profile, and go to its APs/Devices > Manage page. Set it to Manage Read/Write mode. 2. Under the Dell Overrides section, select Add New Dell Controller Override. 3. In the Profile drop-down menu, select the Spectrum Profile type. 4.
| Discovering, Adding, and Managing Devices Dell PowerConnect W AirWave 7.
Chapter 6 Creating and Using Templates This chapter provides an overview and several tasks supporting the use of device configuration templates in AWMS, and contains the following topics: “Group Templates” on page 149 “Viewing and Adding Templates” on page 150 “Configuring General Template Files and Variables” on page 153 “Configuring Cisco IOS Templates” on page 158 “Configuring Cisco Catalyst Switch Templates” on page 160 “Configuring Symbol Controller / HP WESM Templates” on page
%ap_include_1% through %ap_include_10% %channel% %hostname% %ip_address% %ofdmpower% The variable settings correspond to device-specific values on the APs/Devices > Manage configuration page for the specific AP that is getting configured. NOTE: Changes made on the other Group pages (Radio, Security, VLANs, SSIDs, and so forth) are not applied to any APs that are configured by templates. Viewing and Adding Templates Perform these steps to display, add, or edit templates. 1.
Table 88 Groups > Templates Fields and Default Values (Continued) Setting Description Version Restriction Designates that the template only applies to APs running the version of firmware specified. If the restriction is None, then the template applies to all the devices of the specified type in the group. If there are two templates that might apply to a device the template with the most restrictions takes precedence.
Figure 109 Groups > Templates > Add Template Page Illustration Table 89 Groups > Templates > Add Template Fields and Default Values Setting Default Description Use Global Template No Uses a global template that has been previously configured on the Groups > Templates configuration page. Available templates will appear in the drop-down menu. If Yes is selected you can also configure global template variables.
Table 89 Groups > Templates > Add Template Fields and Default Values (Continued) Setting Default Description Fetch None Selects an AP from which to fetch a configuration. The configuration will be turned into a template with basic AP specific settings like channel and power turned into variables. The variables are filled with the data on the APs/Devices > Manage page for each AP. Name None Defines the template display name.
Using Conditional Variables in Templates Using Substitution Variables in Templates Using AP-Specific Variables Configuring General Templates Perform the following steps to configure Templates within a Group. 1. Select a Group to configure. NOTE: Dell recommends starting with a small group of access points and placing these APs in Monitor Only mode, which is readonly. Do this using the Modify Devices link until you are fully familiar with the template configuration process.
For example, changing the SSID on Cisco IOS APs requires the AP to be rebooted. Two other settings that require the AP to be rebooted for configuration change are Logging and NTP. A configuration mismatch results if the AP is not rebooted.
startup-config file but AWMS ignores them when verifying configurations. Lines enclosed in cause AWMS to ignore those lines during configuration verification. Ignore_and_do_not_push Command The ignore and do not push directive should typically be used when a value cannot be configured on the device, but always appears in the running-config file. Lines enclosed in the ignore and do not push directive will not be included in the startup-config file that is copied to each AP.
Table 90 Conditional Variable Syntax Components Variable Values Meaning interface Dot11Radio0 2.4GHz radio module is installed Dot11Radio1 5GHz external radio module is installed a Installed 5GHz radio module is 802.11a b Installed 2.4GHz radio module is 802.11b only g Installed 2.4GHz radio module is 802.11g capable backup The WDS role of the AP is the value selected in the dropdown menu on the APs/Devices > Manage configuration page for the device.
Table 91 Substitution Variables in Templates (Continued) Variable Meaning Command Suppressed Default power 802.11a and 802.11b radio module power level power local %power% maximum location The location of the SNMP server. snmp-server location %location% - contact The SNMP server contact. snmp-server contact %contact% certificate The SSL Certificate used by the AP %certificate% - ap include The AP include fields allow for configurable variables.
Supporting Multiple Radio Types via a Single IOS Template Configuring Single and Dual-Radio APs via a Single IOS Template Applying Startup-config Files Each of the APs in the Group copies its unique startup-config file from AWMS via TFTP or SCP. If the Reboot Devices after Configuration Changes option is selected, then AWMS instructs the AP to copy the configuration from AWMS to the startup-config file of the AP and reboot the AP.
username Cisco privilege 15 password 7 0802455D0A16 aaa authorization exec default local ip scp server enable The username line is a guideline and will vary based on the username being set, in this case Cisco, and the password and encoding type, in this case 0802455D0A16 and 7 respectively. These values can be set on a group wide level using Templates and TFTP. Once these lines are set, SCP can be enabled on the Groups > Basic configuration page without problems.
Configuring Symbol Controller / HP WESM Templates This section describes the configuration of templates for Symbol controllers and HP WESM devices. Symbol controllers (RFS x000, 5100 and 2000) can be configured in AWMS using templates. AWMS supports Symbol thin AP firmware upgrades from the controller’s manage page. A sample running-configuration file template is provided in this topic for reference.
%endif% %if radio_type=11an% radio %radio_index% %endif% %if radio_type=11b% radio %radio_index% %endif% %if radio_type=11bg% radio %radio_index% %endif% %if radio_type=11bgn% radio %radio_index% %endif% coverage-rate 18 coverage-rate 5p5 coverage-rate 6 coverage-rate 18 A sample Symbol thin AP template is provided below for reference and for the formatting of if statements.
Figure 110 Group > Templates > Add Page Illustration 4. Use the drop-down menu to select a device from which to build the global template and select Fetch. The menus are populated with all devices that are contained in any group that subscribes to the global group. The fetched configuration populates the template field. Global template variables can be configured with the Add button in the Template Variables box, illustrated in Figure 111.
