Dell PowerConnect W-Series Instant Access Point User Guide
Copyright © 2011 Aruba Networks, Inc. Aruba Networks trademarks include , Aruba Networks®, Aruba Wireless Networks®, the registered Aruba the Mobile Edge Company logo, and Aruba Mobility Management System®. Dell™, the DELL™ logo, and PowerConnect™ are trademarks of Dell Inc. All rights reserved. Specifications in this manual are subject to change without notice. Originated in the USA. All other trademarks are the property of their respective owners.
Contents About this Guide ..................................................................................................................................................... 13 Objective ............................................................................................................................................ 13 Intended Audience........................................................................................................................... 13 Conventions.......................
Adding an Employee Network........................................................................................ 35 Voice Network .......................................................................................................................... 41 Adding a Voice Network ................................................................................................. 41 Guest Network ....................................................................................................................
Captive Portal.................................................................................................................................... 75 Internal Captive Portal.............................................................................................................
Chapter 16 Intrusion Detection System ........................................................................................... 107 Rogue AP Detection and Classification...................................................................................... 107 Rogue Containment................................................................................................................ 107 Containment Methods ...............................................................................................
Figures Figure 1 Figure 2 Figure 3 Figure 4 Figure 5 Figure 6 Figure 7 Figure 8 Figure 9 Figure 10 Figure 11 Figure 12 Figure 13 Figure 14 Figure 15 Figure 16 Figure 17 Figure 18 Figure 19 Figure 20 Figure 21 Figure 22 Figure 23 Figure 24 Figure 25 Figure 26 Figure 27 Figure 28 Figure 29 Figure 30 Figure 31 Figure 32 Figure 33 Figure 34 Figure 35 Figure 36 Figure 37 Figure 38 Figure 39 Figure 40 Figure 41 Figure 42 Figure 43 Figure 44 W-IAP93 Antenna Pattern................................................
Figure 45 Figure 46 Figure 47 Figure 48 Figure 49 Figure 50 Figure 51 Figure 52 Figure 53 Figure 54 Figure 55 Figure 56 Figure 57 Figure 58 Figure 59 Figure 60 Figure 61 Figure 62 Figure 63 Figure 64 Figure 65 Figure 66 Figure 67 Figure 68 Figure 69 Figure 70 Figure 71 Figure 72 Figure 73 Figure 74 Figure 75 Figure 76 Figure 77 Figure 78 Figure 79 Figure 80 Figure 81 Figure 82 Figure 83 Figure 84 Figure 85 Figure 86 Figure 87 Figure 88 Figure 89 Figure 90 Figure 91 Figure 92 Figure 93 Figure 94 8 | Changin
Figure 95 Figure 96 Figure 97 Figure 98 Figure 99 Figure 100 Figure 101 Figure 102 Figure 103 Figure 104 Figure 105 Clients Graph................................................................................................................................... 121 Throughput Graph .......................................................................................................................... 121 Instant Access Point View ............................................................................
| Dell PowerConnect W-Instant Access Point 5.0.3.0-1.1.0.
Tables Table 1 Table 2 Table 3 Table 4 Table 5 Table 6 Table 7 Table 8 Table 9 Table 10 Table 11 Table 12 Table 13 Table 14 Table 15 Table 16 Table 17 Table 18 Table 19 Table 20 Conventions....................................................................................................................................... 13 Contacting Support .......................................................................................................................... 14 RF Dashboard Icons...................
| Dell PowerConnect W-Instant Access Point 5.0.3.0-1.1.0.
About this Guide Dell PowerConnect W-Series Instant Access Point is a simple, easy to deploy turn-key WLAN solution consisting of one or more access points. An Ethernet port with routable connectivity to the Internet or a self-enclosed network as long as there is an Ethernet port with link are the network infrastructures required to deploy the Dell PowerConnect W-Series Instant wireless network.
The following informational icons are used throughout this guide: NOTE: Indicates helpful suggestions, pertinent information, and important things to remember. WARNING: Indicates a risk of personal injury or death. CAUTION: Indicates a risk of damage to your hardware or loss of data. Contacting Support Table 2 Contacting Support Main Site dell.com Support Site support.dell.com Documentation Website support.dell.com/manuals 14 | About this Guide Dell PowerConnect W-Instant Access Point 5.0.3.0-1.1.
