Controller Configuration Guide Dell Networking W-AirWave 8.
Copyright © 2014 Aruba Networks, Inc. Aruba Networks trademarks include , Aruba Networks®, Aruba ® Wireless Networks , the registered Aruba the Mobile Edge Company logo, and Aruba Mobility Management System®. Dell™, the DELL™ logo, and PowerConnect™ are trademarks of Dell Inc. All rights reserved. Specifications in this manual are subject to change without notice. Originated in the USA. All other trademarks are the property of their respective owners.
Contents Controller Configuration in AirWave Requirements, Restrictions, and AOS Support in AirWave Requirements Restrictions AOS Support in AirWave Overview of Dell Networking W Configuration in AirWave Device Setup > Dell Networking W Configuration Page Groups > Controller Config Page with Global Configuration Enabled Groups > Controller Config when Global Configuration is Disabled Support for Editing Multiple Device Settings Controller Configuration Sections in the Tree View Dell Networking W AP Groups
Pushing Device Configurations to Controllers AP Overrides Guidelines Supporting APs with Dell Networking W Configuration Changing Adaptive Radio Management (ARM) Settings Changing SSID and Encryption Settings Changing the Dell Networking W AP Group for an AP Device Using AirWave to Deploy Dell Networking W-Series APs Using General AirWave Device Groups and Folders Visibility in Dell Networking W Configuration Visibility Overview Defining Visibility for Dell Networking W Configuration Controller Configurati
Local Config > Management Local Config > Management >General Local Config > Management >Administration Local Config > Management >SNMP Local Config > Management> Logging Local Config > Management> Clock Local Config > Advanced >Redundancy Advanced Services Advanced Services > AirGroup Advanced Services > AirGroup > CPPM Server AAA Advanced Services > AirGroup > Domain Advanced Services > AirGroup > Service Advanced Services > IP Mobility Advanced Services > IP Mobility > Mobility Domain Advanced Services >
vi | Contents Dell Networking W-AirWave 8.
Chapter 1 Controller Configuration in AirWave ArubaOS (AOS) is the operating system, software suite, and application engine that operates Dell Networking W-Series mobility controllers and centralizes control over the entire mobile environment. The AOS wizards, command-line interface (CLI), and WebUI are the primary means used to configure and deploy Dell controllers. For a complete description of AOS, refer to the Dell Networking W-Series ArubaOS User Guide for your release.
l Template-based configuration for devices with firmware versions before AOS 3.3.2.10 l Global GUI configuration for organizations that have near-identical deployments on all of their controllers l Group-level GUI configuration for organizations that have two or more configuration strategies Configuration changes are pushed to the controller via SSH with no reboot required.
l "Groups > Controller Config Page with Global Configuration Enabled" on page 10—the way this page displays depends on whether global or group configuration is enabled in AMP Setup > General > Device Configuration: n If global configuration is enabled, the Groups > Controller Config page manages Dell Networking W AP group and other controller-wide settings defined on the Device Setup > Dell Networking W Configuration page.
Groups > Controller Config Page with Global Configuration Enabled When Use Global Dell Networking W Configuration is enabled in the AMP Setup > General page, a focused submenu page displays allowing you to edit all configured Dell Networking W AP groups with the following factors: l Dell Networking W AP Groups must be defined from the Device Setup > Dell Networking W Configuration page before they are visible on the Groups > Controller Config page.
To edit these settings for individual devices, click the pencil icon by the profile name to edit the profile, then click the Modify Per-Device Settings link. Edit the fields for the selected devices as required, then click Save.
l Dell Networking W AP Groups are assigned to folders, and folders define visibility. Using conventional AirWave folders to define visibility, Dell Networking W AP Groups can provide visibility to some or many components while blocking visibility to other users for more sensitive components, such as SSIDs. Navigate to the Users pages to define folder visibility, and refer to "Visibility in Dell Networking W Configuration" on page 32.
l "Setting Up Initial Dell Networking W Configuration" on page 20 l "General WLAN Guidelines" on page 28 l "WLANs" on page 46 Figure 6: Dell Networking W Configuration > WLANs Navigation Profiles Section Use Profiles to organize and deploy groups of configurations for Dell Networking W AP Groups, WLANs, and other profiles. Profiles are assigned to folders, which establishes visibility to Dell Networking W AP Groups and WLAN settings.
Security Section Use the Security section to adds edits or delete security profiles in multiple categories, including user roles, policies, rules, and servers such as RADIUS, TACACS+, and LDAP servers. Navigate to Security with the Dell Networking W Configuration > Security path, (see Figure 8). The following general guidelines apply to Security profiles in Dell Networking W configuration: l Roles can have multiple policies, and each policy can have numerous roles.