Figure 112 Groups > Templates Edit, Upper Portion 9. To make template changes, go to the Groups > Template configuration page for the global group and select the pencil icon next to the template you wish to edit. Note that you cannot edit the template itself from the subscriber group's Groups > Templates tab. 10. If group template variables have been defined, you are able to edit the value for the group on the Groups > Templates, Add configuration page in the Group Template Variables box.
Chapter 7 Using RAPIDS and Rogue Classification This chapter provides an overview to rogue device and IDS event detection, alerting, and analysis using RAPIDS, and contains the following sections: “Introduction to RAPIDS” on page 165 “Viewing Rogues on the RAPIDS > List Page” on page 174 “Setting Up RAPIDS” on page 167 “Defining RAPIDS Rules” on page 169 “Score Override” on page 177 “Audit Log” on page 178 “Additional Security Resources” on page 179 Introduction to RAPIDS Rogue
Viewing Overall Network Health on the RAPIDS > Overview Page The RAPIDS > Overview page displays a page of RAPIDS summary information (see Figure 113). Table 92 defines the summary information that appears on the page. Figure 113 RAPIDS > Overview Page Illustration Table 92 Overview Fields Summary Description IDS Events Displays a list of IDS events for the designated folder and subfolders. Field displays events from the past two hours, the past 24 hours, and total IDS events.
Setting Up RAPIDS The RAPIDS > Setup page allows you to configure your AMP server for RAPIDS. Complete the settings on this page as desired, and select Save. Most of the settings are internal to how AMP will process rogues. Basic Configuration On the RAPIDS > Setup page, the Basic Configuration section allows you to define RAPIDS behavior settings. Figure 114 illustrates this page.
Table 94 RAPIDS > Setup > Classification Options Fields Field Default Description Acknowledge Rogues by Default No Sets RAPIDS to acknowledge rogue devices upon initial detection, prior to their classification. Manually Classifying Rogues Automatically Acknowledges them Yes Defines whether acknowledgement happens automatically whenever a rogue device receives a manual classification. Filtered rogues are dropped from the system before they are processed through the rules engine.
1. Navigate to the RAPIDS > Setup page. 2. From the Containment Options section, select Yes to manage rogue AP containment. Once this is done, the Contained Rogue classification will appear as an option in the classification dropdown menu as shown in Figure 115. Additionally, once this option been enabled, the option to manage contained APs in Monitor-Only mode becomes available.
“Rogue Device Threat Level” on page 171 “Viewing and Configuring RAPIDS Rules” on page 171 “Recommended RAPIDS Rules” on page 173 “Using RAPIDS Rules with Additional AWMS Functions” on page 174 Controller Classification with WMS Offload This classification method is supported only when WMS offload is enabled on Dell WLAN controllers. Controller classification of this type remains distinct from RAPIDS classification.
Rogue Device Threat Level The threat level classification adds granularity for each general RAPIDS classification. Devices of the same classification can have differing threat scores based on the classifying rule, ranging from 1 to 10 with a default value of 5. This classification process can help identify the greater threat. Alerts can be defined and sorted by threat level. Threat level and classification are both assigned to a device when a device matches a rule.
Figure 118 Classification Rule Page Fill in the settings described in Table 99 then select an option from the dropdown menu. Table 100 defines the dropdown menu options that are at the bottom left of the RAPIDS Classification Rule dialog box (see Figure 118). Once all rule settings are defined, select Add. The new rule automatically appears in the RAPIDS > Rules page.
Table 100 Properties Drop Down Menu (Continued) Option Description IP Address Rogue matches a specified IP address or subnet. Enter IP address or subnet information as explained by the fields. OUI Score Rogue matches manufacturer OUI criteria. You can specify minimum and maximum OUI score settings from two drop-down lists. Select remove to remove one or both criteria, as desired. Operating System Rogue matches OS criteria. Specify matching or non-matching OS criteria as prompted.
If More Than Four APs Have Discovered a Device, Then Classify as Rogue By default, AWMS tries to use Signal Strength to determine if a device is on your premises. Hearing device count is another metric that can be used. The important concept in this scenario is that legitimate neighboring devices are only heard by a few APs on the edge of your network. Devices that are heard by a large number of your APs are likely to be in the heart of your campus.
Table 101 RAPIDS > List Column Definitions (Continued) Column Description Threat Level This field displays the numeric threat level of the device, in a range from 1 to 10. The definition of threat level is configurable, as described in “Rogue Device Threat Level” on page 171. The threat level is also supported with Triggers (see “Monitoring and Supporting AWMS with the System Pages” on page 205). Name Displays the alpha-numeric name of the rogue device, as known.
Table 101 RAPIDS > List Column Definitions (Continued) Column Description Radio Vendor Indicates the radio vendor of the rogue device, when known. OS This field displays the OS of the device, as known. OS is the result of a running an OS port scan on a device. An IP addresses is required to run an OS scan. The OS reported here is based on the results of the scan. Model Displays the model of rogue device, if known.
You can use the global filtering options on the RAPIDS > Setup page to filter rogue devices according to signal strength, ad-hoc status, and discovered by remote APs. VisualRF uses the heard signal information to calculate the physical location of the device. If the device is seen on the wire, RAPIDS reports the switch and port for easy isolation.
Once a new score is assigned, all devices with the specified MAC address prefix receive the new score. NOTE: Note that rescoring a MAC Address Prefix poses a security risk. The block has received its score for a reason. Any devices that fall within this block receive the new score. 1. Navigate to the RAPIDS > Score Override page. This page lists all existing overrides. Figure 121 RAPIDS > Score Override Page 2.
