Dell PowerConnect W AirWave Version 7.
Copyright © 2010 Aruba Networks, Inc. AirWave®, Aruba Networks®, Aruba Mobility Management System®, and other registered marks are trademarks of Aruba Networks, Inc. Dell™, the DELL™ logo, and PowerConnect™ are trademarks of Dell Inc. All rights reserved. Specifications in this manual are subject to change without notice. Originated in the USA. Any other trademarks appearing in this manual are the property of their respective companies.
Contents Preface.....................................................................................................................................................................11 Document Organization................................................................................................................... 11 Notice Icons ...................................................................................................................................... 12 Contacting Support .................
Using CSV Export for Lists and Reports........................................................................................ 35 Defining Graph Display Preferences............................................................................................. 35 Customizing the Overview Subtab Display................................................................................... 36 Customized Search ...........................................................................................................
Additional Information Supporting WMS Offload ............................................................... 78 Chapter 4 Configuring and Using Device Groups in AWMS .........................................................79 AWMS Group Overview .................................................................................................................. 80 Viewing All Defined Device Groups ......................................................................................
Monitoring Data Specific to Wired Devices (Routers and Switches)................... 153 Understanding the APs/Devices > Interfaces Page......................................................... 154 What Next?.............................................................................................................................. 155 Auditing Device Configuration ............................................................................................. 156 Using Device Folders (Optional) ..............
Using RAPIDS Rules with Additional AWMS Functions .................................................. 210 Score Override................................................................................................................................ 210 Audit Log .......................................................................................................................................... 212 Additional Rogue Device Resources..........................................................................
Chapter 9 Creating, Running, and Emailing Reports ....................................................................261 Overview of AWMS Reports......................................................................................................... 261 Reports > Definitions Page Overview ................................................................................. 261 Reports > Generated Page Overview .................................................................................
Cisco IOS Dual Radio Template ................................................................................................... 311 Speed Issues Related to Cisco IOS Firmware Upgrades......................................................... 312 AWMS Firmware Upgrade Process.................................................................................... 312 Appendix D Initiating a Support Connection.....................................................................................
| Dell PowerConnect W AirWave 7.
Preface This preface provides an overview of this guide, a list of all documentation available for AWMS 7.
Table 1 Document Organization and Purposes Chapter Description Appendix D, “Initiating a Support Connection” Provides instructions about how to create and use a support connection between AWMS and AirWave Wireless Support. Appendix E, “Cisco Clean Access Integration (Perfigo)” Provides instructions for integrating Cisco Clean Access within AWMS. Appendix F, “HP Insight Install Instructions for AWMS Servers” Provides instructions for installing HP Insight on AWMS servers.
Chapter 1 Introduction Thank you for choosing the Dell PowerConnect W AirWave Wireless Management Suite, or AWMS. AWMS makes it easy and efficient to manage your wireless network by combining industry-leading functionality with an intuitive user interface, enabling network administrators and helpdesk staff to support and control even the largest wireless networks in the world. This User Guide provides instructions for the installation, configuration, and operation of the AirWave Wireless Management Suite.
Role-based (for example, Administrator contrasted with Help Desk) Network segment (for example, "Retail Store" network contrasted with "Corporate HQ" network) Flexible device support Thin, thick, mesh and WiMAX network architecture Multi-vendor support Current and legacy hardware support Dell PowerConnect W Configuration AWMS supports global configuration of ArubaOS (AOS).
Queries routers and switches. Ranks devices according to the likelihood they are rogues. Multiple tests to eliminate false positive results. Provides rogue discovery that identifies the switch and port to which a rogue device is connected. Master Console and Failover The AWMS Master Console and Failover tools enable network-wide information in easy-to-understand presentation, to entail operational information and high-availability for failover scenarios.
Table 3 Components of a Wireless LAN Component Description Rogue APs Unauthorized APs not registered in the AWMS database of managed APs The flexibility of AWMS enables it to integrate seamlessly into your business hierarchy as well as your network topology. AWMS facilitates various administrative roles to match each individual user's role and responsibility.
Chapter 2 Installing AWMS This chapter contains information and procedures for installing and launching the AirWave Wireless Management Suite (AWMS), and includes the following topics: “AWMS Hardware Requirements and Installation Media” on page 17 “Installing Linux CentOS 5 (Phase 1)” on page 17 “Installing AWMS Software (Phase 2)” on page 18 “Configuring and Mapping Port Usage for AWMS” on page 21 “AWMS Navigation Basics” on page 22 “Getting Started with AWMS” on page 29 Note: AWMS
The following message appears on the screen. Welcome to AWMS Installer Phase I - To install a new AMP, type install . WARNING: This will ERASE all data on your hard drive. - To install AWMS and manually configure hard drive settings, type expert . boot: AWMS is intended to operate as a soft appliance. Other applications should not run on the same installation. Additionally, local shell users can access data on AWMS, so it is important to restrict access to the shell only to authorized users.
Caution: Changing these settings after the installation can cause a loss of graphical data, and you should avoid delayed configuration. 2. Press 1 to complete the configuration of date and time information, and to continue to the next step. Previous AWMS Installations The following message appears after date and time are set.
STEP 4: Assigning AWMS's address AWMS must be configured with a static IP. --------------- Primary Network Interface Configuration ------------1) 2) 3) 4) 5) IP Address : Netmask : Gateway : Primary DNS : Secondary DNS: xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx 9) 0) Commit Changes Exit (discard changes) If you want to configure a second network interface, please use AWMS's web interface, AWMS Setup --> Network Tab 1. Enter the network information.
Step 7: Changing the Default Root Password Upon completion of the prior step, the following message appears. STEP 7: Changing default root password. You will now change the password for the 'root' shell user. Changing password for user root. New Password: 1. Enter the new root password and press Enter. The Linux root password is similar to a Windows administrator password. The root user is a super user who has full access to all commands and directories on the computer.
Table 4 AWMS Protocol and Port Chart (Continued) Port Type Protocol Description Dataflow Direction Device Type 25 TCP SMTP Support email (optional) > AirWave support email server 49 UDP TACACS AWMS Administrative Authentication > Cisco TACACS+ 53 UDP DNS DNS lookup from AWMS > DNS Server 69 UDP TFTP Transfer configuration files or FW < APs or controllers 80 TCP HTTP Configure devices > Legacy APs 80 TCP HTTP Firmware upgrades < Colubris devices 80 TCP VTUN Suppor
Status Section The Status section provides a snapshot view of overall WLAN performance and provides direct links for immediate access to key system components. The Status section remains at the top of all pages in the AWMS and RAPIDS modules. AWMS includes the ability to customize the contents of the Status section from the Home > User Info page, to include support for both wireless and wired network components. Refer to “Configuring Your Own User Information with the Home > User Info Page” on page 248.
Table 6 Components and Sub-Menus of the AWMS Navigation Screen Main Tab Description Sub-Menus Home The Home pages provide basic AWMS information including system name, host name, IP address, current time, running time, and software version. The Home page also provides a central point for network status information and monitoring tools, giving graphical display of network activity. The Home > Overview page provides links to many of the most frequent tools in AWMS.
Table 6 Components and Sub-Menus of the AWMS Navigation Screen (Continued) Main Tab Description Sub-Menus Reports The Reports pages list all the standard and custom reports generated by AWMS. AWMS supports 13 reports in the AWMS module. For additional information, refer to Chapter 9, “Creating, Running, and Emailing Reports” on page 261.
Help Links in the GUI The Help link is available on every page within AWMS. When clicked, this launches a PDF document with information describing the AWMS page that is currently displayed. Note: Adobe Reader must be installed to view the settings and default values in the PDF help file. Common List Settings All of the lists in AWMS have some common options. All lists are paginated with a configurable number of items per page, as shown in Figure 1.
These settings are user specific. To reset them to the defaults click the Reset List Preferences button on the Home > User Info page. Buttons and Icons Standard buttons and icons are used consistently from screen to screen throughout the AWMS user pages and GUI, as itemized in the following table: Table 7 Standard Buttons and Icons of the AWMS User Page Buttons and Icons Appearancea Description Acknowledge Acknowledges and clears an AWMS alert.
Table 7 Standard Buttons and Icons of the AWMS User Page (Continued) Buttons and Icons Appearancea Description Mismatched Indicates mismatched device configuration, in which the most recent configuration in AWMS and the current configuration on a device are mismatched. Monitor Indicates an access point is in “monitor only" mode. Ignore Ignores specific device(s) - devices selected with check boxes. Import Updates a Group's desired settings to match current settings.
Getting Started with AWMS This topic describes how to perform an initial launch of the AWMS network management solution. This topic requires successful completion of installation, as described earlier in this chapter. This topic prepares the administrator for wider deployment and device support and operations once initial startup is complete. Completing Initial Login Use your browser to navigate to the static IP address assigned to the internal page of the AWMS.
| Installing AWMS Dell PowerConnect W AirWave 7.
Chapter 3 Configuring AWMS This chapter contains the following procedures to deploy initial AWMS configuration: “Formatting the Top Header” on page 31 “Customizing Columns in Lists” on page 33 “Resetting Pagination Records” on page 34 “Using the Pagination Widget” on page 34 “Using CSV Export for Lists and Reports” on page 35 “Defining Graph Display Preferences” on page 35 “Customizing the Overview Subtab Display” on page 36 “Setting Severe Alert Warning Behavior” on page 38
Figure 4 illustrates the navigation bar. For more details on hyperlinks, tabs and submenus, see “AWMS Navigation Basics” on page 22. Figure 4 Navigation Bar Displaying Home Subtabs and Down Device Statistics You can control which Top Header Stats links appear across the entire product from the AMP Setup > General page, as described in “Defining General AWMS Server Settings” on page 39.
Customizing Columns in Lists You can determine which columns are displayed in any AWMS table by selecting or deselecting its checkbox from the dropdown list made visible by clicking Choose Columns as shown in Figure 6. Using the up/down arrows to the right of each column title, you can change the order in which the column heads appear with the upper most column in the dropdown list correlating to the left most column in the table.
Resetting Pagination Records You can control how many records appear in any list individually by clicking the link with Records Per Page mouseover text at the top left of each table, as shown in Figure 8. AWMS stores each list’s pagination preferences so once you have customized the table (by choosing Custom from the Records Per Page dropdown menu and entering 5), each time you return to the Generated Reports list, it will always show just 5 records at a time, as in this example.
pagination widget. Using the mouseover text as a guide, you can to jump to the next or previous and first or last pages of the table. Using CSV Export for Lists and Reports Wherever you see an Export to CSV setting above a list, you can export the data shown into a CSV file that you can open as a Microsoft Excel spreadsheet or in any text editor. All vertical and horizontal columns appearing in the table will also appear in the exported data file.
The Show All link displays all of the available checkboxes supporting the flash graphs. Once a change to the slider bars or to the display boxes has been made, the same change can be applied to all other flash graphs with an apply button (appears on mouse-over only). For non-flash graphs, click the graph to open a popup window that shows historical data.
Figure 14 Customize Overview Page The Available Widgets pane on the left with no gridlines holds all possible (available) graphical elements (widgets). Click and any blue widget tile with a verbal description enclosed, and it immediately turns into a graphical element with the verbal description at the top. Drag the widgets you want to appear on the Overview dashboard across to the gridlines and arrange them in the right pane, within the gridlines.
Customized Search You can customize search results to display only desired categories of matches on the Home > User Info page. Navigate to the Search Preferences box and toggle the Customize Search option to “Yes”; then select or unselect categories of results and save your changes. By default customize search is turned off and all boxes are selected. When you enter a search string into the search box in the upper right-hand corner of any AMP page only results in the selected categories will be returned.
Defining General AWMS Server Settings This section describes all pages accessed from the AWMS Setup tab and describes two pages in the Device Setup tab—the Communication and Upload Files pages. Once required and optional configurations in this chapter are complete, continue to later chapters in this document to create and deploy device groups and device configuration and discovery on the network. The first step in configuring AWMS is to specify the general settings for the AWMS server.
Figure 18 AMP Setup > General Page Illustration Perform the following steps to configure AWMS server settings globally across the product (for all users). 1. Browse to the AMP Setup > General page, locate the General area, and enter the information described in Table 8: 40 | Configuring AWMS Dell PowerConnect W AirWave 7.
Table 8 AMP Setup > General > General Section Fields and Default Values Setting Default Description System Name AWMS Defines your name for the AWMS server, with a maximum limit of 20 alphanumeric characters. Automatically Monitor/ Manage New Devices No Launches a drop-down menu that specifies the behavior AWMS should follow when it discovers a new device. Devices are placed in the default group which is defined in the next field.
2. Select the Top Header Stats by checking the corresponding check box. The selected options will be displayed at the top of GUI. For more detailed information about each option, refer to Table 5 on page 23. 3. On the AMP Setup > General page, locate the Display Options section and adjust settings as required. The Display Options section configures which Group tabs and options appear by default in new device groups. Note: Changes to this section apply across all of AWMS.
Table 10 AMP Setup > General > Configuration Options Section Fields and Default Values Setting Default Description Allow WMS offload configuration in monitoronly mode No When Yes is selected, you can enable the Dell PowerConnect W WMS offload feature on the Groups > Basic page for WLAN switches in Monitor Only mode. Enabling WMS offload does not cause a controller to reboot. This option is supported only for Aruba Networks and Dell PowerConnect W devices.
Table 12 AMP Setup > General > Historical Data Retention Fields and Default Values (Continued) Setting Default Description Rogue AP Discovery Events (2-550 days) 14 Defines the number of days AWMS stores Rogue Discovery Events. The longer you store discovery event records, the more hard disk space you require. Reports (2-550 days) 60 Defines the number of days AWMS stores Reports. Large numbers of reports, over 1000, can cause the Reports > List page to be slow to respond.
Table 13 AMP Setup > General > Default Firmware Upgrade Options Fields and Default Values Setting Default Description Simultaneous Devices per Job (1-1000) 20 Defines the number of devices that can be in the process of upgrading at the same time. AWMS only runs one TFTP transfer at a time. As soon as the transfer to a device has completed, the next transfer begins, even if the first device is still in the process of rebooting or verifying configuration.