Advanced Services Section Navigate to Advanced Services with the Dell Networking W Configuration > Advanced Services path. The Advanced Services section includes AirGroup, IP Mobility and VPN Services (see Figure 10For additional information about AirGroup, IP Mobility and VPN Services, refer to"Advanced Services" on page 59. Figure 10: Dell Networking W Configuration > Advanced Services Navigation APs/Devices > List Page This page supports all AirWave devices.
You can create controller overrides for entire profiles or a specific profile setting per profile. This allows you to avoid creating new profiles or Dell Networking W AP Groups that differ by one or more settings. Controller overrides can be added from the controller's APs/Devices > Manage page (see Figure 12). Figure 12: APs/Devices > Manage Page (Partial Display) APs/Devices > Monitor Page Used in conjunction with the Manage page, the Monitor page enables review of device-level settings.
For additional information, refer to "Pushing Device Configurations to Controllers" on page 29. APs/Devices > Audit Page Use the APs/Devices > Audit page to view the configuration status of a device.
Click the Add icon (the plus symbol) on the right to add a referenced profile to a new AP Group. After you click Save or Save and Apply, AirWave automatically returns you to the original Dell Networking W AP Group configuration page. This configuration is also supported on the Additional Dell Networking W Profiles section of the Groups > Controller Config page. 18 | Controller Configuration in AirWave Dell Networking W-AirWave 8.
Figure 13: Referenced Profile Configuration for a Dell Networking W AP Group Save, Save and Apply, and Revert Buttons Several Add or Detail pages in Dell Networking W Configuration include the Save, Save and Apply, and Revert buttons. These buttons function as follows: l Save —This button saves a configuration but does not apply it, allowing you to return to complete or apply the configuration at a later time.
you must click Save and Apply to make the changes take effect. You can apply the configuration after all changes are complete. l Save and Apply —This button saves and applies the configuration with reference to Manage and Monitor modes. For example, you must click Save and Apply for a configuration profile to propagate to all controllers in Manage mode. If you have controllers in Monitor Only mode, AirWave audits them, comparing their current configuration with the new desired configuration.
Prerequisites l Complete the AirWave upgrade to AirWave 6.4 or later. Upon upgrade, global Dell Networking W Configuration is enabled by default in groups with devices in monitor-only mode that have AOS firmware of 3.3.2.10 or greater. l Back up AOS controller configuration file. Information about backing up AirWave is available in the Dell Networking W-AirWave 8.0 User Guide.
Figure 14: APs/Devices > Audit Page Illustration If the page reports a device mismatch, the page will display an Import button that allows you to import the Dell Networking W-Series controller settings from a Dell Networking W-Series controller that has already been configured. To import the complete configuration from the controller (including any unreferenced profiles) select the Include unreferenced profiles check box.
In Group Configuration: Importing the group configuration creates Profiles and Dell Networking W AP Groups in the controller's Groups > Controller Config page. 5. After configuration file import is complete, refresh the page to verify the results of the import and add or edit the imported parameters as required. 6. Navigate to the Controller Configuration page. n This page displays a list of APs authorized on AirWave that are using the Dell Networking W AP Group.
Figure 15: Dell Networking W Configuration > Dell Networking W AP Groups > Add/Edit Details Page (Partial View) For additional information about configuring Dell Networking W AP Groups, see "Dell Networking W AP Groups Procedures and Guidelines" on page 27. 8. Add or edit WLANs in Dell Networking W Configuration as required. a. Navigate to the Dell Networking W Configuration > WLANs page. This page can display all WLANs currently configured, or it can display only selected WLANs. b.
The following sections of this configuration guide provides additional information and illustrations for configuring WLANs: n "General WLAN Guidelines" on page 28 n "WLANs" on page 46 for details on all WLAN settings 9. Add or edit Dell Networking W Configuration Profiles as required. a. Navigate to the Dell Networking W Configuration > Profiles section of the navigation pane. b. Select the type of profile in the navigation pane to configure: AAA, AP, Controller, IDS, Mesh, QoS, RF, or SSID. c.
Additional Capabilities AirWave supports many additional AOS configurations and settings. Refer to the following additional resources on dell.com/support/manuals for more information: l Dell Networking W-Series ArubaOS User Guide l Dell Networking W-AirWave 8.0 User Guide l Dell Networking W-AirWave 8.0 Best Practices Guide 26 | Controller Configuration in AirWave Dell Networking W-AirWave 8.