Figure 123 Audit Log Additional Security Resources The following AWMS tools support RAPIDS: System Triggers and Alerts—Triggers and Alerts that are associated with rogue devices follow the classification-based system described in this chapter. For additional information about triggers that support rogue device detection, see to “Monitoring and Supporting AWMS with the System Pages” on page 205.
| Using RAPIDS and Rogue Classification Dell PowerConnect W AirWave 7.
Chapter 8 Performing Daily Administration in AWMS Daily WLAN administration often entails network monitoring, supporting WLAN and AWMS users, and monitoring AWMS system operations.
1. To create a new trigger, select the Add New Trigger button from the System > Triggers page. The page that appears is illustrated in Figure 125. Figure 125 Add New Trigger Page Illustration 2. Configure the Trigger Restrictions and Alert Notifications. This configuration is consistent regardless of the trigger type to be defined. a. The Trigger Restrictions settings establishes how widely or how narrowly the trigger applies. Define the folder, subfolder, and Group covered by this trigger.
If you select NMS, you are prompted to choose one or more of the pre-defined trap destinations, which are configured on the AMP Setup > NMS page. Define the Logged Alert Visibility, in which you can choose how this trigger is distributed. The trigger can distribute according to how is it generated (triggering agent), or by the role with which it is associated. The Suppress Until Acknowledged setting defines whether the trigger requires manual and administrative acknowledgement to gain visibility.
Setting Triggers for Devices Perform the following steps to configure device-related triggers. a. Choose a device type from the Devices listed in the Type drop-down menu. See Figure 126. Table 104 itemizes and describes device trigger options and condition settings. Table 104 Device Trigger Types Option Description Device Down This is the default type whenever configuring a new trigger. This type of trigger activates when an authorized, monitored AP has failed to respond to SNMP queries from AWMS.
Table 105 Radio-Related Trigger Types (Continued) Radio Trigger Options Description Interface Bandwidth Interface labels defined on the trigger page will be used to set up triggers on one or more interfaces and/or radios. Available conditions are Device Type, Interface Description, Interface Label, Interface Mode, Interface Speed In (Mbps), Interface Speed Out (Mbps), Interface Type, and Radio Type. Radio Utilization Indicates that channel utilization has crossed particular thresholds.
a. Choose a trigger type from the RADIUS... list in the drop-down Type menu. Table 108 itemizes and describes the condition settings for each RADIUS Authentication trigger type. Table 108 RADIUS Authentication Trigger Types and Condition Settings Option Description User RADIUS Authentication Issues This trigger type sets the threshold for the maximum number of failures before an alert is issued for a user. Select Add New Trigger Condition to specify the count characteristics that trigger an alert.
b. Repeat this procedure for as many triggers and conditions as desired. Refer to the start of “Creating New Triggers” on page 181 to create a new trigger. Delivering Triggered Alerts AWMS uses Postfix to deliver alerts and reports via email because it provides a high level of security and queues email locally until delivery. If AWMS is located behind a firewall, preventing it from sending email directly to a specified recipient, use the following procedures to forward email to a smarthost. 1.
2. The second way to display and process alerts is to use the Alerts and Severe Alerts counters in the Status bar at the top of all AWMS pages, illustrated in Figure 128. The Severe Alert Threshold can be configured on the Home > User Info page. Figure 128 Alerts in the AWMS Status Bar Select the Alerts or the Severe Alerts counter or navigate to the System > Alerts page. Figure 129 illustrates this page.
If you need to create an AWMS user account for frontline personnel who are to support Guest WLAN users, refer to “Supporting Guest WLAN Users With the Users > Guest Users Page” on page 191. Overview of the Users Pages The Users pages display multiple types of user data for existing WLAN users. The data comes from a number of locations, including data tables on the access points, information from RADIUS accounting servers, and AWMSgenerated data.
Figure 130 Users > Connected Page Illustration Table 112 Users > Connected Table Columns and Links Field Description Username Displays the name of the user associated to the AP. AWMS gathers this data from device traps, SNMP polling, or RADIUS accounting. Usernames appear in italics when a username for that MAC address has been stored in the database from a previous association, but AWMS is not getting a username for the current association.
Table 112 Users > Connected Table Columns and Links (Continued) Field Description Auth. Time Displays the how long ago the user authenticated. NOTE: This value displays as a negative number for unauthenticated users. Sig. Qual. Displays the average signal quality the user enjoyed. BW Displays the average bandwidth consumed by the MAC address. Location Displays the VisualRF QuickView box including heatmap for a device and user location history.
Figure 132 Users > Guest Users Page Illustration Table 113 Users > Guest Users Fields Field Description Repair Guest User Errors Sets AWMS to attempt to push the guest user again in an attempt to repair any errors in the Status column. Add New Guest User Adds a new guest user to a controller via AWMS. Username Randomly generates a user name for privacy protection. This name appears on the Guest User detail page. Enabled Enables or disables the user status.
Figure 133 Users > Guest Users > Add New Guest User Page Illustration To make the Username or Password anonymous and to increase security, complete these fields then select Generate. The anonymous and secure Username and Password appear in the respective fields. 6. Select Add to complete the new guest user, or select Cancel to back out of new user creation. The Users > Guest Users page appears and displays results, as applicable.
Table 114 Users > Tags Fields Field Description Chirp Interval Displays the tag chirp frequency or interval, filterable from the drop-down menu at the top of the column. Note that the chirp interval from the RFID tag influences the battery life of active tags as well as search times. If a tag chirps with very long chirp interval, it may take longer time for the location engine to accurately measure x and y coordinates. Last Seen Date and time the tag was last reported to AWMS.