Chapter 1 W-IAP Internal Antenna Patterns This chapter provides information about the internal antenna patterns in W-IAP92, W-IAP93, and W-IAP105. W-IAP92 and W-IAP93 Antenna Patterns The antenna specifications of W-IAP92 and W-IAP93 are as follows: W-IAP92: Dual, RP-SMA interfaces for external antenna support (supporting up to 2x2 MIMO with spatial diversity). For information to configure an external antenna, see “Configuring an External Antenna” on page 63.
W-IAP105 Antenna Pattern The antenna specifications of W-IAP105 are as follows: 4 x integrated, omnidirectional antenna elements (supporting up to 2x2 MIMO with spatial diversity) Maximum antenna gain: 2.4 GHz/2.5 dBi 5.150 GHz to 5.875 GHz/4.0 dBi Figure 2 shows antenna patterns of W-IAP105 for 2.45 GHz and 5.5 GHz. Figure 2 W-IAP105 Antenna Pattern 16 | W-IAP Internal Antenna Patterns Dell PowerConnect W-Instant Access Point 5.0.3.0-1.1.0.
Chapter 2 Initial Configuration This chapter provides information that is required to setup Instant and access the Instant User Interface. Initial Setup This section provides a pre-installation checklist and describes the initial procedures required to set up Dell Instant. Pre-Installation Checklist Before installing the Instant Access Point (IAP), make sure that you have the following: Ethernet cable of required length to connect the IAP to the home router.
3. “Connecting to the Provisioning Wi-Fi network” on page 18 4. “Login into Instant User Interface” on page 19 5. “Specifying the Country Code” on page 20 Skip this step, if you are installing the W-IAP in United States, Japan or Israel. Connecting the W-IAP to a Power Source Based on the type of the power source that is used, perform one of the following steps to connect the W-IAP to the power source: PoE switch - Connect the ENET port of the W-IAP to the appropriate port on the PoE switch.
Figure 3 Connecting to Provisioning Wi-Fi network - Microsoft Windows Figure 4 Connecting to Provisioning Wi-Fi network - MAC OS Login into Instant User Interface Open a web browser and enter http://instant.dell-pcw.com in the address field. In the login screen, enter the following credentials: Username - admin Password - admin Figure 5 Instant User Interface Login Screen Dell PowerConnect W-Instant Access Point 5.0.3.0-1.1.0.
When you use the provisioning Wi-Fi network to connect to the internet, all browser requests are directed to the Instant user interface. For example, if you enter www.example.com in the address field, you will be directed to the Instant user interface. You can change the default login credentials after your first login. Specifying the Country Code NOTE: Skip this section, if you are installing the IAP in United States, Japan or Israel.
Chapter 3 Instant User Interface The Instant User Interface (UI) provides a standard web based interface that allows you to configure and monitor a Wi-Fi network. It is accessible through a standard web browser from a remote management console or workstation. JavaScript must be enabled on the web browser to view the Instant UI.
Banner The banner is a horizontal grey rectangle that appears at the top left corner of the Instant UI. It displays the company name, logo, and virtual controller's name. Search Administrators can search an IAP, Client or a Network using a simple Search dialog box in the UI. This Search option helps fill in the blank when you type in a word and suggested matches will be automatically displayed in a dynamic list. The list will become more relevant and detailed when more number of keywords are typed in.
Access Points Tab If the Auto Join Mode feature is enabled, a list of enabled and active IAPs in the Dell Instant network is displayed in the Access Points tab. The IAP names are displayed as links. If the Auto Join Mode feature is disabled, then a New link appears. Click this link to add a new IAP to the network. Also, if an IAP is configured and not active, its MAC Address is displayed in red. The expanded view displays the following information about each IAP: Name - Name of the access point.
Figure 10 Client Tab - Compressed View and Expanded View Links The following links allow you to configure the features and settings for the Instant network. Each of these links is explained in the subsequent sections.
