Controller Configuration Dell Networking W-AirWave 7.
Copyright © 2013 Aruba Networks, Inc. Aruba Networks trademarks include , Aruba Networks®, Aruba Wireless ® Networks , the registered Aruba the Mobile Edge Company logo, and Aruba Mobility Management System®. Dell™, the DELL™ logo, and PowerConnect™ are trademarks of Dell Inc. All rights reserved. Specifications in this manual are subject to change without notice. Originated in the USA. All other trademarks are the property of their respective owners.
Contents Controller Configuration in AirWave Requirements, Restrictions, and ArubaOS Support in AirWave 7 7 Requirements 7 Restrictions 7 ArubaOS Support in AirWave 7 Overview of Dell Networking W Configuration in AirWave 8 Device Setup > Dell Networking W Configuration Page 9 Groups > Controller Config Page with Global Configuration Enabled 10 Groups > Controller Config when Global Configuration is Disabled 10 Controller Configuration Sections in the Tree View 10 Dell Networking W AP Gro
General Profiles Guidelines 26 General Controller Procedures and Guidelines 27 Using Master, Standby Master, and Local Controllers 27 Pushing Device Configurations to Controllers 27 Supporting APs with Dell Networking W Configuration AP Overrides Guidelines 28 Changing Adaptive Radio Management (ARM) Settings 28 Changing SSID and Encryption Settings 28 Changing the Dell Networking W AP Group for an AP Device 28 Using AirWave to Deploy Dell Networking W-Series APs 29 Using General AirWave D
Security > Time Ranges 52 Security > User Rules 52 Local Config of SNMP Management 53 Advanced Services 53 Advanced Services > IP Mobility 53 Advanced Services > IP Mobility > Mobility Domain 54 Advanced Services > VPN Services 54 Advanced Services > VPN Services > IKE Profile 55 Advanced Services > VPN Services > IKE > IKE Policy 55 Advanced Services > VPN Services > L2TP Profile 56 Advanced Services > VPN Services > PPTP Profile 56 Advanced Services > VPN Services > IPSEC Profile 56
vi | Contents Dell Networking W-AirWave 7.
Chapter 1 Controller Configuration in AirWave ArubaOS is the operating system, software suite, and application engine that operates Dell Networking W-Series mobility controllers and centralizes control over the entire mobile environment. The ArubaOS wizards, command-line interface (CLI), and the ArubaOS Web UI are the primary means used to configure and deploy ArubaOS. For a complete description of ArubaOS, refer to the Dell Networking W-Series ArubaOS User Guide for your release.
l Configuration changes are pushed to the controller via SSH with no reboot required. AirWave only supports configuration of the settings that a master controller would push to the standby / local controllers (global features). AirWave supports all master, master-standby, and master-local deployments. AirWave supports all settings for Profiles, Dell Networking W AP Groups, Servers and Roles are supported, as is the ArubaOS WLAN Wizard.
l "Groups > Controller Config Page with Global Configuration Enabled" on page 10—the way this page displays depends on whether global or group configuration is enabled in AMP Setup > General > Device Configuration: n If global configuration is enabled, the Groups > Controller Config page manages Dell Networking W AP group and other controller-wide settings defined on the Device Setup > Dell Networking W Configuration page.
Groups > Controller Config Page with Global Configuration Enabled When Use Global Dell Networking W Configuration is enabled in the AMP Setup > General page, a focused submenu page displays allowing you to edit all configured Dell Networking W AP groups with the following factors: l Dell Networking W AP Groups must be defined from the Device Setup > Dell Networking W Configuration page before they are visible on the Groups > Controller Config page.
Dell Networking W AP Groups Section A Dell Networking W AP Group is a collection of configuration profiles that define specific settings on Dell Networking W-Series controllers and the devices that they govern. A Dell Networking W AP Group references multiple configuration profiles, and in turn links to multiple WLANs. Navigate to the Controller Config > Dell Networking W AP Groups page. The figure below illustrates one example of this page.
l AP Override allows you to change some parameters for any specific device without having to create a Dell Networking W AP group per AP. l The name of any AP Override should be the same as the name of the device to which it applies. This establishes the basis of all linking to that device. l Once you have created an AP Override for a device in a group, you specify the WLANs to be included and excluded.