Figure 135 Users > User Detail Page Illustration Using the Deauthenticate User Feature Some displays of the User > User Detail page include the Deauthenticate User feature in the Current Association field. Specifically, those displays are for devices which support this operation, namely Dell and Cisco WLC with firmware version v4.0.0.0 or later. Select Deauthenticate User to use this feature.
Each section of the Users > Diagnostics page displays information by which to evaluate possible user issues. Refer to Table 115 for explanation and illustration of page components. Table 115 Users > Diagnostics Page Sections Section Description Possible Issues This section summarizes the most likely items to create issues for a user on the network. Figure 137 illustrates this section. NOTE: Items in red are the values considered “out of spec.
Table 115 Users > Diagnostics Page Sections (Continued) Section Description Diagnostics Summary This section summarizes bandwidth, user count, and signal quality parameters for specific windows of time. This section is useful when diagnosis or troubleshooting follows issues that had been observed a few or several hours prior. Figure 138 illustrates this section. NOTE: Large negative changes in value are displayed in red.
Managing Mobile Devices with SOTI MobiControl and AWMS Overview of SOTI MobiControl SOTI MobiControl, the mobile device management platform for Windows Mobile, Blackberry, Apple, and Android devices, has been integrated into AWMS to provide direct access to the MobiControl Web Console. MobiControl runs on your Mobile Device Manager (MDM) server. This server provisions mobile devices via HTTP to configure connectivity settings, enforce security policies, restore lost data, and other administrative services.
access to the MobiControl Web Console for additional details about the device. MobiControl information overrides data obtained by ArubaOS 6.0 controllers. Accessing MobiControl from the Users > User Detail Page In order to access the MobiControl web console for a SOTI-managed mobile device from within AWMS, follow these steps: 1. Navigate to a page that lists clients. This can include: Users > Connected or Users > All Search results that display user MAC address 2.
Figure 142 Home > Overview Page Illustration Table 117 Home > Overview Sections and Charts Section Description Users This chart is a graphical summary of the number of users on the network during a period of time. The time can be adjusted. Select Show All to display a list of data series that this graph can display, such as the user count by SSID. Clear the Max Users or Avg Users checkbox to change the display of the graph. The graph displays the maximum number of users by default.
Table 117 Home > Overview Sections and Charts (Continued) Section Description Quick Links The Quick Links section provides drop-down menus that enable you to move to the most common and frequently used pages in AWMS, as follows: Go to folder—This menu lists all folders defined in AWMS from the APs/Devices List page. See “Using Device Folders (Optional)” on page 131. Go to group—This menu lists all groups defined in AWMS, and enables you to display information for any or all of them.
Table 118 Home > License Fields and Descriptions Field Description System Name Displays a user-definable name for AWMS. The System Name can be configured from the AMP Setup > General page. Organization Displays the organization listed on your license key. Hostname Displays the DNS name assigned to AWMS. IP Address Displays the static IP address assigned to AWMS. The IP Address can be configured from the AMP Setup > Network page. Time Displays the current date and time set on AWMS.
1. Enter the keyword or text with which to search. If searching for a MAC address, enter it in colon-delimited format. NOTE: The AWMS Search utility is case-insensitive. 2. Select Search, and the results display after a short moment. Results support several hypertext links to additional pages, and drop-down menus allow for additional filtering of search returns. Search results are categorized in the following sequence.
Figure 146 Home > User Info Page Illustration Table 119 Home > User Info Fields Field Description Filter Level For Rogue Count Specifies the minimum classification that will cause a device to be included in the rogue count header information. Customize Header Columns Enables/disables the ability to control which statistics hyperlinks are displayed at the top of every AWMS screen. 204 | Performing Daily Administration in AWMS Dell PowerConnect W AirWave 7.
Table 119 Home > User Info Fields (Continued) Field Description Stats Select the specific data you would like to see in the header. Note: This field only appears if you selected Yes in the previous field. Severe Alert Threshold Configures the minimum severity of an alert to be included in the Severe Alerts count. Note: The severe alerts count header info will only be displayed if ‘Severe Alerts’ is selected in the Stats section above.
Using the System > Status Page The System > Status page displays the status of all of AWMS services. Services will either be OK, Disabled, or Down. If any service is Down (displayed in red) please contact Dell support. The Reboot System button provides a graceful way to power cycle your AWMS remotely when it is needed. The Restart AWMS button will restart the AWMS services without power cycling the server or reloading the OS. Figure 147 illustrates this page.
engineers may request these logs for help in troubleshooting problems and will provide detailed instructions on how to retrieve them. Table 120 describes some of the most important logs: Table 120 A Sample of Important Status Logs Log Description pgsql Logs database activity. ssl_error_log Reports problems with the web server. Also linked from the internal server error page that displays on the web page; please send this log to AirWave support whenever reporting an internal server error.
Figure 149 System > Configuration Change Jobs Page Illustration 1. To edit an existing configuration change job select on the linked description name. On the subsequent edit page you can choose to run the job immediately by selecting Apply Changes Now, reschedule the job by selecting Schedule, Delete the job, or Cancel the job edit. 2. Select the linked AP or group name under the Subject column to go to its monitoring page. 3.
Figure 150 System > Performance Page Illustration (Partial Screen) Dell PowerConnect W AirWave 7.