Figure 11 Users Box Settings This link displays the Settings box. The Settings box consists of the following tabs: Basic - View or edit the virtual controller's name, IP address, and Content filtering setting. For information about virtual controller settings and content filtering, see Chapter 8, “Virtual Controller” and Chapter 13, “Content Filtering” . Admin - View or edit the admin credentials. RTLS - View or edit the RTLS server settings. SNMP - View or specify SNMP agent settings.
Servers This link displays the RADIUS Server box. This box allows you to add new server. To add a new radius server, see “Configuring an External RADIUS Server” on page 70. Roles This link displays the Roles box. You can create new user roles and new rules for the user roles. For more information, see “User Roles” on page 85. Maintenance This link displays the Maintenance box. The Maintenance box allows you to maintain the Wi-Fi network.
Run button - Click this button to generate the support log for the selected option and IAP. Access point tabs - Displays support log for the selected IAPs. To view the logs and information, perform the following steps: 1. At the top right corner of Instant UI, click the Support link. The Support box appears. 2. Select the required option from the Command drop-down list. For example, Active Configuration. 3.
IDS Status - Displays WLAN Interface, Data Structures, WLAN Interface Switch Status and RTLS Configuration tables for the selected IAP. IDS AP Table - Displays the Monitored IAP Table, which lists all the IAPs monitored by the selected IAP. ARM Bandwidth Management - Displays bandwidth management information for the selected IAP. ARM History - Displays the history of channel and power changes due to Adaptive Radio Management (ARM) for the selected IAP.
RF Dashboard Usage Trends Figure 16 Monitoring on Instant UI Info Displays the configuration information of the virtual controller by default. In a Network View, this section displays configuration information of the selected network. Similarly, in an Instant Access Point View or Client View, this section displays the configuration information of the selected IAP or the client. Figure 17 Info Section in the Monitoring Pane RF Dashboard Allows you to view trouble spots in the network.
Clients - Lists the clients with low speed or signal strength in the network. Signal - Displays the signal strength of the client. Depending on the signal strength of the client, the color of the lines on the Signal bar changes from Green > Orange > Red. Green - Signal strength is more than 20 decibels. Orange - Signal strength is between 15 - 20 decibels. Red - Signal strength is less than 15 decibels.
Throughput - In the default Virtual Controller view, the Throughput graph displays the incoming and outgoing throughput traffic for the virtual controller for the last 15 minutes. In Network or IAP view, this graph displays the incoming and outgoing throughput traffic for the selected network or IAP for the last 15 minutes. Figure 19 Usage Trends Section in the Monitoring Pane For more information about the graphs and monitoring procedures, see Chapter 19, “Monitoring” .
Figure 21 Client Alerts Link For more information about alerts, see Chapter 20, “Alert Types and Management” . IDS This link displays a list of foreign APs and foreign clients that are detected in the network. It consists of the following sections: Foreign Access Points Detected - Lists the APs that are not controlled by the virtual controller. The following information is displayed for each foreign AP: MAC address - Displays the MAC address of the foreign AP.
Language The language links are provided in the login screen to allow users to select the preferred language before logging in to the Instant UI. These links are located at the bottom left corner of the Instant UI. A default language is selected based on the language preferences in the client desktop operating system or browser. If Dell Instant cannot detect the language, then English (En) is used as the default language. AirWave Setup AirWave is a solution for managing rapidly changing wireless networks.
Instant Access Point view - The Instant Access Point view provides information that is necessary to monitor a selected IAP. All IAPs in the Dell Instant network are listed in the Access Points tab. Click the name of the IAP that you want to monitor. Access Point view for that IAP appears. Client view - The Client view provides information that is necessary to monitor a selected client. In the Virtual Controller view, all clients in the Dell Instant network are listed in the Clients tab.
Chapter 4 Wireless Network In a Wireless LAN (WLAN), laptops, desktops, PDAs, and other computer peripherals are connected to each other without any network cables. These network elements or clients use radio signals to communicate with each other. Wireless networks are set up based on the IEEE 802.11 standards. The IEEE 802.11 is a set of standards that are categorized based on the radio wave frequency and the data transfer rate. For more information about the IEEE 802.11 standards, see Table 4.