Chapter 2 Dell Networking W Configuration in Daily Operations This section presents common tasks or concepts after initial setup of Dell Networking W Configuration is complete, as described in the section "Setting Up Initial Dell Networking W Configuration" on page 20.
Configuring Dell Networking W AP Groups Perform the following steps to display, add, edit, or delete AP Groups in Dell Networking W Configuration. 1. Browse to the Dell Networking W Configuration page, and click the AP Groups heading in the navigation pane on the left. The Groups Summary page appears and displays all current Dell Networking W AP Groups. 2. To add a new group, click the Add AP Group button. To edit an existing group, click the pencil icon next to the group name.
General Controller Procedures and Guidelines Using Master, Standby Master, and Local Controllers AirWave implements the following general approaches to controllers: l Master Controller—This controller maintains and pushes all global configurations. AirWave pushes configurations only to a master controller. l Standby Controller—The master controller synchronizes with the standby master controller, which remains ready to govern global configurations for controllers should the active master controller fail.
Supporting APs with Dell Networking W Configuration AP Overrides Guidelines The AP Override component of Dell Networking W Configuration operates with the following principles: l AP devices function within groups that define operational parameters for groups of APs. This is standard across all of AirWave. l AP Overrides allows you to change some parameters of any given AP without having to remove that AP from the configuration group in which it operates.
4. On the APs/Devices > List page, you can specify the Group and Folder to which a device belongs. Click Modify Devices to change more than one device, or click the Wrench icon associated with any specific device to make changes. The APs/Devices > Manage page appears. 5. In the Settings section of the APs/Devices > Manage page, select the new Dell Networking W AP Group to assign to the device. Change or adjust any additional settings as desired. 6.
10. Select the APs you want to re-group. 11. In the field that states Move to Dell Networking W Group below the list of the devices, select the appropriate group, and the click Move. If the list of Dell Networking W AP Groups is not there, either create these AP groups manually on the Device Setup > Dell Networking W Configuration page, wherein you merely need the device names and not the settings, or import the configuration from one of your controllers to learn the groups. 12.
l Administrative and Management users in AirWave can view the Dell Networking W Configuration page and the APs/Devices > Manage pages. n Administrative users are enabled to view all configurations. n Management users have access to all profiles and Dell Networking W AP groups for their respective folders. l The Device Setup > Dell Networking W Configuration page has a limit to folder drop-down options for customers that manage different accounts and different types of users.
2. Add Dell Networking W-Series controller devices to that folder as required. Use the Device Setup > Add page following instructions available in the Dell Networking W-AirWave 8.0 User Guide. 3. As required, create or edit a user role that is to have rights and manage privileges required to support their function in Dell Networking W Configuration. a.
d. Click Add to complete the role creation, or click Save to retain changes to an existing role. The AMP Setup page now displays the new or revised role. 4. As required, add or edit one or more users to manage and support Dell Networking W Configuration. This step creates or edits users to have rights appropriate to Dell Networking W Configuration.
| Dell Networking W Configuration in Daily Operations Dell Networking W-AirWave 8.
Appendix A Controller Configuration Reference Overview This section describes the pages, field-level settings, and interdependencies of Dell Networking W Configuration profiles. Additional information is available as follows: l Controller Configuration components are summarized in "Additional Concepts and Components" on page 17. l For procedures that use several of these components, refer to earlier chapters in this document.
This section describes Dell Networking W Configuration components with the following organization and topics: l "Groups > Controller Config Page" on page 65 l "Dell Networking W AP Groups" on page 38 l "AP Overrides" on page 41 l "WLANs" on page 46 l "Profiles" on page 47 l "Security" on page 48 l "Local Config " on page 55 l "Advanced Services" on page 59 Dell Networking W AP Groups Dell Networking W AP Groups appear at the top of the Dell Networking W Configuration navigation pane.
Table 2: Dell Networking W Configuration > Dell Networking W AP Groups Details, Settings and Default Values (Continued) Field 802.11a Radio Profile Default Description 5_am Defines AP radio settings for the 5 GHz frequency band, including the Adaptive Radio Management (ARM) profile and the high-throughput (802.11n) radio profile. Select the pencil icon next to this field to edit or create additional profile settings in the RF > 802.11a/g Radio page of Dell Networking W Configuration.
Table 2: Dell Networking W Configuration > Dell Networking W AP Groups Details, Settings and Default Values (Continued) Field Ethernet Interface 0 Link Profile Default Description default Sets the duplex mode and speed of AP’s Ethernet link for ethernet interface 0. The configurable speed is dependent on the port type, and you can define a separate Ethernet Interface profile for each Ethernet link.