Table 122 System > Performance Page Fields and Graphs Field Description System Information CPU(s) Basic CPU information as reported by the operating system. Memory The amount of physical RAM and Swap space seen by the operating system. Refer to the AWMS Server Hardware Guide in Home > Documentation for hardware requirements. Kernel The version of the Linux kernel running on the box. Device Polling Displays some AP/Device polling statistics.
Table 122 System > Performance Page Fields and Graphs (Continued) Field Description Database Row Activity The number of insertions, deletions and updates performed to the database. Database Transaction Activity The number of commits and rollbacks performed by the database. Disk Space Disk Space Pie charts that display the amount of used and free hard drive space for each partition.
Reports can be run from the Master Console to display information from multiple AWMS stations; because such reports can be extremely large, reports can also be run as summary only so that they generate more quickly and finish as a manageable file size. The Master Console can also be used to populate group-level configuration on managed AWMS installations using the Global Groups feature. The Master Console offers a display of devices that are in a Down or Error state anywhere on the network.
2. Select the pencil icon to edit or reconfigure an existing AWMS console, or select Add New Managed AMP to create a new AWMS console. The Managed AMP page appears. Complete the settings on this page as described in Table 123. Table 123 Managed AMP Fields and Default Values Field Default Description Hostname / IP Address N/A Enter the IP address or Hostname of the AWMS server to be managed. Polling Enabled Yes Enables or disables the Master Console polling of managed AWMS server.
Once the configuration is pushed, the non-overridden fields from the Global Group will appear on the subscriber group as static values and settings. Only fields that had the override checkbox selected in the Global Group will appear as fields that can be set at the level of the subscriber group. Any changes to a static field must be made on the Global Group. The Global Groups feature can also be used without the Master Console.
Regularly save the data backup file to another machine or media. This process can be automated easily with a nightly script. NOTE: Nightly maintenance and amp_backup scripts back up the full AMP data and save the file as nightly_data00[1-4].tar.gz. In previous AWMS versions, the scripts created both config backup and data backup files.
Navigation Section of AWMS Failover The Navigation section displays tabs to all main GUI pages within AWMS Failover. The top bar is a static navigation bar containing tabs for the main components of AWMS, while the lower bar is context-sensitive and displays the subtabs for the highlighted tab. Table 124 describes the contents of this page.
Table 125 Home > Watched Page Fields and Default Values (Continued) Setting Default Description HTTP Timeout (5-1000 Sec) 60 The amount of time before AWMS considers a polling attempt failed. Polling Enabled Yes Enables or disables polling of the Watched AWMS. NOTE: You do not need to disable polling of the watched AWMS system if it is set to be down during nightly maintenance or is being upgraded. Polling Period 5 minutes The amount of time between polls of the Watched AWMS.
| Performing Daily Administration in AWMS Dell PowerConnect W AirWave 7.
Chapter 9 Creating, Running, and Emailing Reports This chapter describes AWMS reports including access, creation, scheduling, and distribution. This chapter includes the following sections: “Overview of AWMS Reports” on page 219 “Using Daily Reports” on page 222 “Defining Reports” on page 242 “Emailing and Exporting Reports” on page 245 AWMS ships with several reports enabled by default. Default reports may run nightly or weekly, depending on the AWMS release.
Report definitions for other roles section—This section, supported for admin users, displays additional reports that have been scheduled for other roles. This section of the page adds the Role column, and other columns are the same. Each pane includes a Latest Report column with the most recently run reports for each definition and role created. Run and Delete buttons allow you to select a report from the definitions table to run or delete.
Figure 155 Report Type Drop-down Menu in Reports > Definitions Illustration NOTE: Only admin users have complete access to all report information. The AWMS reports and online displays of information can vary with configuration, User Roles, and Folders. Reports > Generated Page Overview The Reports > Generated page displays reports that have been run, as well as the most recent daily version of any report. An Admin user can see and edit all report definitions in AWMS.
Figure 157 Reports > Generated Page with Single-click Report Viewing Options Using Daily Reports This section describes the default and custom-scheduled reports supported in AWMS. These reports can be accessed from the Reports > Generated page. Viewing Generated Reports The Reports > Generated page supports the following general viewing options: By default, the reports on the Reports > Generated page are sorted by Generation Time.
Figure 158 Custom Options Page Illustration The left pane of the Custom Options section lists all available data that can be included in the report. For example, if the data you want to include is in the RF Health report, select RF Health to view a list of all available radio frequency information. Then, simply drag the desired data from the Available Options list on the left to the Selected Options pane on the right.
Figure 159 Capacity Planning Report Detail Page Table 128 Capacity Planning Report Fields and Contents, Top Portion Field Description Device The device type or name. Interface The type of 802.11 wireless service supported by the device. 224 | Creating, Running, and Emailing Reports Dell PowerConnect W AirWave 7.
Table 128 Capacity Planning Report Fields and Contents, Top Portion (Continued) Field Description Group The device group with which the device is associated. Folder The folder with which the device is associated. Controller The controller with which a device operates. Time Above 1% of Capacity The time duration in which the device has functioned above 0% of capacity.
Figure 160 Daily Configuration Audit Report Page, abbreviated example Table 129 Daily Configuration Audit Report Field Description Name The device name for every device on the network. Selecting a given device name in this column allows you to display device-specific configuration. Folder The folder in which the device is configured in AWMS. Selecting the folder name in this report displays the APs/Devices > List page for additional device, folder and configuration options.
Most Utilized by Bandwidth—By default, this list displays the 10 devices that consistently have the highest bandwidth consumption during the time period defined for the report. This list provides links to additional information or configuration pages for each device. Least Utilized by Maximum Number of Simultaneous Users—By default, this list displays the 10 devices that are the least used, according to the number of users.