Figure 24 Adding an Employee Network - Basic Info Tab 2. In the Basic Info tab, perform the following steps: a. Type a name for the network in the Name (SSID) text box. b. Select the Employee radio button (this is selected by default) from the Primary usage options. This selection determines the primary usage of the network being added. c. Select the required Client IP assignment option.
Figure 25 Band and Hide SSID Settings 4. Click Next and set appropriate security levels using the slider button in the Security tab. Default selection is Personal. Available options are Enterprise, Personal, and Open. Table 6 Conditions for Adding an Employee Network - Security Tab If then, You select the Enterprise security level Perform the following steps: 1. Select the required key options from the Key management dropdown list.
Table 6 Conditions for Adding an Employee Network - Security Tab (Continued) If then, You want to use the default security level, Personal Perform the following steps: 1. Select the required key options from the Key management dropdown list. Available options are: WPA-2 Personal WPA Personal Both (WPA-2 & WPA) Static WEP If you have selected Static WEP, then do the following: Select appropriate WEP key size from the WEP key size dropdown list. Available options are 64-bit and 128-bit.
Figure 26 Security Tab - Enterprise Dell PowerConnect W-Instant Access Point 5.0.3.0-1.1.0.
Figure 27 Security Tab - Personal Figure 28 Security Tab - Open 40 | Wireless Network Dell PowerConnect W-Instant Access Point 5.0.3.0-1.1.0.
5. Click Next. The Access tab appears. The Allow any to all destinations access rule is enabled by default. This rule allows traffic to all destinations. Instant Firewall treats packets based on the first rule matched. For more information, see Chapter 12, “Instant Firewall” . To edit the default rule, perform the following steps: a. Select the rule and click the Edit button. b. Select appropriate options in the Edit Rule box and click OK. To define an access rule, perform the following steps: a.
Figure 30 Adding a Voice Network - Basic Info Tab In the Basic Info tab, perform the following steps: a. Type a name for the network in the Name (SSID) text box. b. Select the Voice radio button from the Primary usage options. This selection determines the primary usage of the network being added. c. Select the required Client IP assignment option. Available options for a Voice network are Network assigned - Default, Network assigned - VLAN ID, and Virtual Controller assigned.
3. Click Next and set appropriate security levels using the slider button in the Security tab. Default selection is Personal. Available options are Enterprise, Personal, and Open. Table 8 Conditions for Adding a Voice Network - Security Tab If then, You select the Enterprise security level Perform the following steps: 1. Select the required key options from the Key management drop-down list. Available options are: WPA-2 Enterprise WPA Enterprise Both (WPA-2 & WPA) Dynamic WEP with 802.1x 2.
4. Click Next. The Access tab appears. The Allow any to all destinations access rule is enabled by default. This rule allows traffic to all destinations. Instant Firewall treats packets based on the first rule matched. For more information, see Chapter 12, “Instant Firewall” . To edit the default rule, perform the following steps: a. Select the rule and click the Edit button. b. Select appropriate options in the Edit Rule box and click OK. To define an access rule, perform the following steps: a.
b. Select the Guest radio button from the Primary usage options. This selection determines the primary usage of the network being added. The Client IP assignment selection automatically changes to Virtual Controller assigned. The virtual controller creates a private subnet and VLAN for the IAPs and the wireless clients. The virtual controller NATs all traffic out of this interface. For more information, see Chapter 11, “Guest DMZ” . 3.
Figure 32 Adding a Guest Network - Splash Page Settings 5. Select the Encryption check box and perform the following steps (These steps are optional): a. Select the required key management option from the Key management drop-down list. Available options are: WPA-2 Personal WPA Personal Both (WPA-2 & WPA) Static WEP. If you selected Static WEP, then do the following: 1. Select the appropriate WEP key size from the WEP key size drop-down list. Available options are 64-bit and 128-bit. 2.
Figure 33 Configuring a Splash Page - Encryption Settings 6. Click Next. The Access tab appears. The Allow any to all destinations access rule is enabled by default. This rule allows traffic to all destinations. Instant Firewall treats packets based on the first rule matched. For more information, see Chapter 12, “Instant Firewall” . To edit the default rule, perform the following steps: a. Select the rule and click the Edit button. b. Select appropriate options in the Edit Rule box and click OK.