Table 2: Dell Networking W Configuration > Dell Networking W AP Groups Details, Settings and Default Values (Continued) Field Default Description 802.11a Traffic Management Profile default Specify the minimum percentage of available bandwidth to be allocated to a specific SSID when there is congestion on the wireless network, and sets the interval between bandwidth usage reports. This setting pertains specifically to 802.11a. Selects the IDS profile to be associated with the new AP Group.
Figure 20: AP Overrides page illustration (partial view) Table 3 describes the fields on the AP Overrides > Add/Edit Details page. Table 3: AP Overrides Add or Edit page fields Field Default Description Name Blank Name of the AP Override. Use the name of the AP device to which it applies. WLANs 42 | Controller Configuration Reference Dell Networking W-AirWave 8.
Table 3: AP Overrides Add or Edit page fields (Continued) Field Default Description This section lists the WLANs currently defined in Dell Networking W Configuration by default. You can display selected WLANs or all WLANs. WLANs Select one or more WLANs for which AP Override is to apply. Excluded WLANs This section displays WLANs currently defined in Dell Networking W Configuration by default. This section can display selected WLANs or all WLANs.
Table 3: AP Overrides Add or Edit page fields (Continued) Field Event Thresholds Profile Default default Description Defines error event conditions, based on a customizable percentage of low-speed frames, non-unicast frames, or fragmented, retry or error frames.
Table 3: AP Overrides Add or Edit page fields (Continued) Field VoIP Call Admission Control Profile Default default Description Voice Call Admission Control limits the number of active voice calls per AP by load-balancing or ignoring excess call requests.
Table 3: AP Overrides Add or Edit page fields (Continued) Field Default Description Mesh Cluster Profiles Add New Mesh Cluster Profile Hidden by default until the Add button is clicked Clicking this Add button displays a new Mesh Cluster Profile field. The drop-down menu displays all supported profiles. Select one from the menu.
Table 4: Dell Networking W Configuration > WLANs Page Fields and Descriptions Field Description Name Lists the name of the WLAN. SSID Lists the SSID currently defined for the WLAN. Dell Networking W AP Group Lists the Dell Networking W AP Group or Groups that use the associated WLAN. AP Override Lists any AP Override configurations for specific APs on the WLAN and in the respective Dell Networking W AP Groups.
Browse to the Device Setup > Dell Networking W Configuration page, and click the Profiles heading in the navigation pane on the left. Expand the Profiles > AAA menu by clicking the plus sign (+) next to it. The following profile options appear: l 802.1X Auth l Advanced Authentication l Captive Portal Auth l Combined VPN Auth l IPv6 Extension Header l MAC Auth l Management Auth l SSO L2 Auth l Stateful 802.
Figure 22: Security Components in Dell Networking W Configuration This section describes the profiles, pages, parameters and default settings for all Security components in Dell Networking W Configuration, as follows: l Campus AP Whitelist l "Security > Policies" on page 51 n "Security > Policies > Destinations" on page 51 n "Security > Policies > Services" on page 51 l Security RAP Whitelist l "Security > Server Groups" on page 52 n "Security > Server Groups > Internal" on page 54 n "Security
n l "Security > User Roles > VPN Dialers" on page 51 "Security > User Rules" on page 55 n Security > User Rules > AAA Alias Security > User Roles A client is assigned a user role by one of several methods. A user role assigned by one method may take precedence over a user role assigned by a different method. The methods of assigning user roles are, from lowest to highest precedence: 1. The initial user role for unauthenticated clients is configured in the AAA profile for a virtual AP. 2.
You can assign different bandwidth contracts to upstream and downstream traffic for the same user role. You can also assign a bandwidth contract for only upstream or only downstream traffic for a user role; if there is no bandwidth contract specified for a traffic direction, unlimited bandwidth is allowed. By default, all users that belong to the same role share a configured bandwidth rate for upstream or downstream traffic.
Refer to the "ip access-list session" command in the Dell Networking W-Series AOS CLI Guide for information about the options that are available on this form. Security > Server Groups Server Groups Page Overview The Server > Server Groups page displays all server groups currently configured along with the profiles and controllers that are used by each server group: l AAA l Captive Portal Auth l Stateful Kerberos Auth l Management Auth l Stateful NTLM Auth l Stateful 802.
l l l l RFC 3576 TACACS+ (Terminal Access Controller Access Control System) Windows XML API Additionally, you can use the controller’s internal database to authenticate users. You create entries in the database for users and their passwords and default role. You can create groups of servers for specific types of authentication. For example, you can specify one or more RADIUS servers to be used for 802.1x authentication. The list of servers in a server group is an ordered list.