Figure 161 Daily Device Summary Report Illustration (partial view) Table 130 Daily Device Summary Report Unique Fields and Descriptions Field Description Max Simultaneous Users The maximum number of users that were active on the associated device during the period of time that the report covers. Total Bandwidth (MB) The bandwidth in megabytes that the device supported during the period of time covered by the report.
You can use this report as the central starting point to improve uptime by multiple criteria. This report covers protocol-oriented, device-oriented, or SSID-oriented information. This report can help to monitor and optimize the network in multiple ways. This report can demonstrate service parameters, can establish locations that have superior or problematic uptime availability, and can help with additional analysis in multiple ways.
Figure 163 IDS Events Report Illustration Table 132 IDS Events Detail Unique Fields and Descriptions Field Description Attack The name or label for the IDS event. Controllers Lists the controllers for which IDS events have occurred in the prior 24 hours, and links to its APs/ Devices > Monitor page. Attacker The MAC address of the device that generated the IDS event. Radio The 802.11 radio type associated with the IDS event. Channel The 802.
Figure 164 Inventory Report Illustration (Edited View) Using the Memory and CPU Utilization Report The Memory and CPU Utilization Report displays the top memory usage by device, and CPU usage on the network by device. Both are by percentage. To create a scheduled and generated report of this type, refer to “Using Daily Reports” on page 222. Figure 165 illustrates the Reports > Detail page for this report. Dell PowerConnect W AirWave 7.
Figure 165 Daily Memory and CPU Usage Report Illustration (Contents Rearranged for Space) Using the Network Usage Report The Network Usage Report contains network-wide information in two categories: Bandwidth usage by device—maximum and average bandwidth in kbps Number of users by time period—average bandwidth in and out Figure 166 illustrates the Reports > Detail page for the Daily Network Usage.
Top rogue devices by number of discovering APs Top rogue devices by signal strength Graphical summary of rogue devices by LAN MAC address vendor Graphical summary of rogue devices by radio MAC address vendor Text-based table summary of rogue device counts Detailed and text-based table of rogue devices discovered only wirelessly with extensive device parameters and hyperlink interoperability to additional AWMS pages Detailed and text-based table of all rogue devices supporting all
Table 133 New Rogue Devices Report Fields and Descriptions Field Description Name The device name, as able to be determined. RAPIDS Classification The RAPIDS classification for the rogue device, as classified by rules defined on the RAPIDS > Rules page. Refer to “Using RAPIDS and Rogue Classification” on page 165 for additional information. Threat Level The numeric threat level by which the device has been classified, according to rules defined on the RAPIDS > Rules page.
Figure 168 illustrates the fields and information in the New Users Report. Figure 168 New Users Report Illustration Using the PCI Compliance Report AWMS supports PCI requirements in accordance with the Payment Card Industry (PCI) Data Security Standard (DSS). The PCI Compliance Report displays current PCI configurations and status as enabled on the network. Verify that AWMS is enabled to monitor compliance with PCI requirements, as described in the “Enabling or Disabling PCI Auditing” on page 65.
Using the Port Usage Report You can generate a wide array of port usage statistics from the Port Usage Report including each of the following: List of all the switches and ports in your network by folder List of unused ports List of access and distribution ports Histogram displaying unused ports vs.
Figure 171 RADIUS Authentication Issues Detail Page Illustration Using the RF Health Report The RF Health Report tracks the top AP radio issues by noise, MAC/Phy errors, channel changes, transmit power changes, mode changes, and interfering devices (the last two apply only if there are ARM events). This report assists in pinpointing the most problematic devices on your network, and lists the top 10 devices by problem type.
Figure 172 Daily RF Health Report Page Illustration All tables indicate the rank, device type, number of users, bandwidth, location, controller, folder, and group, and 238 | Creating, Running, and Emailing Reports Dell PowerConnect W AirWave 7.
all are sorted according to rank. Selecting a value under the Device column in any table will take you to the APs/ Devices > Monitor > Radio Statistics page for the band indicated in the table title (5 GHz or 2.4 GHz). Every list contains Rank, Device (name, not type), Channel Changes, Average Noise, Average Channel Utilization, Users, Bandwidth, Location, Controller name, Folder, and Group. The third column in the list (after Device) will be the column the list is sorted by.
Figure 174 User Session Detail > Connection Mode Information Figure 175 User Session Detail > SSID Information 240 | Creating, Running, and Emailing Reports Dell PowerConnect W AirWave 7.
Figure 176 User Session Detail > Role Information Figure 177 User Session Detail > VLAN Information Figure 178 User Session Detail > Cipher Information Dell PowerConnect W AirWave 7.
Figure 179 Summary and User Information (partial view) Defining Reports You can create reports in AWMS for any time period you wish, to be run when you wish, and distributed to recipients that you define. Perform these steps to create and run custom reports. Reports created with the Reports > Definition page appear on this and on the Reports > Generated page once defined. 1.
Table 134 Reports > Definitions > Add Page Fields (Continued) Field Default Description Group All Groups Folder All Folders Specify the groups and folders to be covered in the report by choosing All Groups (or All Folders) or specifying Use selected groups (or Use selected folders) in the drop-down menu. If Use selected groups is chosen, a menu with checkboxes appears, allowing you to choose the groups to include in the report.
Figure 181 Report Restrictions Illustration By default all data will be included. Deselect the checkbox to hide specific information. The list can also be reordered by dragging and dropping the separate lines. The order displayed here will match the column order in the report. 3. Do one of the following: Select Add and Run to generate the report immediately, in addition to saving report settings.