Bandwidth Contracts The IAP supports three types of bandwidth limits: Percentage of Airtime: % Air Time allocated to SSID Each user: Per User per SSID contract specified in kbps Each radio: Per radio per SSID contract specified in kbps 48 | Wireless Network Dell PowerConnect W-Instant Access Point 5.0.3.0-1.1.0.
Chapter 5 Mesh Network The Dell Instant secure enterprise mesh solution is an effective way to expand network coverage for outdoor and indoor enterprise environments without any wires. Using mesh, you can bridge multiple Ethernet LANs or you can extend your wireless coverage. As traffic traverses across mesh IAPs, the mesh network automatically reconfigures around broken or blocked paths.
mesh point provides traditional WLAN services (such as client connectivity, intrusion detection system (IDS) capabilities, user role association, and Quality of Service (QoS) for LAN-to-mesh communication) to clients and performs mesh backhaul/network connectivity. A mesh radio can be configured to carry mesh-backhaul traffic only. Mesh points use one of their wireless interfaces to carry traffic and reach the controller.
Figure 36 Login Window 6. Create a new SSID and wpa-2 personal keys with unrestricted or network based access rules. Select any permit for basic connectivity. 7. Connect a client to the new SSID and disconnect from the instant SSID. 8. All the IAPs will show up on the Virtual Controller as shown in. Disconnect the IAPs that you want to deploy as Mesh Points from the switch and place the IAPs at the desired location. The wired IAPs are Mesh Portals.
| Mesh Network Dell PowerConnect W-Instant Access Point 5.0.3.0-1.1.0.
Chapter 6 Managing IAPs The Dell Instant network supports upto 16 W-IAPs. This chapter describes the auto join mode, Terminal Access, LED display, and Syslog server features in Dell Instant. In addition, the chapter provides procedures for adding and removing W-IAPs, editing the W-IAP settings, and upgrading the firmware on the W-IAP using the Instant UI. Auto Join Mode The Auto Join Mode feature allows the W-IAPs to automatically, 1. Discover the virtual controller. 2. Join the network. 3.
LED Display Administrators have the ability to turn off LED for all IAPs in an Instant network. Go to Settings > Advanced > LED Display to enable or disable the LEDs. When enabled, all LEDs are turned off. Use this option in environments where LEDs can be a distraction. Figure 39 LED Display NOTE: The LED display will be always in Enabled mode while rebooting the IAP. Terminal Access To enable or disable the telnet access to the W-IAP's CLI, go to Settings > Advanced > Terminal access.
Syslog Server Go to Settings > Advanced > Syslog Server to specify a Syslog Server for sending all syslog messages to the external servers. Figure 41 Syslog Server Adding an W-IAP to the Network To add an W-IAP to the Dell Instant network, assign an IP address. For more information, see “Assigning an IP Address to the W-IAP” on page 18. After an W-IAP is connected to the network, if the Auto Join Mode feature is enabled, it is listed in the Access Points tab in the Instant UI.
3. Click OK. Removing an W-IAP from the Network An W-IAP can be manually removed from the network only if the Auto Join Mode feature is disabled. To manually remove an W-IAP from the network, perform the following steps: 1. In the Access Points tab, click the W-IAP which you want to delete. An x appears against the W-IAP. 2. Click x to confirm the deletion. NOTE: The deleted W-IAP(s) cannot join the Instant network anymore.
Figure 45 Changing W-IAP Name 3. Edit the W-IAP name in the Name text box. 4. Click OK. Changing IP Address of the W-IAP The Instant UI allows you to change the IP address of the W-IAP connected to the network. To change the IP address of the W-IAP, perform the following steps: 1. In the Access Points tab, click the W-IAP for which you want to change the IP address. The edit link appears. 2. Click the edit link. The Edit AP box appears. 3. Click the Connectivity tab.
d. Enter the IP address of the DNS server in the DNS server text box. e. Enter the domain name in the Domain name text box. Figure 47 Configuring W-IAP Connectivity Settings - Specifying Static Settings 5. Click OK. and reboot the W-IAP. Configuring Adaptive Radio Management Adaptive Radio Management (ARM) is enabled in Dell Instant by default. However, if ARM is disabled, perform the following steps to enable it. For more information about ARM, see “Adaptive Radio Management” on page 103. 1.