Table 15 AMP Setup > General > Performance Tuning Fields and Default Values (Continued) Setting Default Description Maximum Number of Configuration Processes 5 Increases the number of processes that are pushing configurations to your devices, as an option. The optimal setting for your network depends on the resources available, especially RAM. Please contact Dell support if you think you might need to increase this setting for your network.
Defining AWMS Network Settings The next step in configuring AWMS is to confirm the AMP network settings. Define these settings by navigating to the AMP Setup > Network page. Figure 19 illustrates the contents of this page. Figure 19 AMP Setup > Network Page Illustration Perform the following steps to define the AWMS network settings: 1. Locate the Primary and Secondary Network Interface sections.
Table 17 AMP Setup > Network > Secondary Network Fields and Default Values Setting Default Description Primary ntp1.yourdomain.com Sets the IP address or DNS name for the primary Network Time Protocol server. Secondary ntp2.yourdomain.com Sets the IP address or DNS name for the secondary Network Time Protocol server. 3. On the AMP Setup > Network page, locate the Static Routes area.
1. Navigate to the AMP Setup > Users page. This page displays all users currently configured in AWMS. Figure 20 illustrates the contents and layout of this page. Figure 20 AMP Setup > Users Page Illustration 2. Click Add to create a new user, click the pencil icon to edit an existing user, or select a user and click Delete to remove that user from AWMS. When you click Add or the edit icon, the Add User page appears, illustrated in Figure 21. Figure 21 AMP Setup > Users > Add/Edit User Page Illustration 3.
4. Click Add to create the new user, click Save to retain changes to an existing user, or click Cancel to cancel out of this screen. The user information you have configured appears on the AMP Setup > Users page and the user propagates to all additional AWMS pages and functions relevant to that user. Note: AWMS enables user roles to be created with access to folders within multiple branches of the overall hierarchy.
Figure 23 AMP Setup > Roles > Add/Edit Role Page Illustration 3. Enter or edit the settings on this page. Table 18 describes these settings in additional detail. As explained earlier in this section, Roles define the type of user-level access, the user-level privileges, and the view available to the user for device groups and devices in AWMS. Table 19 describes the settings and default values of this section.
Table 19 AMP Setup > Roles > Add/Edit Roles Fields and Default Values (Continued) Setting Default Description AP/Device Access Level None Defines the privileges the role has over the viewable APs. AWMS supports three privilege levels, as follows: Manage (Read/Write)—Manage users have read/write access to the viewable devices and Groups. They can change all AWMS settings for the devices and Groups they can view. Audit (Read Only)—Audit users have read only access to the viewable devices and Groups.
This section contains the following procedures: Configuring Communication Settings for Discovered Devices Loading Device Firmware onto AWMS (Optional) Overview of the Device Setup > Upload Files Page Loading Firmware Files to AWMS Overview Loading Using of the Device Setup > Upload Files Page Firmware Files to AWMS Web Auth Bundles in AWMS Configuring Communication Settings for Discovered Devices To configure AWMS to communicate with your devices, to define the default shared secrets
Figure 24 Device Setup > Communication Page Illustration Perform the following steps to define the default credentials and SNMP settings for the wireless network. 1. On the Device Setup > Communication page, locate the Default Credentials area. Enter the credentials for each device model on your network. The default credentials are assigned to all newly discovered APs. 54 | Configuring AWMS Dell PowerConnect W AirWave 7.
The Edit button edits the default credentials for newly discovered devices. To modify the credentials for existing devices, use the APs/Devices > Manage page or the Modify Devices link on the APs/Devices > List page. Note: Community strings and shared secrets must have read-write access for AWMS to configure the devices. Without read-write access, AWMS may be able to monitor the devices but cannot apply any configuration changes. 2.
6. On the Device Setup > Communication page, locate the ICMP Settings section. Complete the settings or revise the default values as required. Table 23 itemizes the setting and default value of this section. Table 23 Device Setup > Communication > ICMP Settings Fields and Default Values Setting Default Description Attempt to ping down devices Yes Enables a function that applies when an AP is unreachable over SNMP. When Yes is selected, this option has AWMS attempt to ping the AP device.
Table 25 Cisco Aironet VxWorks User Creation Options Fields and Default Values Setting Default Description Do Not Modify Security/SNMP Settings N/A Enables AWMS using only an existing user account on the AP, as defined in the Cisco VxWorks Username/Password section in the Default Secrets area. This user account must have all permissions set. Create and Use Specified User N/A Enables AWMS to create a new user account, specified below, on each AP, with all permissions enabled. 9.
Loading Device Firmware onto AWMS (Optional) Overview of the Device Setup > Upload Files Page AWMS enables automated firmware distribution to the devices on your network. Once you have downloaded the firmware files from the vendor, you can upload this firmware to AWMS for distribution to devices via the Device Setup > Upload Files page. Figure 26 illustrates the Upload Files page, which lists all firmware files on AWMS with file information.
Table 27 Device Setup > Upload Files Fields and Default Values (Continued) Setting Default Description Firmware MD5 Checksum None Displays the MD5 checksum of the file after it was uploaded to AWMS. The MD5 checksum is used to verify that the file was uploaded to AWMS without issue. The checksum should match the checksum of the file before it was uploaded. Firmware File Size None Displays the size of the firmware file in bytes.
Table 28 Supported Firmware Versions and Features Fields and Default Values Setting Default Description Type None Indicates the firmware file is used with the specified type. If you select an IOS device from the Type drop-down menu, you have the option of choosing a server protocol of TFTP or FTP. If you choose FTP you may notice that the firmware files are pushed to the device more quickly. With selection of some Types, particularly Cisco controllers, you can specify the boot software version.
1. Navigate to the Device Setup > Upload Files page. This page displays any existing Web Auth bundles that are currently configured in AWMS, and allows you to add or delete Web Auth bundles. 2. Scroll to the bottom of the page. Click Add New Web Auth Bundle to create a new Web Auth bundle, or click the pencil icon next to an existing bundle to edit. You may also delete Web Auth bundles by selecting that bundle with the checkbox, and clicking Delete.
Configuring TACACS+ and RADIUS Authentication As an optional configuration, you can set AWMS to use an external user database to simplify password management for AWMS administrators and users.
Table 29 AMP Setup > Authentication Fields and Default Values (Continued) Field Default Description Secondary Server Port 1812 Enter the port for the secondary TACACS+ server. Secondary Server Secret N/A Enter the shared secret for the secondary TACACS+ server. 3. Click Save to retain these configurations, and continue with additional steps. 4. To configure Cisco ACS to work with AWMS, you must define a new service named AMP that uses https on the ACS server.
Configuring RADIUS Authentication and Authorization For RADIUS capability, you must configure the IP/Hostname of the RADIUS server, the TCP port, and the server shared secret. Perform these steps to configuration RADIUS authentication: 1. Navigate to the AMP Setup > Authentication page. This page displays current status of RADIUS. Figure 30 illustrates this page when neither TACACS+ nor RADIUS authentication is enabled in AWMS. Figure 30 AMP Setup > Authentication Page Illustration 2.
Integrating a RADIUS Accounting Server Note: AWMS checks the local username and password store before checking with the RADIUS server. If the user is found locally, the local password and local role apply. When using RADIUS, it is not necessary or recommended to define users on the AWMS server. The only recommended user is the backup administrator, in the event that the RADIUS server goes down. As an optional configuration, AWMS supports RADIUS server accounting.
Navigate to additional tabs in the AMP Setup section to continue additional setup configurations. Complete the required configurations in this chapter prior to proceeding to ensuing chapters of this document. Dell support remains available to you for any phase of AWMS installation. Configuring Cisco WLSE and WLSE Rogue Scanning The Cisco Wireless LAN Solution Engine (WLSE) includes rogue scanning functions that AWMS supports.
Grouping WDS Participation Primary or Secondary WDS Adding an ACS Server for WLSE 1. Navigate to the Devices > Discover > AAA Server page. 2. Select New from the drop-down list. 3. Enter the Server Name, Server Port (default 2002), Username, Password, and Secret. 4. Click Save. Enabling Rogue Alerts for Cisco WLSE 1. Navigate to the Faults > Network Wide Settings > Rogue AP Detection page. 2. Select the Enable toggle. 3. Click Apply.
Use these pages to make such configurations: 1. Navigate to Device > Discover > Advanced Options. 2. Select the method to bring APs into management Auto, or specify via filter. Inventory Reporting When new devices are managed, the WLSE generates an inventory report detailing the new APs. AWMS accesses the inventory report via the SOAP API to auto-discover access points.
2. If the AP is the Primary or Backup WDS, select Use the AP as Wireless Domain Services. Select Priority (set 200 for Primary, 100 for Secondary). Configure the Wireless Network Manager (configure the IP address of WLSE). 3. If the AP is Member Only, leave all options unchecked. 4. Navigate to the Security > Server Manager page. 5. Enter the IP address and Shared Secret for the ACS server. 6. Click the Apply button. 7. Navigate to the Wireless Services > WDS > Server Group page. 8.
1. To add a Cisco WLSE server to AWMS, navigate to the AMP Setup > WLSE page and click Add. Complete the fields in this page. Table 33 describes the settings and default values. Table 33 AMP Setup > WLSE Fields and Default Values Setting Default Description Hostname/IP Address None Designates the IP address or DNS Hostname for the WLSE server, which must already be configured on the Cisco WLSE server. Protocol HTTP Specifies the protocol to be used when polling the WLSE.
Configuring ACS Servers This is an optional configuration. The AMP Setup > ACS page allows AWMS to poll one or more Cisco ACS servers for wireless username information. When you specify an ACS server, AWMS gathers information about your networks wireless users. Refer to the “Configuring TACACS+ and RADIUS Authentication” on page 62 section if you want to use your ACS server to manage your AWMS users. Perform these steps to configure ACS servers: 1. Navigate to the AMP Setup > ACS page.
4. Click Add to finish creating the new ACS server, or click Save to finish editing an existing ACS server. 5. The ACS server must have logging enabled for passed authentications. To configure your ACS server to log the required information, you must enable the Log to CSV Passed Authentications report option, as follows: Log in to the ACS server, select System Configuration, then in the Select frame, click the Logging link. Under Enable Logging, click the CSV Passed Authentications link.
Integrating AWMS with an Existing Network Management Solution (NMS) This is an optional configuration. The AMP Setup > NMS configuration page allows AWMS to integrate with other Network Management Solution (NMS) consoles. This configuration enables advanced and interoperable functionality as follows: AWMS can forward WLAN-related SNMP traps to the NMS, or AWMS can send SNMPv1 or SNMPv2 traps to the NMS. AWMS can be used in conjunction with Hewlett-Packard’s ProCurve Manager.
Table 35 AMP Setup > NMS Integration Add/Edit Fields and Default Values Setting Default Description Hostname None Cites the DNS name or the IP address of the NMS. Port 162 Sets the port AWMS uses to communicate with the NMS. NOTE: AWMS generally communicates via SNMP traps on port 162. Community String None Sets the community string used to communicate with the NMS. SNMP Version v2C Sets the SNMP version of the traps sent to the Host.
PCI Auditing in the AWMS Interface PCI Auditing in AWMS allows you to monitor, audit, and demonstrate PCI compliance on the network. There are five primary pages in which you establish, monitor, and access PCI auditing, as follows: The AMP Setup > PCI Compliance page enables or disables PCI Compliance monitoring on the network, and displays the current compliance status on the network. See “Enabling or Disabling PCI Auditing” on page 76.
Table 36 PCI Requirements and Support in AWMS PCI Requirement Description 2.1.1 Changing vendor-supplied defaults for wireless environments When Enabled: A device fails requirement 2.1.1 if the passphrases, SSIDs, or other security-related settings are on a list of forbidden values that AWMS establishes and tracks. The list includes common vendor default passwords. The user can input new values to achieve compliance.
Figure 39 Default Credential Compliance for PCI Requirements 4. Click Save to retain the settings. The PCI Compliance page should reflect changes on the next viewing. 5. To view and monitor PCI auditing on the network, use generated or daily reports. See Chapter 9, “Creating, Running, and Emailing Reports” . In addition, you can view the real-time PCI auditing of any given device online. Perform these steps: a.
General Configuration Tasks Supporting WMS Offload in AWMS WMS Offload must be enabled with a six-fold process and related configuration tasks, as follows: 1. Configure WLAN switches for optimal AWMS monitoring. Disable debugging. Ensure AWMS server is a trap receiver host. Ensure proper traps are enabled. 2. Configure AWMS to optimally monitor the Dell PowerConnect W infrastructure. Enable WMS offload. Configure SNMP communication.
Chapter 4 Configuring and Using Device Groups in AWMS This chapter describes the deployment of device groups within AWMS. The section below describes the pages or focused sub-menus available on the Groups tab. Note that the available sub-menus can vary significantly from one device group to another—one or more sub-menus may not appear, depending on the default group display option selected on the AMP Setup > General page and the types of devices you add to AMP.
layout and terminology. Bulk configuration for per-thin AP settings, previously configured on the Group LWAPP APs tab, can now be performed from Modify Devices on the APs/Devices List page. Refer to “Configuring Cisco Controller Settings” on page 110. PTMP/WiMAX—This page defines settings specific to Proxim MP devices when present. Refer to “Configuring Group PTMP/WiMAX Settings” on page 112. Proxim Mesh—This page defines mesh AP settings specific to Proxim devices when present.
Group configuration can be enhanced with the AWMS Global Groups feature; this feature allows you to create global groups with master configurations that are pushed to individual subscriber groups. More information is available in page 125 as well as the section on the “Supporting AWMS Stations with the Master Console” on page 239. Viewing All Defined Device Groups To display a list of all groups that have been defined in AWMS, browse to the Groups > List page, illustrated in Figure 40.