Table 135 Report Types and Scheduling Options Supported for Custom Reports (Continued) Report Type Can by Run by Time Period Can be Run by Group/Folder Description Using the Network Usage Report Yes Yes Summarizes bandwidth data and number of users. Using the New Rogue Devices Report Yes No Shows new rogue devices by score, discovering AP, and MAC address vendor.
Where mail.example.com is the IP address or hostname of your smarthost. 2. Run service postfix restart 3. Send a test message to an email address. Mail -v xxx@xxx.com Subject: test mail . CC: 4. Press Enter. 5. Check the mail log to ensure mail was sent. tail -f /var/log/maillog Exporting Reports to XML or CSV AWMS allows you to export individual reports in XML (xhtml) or CSV. You can also export all reports at once and a zip file will be generated with all of the files in CSV format included.
Chapter 10 Using the AWMS Helpdesk This chapter presents the functions, configuration, and use of the AWMS Helpdesk and includes the following sections: “AWMS Helpdesk Overview” on page 247 “Monitoring Incidents with Helpdesk” on page 247 “Creating a New Incident with Helpdesk” on page 249 “Creating New Snapshots or Incident Relationships” on page 250 “Using the Helpdesk Tab with an Existing Remedy Server” on page 251 AWMS Helpdesk Overview The Helpdesk module of the AirWave Wireless Ma
Figure 182 Helpdesk > Incidents Page Illustration The table in Helpdesk > Incidents displays the count of incidents by state and by time. You can sort incidents from within any category of information, whether in sequential or reverse-sequential order. You can display all incidents, or strictly open or closed incidents, and you can display incidents according to the person who created them. Finally, the Helpdesk > Incidents page allows you to add or delete incidents.
Selecting the pencil icon next to any incident opens an edit page where you can modify and update the incident. An incident can be deleted by selecting the checkbox next to it and selecting Delete. Table 137 Helpdesk > Incidents Bottom Table Column Description ID Displays the ID number of the incident, which is assigned automatically when the incident is logged. Summary Presents a summary statement of the issue or problem—entered by the AWMS user when the incident is created.
Figure 184 Helpdesk Icons on Additional Pages Table 139 describes the Helpdesk icon components. Table 139 Helpdesk Icon Components Icon Description Current Incident (ID number and description) Identifies the current incident of focus in the Helpdesk header. Selecting the link brings up the Incident Edit page (see above). Mousing over the incident brings up a summary popup of the incident. Relates the device, group or client to the incident (see below for more details).
Using the Helpdesk Tab with an Existing Remedy Server If an external Remedy server exists, you can use the AWMS Helpdesk tab to create, view and edit incidents on the Remedy server. AWMS can only support integration with a Remedy server if it is a default installation of Remedy 7.0 with no changes to the web service definitions. To use the Helpdesk tab with a Remedy server, first navigate to the Helpdesk > Setup page. In the BMC Remedy Setup area, select Yes to enable Remedy.
Figure 187 Helpdesk > Incidents with Remedy Enabled Table 141 Helpdesk > Incidents Components with Remedy Enabled Field Description Incident Number Displays a unique identifier for each incident; assigned by the Remedy installation. Summary Contains a brief incident summary as entered by AWMS or Remedy user.
Table 142 Helpdesk > Incidents > Add a New Remedy Incident Fields Field Description Urgency Summary Free-form text field. 1 - Critical (default) 2 - High 3 - Medium 4 - Low NOTE: A new incident is not created if the customer First and Last name do not exist on the Remedy server. However, in this scenario, there is no failure message or warning that the incident was not created. Once an incident has been created, select the pencil icon in the incident list to edit the information.
| Using the AWMS Helpdesk Dell PowerConnect W AirWave 7.
Appendix A Package Management for AWMS Yum for AWMS This appendix describes the Yum packaging management system. Dell PowerConnect W recommends running Yum to ensure your packages are up to date, and so that your AWMS is as secure as possible if you are running RHEL 5 or CentOS 5. Yum is an automated package management system that verifies AWMS is running the most recently released RPMs and upgrades any out-of-date packages.
| Package Management for AWMS Dell PowerConnect W AirWave 7.
Appendix B Third-Party Security Integration for AWMS This appendix describes the optional integration of third party security products for AWMS, as follows: “Bluesocket Integration” on page 257 “ReefEdge Integration” on page 257 “HP ProCurve 700wl Series Secure Access Controllers Integration” on page 258 Bluesocket Integration A Bluesocket security scheme for AWMS has the following prerequisites: Bluesocket version 2.1 or higher AWMS version 1.
AWMS version 1.5 or higher Completion of the AMP Setup > Radius Accounting page configurations, as described in “Integrating a RADIUS Accounting Server” on page 55. ReefEdge Configuration Perform these steps to configure a ReefEdge security scheme: 1. Log in into the ReefEdge ConnectServer via HTTP with the proper user credentials. 2. Navigate to the Connect System > Accounting page. 3. Select Enable RADIUS Accounting. 4. Enter the Primary Server IP Address or DNS entry for AWMS server. 5.
4. Select New Services. 5. Select RADIUS. 6. Enter Name - Logical Name. 7. Enter Server - AWMS IP Address. 8. Enter Shared Secret. 9. Enter Port - 1812. 10. Enter the Shared Secret and Confirm (matching the AWMS shared secret). 11. Enter Reauthentication Field - Session Timeout. 12. Enter Timeout - 5. 13. Select the Enable RADIUS Accounting RFC-2866 check box. 14. Enter Port - 1813 for RFC-2866. 15. To verify and view the log files on AWMS, proceed to System > Event Log. Dell PowerConnect W AirWave 7.
| Third-Party Security Integration for AWMS Dell PowerConnect W AirWave 7.