5. Click OK. Configuring an External Antenna To configure an external antenna for each W-IAP, perform the following steps: NOTE: Only the Dell PowerConnect W-IAP92 supports external antenna configuration. Skip this section, if you are using W-IAP93 or W-IAP105. For appropriate configuration values, see the relevant W-IAP documentation. 1. In the Access Points tab, click the W-IAP for which you want to configure an external antenna. The edit link appears. 2. Click the edit link. The Edit AP box appears. 3.
Figure 50 Maintenance Box 2. Click the Convert tab. Figure 51 Maintenance - Convert Tab 3. Enter the IP address of mobility controller in the IP Address of Mobility Controller text box. 4. Click Convert Now. Confirm the conversion in the Confirm Access Point Conversion box. Figure 52 Confirm Access Point Conversion Box 5. Click Close. 60 | Managing IAPs Dell PowerConnect W-Instant Access Point 5.0.3.0-1.1.0.
NOTE: An W-IAP can be converted to an ArubaOS Campus AP only if the controller is running ArubaOS 6.1 or later. Rebooting the W-IAP If you encounter any problem with the W-IAPs, you can reboot all W-IAPs or selected W-IAPs in a network using the Instant UI. To reboot an W-IAP: 1. Click the Maintenance link. The Maintenance box appears. 2. Click the Reboot tab. Figure 53 Rebooting the W-IAP 3. In the W-IAP list, select the W-IAP that you want to reboot and click Reboot selected Access Point.
Access Point Information (for each AP attached to the VC) AP type AP serial number The VC expects the available upgrade VC software version and the URL in return. This query normally happens once in a week. Automatic Firmware Image Check and Upgrade Automatic image check is enabled by default. If AirWave is configured, then the automatic image check is automatically disabled. You have to use the manual image check option.
Upgrade successful -When the upgrading is successful. Upgrade fail -When the upgrading fails. Manual Firmware Image Check and Upgrade To manually check for a new firmware image version, perform the following steps: 1. At the top right corner of the Instant UI, click the Maintenance link. 2. In the Maintenance box, click the Firmware tab. 3. In the Firmware tab, click the Check for New Version button. Figure 56 Manual Image Check The button is replaced with the Image Check in Progress message.
| Managing IAPs Dell PowerConnect W-Instant Access Point 5.0.3.0-1.1.0.
Chapter 7 NTP Server For successful and proper communication between various elements in a network, time synchronization between the elements and across the network is critical. Following are the uses of time synchronization: Trace and track security gaps, network usage, and troubleshoot network issues. Map event on one network element to a corresponding event on another. Maintain accurate time for billing services and similar.
| NTP Server Dell PowerConnect W-Instant Access Point 5.0.3.0-1.1.0.
Chapter 8 Virtual Controller Dell Instant does not require an external controller to regulate and manage the Wi-Fi network. Any IAP in the Dell Instant network dynamically takes up the role of a Virtual Controller (VC) without impacting the network. It coordinates, stores, and distributes all the settings required to provide a centralized functionality to regulate and manage the Wi-Fi network. The virtual controller also functions like any other AP with full RF scalability.
3. Enter the appropriate IP address in the IP address text box. 4. Click OK. Configuring the DHCP Server To configure the domain name, DNS server, and lease time for the DHCP server, perform the following steps: 1. At the top right corner of the Instant UI, click the Settings link. 2. In the Settings box, click the Basic tab. 3. Enter the domain name of the client in the Domain name text box. 4. Enter the IP addresses of the DNS servers seperated by comma(,). in the DNS server text box. 5.
Chapter 9 Authentication Authentication Methods in Dell Instant Authentication is a process of identifying a user by having them to provide a valid username and password. Clients can also be authenticated based on their MAC addresses. The following authentication methods are supported in Dell Instant: 802.1X Authentication Captive Portal MAC Authentication 802.1X Authentication 802.1X is a method for authenticating the identity of a user before providing network access to the user.
controller (the client certificate must be signed by a known CA) before the user name is checked on the authentication server. EAP-TTLS (MSCHAPv2) - The Extensible Authentication Protocol-Tunneled Transport Layer Security (EAP-TTLS) method uses server-side certificates to set up authentication between clients and servers. However, the actual authentication is performed using passwords. EAP-PEAP (MSCHAPv2) - Protected Extensible Authentication Protocol (PEAP) is an 802.