Table 37 Groups > List Page Fields and Default Values (Continued) Column Description Up/Down Status Polling Period Column represents the time between Up/Down SNMP polling periods for each device in the group. Detailed SNMP polling period information is available on the Groups > Basic configuration page. Note that by default, most polling intervals do not match the up/down period.
APs/Devices > Ignored Users > Connected Users > All Users > Guest Users Users > Tags Reports > Generated Reports > Definitions (defining report setup) Device Setup > Discover Device Setup > Aruba Configuration (and several additional pages in this section) AMP Setup > NMS AMP Setup > RADIUS Accounting RAPIDS > Rogue APs RAPIDS > Score Override Configuring Basic Group Settings The first default device group that AWMS sets up is the Access Points group, but
Figure 42 Groups > Basic Page Illustration 3. Define the settings in the Basic and Global Group sections. Table 38 describes several typical settings and default values of this Basic section. 84 | Configuring and Using Device Groups in AWMS Dell PowerConnect W AirWave 7.
Table 38 Basic and Global Group Fields and Default Values Setting Default Description Name Defined when first adding the group Displays or changes the group name. As desired, use this field to set the user-definable name to uniquely identify the group by location, vendor, department, or any other identifier (such as “Accounting APs,” “Floor 1 APs,” “Cisco devices,” “802.1x APs,” and so forth).
Table 39 SNMP Polling Period Fields and Default Values (Continued) Setting Default Description CDP Neighbor Data Polling Period 30 minutes Sets the frequency in which this group polls the network for Cisco Discovery Protocol (CDP) neighbors. 5. Record additional information and comments about the group in the Notes section. 6. To configure which options and tabs are visible for the group, complete the settings in the Group Display Options section. Table 40 describes the settings and default values.
8. To configure Spanning Tree Protocol on WLSE devices and Proxim APs, locate the Spanning Tree Protocol section on the Groups > Basic configuration page. Adjust these settings as required. Table 42 describes the settings and default values. Table 42 Spanning Tree Protocol Fields and Default Values Setting Default Description Spanning Tree Protocol No Enables or disables Spanning Tree Protocol on WLSE devices and Proxim APs. Bridge Priority 32768 Sets the priority for the AP.
11. To configure settings specific to Cisco WLC, locate the Cisco WLC section and adjust these settings as required. Table 45 describes the settings and default values. Table 45 Cisco WLC Fields and Default Values Setting Default Description SNMP Version 2c Drop-down menu specifies the version of SNMP used by AWMS to communicate to WLC controllers. CLI Communication Telnet Sets the protocol AWMS uses to communicate with Cisco IOS devices.
Table 47 HP ProCurve 420 Fields and Default Values Setting Default Description SNMP Version 2c Drop-down menu specifies the version of SNMP used by AWMS to communicate to the AP. Note: DST Start Month, Start Day, End Month and End Day are only visible if Daylight Saving Time is enabled in the NTP section of the Groups > Basic configuration page. 14. To configure Symbol or Intel-specific settings, locate the Symbol/Intel section and adjust these settings as required.
16. To configure settings for 3Com, Enterasys, Nortel, or Trapeze devices, locate the 3Com/Enterasys/Nortel/ Trapeze section and adjust these settings as required. Table 50 describes the settings and default values of this section. Table 50 3Com/Enterasys/Nortel/Trapeze Fields and Default Values Setting Default Description SNMP Version 2c Drop-down menu specifies the version of SNMP used by AWMS to communicate to the AP. 17.
Configuring Group Security Settings The Groups > Security page allows you to set security policies for APs in a device group. Perform these steps. 1. Select the device group for which to define security settings from the Groups > List page. 2. Select the Groups > Security page. Some controls on this page interact with additional AWMS pages. Figure 43 illustrates this page and Table 53 explains the fields and default values.
Table 53 Groups > Security Page Fields and Default Values (Continued) Setting Default Description Permit RADIUS-Assigned Dynamic VLANs No This setting enables dynamic VLANs to be assigned by the RADIUS server. This setting is supported only for HP ProCurve 420. VLAN ID Format Hex This setting defines the naming convention for VLANs to be supported in AWMS. The supported naming formats are ASCII and Hexadecimal.
Table 53 Groups > Security Page Fields and Default Values (Continued) Setting Default Description Authentication Profile Name Accounting For Proxim devices only, this field sets the name of the accounting profile to be supported in this device group. Authentication Profile Index 3 For Proxim devices only, this field sets the name of the accounting profile index to be supported in this device group.
Configuring Group SSIDs and VLANs The Groups > SSIDs configuration page allows you to create and edit SSIDs and VLANs that apply to a device group. Perform these steps to create or edit VLANs and to set SSIDs. Note: WLANs that are supported from one or more Cisco WLC controllers can be configured on the Groups > Cisco WLC Config page. Figure 44 illustrates an example of the Groups > SSIDs page. Figure 44 Groups > SSIDs Page Illustration Note: AWMS reports users by radio and by SSID.
Table 54 Groups > SSIDs Fields and Descriptions Field First or Second Radio Primary Specifies which VLAN to be used as the primary VLAN. A primary VLAN is required. NOTE: If you create an Open network (see Create Closed Network below) in which the APs broadcast an SSID, the Primary SSID is the one that is broadcast. Native VLAN Selects this VLAN to be the native VLAN. Native VLANs are untagged and typically used for management traffic only. AWMS requires a Native VLAN to be set.
Table 55 Groups > SSIDs > SSID/VLAN Section Fields and Default Values (Continued) Setting Default Description Name None Sets a user-definable name associated with SSID/VLAN combination. VLAN ID None Indicates the number of the VLAN designated as the Native VLAN, typically for management purposes Service Priority (Cisco VxWorks only) None Identifies the delivery priority which packets receive on the VLAN/SSID (VxWorks only).
Table 57 Groups > SSIDs > EAP Options Section Fields and Default Values Setting Default Description WEP Key Rotation Interval (seconds) 120 Time (in seconds) between WEP key rotation on the AP. Cisco TKIP No If enabled, Cisco Temporal Key Integrity Protocol (TKIP) provides per-packet key mixing, a message integrity check and a re-keying mechanism, thus fixing the flaws of WEP. NOTE: TKIP can only be enabled when EAP-based security is used.
10. Click Save to retain these Security configurations for the group, click Save and Apply to retain and push these configurations, or click Revert to return to the last saved security settings for this group. 11. Continue with additional security-related procedures in this document for additional TACACS+, RADIUS, and SSID settings for device groups, as required. Adding and Configuring Group AAA Servers Configure RADIUS servers on the Group > AAA Servers page.
Table 60 Adding a RADIUS Server Fields and Default Values Setting Default Description Hostname/IP Address None Sets the IP Address or DNS name for RADIUS Server. NOTE: IP Address is required for Proxim/ORiNOCO and Cisco Aironet IOS APs. Secret and Confirm Secret None Sets the shared secret that is used to establish communication between AWMS and the RADIUS server. NOTE: The shared secret entered in AWMS must match the shared secret on the server.
Configuring Radio Settings for Device Groups The Groups > Radio configuration page allows you to specify detailed RF-related settings for devices in a particular group. Note: If you have existing deployed devices, you may want to use the current RF settings on those devices as a guide for configuring the settings in your default Group. Perform the following steps to define RF-related radio settings for groups. 1.
3. Locate the Radio Settings area and adjust these settings as required. Table 61 describes the settings and default values. Table 61 Groups > Radio Fields and Default Values Setting Default Description Allow Automatic Channel Select (2.4, 5 GHz and 4.9GHz) No If enabled, whenever the AP is rebooted it uses its radio to scan the airspace and automatically select its optimal RF channel based on observed signal strength from other radios.
4. Certain wireless access points offer proprietary settings or advanced functionality that differ from prevailing industry standards. If you use these APs in the device group, you may wish to take advantage of this proprietary functionality. To configure these settings, locate the proprietary settings areas on the Groups > Radio page and continue with the additional steps in this procedure.
Table 64 Enterasys AP3000 and Enterasys AP4102 > Proprietary Settings Fields and Default Values Setting Default Description 802.11a Multicast Data Rate 6 Mbps Drop-down menu that specifies the a radio multicast data rate. 802.11b/g Multicast Data Rate 5.5 Mbps Drop-down menu that specifies the b/g multicast data rate. Rogue Scanning Enabled If enabled AP 3000s and 4102s in the group with firmware 3.1.
Table 66 Groups > LWAPP APs, Proprietary Settings Fields and Default Values Setting Default Description Load Balancing No If enabled, this setting allows client devices associating to an AP with two radio cards to determine which card to associate with, based on the load (# of clients) on each card. NOTE: This feature is only available when two 802.11b wireless cards are used in an AP-2000.
11. To configure Colubris-only settings in this device group, locate the Colubris section and define the required fields. Table 68 describes the settings and default values. Table 68 Colubris-only Fields and Default Values Setting Default Description Rogue Scanning Yes If enabled, Colubris access points in the group will passively scan for rogue access points at the specified interval. This rogue scan will not break a user’s association to the network.
An Overview of Cisco WLC Configuration The Groups > Cisco WLC Config page consolidates the settings for Cisco WLC devices from all group pages. The Groups > SSIDs subtab applies to all device types except for Cisco WLC, which have WLANs configured on the Cisco WLC Config page. It is not recommended to have HP Procurve 420s, Symbol 4131 and Proxim APs in the same group as Cisco devices. Also, it is recommended that users set device preferences to “Only devices in this group.
Configuring WLANs for Cisco WLC Devices In Cisco WLC Config, WLANs are based on SSIDs or VLANs that are dedicated to Cisco WLC controllers. Perform the following steps to define and configure WLANs for Cisco WLC controllers. 1. Navigate to the Groups > Cisco WLC Config page, and click WLANs in the navigation pane at left. This page displays the SSIDs or VLANs that are available for use with Cisco WLC devices, and enables you to define new SSIDs or VLANs. Figure 51 illustrates this page. 2.
Figure 52 Groups > Cisco WLC Config > WLANs > Add New SSID/VLAN > General Tab Illustration Figure 53 Groups > Cisco WLC Config > WLANs > Add New SSID/VLAN > Security Tab Illustration Figure 54 Groups > Cisco WLC Config > WLANs > Add New SSID/VLAN > QoS Tab Illustration 108 | Configuring and Using Device Groups in AWMS Dell PowerConnect W AirWave 7.
Figure 55 Groups > Cisco WLC Config > WLANs > Add New SSID/VLAN > Advanced Tab Illustration Defining and Configuring LWAPP AP Groups for Cisco Devices The Groups > Cisco WLC Config > WLANs > Advanced > AP Groups page allows the user to add/edit/delete AP Groups on the Cisco WLC. LWAPP AP Groups are used to limit the WLANs available on each AP. Cisco thin APs are assigned to LWAPP AP Groups. Viewing and Creating AP Groups 1.
Configuring Cisco Controller Settings The Groups > Cisco WLC Config > Controller page defines general Cisco WLC settings, Cisco mobility groups to be supported on Cisco controllers, Network Transfer Protocol (NTP), and Spanning Tree Protocol settings. Navigate to the Groups > Cisco WLC Config > Controller page. This navigation is illustrated in Figure 57.
Figure 59 Groups > Cisco WLC Config > Security Navigation Illustration Configuring Management Settings for Cisco AWMS allows you to configure of SNMP and Syslog Server settings for Cisco WLC controllers. Users should be able to configure up to four trap receivers on the Cisco WLC including the AMP IP that can be used in global groups. To define SNMP and server settings, navigate to the Groups > Cisco WLC Config > Management page, illustrated in Figure 60.
Configuring Group PTMP/WiMAX Settings The Groups > PTMP/WiMAX configuration page configures Point-to-Multipoint and WiMAX settings for all subscriber and base stations in the device group. Subscriber stations must be in the same group as all base stations with which they might connect. Packet identification rules (PIR) are used to identify traffic types. Service flow classes define the priority given to traffic.
Table 71 Groups > PTMP/WiMAX Fields and Default Values Setting Default Description 802.11g Radio Channel 10 Selects the channel used for 802.11g radios by the devices in this group. Channel Bandwidth 20 Defines the channel bandwidth used by the devices in this group. Network Name Wireless Network Sets the Network name, with a range of length supported from two to 32 alphanumeric characters. Network Secret None Sets a shared password to authenticate clients to the network. 4.
Table 72 PTMP/WiMAX Configuring Packet Identification Rules Fields and Default Values Setting Default Description Mask (positive integer) 0 Specifies the TOS mask used to identify packets. Use Ethernet Type No Identifies packets based on Ethernet type settings. Ethernet Type DIX SNAP Drop-down menu specifies the Ethernet types used to identify a packet. Ethernet Value (positive integer) 0 Identifies packets that have a specific ethernet value.
Table 73 Groups > PTMP/WiMAX Configure Service Flow Classes Fields and Default Values Setting Default Description Name None Text field defines the name of the Service Flow Class. The name should be meaningful and descriptive. The name is used to define the subscriber station class. Scheduling Type Best Effort Drop-down menu specifies the scheduling priority for the Service Flow Class.
Configuring Proxim Mesh Radio Settings 1. Navigate to the Groups > Proxim Mesh configuration page to configure Mesh-specific radio settings. 2. Define the settings as required for your network. Figure 65 illustrates this page. Table 74 and Table 76 describe the settings and default values. Figure 65 Groups > Proxim Mesh Page Illustration The General section contains settings for mesh radio, number of mesh links, RSSI smoothing, roaming threshold and de-auth client.
Table 77 Groups > Mesh Radio Settings > Mesh Count Matrix Fields and Default Values Setting Default Description Hop Factor 5 Sets the factor associated with each hop when calculating the best path to the portal AP. Higher factors will have more impact when deciding the best uplink. Maximum Hops to Portal 4 Set the maximum number of hops for the AP to reach the Portal AP. RSSI Factor 5 Sets the factor associated with the RSSI values used when calculating the best path to the portal AP.