The following concepts govern the use of WLANs in Dell Networking W Configuration: l WLANs are the same as virtual AP configuration profiles. l WLAN profiles contain several diverse settings including SSIDs, referenced Dell Networking W AP Groups, Traffic Management profiles, and device folders.
Figure 8 Dell Networking W Configuration > Security Navigation The following general guidelines apply to Security profiles in Dell Networking W configuration: l Roles can have multiple policies; each policy can have numerous roles. l Server groups are comprised of servers and rules. Security rules apply in Dell Networking W Configuration in the same way as deployed in ArubaOS. For additional information about Security, refer to "Security" on page 46 in the Appendix.
Figure 10 Dell Networking W Configuration > Advanced Services Navigation For additional information about IP Mobility and VPN Services, refer to "Advanced Services" on page 53. APs/Devices > List Page This page supports devices in all of AirWave. This page supports controller reboot, re-provisioning, changing Dell Networking W AP groups, and updating thin AP settings. Select Modify Devices below the graphs to perform these tasks and more.
added from the controller's APs/Devices > Manage page. Figure 12 illustrates an APs/Devices > Manage page with controller overrides. Figure 12 APs/Devices > Manage page illustration (partial display) APs/Devices > Monitor Page Used in conjunction with the Manage page, the Monitor page enables review of device-level settings.
Groups > Basic Page The Groups > Basic page deploys the following aspects of Dell Networking W Configuration: l Use this page to control which device settings appear on the Groups pages. l If you want to configure your controllers using templates instead, you should disable Dell Networking W GUI configuration from the Groups > Basic page and use template-based configuration. See the Templates chapter of the Dell Networking W-AirWave 7.7 User Guide at dell.
Figure 13 Referenced Profile Configuration for a Dell Networking W AP Group l Click the Add icon (the plus symbol) on the right to add a referenced profile to create a new profile. After you Save or Save and Apply that profile, AirWave automatically returns you to the original Dell Networking W AP Group configuration page. l This embedded configuration is also supported on the Additional Dell Networking W Profiles section of the Groups > Controller Config page.
l Save —This button saves a configuration but does not apply it, allowing you to return to complete or apply the configuration at a later time. If you use this button, you may see the following alert on other Dell Networking W Configuration pages. You can apply the configuration when all changes are complete at a later time. Figure 14 Unapplied Dell Networking W Configuration Changes Message l Save and Apply —This button saves and applies the configuration with reference to Manage and Monitor modes.
Setting Up Initial Dell Networking W Configuration This section describes how to deploy an initial setup of Dell Networking W Configuration. Dell Networking W Configuration is enabled by default in AirWave. Prerequisites l Complete the AirWave upgrade to AirWave 6.4 or later. Upon upgrade, global Dell Networking W Configuration is enabled by default in groups with devices in monitor-only mode that have ArubaOS firmware of 3.3.2.10 or greater. l Back up your ArubaOS controller configuration file.
Include unreferenced profiles check box. If you deselect the check box, AirWave will delete the unreferenced profiles/AP Groups on the controller when that configuration is pushed later, and they will not be imported. In Global Configuration: Importing this configuration creates all the Profiles and Dell Networking W AP Groups on the Device Setup > Dell Networking W Configuration page.
Figure 16 Dell Networking W Configuration > Dell Networking W AP Groups > Add/Edit Details Page (Partial View) For additional information about configuring Dell Networking W AP Groups, see "Dell Networking W AP Groups Procedures and Guidelines" on page 25. 8. Add or edit WLANs in Dell Networking W Configuration as required. a. Navigate to the Dell Networking W Configuration > WLANs page. This page can display all WLANs currently configured, or it can display only selected WLANs. b.
b. Select the type of profile in the navigation pane to configure: AAA, AP, Controller, IDS, Mesh, QoS, RF, or SSID. c. Click Add from any of these specific profile pages to create a new profile, or click the pencil icon to edit an existing profile. Most profiles in AirWave are similar to the All Profiles display in the Dell Networking W-Series controller WebUI. The primary difference in AirWave is that AAA and SSID profiles are not listed under the WLAN column, but under Profiles. d.
| Controller Configuration in AirWave Dell Networking W-AirWave 7.
