Deployment Guide Dell Networking W-Instant in W-AirWave 8.
Copyright © Copyright 2015 Hewlett Packard Enterprise Development LP. Dell™, the DELL™ logo, and PowerConnect™ are trademarks of Dell Inc. All rights reserved. Specifications in this manual are subject to change without notice. Originated in the USA. All other trademarks are the property of their respective owners. Open Source Code This product includes code licensed under the GNU General Public License, the GNU Lesser General Public License, and/or certain other open source licenses.
Contents About this Document Overview of Dell Networking W-Instant Instant Management with AirWave AirWave Security Options Intrusion Detection System Firmware Image Management Using Instant with AirWave Secure Access to AirWave AirWave Pages with Instant-Specific Features Supported Firmware Setting up Dell Networking W-Instant Overview Setting up Instant Manually Creating your Organization String Authenticating to the AirWave Server Shared Key Authentication Whitelist Authentication Manually Create a Whi
AP Events Config History Config Archive AirWave Settings Where to Get Additional Information Field-Level Help Additional Documentation 28 28 29 29 30 30 30 Other Available Tasks 33 Resolving Mismatches Resolving Mismatches when Instant Config is Disabled Resolving Mismatches when Instant Config is Enabled Enabling the IAP Role Monitoring Devices Run Commands Best Practices and Known Issues 39 Best Practices Known Issues with the Instant Integration with AirWave 4 | Contents 33 33 34 35 36 36 39 39
Chapter 1 About this Document This document describes the Dell Networking W-Instant access point and Virtual Controller system as well as the procedure to integrate this system with W-AirWave.
l Chain 3: Trusted Root CA: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5 Intermediate CA: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.
a physical controller and thin APs, Instant automates many tedious steps of developing a complex hierarchical structure of folders, config groups, templates, admin users, and admin roles for Instant. l Communication via HTTPS: Because Instant devices may be deployed behind NAT-enabled firewalls, Virtual Controllers push data to AirWave via HTTPS. AirWave initiates no connections to Instant devices via SNMP, TFTP, SSH, and the like. This enables quick remote setup without having to modify firewall rules.
l RAPIDS: Because Instant does not support mitigation or high-level rogue reporting, it does not synchronize classification. All rogue devices are reported and stored in AirWave for evaluation based on high-level rule sets. Instant currently does not match wireless BSSIDs to local MAC addresses within an IAP's ARP table, and does not currently support IDS event notification.
Chapter 2 Setting up Dell Networking W-Instant Overview You can set up Dell Networking W-Instant in one of the following ways: l Manually. See "Setting up Instant Manually" on page 9. l Automatically (through DHCP). See "Setting up Instant Automatically" on page 12. The automatic setup is most suited for a multi-site Instant deployment. Both options are summarized here, but refer to the Dell Networking W-Instant documentation for more information on setting up the hardware and configuring the network.
l subfolder1 would be a folder under the Org folder l subfolder2 would be a folder under subfolder1 To create your Organization String, consider the plan of how your Dell Networking W-Instant IAPs are to be physically distributed. As a best practice, the Organization String should mirror your company's geographical or internal reporting structure.
l serial number l Virtual Controller name l group name l folder name l custom_variable_1...
2. Click on either the Set up Now at the bottom of the UI or on the Settings tab in the top right corner. This opens the Settings menu. 3. Locate the Dell Networking W-AirWave section on the Admin tab. Figure 1: Dell Networking W-Instant > Settings page 4. Enter the Organization string, the AirWave IP address, and the Shared key. 5. Click OK when you are finished. Setting up Instant Automatically Instant can be configured automatically using DHCP options 60 and 43.
! ip dhcp pool IAP-Pool2 default-router 10.169.242.1 option 60 text "DellInstantAP" option 43 text "Acme:Store2,10.169.240.8,dell123" network 10.169.242.0 255.255.255.0 authoritative In the example configuration shown above, the following group and folder structure is created on AirWave: l A group called Acme is created. l A top-level folder called Acme is created. l Two sub-folders called Store1 and Store2 are created which will contain the IAPs.
| Setting up Dell Networking W-Instant Dell Networking W-Instant in W-AirWave 8.