Configuring Group MAC Access Control Lists This configuration is optional. If you use Symbol 4121/4131, Intel 2011/2011b, Proxim AP-600, AP-700, AP-2000, AP-4000, Avaya AP-3/4/5/6/7/8, or ProCurve 520WL wireless access points, AWMS enables you to specify the MAC Addresses of devices that are permitted to associate with APs in the Group. Other devices are not able to associate to APs in the Group, even if the users of those devices are authorized users on the network.
Specifying Minimum Firmware Versions for APs in a Group This configuration is optional. AWMS allows you the option of defining the minimum firmware version for each AP type in a group on the Groups > Firmware configuration page. At the time that you define the minimum version, AWMS automatically upgrades all eligible APs. When you add APs into the group in the future, you will be able to upgrade APs in manual fashion. The firmware for an AP is not upgraded automatically when it is added to a group.
8. From the list of groups, check the Default radio button next to the desired default group to make it the default. Comparing Device Groups You can compare two existing device groups with a detailed line-item comparison. Group comparison allows several levels of analysis to include the following: Compare performance, bandwidth consumption, or troubleshooting metrics between two groups. Debug one device group against the settings of a similar and better performing device group.
You can change the configuration for either or both groups by clicking Edit in the corresponding column heading. The appropriate configuration page appears. If you make and save changes to either or both groups, navigate back to the Groups > List page and click Compare two groups. Select the same two groups again for updated information. Additional topics in this document or in the Aruba Configuration Guide describe the many fields that can appear on the Groups > List > Compare page.
Schedule—This button schedules the changes to be applied to this group in the future. Enter the desired change date in the Start Date/Time field. AWMS takes the time zone into account for the group if a time zone other than AWMS System Time has been configured on the Group > Basic configuration page. Cancel—This button cancels the application of changes (immediately or scheduled).
Figure 70 Modify Multiple Devices Section Illustration 3. Select one or more devices that are to share the configurations. Click inside the checkbox for each device to modify. 4. In the Modify Multiple Devices section, click any button or use any drop-down menu for the supported changes. Any action you take applies to all selected devices. Each action you take will direct you to a new configuration page, or prompt you with a confirmation page to confirm your changes. 5.
Table 78 Modify Multiple Devices Section Fields and Default Values Action Description Move to Dell PowerConnect W AP Group Moves the selected APs to a new group or folder. If the AP is in managed mode when it is moved to a new group it will be reconfigured. Desired Radio Status Enables or disables the radios on the selected device. Does not apply Cisco IOS APs.
Using Global Groups for Group Configuration To apply group configurations using the AWMS global groups feature, first navigate to the Groups > List configuration page. Click the Add button to add a new group, or click the name of the group to edit settings for an existing group. Click the Duplicate icon to create a new group with identical configuration to an existing group. To have global group status, a group must contain no devices; accordingly, access points can never be added to a global group.
Figure 73 Groups > Basic > Managed Page Illustration Once the configuration is pushed, the unchecked fields from the global group appears on the subscriber group as static values and settings. Only fields that had the override checkbox selected in the global group appear as fields that can be set at the level of the subscriber group. Any changes to a static field must be made on the global group.
Chapter 5 Discovering, Adding, and Managing Devices This chapter describes how to add, configure and monitor devices, both wired and wireless, and contains the following sections, corresponding to features of the AMP Device Setup tab: “Device Discovery Overview” on page 127 “Discovering and Adding Devices” on page 127 “Monitoring Devices” on page 142 “Configuring and Managing Devices” on page 158 “Troubleshooting a Newly Discovered Device with Down Status” on page 172 Device Discovery Ov
SNMP/HTTP Scanning SNMP/HTTP scanning is the primary method for discovering devices on your network, including the discovery of rogue devices. Enable this scanning method from the Device Setup > Discover page. SNMP/HTTP scanning information is provided in these sections: Adding Networks for SNMP/HTTP Scanning—explains how to enable networks that have been defined for scanning. Adding Credentials for SNMP/HTTP Scanning—explains how to define network credentials for scanning.
Figure 76 Device Setup > Discover > New Network Section Illustration 3. In the Name field, provide a name for the network to be scanned (for example, Accounting Network). 4. In the Network field, define the IP network range, or the first IP address on the network, to be scanned. One example would be 10.52.0.0. 5. Enter the Subnet Mask for the network to be scanned (for example, 255.255.252.0). The largest subnet AWMS supports is 255.255.0.0. 6. Click Add. 7.
5. Define and confirm the Community String to be used during scanning. In this section, the community string used can be either read-only or read/write, as AWMS only uses it for discovering APs. To bring APs under management, AWMS uses the credentials supplied in the Device Setup > SNMP page. Note: AWMS automatically appends the type of scan (SNMP or HTTP) to the Label. 6. Click Add. The Device Setup > Discover page displays the new scan credential or credentials just created or edited. 7.
Figure 79 Device Setup > Discover > Add New Scan Set Page Illustration 3. Select the Network(s) to be scanned and the Credential(s) to be used. You may select as many networks and credentials as you would like. AWMS defines a unique scan for each Network-Credential combination. 4. Click the Add button to create the selected scans. The newly defined scans appear in a list at the top of the Device Setup > Discover page. 5.
Figure 80 Device Setup > Discover > Executing a Scan Illustration 2. Check the box next to the scan(s) that you would like to execute. 3. Click Scan to execute the selected scans, and the scan immediately begins. The Stop column reads In Progress. 4. For future scans, click Show Scheduling Options and enter the desired date and time to schedule a future scan. 5.
Figure 81 APs/Devices > New Page Illustration What Next? To assign one or more devices to a group, see “Assigning Devices to AWMS from APs/Devices > New Page” on page 134. To delete a device altogether from AWMS, select the corresponding check box for each device, and click Delete. Aruba and some Cisco devices can also be added to an Aruba AP Group or an LWAPP AP Group when they are authorized. Dell PowerConnect W AirWave 7.
Enabling Cisco Discovery Protocol (CDP) CDP uses the polling interval configured for each individual switch or router on the Groups > List page. AWMS requires read-only access to a router or switch for all subnets that contain wired or wireless devices. As AWMS adds each router or switch, AWMS pings that device and initiates a connection using SNMP with the specified community string. This verifies that the proper IP address and community string have been provided.
Figure 82 APs/Devices > New 2. Select the group and folder to which the device will be added from the drop-down menu (the default group appears at the top of the Group listing). Note that devices cannot be added to a Global Group; groups designated as Global Groups cannot contain access points. 3. Select either the Monitor only or the Manage read/write radio button and click the Add button.
Note: If you select Manage Select Devices, AWMS automatically overwrites existing device settings with the specified Group settings. Aruba strongly recommends placing newly discovered devices in Monitor mode until you can confirm that all group configuration settings are appropriate for that device. 4. If you do not wish to manage or monitor a discovered device, you may select the device(s) from the list and click either Ignore Selected Devices or Delete Selected Devices.
2. Click Add, and the Device Communications and Location sections appear, illustrated in Figure 84. Figure 84 Device Setup > Add > Device Communications and Location Page Illustration 3. Complete these Communications and Location settings for the new device. Table 80 further describes the contents of this page. Note that settings may differ from device to device. In several cases, the default values from any given device derive from the Device Setup > Communication page.
Table 80 Device Communications and Location Fields and Default Values Setting Default Description Privacy Password (Confirm) Taken from the Device Setup > Communication page SNMPv3 privacy password. SNMPv3 Auth Protocol Taken from the Device Setup > Communication page Drop-down menu that allows you to enable the SNMPv3 authentication protocol to the device being added.
Adding Multiple Devices from a CSV File Adding devices in bulk from a CSV file to AWMS is another option for adding all device types. Here you also have the option of specifying vendor name only, and AWMS will automatically determine the correct type while bringing up the device. Note that if your CSV file includes make and model information, AWMS will add the information provided in the CSV file as it did before. It will not override what you have specified in this file in any way.
Figure 86 Device Setup > Add > Import Devices via CSV Page Illustration 3. Select a group and folder into which to import the list of devices. 4. Click the Browse... button and navigate to the CSV list file. 5. Click Upload to add the list of devices into AWMS. The AWMS user interface provides additional instructions, supporting links, and examples of CSV file contents.
Figure 87 Device Setup > Add Page Illustration 2. Click Add. Large numbers of Universal Network Devices can be added from a CSV file by clicking the Import Devices via CSV link. 3. Enter the name, IP address and read-only SNMP community string for the device. 4. Select the appropriate group and folder. 5. Click Add. All universal devices are added in Monitor Only mode. AWMS collects basic information about universal devices, including name, contact, uptime and location.
Figure 88 APs/Devices > Ignored Page Illustration This page provides the following information for any ignored device: device name or MAC address, when known controller associated with that device device type device IP address LAN MAC address for the LAN on which the device is located date and time of device discovery 2.
1. Browse to the APs/Devices > List page, which lists all devices that are managed or monitored by AWMS. Using the drop-down menu at the top of the Activity Area, you can determine whether to view all devices or only the devices from a specified folder. A lock icon in the Configuration column indicates that the device is in Monitor only mode. Figure 89 illustrates this page. Figure 89 APs/Devices > List (partial split view accounts for horizontal scrolling) Dell PowerConnect W AirWave 7.
2. Verify that the devices you added are now appearing in the devices list with a Status of Up. Note: Immediately after you have added the device to a group, notice the device Status change to Down while AWMS brings up the device and fetches the configuration from the device to compare it to the group settings. The device Status will change to Up when verification is complete. The same section also appears on the Groups > Monitor page, and is hyperlinked from a controller's monitoring interface. 3.
Figure 91 APs/Devices > List > AMP Alerts IDS Events—Clicking this link takes you to the IDS Events Summary page, which cites detailed information according to folder. Figure 92 APs/Devices > List, Alert Summary, IDS Events Summary Page Illustration Incidents—Clicking this link takes you to the Incidents Summary page, which cites all Helpdesk incidents and provides detailed information. Helpdesk incidents are opened with the Helpdesk tab.
Figure 93 APs/Devices > List, Alert Summary, Incidents Summary RADIUS Authentication Issues—Click this link to go to the related Summary page, to include groupings of RADIUS Authentication issues by type, and all such issues listed in chronological sequence and by folder. Figure 94 illustrates this page.
Figure 95 APs/Devices > List Page Showing Path to Monitor Page All Monitor pages include a section at the top displaying information such as monitoring/configuration status, serial number, firmware version and so on, as shown in Figure 96. Figure 96 Monitoring Page Top Level Data Common to All Device Types The alert summary, events and audit log sections are also the same regardless of device type and these sections appear at the bottom of these pages, a portion of which is shown in Figure 97.
Figure 97 Monitoring Page Bottom Level Data Common to All Device Types Monitoring pages vary slightly according to whether they are wired routers/switches or controllers/WLAN switches, or thin or fat APs. These differences are discussed in the sections that follow. Monitoring Data Specific to Wireless Devices APs/Devices > Monitor for controllers and APs include a graph for users and bandwidth. The controller graph lists the APs connected to it, while the APs include a list of users it has connected.
Figure 98 APs/Devices > Monitor Page for Wireless Devices (partial view) Table 82 describes the fields and information displayed in the General field. Table 82 APs/Devices > Monitor > General Fields and Default Values Field Description Poll Controller Now Button immediately polls the individual AP or the controller for a thin AP; this overrides the group's preset polling intervals to force an immediate update of all data except for rogue information. Shows “attempt” status and last polling times.
Table 82 APs/Devices > Monitor > General Fields and Default Values (Continued) Field Description Configuration Good means all the settings on the AP agree with the settings AWMS wants them to have. Mismatched means there is a configuration mismatch between what is on the AP and what AWMS wants to push to the AP. The Mismatched link directs you to this specific APs/Devices > Audit page where each mismatch is highlighted. Firmware Displays the firmware version running on the AP.
Table 82 APs/Devices > Monitor > General Fields and Default Values (Continued) Field Description Bandwidth Displays the amount of bandwidth being pushed through the corresponding radio interface or device at the time of the last polling. MAC Address Displays the MAC address of the corresponding radio in the AP. Last RAD Scan Displays the last time the device performed a wireless rogue scan and the number of devices discovered during the scan.
Table 84 APs/Devices > Monitor > Connected Users Fields and Default Values (Continued) Field Description Auth. Type Displays the type of authentication employed by the user. Supported auth types are as follows: EAP—Extensible Authentication Protocol, only reported by Cisco VxWorks using SNMP traps. PPTP—Point-to-Point Protocol, supported by Colubris APs acting as VPNs. RADIUS accounting—RADIUS accounting servers integrated with AWMS provide the RADIUS Accounting Auth type.
Table 86 APs/Devices > Monitor > Recent Events Fields and Default Values Field Description Time Displays the day and time the event was recorded. User Displays the user that triggered the event. Configuration changes are logged as the AWMS user that submitted them. Automated AWMS events are logged as the System user. Event Displays a short text description of the event.
Figure 100 APs/Devices > Interfaces Page for Wired Devices (partial view) . The Interfaces page includes a summary of all the interfaces at the top. In case of the stacked switches, the master includes the interfaces of all the members including its own. The physical and the virtual interfaces are displayed in separate tables, labelled Physical and Virtual. AWMS now monitors Up/Down status and bandwidth information on all interfaces.
Figure 101 Individual Interface Monitoring Page . An individual Interface monitoring page includes is comprised of 2 panes. Specifics of the interface are in the upper pane, as depicted in Figure 102. Figure 102 Individual Interface Operational Status Information Pane . Bandwidth, and various standard and enterprise specific error counting information is displayed in the lower pane in a tabbed graph as shown in Figure 103. Figure 103 Individual Interface Bandwidth and Error Counting Graph .
above a device table, will take you to the appropriate Management page (APs/Devices > Manage). See “Configuring and Managing Devices” on page 158 for more information, and detailed procedures. Auditing Device Configuration When you have added a newly discovered device successfully to a Group in Monitor mode, the next step is to verify device configuration status. Determine whether any changes will be applied to that device when you convert it to Managed read/write mode.