Chapter 2 Dell Networking W Configuration in Daily Operations This section presents common tasks or concepts after initial setup of Dell Networking W Configuration is complete, as described in the section "Setting Up Initial Dell Networking W Configuration" on page 20.
Configuring Dell Networking W AP Groups Perform the following steps to display, add, edit, or delete AP Groups in Dell Networking W Configuration. 1. Browse to the Dell Networking W Configuration page, and click the AP Groups heading in the navigation pane on the left. The Groups Summary page appears and displays all current Dell Networking W AP Groups. 2. To add a new group, click the Add AP Group button. To edit an existing group, click the pencil icon next to the group name.
General Controller Procedures and Guidelines Using Master, Standby Master, and Local Controllers AirWave implements the following general approaches to controllers: l Master Controller—This controller maintains and pushes all global configurations. AirWave pushes configurations only to a master controller. l Standby Controller—The master controller synchronizes with the standby master controller, which remains ready to govern global configurations for controllers should the active master controller fail.
Supporting APs with Dell Networking W Configuration AP Overrides Guidelines The AP Override component of Dell Networking W Configuration operates with the following principles: l AP devices function within groups that define operational parameters for groups of APs. This is standard across all of AirWave. l AP Overrides allows you to change some parameters of any given AP without having to remove that AP from the configuration group in which it operates.
4. On the APs/Devices > List page, you can specify the Group and Folder to which a device belongs. Click Modify Devices to change more than one device, or click the Wrench icon associated with any specific device to make changes. The APs/Devices > Manage page appears. 5. In the Settings section of the APs/Devices > Manage page, select the new Dell Networking W AP Group to assign to the device. Change or adjust any additional settings as desired. 6.
10. Select the APs you want to re-group. 11. In the field that states Move to Dell Networking W Group below the list of the devices, select the appropriate group, and the click Move. If the list of Dell Networking W AP Groups is not there, either create these AP groups manually on the Device Setup > Dell Networking W Configuration page, wherein you merely need the device names and not the settings, or import the configuration from one of your controllers to learn the groups. 12.
l Administrative and Management users in AirWave can view the Dell Networking W Configuration page and the APs/Devices > Manage pages. n Administrative users are enabled to view all configurations. n Management users have access to all profiles and Dell Networking W AP groups for their respective folders. l The Device Setup > Dell Networking W Configuration page has a limit to folder drop-down options for customers that manage different accounts and different types of users.
Figure 18 APs/Devices > List Page with no devices 2. Add Dell Networking W-Series controller devices to that folder as required. Use the Device Setup > Add page following instructions available in the Dell Networking W-AirWave 7.7 User Guide. 3. As required, create or edit a user role that is to have rights and manage privileges required to support their function in Dell Networking W Configuration. a.
Figure 19 AMP Setup > Roles > Add/Edit Role Page Illustration c. As per standard AirWave configuration, complete the settings on this page. The most important fields with regard to Dell Networking W Configuration, device visibility and user rights are as follows: n Type—Specify the type of user.
6. Add or discover devices for the device folder defined during step 1 of this procedure. Information about devices is available in the Dell Networking W-AirWave 7.7 User Guide. 7. Continue to other elements of Dell Networking W Configuration described in the Reference section of this document. 34 | Dell Networking W Configuration in Daily Operations Dell Networking W-AirWave 7.
Appendix A Controller Configuration Reference Overview This section describes the pages, field-level settings, and inter-dependencies of Dell Networking W Configuration profiles. Additional information is available as follows: l Controller Configuration components are summarized in "Additional Concepts and Components" on page 17. l For procedures that use several of these components, refer to earlier chapters in this document.
This section describes Dell Networking W Configuration components with the following organization and topics: l "Groups > Controller Config Page" on page 57 l "Dell Networking W AP Groups" on page 36 l "AP Overrides" on page 39 l "WLANs" on page 44 l "Profiles" on page 45 l "Security" on page 46 l "Local Config of SNMP Management" on page 53 l "Advanced Services" on page 53 Dell Networking W AP Groups Dell Networking W AP Groups appear at the top of the Dell Networking W Configuration naviga
Field 802.11a Radio Profile Default 5_am Description Defines AP radio settings for the 5 GHz frequency band, including the Adaptive Radio Management (ARM) profile and the high-throughput (802.11n) radio profile. Select the pencil icon next to this field to edit or create additional profile settings in the RF > 802.11a/g Radio page of Dell Networking W Configuration. Defines AP radio settings for the 2.