Figure 60 Configuring External RADIUS Server 4. Click Next and click Finish. Enabling Instant RADIUS To enable Instant RADIUS, perform the following steps: 1. At the upper right corner of the Instant UI, click the Settings link. 2. In the Settings box, click the Advanced tab. 3. Select Enabled from the Dynamic RADIUS Proxy drop-down list. Figure 61 Enabling Instant RADIUS 4. Click OK.
List of supported VSA’s Instant supports the following types of VSA’s: 72 | Authentication AP-Group AP-Name ARAP-Features ARAP-Security ARAP-Security-Data ARAP-Zone-Access Acct-Authentic Acct-Delay-Time Acct-Input-Gigawords Acct-Input-Octets Acct-Input-Packets Acct-Link-Count Acct-Multi-Session-Id Acct-Output-Gigawords Acct-Output-Octets Acct-Output-Packets Acct-Session-Id Acct-Session-Time Acct-Status-Type Acct-Terminate-Cause
DB-Entry-State Digest-Response Domain-Name EAP-Message Error-Cause Event-Timestamp Exec-Program Exec-Program-Wait Expiration Fall-Through Filter-Id Framed-AppleTalk-Link Framed-AppleTalk-Network Framed-AppleTalk-Zone Framed-Compression Framed-IP-Address Framed-IP-Netmask Framed-IPX-Network Framed-MTU Framed-Protocol Framed-Route Framed-Routing Full-Name Group Group-Name Hint Huntgroup-Name Idle-Tim
Prompt Rad-Authenticator Rad-Code Rad-Id Rad-Length Reply-Message Revoke-Text Server-Group Server-Name Service-Type Session-Timeout Simultaneous-Use State Strip-User-Name Suffix Termination-Action Termination-Menu Tunnel-Assignment-Id Tunnel-Client-Auth-Id Tunnel-Client-Endpoint Tunnel-Connection-Id Tunnel-Medium-Type Tunnel-Preference Tunnel-Private-Group-Id Tunnel-Server-Auth-Id Tunnel-Server-Endpoint
RADIUS server w/ fallback to internal - Specify the radius servers as well as a Username and Password. Figure 62 Management Authentication Settings 4. Click OK. Captive Portal Dell Instant network supports captive portal authentication method for a Guest network type. In this method, a web page is displayed to a guest user who tries to access the internet. The user has to authenticate or accept company's network usage policy in the web page.
b. Internal - Acknowledged Figure 63 Configuring Captive Portal when Adding A Guest Network The appearance of a splash page can be customized as required. For information on customizing a splash page, see “Customizing a Splash Page” on page 78. 4. Click Next and click Finish. Configuring Internal Captive Portal Authentication when Editing a Guest Network To configure internal captive portal authentication when editing a guest network, perform the following steps: 1.
Figure 64 Configuring Captive Portal when Editing a Guest Network The appearance of a splash page can be customized as required. For information on customizing a splash page, see “Customizing a Splash Page” on page 78. 4. Click Next and click Finish. Configuring Internal Captive Portal with External Radius Server Authentication when Adding a Guest Network To configure internal captive portal with external radius server authentication, perform the following steps: 1. In the Network tab, click the New link.
Figure 65 Configuring Internal Captive Portal with External Radius Server Authentication Customizing a Splash Page A splash page is a web page that is displayed to a guest user when they are trying to access the internet. The appearance of a splash page can be customized as required. To customize a splash page, perform the following steps: 1. In the Network tab, click the network for which you want to customize the splash page. The edit link for the network appears. 2. Click the edit link.
Figure 66 Customizing a Splash Page 4. Click Next and then click Finish. Disabling Captive Portal authentication To disable captive portal authentication, perform the following steps: 1. In the Network tab, click the network for which you want to disable captive portal authentication. The edit link for the network appears. 2. Click the edit link. The Edit box for the network appears. 3. Click Next and clear the Splash page check box in the Security tab.