Using Device Folders (Optional) The devices on the APs/Devices List pages include List, Up, Down, and Mismatched fields. These devices are arranged in groups called folders. Folders provide a logical organization of devices unrelated to the configuration groups of the devices. Using folders, you can quickly view basic statistics about devices. You must use folders if you want to limit the APs and devices AWMS users can see. Figure 105 and Figure 106 illustrate this component.
4. Click Add. Once a new folder has been created, devices can be moved into it using the Modify Devices link or when New Devices are added into AWMS.
Figure 107 APs/Devices > Manage > General Section Illustration 3. Click Manage Read/Write on the Management Mode radio button to shift the device from Monitor Only to Manage Read/Write mode. 4. Click Save and Apply to retain these settings and to push configuration to the device. 5. AWMS presents a confirmation window reminding you of all configuration changes that will be applied to the device in Manage mode. 6.
Figure 108 APs/Devices > Manage Page Illustration If any changes are scheduled for this AP they appear in a Scheduled Changes section at the top of the page above the other fields. The linked name of the job takes you to the System > Configuration Change Job Detail page for the job. 2. Locate the General section—this section provides general information about the APs current status. Table 87 describes the fields, information, and settings.
Table 87 APs/Devices > Manage > General Fields and Default Values Message Meaning Name Displays the name currently set on the device. Status Displays the current status of an AP. If an AP is Up, then AWMS is able to ping it and fetch SNMP information from the AP. If the AP is listed Down then AWMS is either unable to ping the AP or unable to read the necessary SNMP information from the device. Configuration Displays the current configuration status of the AP.
Table 88 APs/Devices > Manage > Settings Fields and Default Values (Continued) Setting Default Device Type Description Longitude None All Text field for entering the longitude of the device. The longitude is used with the Google earth integration. Altitude (meters) None All Text field for entering the altitude of the device when known. This setting is used with the Google earth integration. Specify altitude in meters.
Table 89 APs/Devices > Manage Page Illustration, Additional Settings Setting Default Device Type Description Dynamic Data Rate Selection Enabled PTMP/WiMAX Allows subscribers to receive the maximum data rate possible. Subscriber Station Class G711 VoIP UGS WiMAX Subscriber Stations Defines the subscriber station class for the AP. Subscriber station classes are defined on the Groups > WiMAX page.
Table 89 APs/Devices > Manage Page Illustration, Additional Settings Setting Default Device Type Description Transmit Power Level Highest power level supported by the radio in the regulatory domain (country) Cisco, Colubris, Intel, Symbol, Proxim AP-600, AP-700, AP-2000 (802.11g) Determines the power level of radio transmission. Government regulations define the highest allowable power level for radio devices.
Table 90 APs/Devices > Manage > IOS Template Options Fields and Default Values Setting Default Device Type Description WDS Role Client Cisco IOS Wireless LAN Controllers (only) Set the WDS role for this AP. Select Master for the WDS master APs and Client for the WDS Client. Once this is done you can use the %if wds_role= % to push the client, master, or backup lines to appropriate WDS APs. SSL Certificate None Cisco IOS AWMS will read the SSL Certificate off of the AP when it comes UP in AWMS.
Figure 110 Add Virtual Interfaces Page for Wired Devices . New physical and virtual interfaces are discovered using SNMP polling as described in “SNMP/HTTP Scanning” on page 128. To refresh and reload all current interface information from a device, click Import Interfaces on the bottom of the page as shown in Figure 111. Figure 111 Import Interfaces for Refresh and Reload (lower portion of page) . You can view details for each interface on a wired device, from its individual interface page, as well.
Figure 112 Editing Individual Interfaces Page This takes you to the Interfaces Monitoring and Configuration window, that has a slightly different appearance depending on whether you are configuring a physical or virtual interface, as shown in Figure 113 and Figure 114.
Figure 115 Edit Multiple Interfaces You will remain on the same page, but will have the option to make changes to the most commonly edited settings in batch mode, as shown in Figure 116. Figure 116 Multiple Interface Edit UI AWMS assembles the entire running configuration using templates and your modifications to these pages. For a more detailed discussion on the use of templates, see Chapter 6, “Creating and Using Templates” on page 175.
Configuring Cisco Router and Switch Interface Settings When you select an interface on a Cisco wired device to edit in AWMS, the fields available in the virtual or physical Interface Configuration pane will auto-populate according to the existing interface device configuration as shown in Figure 117. Figure 117 Physical Interfaces Configuration Pane (Interfaces Monitoring and Configuration Window) Not all interface settings are valid for all switches.
Figure 118 APs/Devices > Manage > Device Communication Note: The Device Communication area may appear slightly different depending on the particular vendor and model of the APs being used. 3. Enter the appropriate Auth Password and Privacy Password. 4. You can disable the View AP Credentials link in AWMS by the root user. Contact Dell support for detailed instructions to disable the link. 5. (Optional-Not pictured.
Figure 119 APs/Devices > Manage Firmware Upgrades Table 91 APs/Devices > Manage Firmware Upgrades Fields and Default Values Setting Default Description Desired Version None Drop-down menu that specifies the firmware to be used in the upgrade. Firmware can be added to this drop-down menu on the Device Setup > Firmware Files page. Job Name None Sets a user-defined name for the upgrade job. Aruba recommends using a meaningful and descriptive name.
Troubleshooting a Newly Discovered Device with Down Status If the device status on the APs/Devices > List page remains Down after it has been added to a group, the most likely source of the problem is an error in the SNMP community string being used to manage the device. Perform the following steps to troubleshoot this scenario. 1. Click the Name of the down device in the list of devices on the APs/Devices > List page.
can show or hide this link. If you are interested in disabling this feature, please contact Dell supportFigure 121 illustrates this page. Figure 121 View AP Credentials Note: The View AP Credentials message may appear slightly different depending on the vendor and model. 5. If the credentials are incorrect, return to the Device Communications area on the APs/Devices > Manage page. Figure 122 illustrates this page.
6. Enter the appropriate credentials, and click Apply. 7. Return to the APs/Devices\ List page to see if the device appears with a Status of Up. 174 | Discovering, Adding, and Managing Devices Dell PowerConnect W AirWave 7.
Chapter 6 Creating and Using Templates This chapter provides an overview and several tasks supporting the use of device configuration templates in AWMS, and contains the following topics: “Group Templates” on page 175 “Viewing and Adding Templates” on page 177 “Configuring General Template Files and Variables” on page 181 “Configuring Cisco IOS Templates” on page 186 “Configuring Cisco Catalyst Switch Templates” on page 188 “Configuring Symbol Controller / HP WESM Templates” on page
Template Variables Variables in templates configure device-specific properties, such as name, IP address and channel. Variables can also be used to configure group-level properties, such as SSID and RADIUS server, which may differ from one group to the next.
Viewing and Adding Templates Perform these steps to display, add, or edit templates. 1. Navigate to the Groups > List page, and select a group for which to add or edit templates. This can be a new group, created with the Add button, or you can edit an existing group by clicking the corresponding pencil icon. The Groups > Basic page for that group appears. Additional information about adding and editing groups is described in “Configuring and Using Device Groups in AWMS” on page 79. 2.
Table 93 Groups > Templates Fields and Default Values (Continued) Setting Description Status Displays the status of the template. Fetch Date Sets the date that the template was originally fetched from a device. Version Restriction Designates that the template only applies to APs running the version of firmware specified. If the restriction is None, then the template applies to all the devices of the specified type in the group.
Figure 124 Groups > Templates > Add Template Page Illustration Dell PowerConnect W AirWave 7.
Table 94 Groups > Templates > Add Template Fields and Default Values Setting Default Description Use Global Template No Uses a global template that has been previously configured on the Groups > Templates configuration page. Available templates will appear in the drop-down menu. If Yes is selected you can also configure global template variables. For Symbol devices you can select the groups of thin APs to which the template should be applied.
Configuring General Template Files and Variables This section describes the most general aspects of configuring AP device templates and the most common variables: Configuring General Templates Using Template Syntax Using Directives to Eliminate Reporting of Configuration Mismatches Using Conditional Variables in Templates Using Substitution Variables in Templates Using AP-Specific Variables Configuring General Templates Perform the following steps to configure Templates within a Grou
7. Specify the device types for the template. The templates only apply to devices of the specified type. Specify whether AWMS should reboot the devices after a configuration push. If the Reboot Devices after Configuration Changes option is selected, then AWMS instructs the AP to copy the configuration from AWMS to the startup configuration file of the AP and reboot the AP.
Management mode. This removes the APs from Monitor mode (read-only) and instructs the AP to pull down its new startup configuration file from AWMS. Note: Devices can be placed into Management mode individually from the APs/Devices > Manage configuration page.
config file of a device. A command inside the push and exclude directive are included in the startup-config file pushed to a device, but AWMS excludes them when calculating and reporting configuration mismatches. Note: The opening tag may have leading spaces. Below are some examples of using directives: … line con 0 no stopbits line vty 5 15 ! ntp server 209.172.117.
Sometimes, the running-config file on the AP does not include the command for one of these variables because the value is set to the default. For example, when the "transmission power" is set to maximum (the default), the line "power local maximum" will not appear in the AP running-config file, although it will appear in the startupconfig file. AWMS would typically detect and flag this variance between the running-config file and startupconfig file as a configuration mismatch.
The power lines set the power local cck and ofdm values to the numerical values that are stored in AWMS. Configuring Cisco IOS Templates Cisco IOS access points have literally hundreds of configurable settings. For simplicity and ease of use, AWMS enables you to control them via the Groups > Templates configuration page. This configuration page defines the startup-config file of the devices rather than utilizing the AWMS normal Group configuration pages.
aaa group server radius wds server 10.2.25.162 auth-port 1645 acct-port 1646 wlccp authentication-server infrastructure method_wds wlccp wds priority 200 interface BVI1 wlccp ap username wlse password 7 095B421A1C %endif% The following example sets an AP as a WDS Master Backup with the following lines: %if wds_role=backup% aaa authentication login method_wds group wds aaa group server radius wds server 10.2.25.
Configuring Single and Dual-Radio APs via a Single IOS Template To configure single and dual-radio APs using the same IOS config template, you can use the interface variable within the %IF…% construct.
! configuration of RFS4000 version 4.2.1.0-005R ! version 1.4 ! ! aaa authentication login default local none service prompt crash-info ! network-element-id RFS4000 ! username admin password 1 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 username admin privilege superuser username operator password 1 fe96dd39756ac41b74283a9292652d366d73931f ! ! access-list 100 permit ip 192.168.0.
snmp-server manager v3 snmp-server user snmptrap v3 encrypted auth md5 0x1aa491f4ca7c55df0f57801bece9044c snmp-server user snmpmanager v3 encrypted auth md5 0x1aa491f4ca7c55df0f57801bece9044c snmp-server user snmpoperator v3 encrypted auth md5 0xb03b1ebfa0e3d02f50e2b1c092ab7c9f A sample Symbol Smart RF template is provided below for reference: radio %radio_index% radio-mac %radio_mac% %if radio_type=11a% radio %radio_index% coverage-rate 18 %endif% %if radio_type=11an% radio %radio_index% coverage-rate 18 %
%endif% %if radio_type=11bg% radio %radio_index% speed basic1 basic2 basic5p5 6 9 basic11 12 18 24 36 48 54 radio %radio_index% on-channel-scan radio %radio_index% adoption-pref-id 7 radio %radio_index% enhanced-beacon-table radio %radio_index% enhanced-probe-table %endif% %if radio_type=11bgn% radio %radio_index% speed basic11b2 6 9 12 18 24 36 48 54 mcs 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 %endif% radio %radio_index% channel-power indoor %channel% %transmit_power% %channel_attribute% %detector% %adoption
Figure 126 Template Variables Illustration The variable name cannot have any spaces or non-alphanumeric characters. The initial variable value entered is the default value, but can be changed on a per-group basis later. You can also populate global template variables by uploading a CSV file (see below). 5. Once you have configured your global template, click Add at the bottom of the configuration page. You are taken to a confirmation configuration page where you can review your changes. 6.
For more information on using templates in AWMS, see the previous section of this chapter. It is also possible to create local templates in a subscriber group—using global groups does not mean that global templates are mandatory. Dell PowerConnect W AirWave 7.
| Creating and Using Templates Dell PowerConnect W AirWave 7.
Chapter 7 Using RAPIDS and Rogue Classification This chapter provides an overview to rogue device detection using RAPIDS, and contains the following sections: “Overview Tab” on page 195 “List” on page 197 “RAPIDS Setup” on page 202 “RAPIDS Rules” on page 204 “Score Override” on page 210 “Audit Log” on page 212 “Additional Rogue Device Resources” on page 212 Overview Tab Rogue device detection is a core component of wireless security.
Figure 128 RAPIDS Overview tab 196 | Using RAPIDS and Rogue Classification Dell PowerConnect W AirWave 7.
Table 97 Overview Fields Summary Description IDS Events Displays a list of IDS events for the designated folder (Top is the default) and subfolders. Field displays events from the past two hours, the past 24 hours, and total IDS events. Names of attacks link to summary pages with more details. Rogue Data A summary of rogue device counts by RAPIDS classification in a color coded pie chart format and listed summary. View additional details for rogue devices via the RAPIDS > List page.
Table 98 RAPIDS > List Column Definitions Column Description Ack Displays whether or not the rogue device has been acknowledged. Devices can be acknowledged manually or you can configure RAPIDS so that manually classifying rogues will automatically acknowledges them. Additionally, devices can be acknowledged by using Modify Devices of the List page. Rogues should be acknowledged when the AWMS user has investigated them and determined that they are not a threat (see “Basic Configuration” on page 202).
Table 98 RAPIDS > List Column Definitions Column Description OS This field displays the OS of the device, as known. OS is the result of a running an OS port scan on a device. An IP addresses is required to run an OS scan. The OS reported here based on the results of the scan. Model Displays the model of rogue device, if known. This is determined with a fingerprint scan, and this information may not always be available. IP Address Displays the IP address of the rogue device.