Chapter 3 Using Template Configuration Template configuration allows you manage IAP devices with minimal administrative intervention by applying a group-based template configuration to all devices that are added to the group. Be sure that the default configuration is validated and has been pre-tested in a non-production environment prior to applying it to a production network. Additional information about creating templates for Dell Networking W-Instant is available in the Dell Networking W-AirWave 8.
Be sure that the default configuration is validated and has been pre-tested in a non-production environment prior to applying it to a production network. Any changes that are made to this configuration will follow the same process each time and will be applied to other Instant networks.
Controller Mode option to Manage Read/Write on the AMP Setup > General page. Figure 6: Setting devices to Manage Read/Write mode When the second Instant contacts AirWave using the DHCP server options as described previously, and that second Instant device has the same Shared key, it shows up on AirWave. Because the devices are in Manage Read/Write mode, there is no need for manual intervention to provision these new Instant networks.
2. Click the Import Devices via CSV link. The Upload a list of devices page displays. See Figure 7. Figure 7: Device Setup > Add > Import Devices via CSV Page Illustration 3. Select a group and folder into which to import the list of devices. 4. Click Choose File and select the CSV list file on your computer. 5. Click Upload to add the list of devices to AirWave.
Figure 8: Changing the mode to Monitor Only Editing Variables Dell Networking W-AirWave includes support for editing variables on virtual controllers that have different values. Some common variables include Name, LAN IP Address, Syslog Server, Timezone, Radius Servers, and RF Band Selection. Dell Networking W-AirWave also supports additional generic variables that you can customize (such as adding a new WLAN). The defaults for all VC variables can be changed from the Template page.
l "Using Custom Variables" on page 21 l "Applying Changes" on page 22 Editing Individual Virtual Controller Values After you click Update in the Modify Devices form, the Variable Edit screen displays. This screen includes two sections. The lower section includes editable fields. Enter values or select options directly in these fields to make changes on individual controllers.
Figure 11: Change the Timezone variable Using Custom Variables The Variable Edit page includes additional generic fields, labeled as custom_variable_1 through custom_ variable_10. The custom_variable_1 field can be used to add multiple lines of text rather than a single entry (as indicated by the larger note field on the UI.) This is useful, for example, if you want to add a new WLAN configuration to a VC. Other variables can be used to enter additional, single support commands.
Figure 12: Entering a custom variable (cropped) Applying Changes Select Save when you are done updating variables. All changes will be lost if you do not click Save. The Confirm Changes page opens, displaying your recent edits. At this point, you can apply changes immediately, you can schedule to apply the changes at a later time, or you can cancel. Figure 13: Confirm Changes page Selecting Cancel returns you to the Variable Edit page, where your latest edits will still be visible.
Chapter 4 Using Instant Config Instant Config provides an alternate method for configuring and managing devices running Instant 3.2 to Instant 4.0. After Instant devices are added to a group, this feature is available when you select Enable Instant GUI Config option on the Groups > Basic page. When this feature is enabled, the Groups > Templates , APs/Devices > Manage, and APs/Devices > Audit pages are unavailable. Instead, all IAP management is performed from the Instant Config pages in AirWave.
6. Click Save and Apply. Figure 15: Enable Instant Config Buttons and Icons in Instant Config Table 2 describes the buttons and icons that are available on the Instant Config pages. Table 2: Instant Config Buttons and Icons Function Image Description Audit On the AirWave > Config Archive page for a device, select this to audit a device's configuration. Auditing or applying configuration Indicates that the device is undergoing an audit or that a new configuration is being applied.
Table 2: Instant Config Buttons and Icons (Continued) Function Image Description Note Drag a note from the menu bar onto the configuration page. Notes that are placed on configuration pages can be used to indicate why you changed an option or setting. Override Indicates that an override exists. Navigate to the AirWave > Overrides page for the selected device to view the override(s).
Figure 16: APs/Devices > New Page 2. Select the check box beside the device or devices that you want to add. 3. Use the drop-down lists to select the Group and Folder to which the devices will be added. The default group appears at the top of the Group list. 4. Select Add when you are done. At this point, you can go to the APs/Devices > List page and select the folder that contains the newly added devices. This enables you to verify that the devices have been properly assigned.