Field Default Description separate Ethernet Interface profile for each Ethernet link. Select the pencil icon next to this field to display the Profiles > AP > Ethernet Link details page and adjust these settings as desired. Defines administrative options for the controller, including the IP addresses of the local, backup, and master controllers, Real-Time Locating Systems (RTLS) server values, and the number of consecutive missed heartbeats on a GRE tunnel before an AP reboots traps.
Field Default Description considered to be an interfering AP if it is seen in the RF environment but is not connected to the wired network. Select the pencil icon next to this field to display the Profiles > IDS page and adjust these settings as desired. Mesh Radio Profile default Determines many of the settings used by mesh nodes to establish mesh links and the path to the mesh portal, including the maximum number of children a mesh node can accept, and transmit rates for the 802.11a and 802.
Figure 21 AP Overrides page illustration (partial view) Table 2 describes the fields on the AP Overrides > Add/Edit Details page. Table 2: AP Overrides Add or Edit page fields Field Default Description Name Blank Name of the AP Override. Use the name of the AP device to which it applies. WLANs WLANs This section lists the WLANs currently defined in Dell Networking W Configuration by default. You can display selected WLANs or all WLANs. Select one or more WLANs for which AP Override is to apply.
Field Default Description Excluded WLANs This section displays WLANs currently defined in Dell Networking W Configuration by default. This section can display selected WLANs or all WLANs. Use this section to specify which WLANs are not to support AP Override. Excluded WLANs Referenced Profiles 802.11a Radio Profile 5_am Defines AP radio settings for the 5 GHz frequency band, including the Adaptive Radio Management (ARM) profile and the high-throughput (802.11n) radio profile.
Field Default Description page and adjust these settings as desired. Ethernet Interface 0 Link Profile Ethernet Interface 1 Link Profile default Sets the duplex mode and speed of AP’s Ethernet link for ethernet interface 0. The configurable speed is dependent on the port type, and you can define a separate Ethernet Interface profile for each Ethernet link. Select the pencil icon next to this field to display the Profiles > AP > Ethernet Link details page and adjust these settings as desired.
Field Default Description Selects the IDS profile to be associated with the new AP Group. The dropdown menu contains these options: l ids-disabled l ids-high-setting l ids -low-setting (the default) l ids-medium-setting IDS Profile default The IDS profiles configure the AP’s Intrusion Detection System features, which detect and disable rogue APs and other devices that can potentially disrupt network operations.
WLANs Overview of WLANs Configuration You have a wide variety of options for authentication, encryption, access management, and user rights when you configure a WLAN.
WLANs > Basic From the Dell Networking W Configuration > WLANs page, click Add to create a new WLAN, or click the pencil icon to edit an existing WLAN, then click Basic. This page provides a streamlined way to create or edit a WLAN. Refer to the 802.1X Authentication chapter in the Dell Networking W-Series ArubaOS User Guide for information about WLAN Configuration.
Figure 22 AAA Profiles Security Controller Configuration supports user roles, policies, server groups, and additional security parameters with profiles that are listed in the Security portion of the navigation pane on the Controller Configuration page, as illustrated in Figure 23: Figure 23 Security Components in Dell Networking W Configuration 46 | Controller Configuration Reference Dell Networking W-AirWave 7.
This section describes the profiles, pages, parameters and default settings for all Security components in Dell Networking W Configuration, as follows: l Campus AP Whitelist l "Security > Policies" on page 49 n "Security > Policies > Destinations" on page 49 n "Security > Policies > Services" on page 49 l Security RAP Whitelist l "Security > Server Groups" on page 49 n "Security > Server Groups > Internal" on page 51 n "Security > Server Groups > LDAP" on page 50 n "Security > Server Groups >
In a Dell Networking W system, you can configure roles for clients that use mostly data traffic, such as laptop computers, and roles for clients that use mostly voice traffic, such as VoIP phones. Although there are different ways for a client to derive a user role, in most cases the clients using data traffic will be assigned a role after they are authenticated through a method such as 802.1x, VPN, or captive portal.