Figure 130 Rogue APs Device Detail Page Note: The historical information displayed on the device detail page indicates the most recent discovery event per discovering device. Important things to remember regarding the information in the device detail page are: Users with the role of Admin can see all rogue AP devices. Users with roles limited by folder can see a rogue AP if there is at least one discovering device that they can see.
You can use the global filtering options on the RAPIDS > Setup page to filter rogue devices according to signal strength, ad-hoc status, and discovered by remote APs. VisualRF uses the heard signal information to calculate the physical location of the device. If the device is seen on the wire, RAPIDS reports the switch and port for easy isolation.
Note: Be aware that not all rogue discovery methods will have all information required for resolution. For example, the switch/ router information, port, or IP address are found only through switch or router polling. Furthermore, RSSI, signal, channel, SSID, WEP, or network type information only appear through wireless scanning. Such information can vary according to the device type that performs the scan. RAPIDS Setup The RAPIDS > Setup page allows you to configure your AMP server for RAPIDS.
Table 101 RAPIDS > Setup > Filtering Options Field Default Description Filter rogues by signal strength No Filters rogues according to signal strength. Since anything below the established threshold will be ignored and possibly dangerous, we do not recommend enabling this setting. Instead, we recommend you incorporate signal strength into the classification rules on the RAPIDS > Rules page. Filter rogues discovered by remote APs No Filters rogues according to the remote AP that discovers them.
2. From the Containment Options pane, click the Yes radio button to manage rogue AP containment. Once this is done, the Contained Rogue classification will appear as an option in the classification drop down menu as shown in Figure 133. Additionally, once this option been enabled, the option to manage contained APs in Monitor-Only mode becomes available. Containment in Monitor-Only mode means configuration changes will still be pushed to the controller, even though it is in monitor-only mode.
This section contains the following topics: “Controller Classification with WMS Offload” on page 205 “Device OUI Score” on page 205 “Rogue Device Threat Level” on page 206 “Viewing and Configuring RAPIDS Rules” on page 206 “Recommended RAPIDS Rules” on page 210 “Using RAPIDS Rules with Additional AWMS Functions” on page 210 Controller Classification with WMS Offload This classification method is supported only when WMS offload is enabled on Aruba WLAN switches.
Table 104 Device OUI Scores Score Description Score of 2 Indicates any device in which the OUI belongs to a manufacturer that produces wireless (802.11) equipment. Score of 3 Indicates that the OUI matches a block that contains APs from vendors in the Enterprise and SOHO market. Score of 4 Indicates that the OUI matches a block that belonged to a manufacturer that produces SOHO access points.
Table 105 RAPIDS > Rules Page Field Description Reorder Drag and Drop Icon Changes the sequence of rules in relation to each other. Click, then drag and drop, the icon for any rule to move it up or down in relation to other rules. A revised sequence of rules must be saved before rogues are classified in the revised sequence. NOTE: The sequence of rules is very important to proper rogue classification.
Table 106 Wireless Properties Drop Down Menu Option Description Network type Rogue is running on the selected network type, either Ad-hoc or Infrastructure. Signal Strength Rogue matches signal strength parameters. Specify a minimum and maximum value in DBm. SSID Classifies the rogue when it matches or does not match the specified string for the SSID or a specified regular expression.
Table 107 Wireline Properties Drop Down Menu Option Description IP Address Rogue matches a specified IP address or subnet. Enter IP address or subnet information as explained by the fields. OUI Score Rogue matches manufacturer OUI criteria. You can specify minimum and maximum OUI score settings from two drop-down lists. Click remove to remove one or both criteria, as desired. Operating System Rogue matches OS criteria. Specify matching or non-matching OS criteria as prompted by the fields.
Deleting or Editing a Rules To delete a rule from the RAPIDS rules list, go to the RAPIDS > Rules page. Select the check box next to the rule you want to delete, and click the Delete button. The rule is automatically deleted from the RAPIDS > Rules page. To edit any existing rule, click the pencil icon next to that rule to launch the RAPIDS Classification Rule page (see Figure 136). Edit or revise the fields (see Table 107) as necessary then select the Save button.
Once a new score is assigned, all devices with the specified MAC address prefix receive the new score. Note: Note that rescoring a MAC Address Prefix poses a security risk. The block has received its score for a reason. Any devices that fall within this block receive the new score. 1. Navigate to the RAPIDS > Score Override page. This page lists all existing overrides if they have been created. Figure 137 RAPIDS > Score Override Page 2.
Audit Log The Audit Log is a record of any changes made to the RAPIDS rules, setup page, and manual changes to specific rogues. This allows you to see how something is changes, when it changed, and who made the alteration. The Audit Log can be found at RAPIDS > Audit Log. See Figure 139 for more information.
Chapter 8 Performing Daily Administration in AWMS Daily WLAN administration often entails network monitoring, supporting WLAN and AWMS users, and monitoring AWMS system operations.
Figure 140 System > Triggers Page Illustration (Split View) Creating New Triggers Perform the following steps to create and configure one or more new triggers. These steps define settings that are required for any type of trigger. 1. To create a new trigger, click the Add New Trigger button from the System > Triggers page. AWMS launches the Trigger Detail page, illustrated in Figure 141. Figure 141 System > Trigger Detail Page Illustration 2. Configure the Trigger Restrictions and Alert Notifications.
a. Configure the Trigger Restrictions settings. This establishes how widely or how narrowly the trigger applies. Define the folder, subfolder, and Group covered by this trigger. Table 110 describes the options for trigger restrictions. Table 110 System > Trigger Details Fields and Default Values Notification Option Description Folder Sets the trigger to apply only to APs/Devices in the specified folder or subfolders depending on the Include Subfolders option.
Figure 142 System > Triggers > Add Trigger Type Drop-down Menu Once you have selected a trigger type, the Add Trigger page changes. In many cases, you must configure at least one Condition setting. Conditions, settings, and default values vary according to trigger type. Triggers with conditions can be configured to fire if any criteria match as well as if all criteria match.
Table 112 Device Trigger Types Device Trigger Options Description Device Down This is the default type whenever configuring a new trigger. This type of trigger activates when an authorized, managed AP has failed to respond to SNMP queries from AWMS. To set the conditions for this trigger type, click Add in the Conditions section. Complete the conditions with the Option, Condition, and Value drop-down menus. The conditions establish the device type. Multiple conditions can apply to this type of trigger.
Table 112 Device Trigger Types Device Trigger Options Description Device Bandwidth This trigger type indicates that the total bandwidth through the AP has exceeded a predefined threshold for more than a specified period, in seconds (such as more than 1500 kbps for more than 120 seconds). You can also select bandwidth direction and page/radio. Selecting Device Bandwidth as the trigger type displays the following new fields in the Type section. Define these settings.
Table 113 Radio-Related Trigger Types Radio Trigger Options Description Radio Down This trigger indicates when a device’s radio is down on the network. Once you choose this trigger type, click Add New Trigger Condition to create at least one condition. The Radio Down trigger requires that a radio capability be set as a condition. The Value drop-down menu supports several condition options. The following example illustrates a Radio trigger that has 802.
e. Repeat this procedure for as many triggers and conditions as desired. Refer to the start of “Creating New Triggers” on page 214 to create a new trigger. Setting Triggers for Discovery After completing steps 1-3 in “Creating New Triggers” on page 214, perform the following steps to complete the configuration of triggers related to device discovery. a. If you have not already done so, choose a trigger type from the Discovery category, listed in the Type drop-down menu. See Figure 142.
d. You can edit or delete any trigger as desired from the System > Triggers page. To edit an existing trigger, click the pencil icon next to the respective trigger and edit settings in the Trigger Detail page described in Table 112. To delete a trigger, check the box next to the trigger to remove, and click Delete. e. Repeat this procedure for as many triggers and conditions as desired. Refer to the start of “Creating New Triggers” on page 214 to create a new trigger.
Table 115 User Trigger Types and Condition Settings (Continued) User Trigger Option User Bandwidth Description This trigger type indicates that the sustained rate of bandwidth used by an individual user has exceeded a predefined threshold for more than a specified period, in seconds (such as more than 1500 kbps for more than 120 seconds). Once you choose this trigger type, click Add New Trigger Condition to specify the bandwidth characteristics that triggers an alert.
After completing steps 1-3 in “Creating New Triggers” on page 214, perform the following steps to complete the configuration of RADIUS-related triggers. a. If you have not already done so, choose a trigger type from the RADIUS... list in the drop-down Type menu. See Figure 142. Table 116 itemizes and describes the condition settings for each RADIUS Authentication trigger type.
Table 117 Device IDS Events Authentication Trigger Types and Condition Settings IDS Trigger Options Description Device IDS Events This trigger type is based on the number of IDS events has exceeded the threshold specified as Count in the Condition within the period of time specified in seconds in Duration. Alerts can also be generated for traps based on name, category or severity. Click Add New Trigger Condition to specify the count characteristics that trigger an IDS alert.
Setting Triggers for AWMS Health After completing steps 1-3 in “Creating New Triggers” on page 214, perform the following steps to complete the configuration of IDS-related triggers. a. If you have not already done so, choose the Disk Usage trigger type from the drop-down Type menu. See Figure 142 for trigger types. Table 118 describes the condition settings for this trigger type.
Viewing Alerts AWMS displays alerts and provides additional alert details in two ways, as follows: 1. The Alerts Summary table is one way to monitor and process AWMS alerts.
Figure 156 System > Alerts Page Illustration For each new alert, the System > Alerts page displays the items listed in Table 119. Table 119 System > Alerts Fields and Default Settings Field Description Trigger Type Displays and sorts triggers by the type of trigger. Trigger Summary Provides an additional summary information related to the trigger. Triggering Agent Lists the name of the AP that generated the trigger. Clicking the AP name to display the APs/ Devices > Manage page for that AP.
Monitoring and Supporting WLAN Users The AWMS Users pages support WLAN users in AWMS. This section describes the Users pages as follows: Overview of the Users Pages Monitoring WLAN Users With the Users > Connected and Users > All Pages Supporting Guest WLAN Users With the Users > Guest Users Page Supporting Users on Thin AP Networks With the Users > Tags Page See also Evaluating and Diagnosing User Status and Issues.
Monitoring WLAN Users With the Users > Connected and Users > All Pages The Users > Connected page displays all users currently connected in AWMS, and is illustrated in Figure 157 and described in Table 120. The information displayed on this page can be adjusted in the following ways: You can expand or customize the graphics to show maximum users, maximum average users, and additional custom view options. You can expand bandwidth to include custom view options.
Table 120 Users > Connected Fields and Default Values Field Description Username Displays the name of the User associated to the AP. AWMS gathers this data in a variety of ways. It can be taken from RADIUS accounting data, traps from Cisco VxWorks APs and tables on Colubris APs. Usernames appear in italics when a username for that MAC address has been stored in the database from a previous association, but AWMS is not getting a username for the current association.
Table 120 Users > Connected Fields and Default Values (Continued) Field Description Guest User Specifies whether the user is a guest or not. VPN IP Displays the VPN IP of the user MAC. This information can be obtained from VPN servers that send RADIUS accounting packets to AWMS. VPN Hostname Displays the VPN hostname of the user MAC. Supporting Guest WLAN Users With the Users > Guest Users Page AWMS supports guest user provisioning for Dell PowerConnect W, Aruba Networks and Cisco WLC devices.
Figure 160 Users > Guest Users Page Illustration Table 121 Users > Guest Users Fields Field Description Repair Guest User Errors button Sets AWMS to attempt to push the guest user again in an attempt to repair any errors in the Status column. Add New Guest Users button Adds a new guest user to a controller via AWMS. Username Randomly generates a user name for privacy protection. This name appears on the Guest User detail page. Enabled Enables or disables the user status.
Figure 161 Users > Guest Users > Add New Guest User Page Illustration To make the Username or Password anonymous and to increase security, complete these fields then click Generate. The anonymous and secure Username and Password appear in the respective fields. 6. Click Add to complete the new guest user, or click Cancel to back out of new user creation. The Users > Guest Users page appears and displays results, as applicable.
Table 122 Users > Tags Fields Field Description Chirp Interval Displays the tag chirp frequency or interval, filterable from the drop-down menu at the top of the column. Note that the chirp interval from the RFID tag influences the battery life of active tags as well as search times. If a tag chirps with very long chirp interval, it may take longer time for the location engine to accurately measure x and y coordinates. Last Seen Date and time the tag was last reported to AWMS.
Figure 163 Users > User Detail Page Illustration Using the Deauthenticate User Feature Some displays of the User > User Detail page includes the Deauthenticate User feature in the Current Association field. Click the Deauthenticate User button to use this feature.
Table 123 Users > Diagnostics Page Sections Section Description Possible Issues This section summarizes the most likely items to create issues for a user on the network. Figure 165 illustrates this section.
Table 123 Users > Diagnostics Page Sections Section Description Possible Issues (Cont’d) High FCS error rates—Frame Check Sequence (FCS) errors indicate that frames of data that transmit across the network are experiencing corruption. A high FCS error rate indicates wireless link interference in the area.
Table 123 Users > Diagnostics Page Sections Section Description Current User Counts The Current User Counts section displays user counts for APs and radios, and includes additional summary information for APs. Figure 167 illustrates this section: Figure 167 Users > Diagnostics > Current User Counts Illustration Use this section in combination with the Possible Issues section. 802.11 Counters Summary The 802.
Supporting AWMS Stations with the Master Console The Master Console (MC) is used to monitor multiple AWMS stations from one central location. The Master Console is designed for customers running multiple AWMS servers. Once an AWMS station has been added to the MC, it will be polled for basic AWMS information.
Table 124 IP/Hostname Fields and Default Values (Continued) Field Default Description Username N/A The username used by the Master Console to login to the managed AWMS server. The user needs to be an AP/Device Manager or AWMS Administrator. Password (Confirm Password) N/A The password used by the Master Console AWMS to login to the managed AWMS. HTTP Timeout (5-1000 sec) 60 Defines the timeout period used when polling the managed AWMS server.