Figure 18: Group Focus Group focus is used to changes settings and apply those changes to all devices within the group. Virtual Controller Focus Virtual Controller focus is used to change settings for selected devices. From this page, you can add and configure wired and wireless networks. Select a device from the Group list to change to Device focus. Navigation at the top of the page indicates the currently selected device. The selected device is also highlighted in the list of Devices.
Figure 20: Network Focus Instant Config > AirWave The IGC's AirWave menu provides options to view configuration history, configuration mismatches, and AP events, as well as, settings that dictate how AirWaveinteracts with IAP groups and virtual controllers. Mismatches The Mismatches page displays the configuration mismatches for the selected virtual controller. For more information about resolving mismatches through the Instant Config, see "Resolving Mismatches when Instant Config is Enabled" on page 34.
Figure 22: AirWave > Config History Config Archive The Config Archive page displays the current running configuration on the selected virtual controller. Additionally, you can run an audit on the selected virtual controller's configuration. Clicking on the caret displays drop-down list of all audited configurations. By selecting two configurations and clicking Delta, you can view the difference between any two configurations.
l Auto-configure Virtual Controller - Selecting Yes allows AirWave to automatically push configuration to new virtual controllers when the are added to the group. l Allow Configuration of Country Code: Selecting Yes allows you to manually configure the country code for the group under IGC > Settings > General > Country Code. When No is selected, the previously described field is grayed-out. This is set to No by default.
l Dell Networking W-Instant 6.4.3.0-4.2 User Guide l Dell Networking W-Instant 6.4.3.0-4.2 Quick Start Guide l Dell Networking W-Instant 6.4.3.0-4.2 Release Notes l Dell Networking W-AirWave 8.0 Release Notes Dell Networking W-Instant in W-AirWave 8.
| Using Instant Config Dell Networking W-Instant in W-AirWave 8.
Chapter 5 Other Available Tasks The following additional tasks can be completed in AirWave. These include configuration and monitoring tasks. l "Resolving Mismatches" on page 33 l "Enabling the IAP Role" on page 35 l "Monitoring Devices" on page 36 l "Run Commands" on page 36 Resolving Mismatches After adding a device, the new device will appear in AirWave as two devices: the first is the Virtual Controller for that Instant network, and the second is the access point itself.
Figure 26: APs/Devices > Audit page Perform the following steps to resolve the mismatch. 1. Navigate to the AP/Devices > Manage page for that Instant device. The APs/Devices > Manage page is not available when Instant Config is enabled. 2. Change the Management Mode option to Manage Read/Write. 3. Click on Save and Apply at the bottom on the page. 4. When the Confirm changes page opens, click on Apply Changes Now for the changes take effect.
Figure 27: Viewing mismatches in Instant Config Enabling the IAP Role As shown previously, new IAP devices can be added to AirWave automatically. In some cases, after a device is added, the Admin may want to enable store-specific access. In this case, the Admin might enable a specific IAP role. 1. Enable the newly created Admin User Role in AMP Setup > Roles, as shown in Figure 28. Figure 28: Enable Admin User Roles in AMP Setup > Roles 2.
The auto-created template is most useful if the first Virtual Controller for the top-level Organization String is fully configured on-site before it is pointed at AirWave in the Virtual Controller’s UI. 3. Evaluate, approve, or ignore incoming Virtual Controllers with a different top level Organization String and/or Shared Secret in the APs/Devices > New list.
Figure 30: Run Commands Dell Networking W-Instant in W-AirWave 8.
| Other Available Tasks Dell Networking W-Instant in W-AirWave 8.
Chapter 6 Best Practices and Known Issues This section describes some best practices to follow when using AirWave to monitor and configure Instant devices. It also includes some known issues to take into consideration when using AirWave. This list is inclusive of the AirWave release notes and Instant release notes. Best Practices l Keep Instant devices in Monitor Only mode to audit the device and to ensure that configurations are not automatically pushed.
| Best Practices and Known Issues Dell Networking W-Instant in W-AirWave 8.