Security > Policies The Security > Policies page displays all currently configured policies, including the policy name and the user role, the system, and the controller that use this policy. To create a new policy, click the Add New Policy button. To edit an existing policy, click the pencil icon. Refer to the "ip access-list session" command in the Dell Networking W-Series ArubaOS CLI Guide for information about the options that are available on this form.
through authentication for the server group so that if the first server in the list returns an authentication deny, the controller attempts authentication with the next server in the ordered list. The controller attempts authentication with each server in the list until either there is a successful authentication or the list of servers in the group is exhausted.
Select Add to create a new LDAP server, or click the pencil icon next to an existing LDAP server to edit the configuration. Refer to the Authentication Servers chapter in the Dell Networking W-Series ArubaOS User Guide for information about LDAP. Refer to the "aaa authentication-server ldap" command in the Dell Networking W-Series ArubaOS CLI Guide for information about the options that are available on this form. Security > Server Groups > RADIUS You can configure RADIUS servers for use by a server group.
Security > Server Groups > RFC 3576 RFC 3576 servers support dynamic authorization extensions to Remote Authentication Dial-In User Service (RADIUS). Dell Networking W Configuration supports RFC 3576 servers that can be referenced by server groups. To view currently configured RFC 3576 servers and where they are used, navigate to the Security > Server Groups > RFC3576 page. Select Add to create a new RFC3576 server, or click the pencil icon next to an existing server to edit it.
Navigate to the Security > User Rules page in the Dell Networking W Configuration navigation pane. This page displays user rules that are currently configured, the AAA profile that references these rules, and the folder. To add a new user rule, which is a derivation profile, click the Add New User Derivation Profile button. To edit an existing user rule, click the pencil icon next to an existing rule.
Select Add to create a new IP Mobility profile, or click the pencil icon next to an existing profile to modify settings on an existing profile. Refer to the IP Mobility chapter in the Dell Networking W-Series ArubaOS User Guide for information about IP Mobility. Also refer to the "ip mobile domain" command in the Dell Networking W-Series ArubaOS CLI Guide for information about the options that are available on this form.
l n Layer-2 Tunneling Protocol over IPSec (L2TP/IPSec) n Point-to-Point Tunneling Protocol (PPTP) Site-to-site VPNs allow networks such as a branch office network to connect to other networks such as a corporate network. Unlike a remote access VPN, hosts in a site-to-site VPN do not run VPN client software. All traffic for the other network is sent and received through a VPN gateway that encapsulates and encrypts the traffic.
Advanced Services > VPN Services > L2TP Profile The combination of Layer-2 Tunneling Protocol and Internet Protocol Security (L2TP/IPSec) is a highly secure technology that enables VPN connections across public networks such as the Internet. L2TP/IPSec provides both a logical transport mechanism on which to transmit PPP frames as well as tunneling or encapsulation so that the PPP frames can be sent across an IP network.
Navigate to the Advanced Services > VPN Services > IPSEC page from the Dell Networking W Configuration navigation pane. This page displays the IPSEC profile name, the VPN services that use the IPSEC profile, and the folder associated with the IPSEC Profile. Select Add to create a new IPSEC profile, or click the pencil icon next to an existing profile to modify settings. Refer to the Virtual Private Networks chapter in the Dell Networking W-Series ArubaOS User Guide for information about IPSEC profiles.
Figure 25 Groups > Controller Config page illustration (partial view) 3. Complete the profile assignments on this page, referring to additional topics in this appendix for additional information. Table 5 provides a summary of topics supporting these settings.
Index A F Adaptive Radio Management (ARM) 28 folders Advanced Services using with APs 30 defined 14 pages and field descriptions 53 Advanced Services > IP Mobility 53 G groups using with APs 30 Advanced Services > IP Mobility page 53 Advanced Services > VPN Services 54 Advanced Services > VPN Services > IKE 55 Advanced Services > VPN Services > IPSEC 56 Advanced Services > VPN Services > L2TP 56 Groups > Basic 17 P Profiles defined 13 Advanced Services > VPN Services > PPTP 56 embedded configur
W WLANs 44 defined 12 pages and field descriptions 44 WLANs > Advanced 45 WLANs > Basic 45 60 | Index Dell Networking W-AirWave 7.