Basic section were not overridden, so they are static fields that will be the same for each subscriber group. These fields can only be altered on the global group on the Master Console. The global groups feature can also be used without the Master Console. For more information about how this feature works, refer to the chapter “Configuring and Using Device Groups in AWMS” on page 79.
Figure 170 Home > Overview Page Illustration 242 | Performing Daily Administration in AWMS Dell PowerConnect W AirWave 7.
Table 125 Home > Overview Sections and Descriptions Section Description Users The Users section displays a graphical summary of the number of users on the network during a period of time. The time can be adjusted. Click Show All to display a complete list of users. Remove the check in the Max Users option to change the display of the graph. The graph displays the maximum number of users by default. Bandwidth The Bandwidth section displays bandwidth data, and this display can be adjusted.
Table 125 Home > Overview Sections and Descriptions Section Description Alert Summary The Alert Summary section displays all known and current alerts, as previously configured and enabled in the System > Alerts page. Alerts can be sorted using the column headers (Type, Last 2 Hours, Last Day, Total, or Last Event).
Viewing and Updating License Information with the Home > License Page Navigate to the Home > License page using the standard AWMS menu. Figure 171 illustrates this page, and Table 126 describes the contents. Please be aware that you cannot enter multiple licenses. To combine multiple license entitlements into one new license, contact Dell support.
Searching AWMS with the Home > Search Page The Home > Search page provides a simple way to find users, managed devices, rogue devices, groups, folders, and more. Search performs partial string searches on a large number of fields including the notes, version, secondary version, radio serial number, device serial number, LAN MAC, radio MAC and apparent IP address of all the APs, as well as the client MAC, VPN user, User, LAN IP and VPN IP fields. Figure 172 illustrates this page.
Search results are categorized in the following sequence. Categories of search results can be customized on the Home > User Info page to limit the scope of information returned. Not all categories below may offer returns for a given search: APs/Devices Users Rogues Tags Folder Group Accessing AWMS Documentation with the Home > Documentation Page The Home > Documentation page provides easy access to all relevant AWMS documentation.
Configuring Your Own User Information with the Home > User Info Page The Home > User Info page displays information about the user that is logged into AWMS. This page includes the authentication type (local user or TACACS+) and access level. This page also provides the user with the ability to customize some of the information displayed in AWMS and change their password. To create new users, navigate to the AMP Setup > Users page, and refer to “Creating AWMS Users” on page 48.
Table 127 Home > User Info Fields Field Description Customize Header columns Enables/disables the ability to control which statistics hyperlinks are displayed at the top of every AWMS screen. Stats Select the specific data you would like to see in the header. Severe Alert Threshold Configures the minimum severity of an alert to be included in the Severe Alerts count. Note: The severe alerts count header info will only be displayed if ‘Severe Alerts’ is selected in the Stats section above.
System > Performance—Displays basic AWMS hardware information as well as resource usage over time. Refer to “Using the System > Performance Page” on page 254. System > Firmware Upgrade Jobs—Displays information about current and scheduled firmware upgrades. 250 | Performing Daily Administration in AWMS Dell PowerConnect W AirWave 7.
Using the System > Status Page The System > Status page displays the status of all of AWMS services. Services will either be OK, Disabled, or Down. OK and Disabled, displayed in green, are the expected states of the services. If any service is Down, displayed in red, please contact Dell support. The Reboot button provides a graceful way to power cycle your AWMS remotely when it is needed. The Restart AWMS button will restart the AWMS services without power cycling the server or reloading the OS.
A summary table lists logs that appear on the System > Status page. These are used to diagnose AWMS problems. Additional logs are available via SSH access in the /var/log and /tmp directories; AirWave support engineers may request these logs for help in troubleshooting problems and will provide detailed instructions on how to retrieve them. Table 128 describes the log information. Table 128 Status Log Log Description pgsql Logs database activity. ssl_error_log Reports problems with the web server.
Table 129 Event Logs Fields Field Description Type Displays the Type of event recorded, which is one of four types, as follows: AP—An event localized to one specific AP. Group—A group wide event. System—A system wide event. Alert—If a trigger is configured to report to the log an alert type event will be logged here. Event The event AWMS observed useful for debugging, user tracking, and change tracking.
Using the System > Performance Page The System > Performance page displays basic AWMS hardware information as well as resource usage over time. AWMS logs performance statistics such as load average, memory and swap data every minute. The historical logging can be used to help determine the best usable polling period and track the health of AWMS over time. Figure 178 illustrates this page and Table 130 describes fields and information displayed.
Table 130 System > Performance Page Fields (Continued) Field Description System Load Average The System Load average is the number of jobs currently waiting to be processed. Load is a rough metric that will tell you how busy a server is. A typical AWMS load is around 3. A constant load of 5 to 7 is cause for concern. A load above 10 is a serious issue and will probably result in AWMS becoming unusable. To lower the load average try increasing a few polling periods.
Table 130 System > Performance Page Fields (Continued) Field Description Database Transaction Activity The number of commits and rollbacks performed by the database. Disk Usage Pie charts that display the amount of used and free hard drive space for each partition. If a drive reaches over 80% full you may want to lower the Historical Data Retention settings on the AWMS page or consider installing additional hard drive space.
Viewing and Downloading Backups To view current AWMS backup files, go to the System > Backups page. Figure 179 illustrates this page. Figure 179 System > Backups Page Illustration To download a backup file, click the filename URL and the File Download popup page appears. Proceed as prompted. AirWave recommends regularly saving the data backup file to another machine or media. This process can be automated easily with a nightly script.
AWMS Failover The failover version of AWMS provides a “many to one” hot backup server. The Failover AWMS polls the watched AMPs to verify that each is up and running. If the watched AWMS is unreachable for the specified number of polls, the Failover AWMS will enter failover mode. When AWMS enters failover mode it automatically restores the most recent saved backup from the watched AWMS and begins polling its APs.
To restore the Watched AWMS run the backup script from the command line and copy the current data file and the old Watched AWMS configuration file to the Watched AWMS. Then run the restore script. More information about backups and restores can be found in “Backing Up AWMS” on page 256. Table 132 Home > Watched Page Fields and Default Values Setting Default Description IP/Hostname None The IP address or Hostname of the watched AWMS. The Failover AWMS needs HTTPS access to the watched AMPs.
| Performing Daily Administration in AWMS Dell PowerConnect W AirWave 7.
Chapter 9 Creating, Running, and Emailing Reports This chapter describes AWMS reports, including report access, creation, scheduling, and distribution via email and XML processing. This chapter includes the following sections: “Overview of AWMS Reports” on page 261 “Using Daily Reports” on page 264 “Defining Reports” on page 289 “Emailing and Exporting Reports” on page 292 AWMS ships with several reports as enabled by default.
Add and Run allows you to create a report definition and run that report right then. Run Now (visible from the expanded Report Definitions menu) allows immediate running of a custom report as soon as you set the parameters. You must save its definition separately, if you want to remember the parameters. Report definitions for other roles pane—This section, supported for admin users, displays additional reports that have been scheduled for other roles.
Table 133 Report > Definition Page Fields and Descriptions Field Description Report Definition Displays a field for entering report title and dropdown menu, shown in Figure 181, displaying all possible report types. Report Restrictions Displays dynamic fields that include spaces for selecting attributes and entering data relevant to your selected report type scope such as groups, folders, SSID, Device Search filter, report start and end times.
Figure 182 Reports > Generated Page Example Figure 183 Reports > Generated Page with Single-click Report Viewing Options Note: Clicking any report from the list shown in Figure 183 displays the Detail page for the most recent version of that report. Using Daily Reports This section describes the reports supported in AWMS.
The Generated Reports page contains less columns and information than the Definitions page. Table 134 describes each column for the Reports > Generated page. Table 134 Report > Definition Page Fields and Descriptions Field Description Generated Time Displays the date and time of the last time the report was run, or when the latest report is available. Clicking the link in this field displays the latest version of a given report.
Using the Capacity Planning Report The Capacity Planning Report tracks device bandwidth capacity and throughput in device groups, folders, and SSIDs. This report assists in analyzing device capacity and performance on the network, and such analysis can help to achieve network efficiency and improved experience for users. This report is based on interface-level activity. The information in this report can be sorted by any column header in sequential or reverse-sequential order by clicking the column heading.
Table 135 Capacity Planning Report Fields and Contents, Top Portion (Continued) Field Description Usage While > Threshold (Out) Displays device usage for outgoing data that exceeds defined thresholds. Overall Usage (Out) Displays device usage for outgoing data. Using the Configuration Audit Report The Configuration Audit Report provides an inventory of device configurations on the network, enabling you to display information one device at a time, one folder at a time, or one device group at a time.
Figure 186 Reports > Generated > Daily Configuration Audit Report Page, abbreviated example Table 136 I Daily Configuration Audit Report Field Description Name Displays the device name for every device on the network. Clicking a given device name in this column allows you to display device-specific configuration. Folder Displays the folder in which the device is configured in AWMS.
Most Utilized by Maximum Number of Users—By default, this list displays the 10 devices that support the highest numbers of users. This list provides links to additional information or configuration pages for each device to make adjustments, as desired. Most Utilized by Bandwidth—By default, this list displays the 10 devices that consistently have the highest bandwidth consumption during the time period defined for the report.
Figure 187 Reports > Generated > Daily Device Summary Report Illustration Table 137 Reports > Generated > Daily Device Summary Report Fields and Descriptions Field Description Rank The rank column for any section of this report establishes the top 10 devices for any category, and these are listed in sequential or reverse-sequential order. AP/Device Displays the name of the device, which can be a MAC address or other identifier.
Table 137 Reports > Generated > Daily Device Summary Report Fields and Descriptions Field Description Average Bandwidth (kbps) Displays the average bandwidth throughput for the device during the period of time covered by the report. Location Displays the location of the device that is included in any category of the report. Controller Displays the controller to which any included device is associated. Folder Displays the folder with which a device is associated.
Figure 188 Reports > Generated > Device Uptime Report Illustration Table 138 Reports > Generated > Device Uptime Report Fields and Descriptions Field Description Device Displays the name of the device. Group Displays the name of the device's group. Folder Displays the folder to which the device belongs. SSID Displays the Service Set Identifier (SSID) set on the device. SNMP Uptime Displays the percentage of time the device was reachable via ICMP.
1. Navigate to the Reports > Generated page. 2. Scroll to the bottom, and click IDS Events Report to display report Detail information. 3. Clicking the AP device or controller name takes you to the APs/Devices > List page. Figure 189 and Table 139 illustrate and describe the Reports > Generated > IDS Events Detail page.
APs/Devices—Lists all devices on the network. Perform these steps to view the most recent version of the Inventory report, illustrated in Figure 190 1. Navigate to the Reports > Generated page. 2. Scroll to the bottom, and click Daily Inventory Report to display report Detail information. 3. The Detail page allows you to view device or other information by clicking the device name, IP address, MAC Address, Group, Folder, or associated controller links.
2. Scroll to the bottom, and click Daily Memory and CPU Usage to display report Detail information. 3. The Detail page allows you to view device or other information by clicking the device name, IP address, MAC Address, Group, Folder, or associated controller links. Figure 191 illustrates the Reports > Generated > Daily Memory and CPU Usage Detail page. Figure 191 Reports > Generated > Daily Memory and CPU Usage Report Illustration (Contents Rearranged for Space) Dell PowerConnect W AirWave 7.
Using the Network Usage Report The Network Usage Report contains network-wide information in three categories: Bandwidth usage by device—maximum and average bandwidth in kbps Number of users by device—maximum and average by connection instances Number of users by time period—average bandwidth in and out Perform these steps to view the most recent version of the Network Usage Report. 1. Navigate to the Reports > Generated page. 2.
Using the New Rogue Devices Report The New Rogue Devices Report summarizes rogue device information in a number of ways, to include the following categories of information: Rogue devices by RAPIDS classification—described in “Using RAPIDS and Rogue Classification” on page 195 Top rogue devices by number of discovering APs Top rogue devices by signal strength Graphical summary of rogue devices by LAN MAC address vendor Graphical summary of rogue devices by radio MAC address vendor Text
Figure 193 Reports > Generated > New Rogue Devices Report Illustration, Top Half of Report 278 | Creating, Running, and Emailing Reports Dell PowerConnect W AirWave 7.
Figure 194 Reports > Generated > New Rogue Devices Report Illustration, Bottom Half of Report (Partial View) The rogue device inventories that comprise this report contain many fields, described in Table 140. Table 140 New Rogue Devices Report Fields Field Description Name Displays the device name, as able to be determined. RAPIDS Classification Displays the RAPIDS classification for the rogue device, as classified by rules defined on the RAPIDS > Rules page.
Table 140 New Rogue Devices Report Fields (Continued) Field Description Type Displays the rogue device type when known. Operating System Displays the operating system for the device type, when known. IP Address Displays the IP address of the rogue device when known. SSID Displays the SSID for the rogue device when known. Network Type Displays the network type on which the rogue was detected, when known. Channel Displays the wireless RF channel on which the rogue device was detected.
Figure 195 Reports > Generated > New Users Report Illustration Table 141 Reports > Generated > New Users Report Fields Field Description Username Displays the username when known. Role Displays the role with which the user is associated. MAC Address Displays the MAC address of the AP device by which the user connected. Vendor Displays vendor information for the AP device by which the user connected. AP/Device Displays the device type by which the user connected.
Figure 196 Reports > Generated > PCI Compliance Report Illustration, Pass or Fail Example Figure 197 Reports > Generated > PCI Compliance Report Illustration Example Using the Port Usage Report You can generate a wide array of port usage statistics from the Port Usage Report feature, including each of the following: List of all the switches and ports in your network by folder List of unused ports List of access and distribution ports Histogram displaying unused ports vs.