Security > Server Groups > Internal An internal server group configures the internal database with the username, password, and role (student, faculty, sysadmin, etc.) for each user. There is a default internal server group that includes the internal database. For the internal server group, configure a server derivation rule that assigns the role to the authenticated client.
To edit or create a TACACS Accounting profile, navigate to the Security > TACACS Accounting page. Refer to the Authentication Servers chapter in the Dell Networking W-Series ArubaOS User Guide for information about TACACS Accounting. Refer to the "aaa tacacs-accounting" command in the Dell Networking W-Series ArubaOS CLI Guide for information about the options that are available on this form.
Figure 23: Local Config menu Local Config > Network This section describes the Local Config Network settings available in the Device setup > Dell Config > Network page. Local Config > Network > Controller To configure local controller settings, navigate to the Local Config >Network > Controller page.
Select Add to create a new VLAN or Named VLAN profile, or click the pencil icon next to an existing profile to view or edit the profile configuration. Refer to the Dell Networking W-Series ArubaOS User Guide and the "vlan" and "vlan-name" commands in the Dell Networking W-Series AOS Command-Line Interface Reference Guide for more information about controller VLAN configuration.
Local Config > Management >Administration Define controller management users and management user passwords. The settings in this profile also allows network administrators to bypass the enable password prompt and go directly to the privileged commands (config mode) after logging on to the controller. Select Add to create a new management administration profile, or click the pencil icon next to an existing profile to view or edit the profile configuration.
Advanced Services This section describes the contents, parameters, and default settings for all Advanced Services components in Dell Networking W Configuration. Dell Networking W Configuration in AirWave supports advanced services such as AirGroup, IP Mobility and VPN services. For additional information about the AirGroup feature, IP Mobility domains, VPN services, and additional architecture or concepts, refer to the Dell Networking W-Series ArubaOS User Guide.
register their personal devices. The AirGroup CPPM Server AAA profile configured in the Advanced Services > AirGroup > CPPM Server AAA page defines RADIUS and RFC 3576 Server settings for CPPM authentication. Select Add to create a new CPPM AAA profile, or click the pencil icon next to an existing profile to view or edit the profile configuration.
"airgroup" command in the Dell Networking W-Series ArubaOS Command-Line Interface Reference Guide for information about the options that are available on this form. Advanced Services > IP Mobility Navigate to Advanced Services > IP Mobility page from the Dell Networking W Configuration navigation pane. This page displays all currently configured profiles supporting IP Mobility, each group that uses each IP Mobility profile, and the folder for each IP Mobility profile.
Advanced Services > VPN Services For wireless networks, virtual private network (VPN) connections can be used to further secure the wireless data from attackers. The Dell Networking W-Series controllers can be used as a VPN concentrator that terminates all VPN connections from both wired and wireless clients.
Advanced Services > VPN Services > IKE > IKE Policy Navigate to the Advanced Services > VPN Services > IKE > IKE Policy page from the Dell Networking W Configuration navigation pane to add a new IKE policy. Refer to the Virtual Private Networks chapter in the Dell Networking W-Series AOS User Guide for information about IKE. Also refer to the "vpn-dialer" command in the Dell Networking W-Series AOS CLI Guide for information about the options that are available on the IKE Policy form.
Advanced Services > VPN Services > IPSEC > Dynamic Map > Transform Set VPN Services may reference IPSEC profiles. Transform sets define the encryption and hash algorithm to be used by a dynamic map in an IPSEC profile that supports VPN Services. Navigate to Advanced Services > VPN Services > IPSEC > Dynamic Map > Transform Set from the Dell Networking W Configuration navigation pane. This page displays all currently configured Transform Sets, and which Dynamic Maps reference them.
Groups > Controller Config Page With Global Dell Networking W Configuration enabled in AMP Setup > General, create Dell Networking W AP Groups with the Device Setup > Dell Networking W Configuration page, as described in earlier in this document. To view and edit profile assignments for Dell Networking W AP Groups, perform these steps. 1. Navigate to the Groups > List page. 2.
| Controller Configuration Reference Dell Networking W-AirWave 8.
Index A G Adaptive Radio Management (ARM) 30 Advanced Services defined 14 pages and field descriptions 55 Advanced Services > IP Mobility 59, 61 Advanced Services > IP Mobility page 59, 61 Advanced Services > VPN Services 62 Advanced Services > VPN Services > IKE 62 Advanced Services > VPN Services > IPSEC 63 Advanced Services > VPN Services > L2TP 64 Advanced Services > VPN Services > PPTP 64 AP Groups general procedures and guidelines 27 AP Overrides guidelines 30 pages and field descriptions 41 APs us
| Index Dell Networking W-AirWave 8.