Appendix C Access Point Notes This appendix contains a few additional notes relevant to Cisco devices monitored by AWMS, and includes the following sections: “Resetting Cisco (VxWorks) Access Points” on page 261 “Cisco IOS Dual Radio Template” on page 263 “Speed Issues Related to Cisco IOS Firmware Upgrades” on page 264 “AWMS Firmware Upgrade Process” on page 264 Resetting Cisco (VxWorks) Access Points When using any WLAN equipment, it may sometimes be necessary to recover a password and/or
Determining the Boot-Block Version The subsequent steps that you must follow to reset the Cisco AP depend on the version of the AP's boot-block. Follow the steps below to determine which boot-block version is currently on your AP, then use the corresponding instructions detailed below. When you connect to the AP, the Summary Status screen appears. Reboot the AP by pressing CTRL-X or by unplugging and then re-plugging the power connector.
Resetting the AP (for Boot-Block Versions 11.07 and Higher) Follow these steps to reset your AP if the boot-block version on your AP is greater than 11.07: 1. If you have not done so already, connect to the AP (see above), select OK, and press Enter. 2. When the Summary Status screen appears after you have connected to the AP, reboot the AP by unplugging and then re-plugging the power connector. 3. When the AP reboots and the Summary Status screen reappears, type :resetall and press Enter. 4.
bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled %endif% interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled interface BVI1 %if ip=dhcp% ip address dhcp client-id FastEthernet0 %endif% %if ip=static% ip address %ip_address% %netmask% %endif% no ip route-cache %if ip=static%
Appendix D Initiating a Support Connection The Support Connection Manager establishes a secure point-to-point connection between the customer AWMS and Dell's support organization. Using this secure connection, Dell support engineers can remotely diagnose problems or upgrade software without breaching security and exposing AWMS to the Internet.
| Initiating a Support Connection Dell PowerConnect W AirWave 7.
Appendix E Cisco Clean Access Integration (Perfigo) This appendix includes the following sections: “Prerequisites for Integrating AWMS with Cisco Clean Access” on page 267 “Adding AWMS as RADIUS Accounting Server” on page 267 “Configuring Data in Accounting Packets” on page 267 Prerequisites for Integrating AWMS with Cisco Clean Access Run Clean Access Software 3.5 or higher Run AWMS version 3.4.0 or higher Complete the AMP Setup > RADIUS Accounting section on AMP.
| Cisco Clean Access Integration (Perfigo) Dell PowerConnect W AirWave 7.
Appendix F HP Insight Install Instructions for AWMS Servers To install HP/Compaq Insight Manager on the AWMS, perform the following steps: 1. Use SCP to move the two files over to the server: hpasm-7.8.0-88.rhel4.i386.rpm <- The actual HP agents hpsmh-2.1.9-178.linux.i386.rpm <- The HP web portal to the agents 2. Enter rpm -i hpasm-7.8.0-88.rhel4.i386.rpm at the command line interface. 3. Enter hpasm activate. Take the default values. You will need the SNMP RW and RO strings at this point. 4.
| HP Insight Install Instructions for AWMS Servers Dell PowerConnect W AirWave 7.
Appendix G Installing AWMS on VMware ESX (3i v. 3.5) This appendix provides complete instructions for installing AWMS on VMware ESX (3i v. 3.5) and includes the following sections: “Creating a New Virtual Machine to Run AWMS” on page 271 “Installing AWMS on the Virtual Machine” on page 271 “AWMS Post-Installation Issues on VMware” on page 272 Creating a New Virtual Machine to Run AWMS 1. Select Create a new virtual machine from the VMware Infrastructure Client. 2.
AWMS Post-Installation Issues on VMware By default, AWMS runs the Linux 'smartd' service for detecting physical disk errors using the S.M.A.R.T. protocol. However, virtual disks do not support the S.M.A.R.T. protocol, so the AWMS smartd service will fail at startup. The service can be prevented from starting at boot by running the following commands at the AWMS command line.
Appendix H Third-Party Copyright Information AMP contains some software provided by third parties (both commercial and open-source licenses). Source code to third-party open-source packages are available on AirWave's website and by request: This product includes software developed by the Apache Software Foundation (www.apache.org/). Google Earth and the Google Earth icon are the property of Google.
Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. Neither the name of the Networks Associates Technology, Inc nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
---- Part 5: Sparta, Inc copyright notice (BSD) ----Copyright (c) 2003-2004, Sparta, Inc All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
3. All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by Systemics Ltd (www.systemics.com/) THIS SOFTWARE IS PROVIDED BY SYSTEMICS LTD ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
mod_auth_tacacs - TACACS+ authentication module: Copyright (c) 1998-1999 The Apache Group. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2.
| Third-Party Copyright Information Dell PowerConnect W AirWave 7.
Index Numerics 802.11 counters ......................................................... 124 A AAA servers................................................................. 79 access control lists ....................................................... 99 access points adding with CSV file ............................................ 114 ACLs .......................................................................... 99 configuring............................................................ 18 devices ..
I incidents creating ............................................................... 249 installation checking................................................................ 19 IP address adding and assigning .............................................. 19 iPhone ...................................................................... 212 L Linux CentOS 5 installing ............................................................... 17 logs M ARM Events .....................................................
T Activity section ................................................ 24 Navigation section ............................................ 23 Status section .................................................. 22 TACACS+ ................................................................. 79 configuring authentication ...................................... 52 integrating............................................................. 52 Setup > General ....................................................
| Index Dell PowerConnect W AirWave 7.