1. Navigate to the Reports > Generated page. 2. Scroll to the bottom, and click Port Usage Report to display report Detail information. 3. The Detail page allows you to view all the information you selected from the Port Usage area of the Reports > Definitions page. A sample of the types of information you might choose to generate in a Port Usage Report appears in Figure 198. Figure 198 Reports > Generated > Port Usage Report Detail Page (partial view) Dell PowerConnect W AirWave 7.
Using the RADIUS Authentication Issues Report The RADIUS Authentication Issues Report contains issues that may appear with AP controllers, RADIUS Servers, and users. Perform these steps to view the most recent version of the RADIUS Authentication Issues Report. 1. Navigate to the Reports > Generated page. 2. Scroll to the bottom, and click RADIUS Authentication Issues Report to display report Detail information. 3.
Figure 200 Reports > Generated > Rogue Containment Audit Detail Page Illustration Using the User Session Report The User Session Report itemizes user-level activity by session. A session is any instance in which a user connects to the network.
Figure 201 User Session Detail, Connection Mode Information Figure 202 User Session Detail > SSID Information 286 | Creating, Running, and Emailing Reports Dell PowerConnect W AirWave 7.
Figure 203 User Session Detail > Role Information Figure 204 User Session Detail > VLAN Information Figure 205 User Session Detail > Cipher Information Dell PowerConnect W AirWave 7.
Figure 206 Summary and User Information (partial view) 288 | Creating, Running, and Emailing Reports Dell PowerConnect W AirWave 7.
Defining Reports You can create reports in AWMS for any time period you wish, to be run when you wish, and distributed to recipients that you define. Perform these steps to create and run custom reports. Reports created with the Reports > Definition page appear on this and on the Reports > Generated page once defined. 1. To create or edit a report, browse to the Reports > Definition page and click the Add button, or click the pencil icon to edit an existing report definition.
Table 142 Report > Definitions > Add Page Fields (Continued) Field Default Description SSID All SSIDs This field displays for most report types. When this field appears, and when you select Use Selected IDs, a new list of SSIDs displays. Check (select) the specific SSIDs to be included in the report. Report Start Report End Blank These fields establish the time period to be covered by the report. These fields are supported for most report types.
By default all data will be included. Deselect the checkbox to hide specific information. The list can also be reordered by dragging and dropping the separate lines. The order displayed here will match the column order in the report. 3. Do one of the following: Click Add and Run to generate the report immediately, in addition to saving report settings. Click Run Now to generate the report immediately without creating a new report definition or saving the report settings.
Table 143 Report Types and Scheduling Options Supported for Custom Reports (Continued) Can by Run by Time Period Can be Run by Group/Folder Using the Port Usage Report Yes Yes Summarizes switch and port information across the network. Generates information on the unused ports. Provides a detailed list of all available switches and ports in the network.
tail -f /var/log/maillog Exporting Reports to XML or CSV AWMS allows you to export individual reports in XML (xhtml) or CSV. You can also export all reports at once and a zip file will be generated with all of the files in CSV format included. These files may be read by an HTML browser or opened in Excel. The CSV files can be opened in any text editor such as MS Notepad or Word. Perform the following steps to export reports to XML, MS Excel, and CSV: 1.
| Creating, Running, and Emailing Reports Dell PowerConnect W AirWave 7.
Chapter 10 Using the AWMS Helpdesk This chapter presents the functions, configuration, and use of the AWMS Helpdesk, and includes the following sections: “AWMS Helpdesk Overview” on page 295 “Monitoring Incidents with Helpdesk” on page 296 “Creating a New Incident with Helpdesk” on page 297 “Creating New Snapshots or Incident Relationships” on page 298 “Using the Helpdesk Tab with an Existing Remedy Server” on page 299 AWMS Helpdesk Overview The Helpdesk module of the AirWave Wireless M
Monitoring Incidents with Helpdesk For a complete list of incidents, or to open a new incident, navigate to the Helpdesk > Incidents page. Figure 209 illustrates the components of the AWMS Helpdesk Incidents page. Figure 209 Helpdesk > Incidents Page Illustration The table in Helpdesk > Incidents displays the count of incidents by state and by time. You can sort incidents from within any category of information, whether in sequential or reverse-sequential order.
Clicking the pencil icon next to any incident opens an edit page where you can modify and update the incident. An incident can be deleted by selecting the checkbox next to it and clicking the Delete button at the bottom of the table. Table 145 AWMS Helpdesk > Incidents Bottom Table Column Description ID Displays the ID number of the incident, which is assigned automatically when the incident is logged.
Note: The Incidents portion of the Alert Summary table on other AWMS pages only increments the counter for incidents that are open and associated to an AP. This field displays incidents based on folder, which is the Top folder on this page and on the Home > Overview page. Incidents that are not related to devices in that folder are not counted in the Alert Summary table on other pages. To view all incidents, including those not associated to an AP, use the Helpdesk > Incidents page.
Figure 212 Relationships and Snapshots on the Incident Edit Page Using the Helpdesk Tab with an Existing Remedy Server If an external Remedy server exists, you can use the AWMS Helpdesk tab to create, view and edit incidents on the Remedy server. AWMS can only support integration with a Remedy server if it is a default installation of Remedy 7.0 with no changes to the web service definitions. To use the Helpdesk tab with a Remedy server, first navigate to the Helpdesk > Setup page.
Table 148 Components of Helpdesk > Setup with Remedy Enabled Field Description Remedy Enabled If no (default) is selected, the existing AWMS Helpdesk functionality is available. If yes is selected, the Helpdesk functionality is disabled and the Helpdesk tab can be configured for use with an existing Remedy server. Fields for server data appear only when Remedy is enabled. Middle Tier Host The location of the Remedy installation's web server.
Table 149 Helpdesk > Incidents Components with Remedy Enabled Field Description Assignee Assigned by Remedy installation; cannot be changed in AWMS. Urgency Displays the urgency level, as chosen by the AWMS or Remedy User: 1 - Critical 2 - High 3 - Medium 4 - Low To change the current incident in the Helpdesk header, click the Unselect Current Incident button. To add a new Remedy incident, click the Add button.
| Using the AWMS Helpdesk Dell PowerConnect W AirWave 7.
Appendix A Package Management for AWMS Yum for AWMS This appendix describes the Yum packaging management system. Dell recommends running Yum to ensure your packages are up to date, and so that your AWMS is as secure as possible if you are running RHEL 5 or CentOS 5. Yum is an automated package management system that verifies AWMS is running the most recently released RPMs and upgrades any out-of-date packages. Yum accesses the Internet, and downloads and installs new versions of any installed RPMs.
| Package Management for AWMS Dell PowerConnect W AirWave 7.
Appendix B Third-Party Security Integration for AWMS This appendix describes the optional integration of third party security products for AWMS, as follows: “Bluesocket Integration” on page 305 “ReefEdge Integration” on page 305 “HP ProCurve 700wl Series Secure Access Controllers Integration” on page 306 Bluesocket Integration A Bluesocket security scheme for AWMS has the following prerequisites: Bluesocket version 2.1 or higher AWMS version 1.
AWMS version 1.5 or higher Completion of the AMP Setup > Radius Accounting page configurations, as described in “Integrating a RADIUS Accounting Server” on page 65. ReefEdge Configuration Perform these steps to configure a ReefEdge security scheme: 1. Login into the ReefEdge ConnectServer via HTTP with the proper user credentials. 2. Navigate to the Connect System > Accounting page. 3. Click Enable RADIUS Accounting. 4. Enter the Primary Server IP Address or DNS entry for AWMS server. 5.
5. Select RADIUS. 6. Enter Name - Logical Name. 7. Enter Server - AWMS IP Address. 8. Enter Shared Secret. 9. Enter Port - 1812. 10. Enter the Shared Secret and Confirm (matching the AWMS shared secret). 11. Enter Reauthentication Field - Session Timeout. 12. Enter Timeout - 5. 13. Select the Enable RADIUS Accounting RFC-2866 check box. 14. Enter Port - 1813 for RFC-2866. 15. To verify and view the log files on AWMS, proceed to System > Event Log page. Dell PowerConnect W AirWave 7.
| Third-Party Security Integration for AWMS Dell PowerConnect W AirWave 7.
Appendix C Access Point Notes This appendix contains a few additional notes relevant to Cisco devices monitored by AWMS, and includes the following sections: “Resetting Cisco (VxWorks) Access Points” on page 309 “Cisco IOS Dual Radio Template” on page 311 “Speed Issues Related to Cisco IOS Firmware Upgrades” on page 312 Resetting Cisco (VxWorks) Access Points When using any WLAN equipment, it may sometimes be necessary to recover a password and/or to restore the default settings on the equipmen
Determining the Boot-Block Version The subsequent steps that you must follow to reset the Cisco AP depend on the version of the AP's boot-block. Follow the steps below to determine which boot-block version is currently on your AP, then use the corresponding instructions detailed below. When you connect to the AP, the Summary Status screen appears. Reboot the AP by pressing CTRL-X or by unplugging and then re-plugging the power connector.
1. If you have not done so already, connect to the AP (see above), click OK, and press Enter. 2. When the Summary Status screen appears after you have connected to the AP, reboot the AP by unplugging and then re-plugging the power connector. 3. When the AP reboots and the Summary Status screen reappears, type :resetall and press Enter. 4. Type yes, and press Enter to confirm the command. Note: The :resetall command is valid for only two minutes after the AP reboots.
no ip route-cache %enabled% ssid OpenSSID dfs band 3 block speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.
3. AWMS monitors itself and the AP during the file transfer. 4. After a reboot is detected, AWMS verifies the firmware was applied correctly and all AP configuration settings match those in the AWMS database 5. AWMS pushes the configuration if necessary to restore the desired configuration. Some firmware upgrades reconfigure settings. Cisco IOS access points take longer than most access points, because their firmware is larger. Dell PowerConnect W AirWave 7.
| Access Point Notes Dell PowerConnect W AirWave 7.
Appendix D Initiating a Support Connection The Support Connection Manager establishes a secure point-to-point connection between the customer AWMS and AirWave's support organization. Using this secure connection, AirWave support engineers can remotely diagnose problems or upgrade software without breaching security and exposing AWMS to the Internet.
| Initiating a Support Connection Dell PowerConnect W AirWave 7.
Appendix E Cisco Clean Access Integration (Perfigo) This appendix includes the following sections: “Prerequisites for Integrating AWMS with Cisco Clean Access” on page 317 “Adding AWMS as RADIUS Accounting Server” on page 317 “Configuring Data in Accounting Packets” on page 317 Prerequisites for Integrating AWMS with Cisco Clean Access Run Clean Access Software 3.5 or higher Run AWMS version 3.4.
| Cisco Clean Access Integration (Perfigo) Dell PowerConnect W AirWave 7.
Appendix F HP Insight Install Instructions for AWMS Servers To install HP/Compaq Insight Manager on the AWMS, perform the following steps: 1. Use SCP to move the two files over to the server: hpasm-7.8.0-88.rhel4.i386.rpm <- This is the actual HP agents hpsmh-2.1.9-178.linux.i386.rpm <- This is the HP web portal to the agents 2. Type rpm -i hpasm-7.8.0-88.rhel4.i386.rpm at the command line interface. 3. Type hpasm activate at the command line interface. Take the default values.
| HP Insight Install Instructions for AWMS Servers Dell PowerConnect W AirWave 7.
Appendix G Installing AWMS on VMware ESX (3i v. 3.5) This appendix provides complete instructions for installing AWMS on VMware ESX (3i v. 3.5) and includes the following sections: “Creating a New Virtual Machine to Run AWMS” on page 321 “Installing AWMS on the Virtual Machine” on page 321 “AWMS Post-Installation Issues on VMware” on page 322 Creating a New Virtual Machine to Run AWMS 1. Click Create a new virtual machine from the VMware Infrastructure Client. 2.
AWMS Post-Installation Issues on VMware By default, AWMS runs the Linux 'smartd' service for detecting physical disk errors using the S.M.A.R.T. protocol. However, virtual disks do not support the S.M.A.R.T. protocol, so the AWMS smartd service will fail at startup. The service can be prevented from starting at boot by running the following commands at the AWMS command line.
Appendix H Third-Party Copyright Information contains some software provided by third parties (both commercial and open-source licenses). Source code to third-party open-source packages are available on AirWave's website and by request: This product includes software developed by the Apache Software Foundation (http://www.apache.org/). Google Earth and the Google Earth icon are the property of Google.
PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ---- Part 2: Networks Associates Technology, Inc copyright notice (BSD) ----Copyright (c) 2001-2003, Networks Associates Technology, Inc All rights reserved.
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ---- Part 4: Sun Microsystems, Inc. copyright notice (BSD) ----Copyright © 2003 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A. All rights reserved. Use is subject to license terms below. This distribution may include materials developed by third parties.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ''AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
in the form of a textual message at program startup or in documentation (online or textual) provided with the package. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer. 2.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3.
"This product includes software developed by the Apache Group for use in the Apache HTTP server project (http://www.apache.org/)." THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
| Third-Party Copyright Information Dell PowerConnect W AirWave 7.
Index A adding manually ............................................... 136 communication settings ..................................... 53 discovering, managing, and troubleshooting ... 127 modifying .......................................................... 122 troubleshooting a newly discovered device ..... 172 verifying .................................................... 142, 156 AAA servers ............................................................... 98 access control lists......................
I incidents creating ............................................................. 297 installation checking.............................................................. 19 IP address adding and assigning.......................................... 19 iPhone ..................................................................... 239 L Lancom.................................................................... 175 installing........................................................
Symbol/Intel .............................................................. 89 Master Console ................................................ 239 Master Console > Groups > Basic ........... 240, 241 Master Console > Groups > Basic, Managed .. 240 Master Console > Manage AMPs, IP/Hostname239 RAPIDS............................................................... 25 RAPIDS > Rogue APs (Detail), Score Override 211 Reports ............................................................... 25 Reports > Definitions.
| Index Dell PowerConnect W AirWave 7.