External Captive Portal Dell Instant supports external captive portal authentication. The external portal can be in a cloud or on a server outside the enterprise network. Configuring External Captive Portal Authentication when Adding a Guest Network To configure external captive portal authentication when adding a guest network, perform the following steps: 1. In the Network tab, click the New link. The New Network box appears. 2. In the Basic Info tab, perform the following: 1.
2. Enter the URL for the splash page in the URL text box. 3. Enter the number of the port to be used for communicating with the external server in the Port text box. 4. In the Authentication text box, enter the unique signature that the external server will return in the response after a successful authentication. Figure 69 Configuring External Captive Portal Authentication when editing a Guest Network 4. Click Next and click Finish.
2. Click the Primary link and perform the following steps: 3. Enter the IP address of the external RADIUS server in the IP address text box. 4. Enter the authorization port number of the external RADIUS server in the Auth Port text box. The port number is set to 1812 by default. 5. Enter a shared key for communicating with the external RADIUS server in the Shared key text box. 6. Enter the virtual controller IP address in the NAS IP address text box.
Figure 71 Loading Certificates 3. Click the Browse button. Browse and select the appropriate certificate file, and click the Upload Certificate button. 4. Enter passphrase in the Passphrase text box and reconfirm. 5. Click Close. Dell PowerConnect W-Instant Access Point 5.0.3.0-1.1.0.
| Authentication Dell PowerConnect W-Instant Access Point 5.0.3.0-1.1.0.
Chapter 10 Role Derivation Every client in an Dell Instant network is associated with a user role, which determines the client’s network privileges, how often it must re-authenticate, and which bandwidth contracts are applicable. This chapter describes creating and assigning roles using the Instant UI. User Roles This section describes how to create a new user role. Figure 72 Access Tab - Instant User Role Settings Creating a New User Role To create a new user role, perform the following steps: 1.
Figure 73 Creating a New User Role 7. Click OK. The Allow any to all destinations access rule is enabled by default. This rule allows traffic to all destinations. To create new access rules, see “Example Access Rules” on page 93. 8. To delete a user role, select the user role and click the Delete button. Creating Role Assignment Rules To create role assignment rules for the user role, perform the following steps: 1. Click New button in the Role Assignment Rules table.
Figure 74 Creating Role Assignment Rules Dell PowerConnect W-Instant Access Point 5.0.3.0-1.1.0.
| Role Derivation Dell PowerConnect W-Instant Access Point 5.0.3.0-1.1.0.
Chapter 11 Guest DMZ A De-Militarized Zone (DMZ) is a sub-network created between an internal network and an external network, for example, the Internet. The DMZ adds an extra layer of security to the network of an enterprise or organization. You can specify or select whether you want to segregate the guests from accessing your internal network or the external network, that is, the Internet.
| Guest DMZ Dell PowerConnect W-Instant Access Point 5.0.3.0-1.1.0.
Chapter 12 Instant Firewall A firewall is a system designed to prevent unauthorized Internet users from accessing the private network connected to the Internet. It defines access rules and monitors all data entering or leaving the network and blocks the data that does not satisfy the specified security policies. Dell Instant implements the Instant Firewall feature that uses a simplified firewall policy language.
Table 10 Network Service Options (Continued) 92 | Instant Firewall Service Description dhcp Dynamic Host Configuration Protocol dns Domain Name Server esp Encapsulating Security Payload ftp File Transfer Protocol gre Generic Routing Encapsulation h323-tcp H.323-Transmission Control Protocol h323-udp H.
Table 10 Network Service Options (Continued) Service Description smb-tcp Server Message Block-Transmission Control Protocol smb-udp Server Message Block-User Datagram Protocol smtp Simple mail transfer protocol snmp Simple network management protocol snmp-trap Simple network management protocol-trap svp Software Validation Protocol tftp Trivial file transfer protocol Destination Options Table 11 lists the destination options available in the Instant UI.
4. Click Next. The Access tab appears. The Allow any to all destinations access rule is enabled by default. This rule allows traffic to all destinations. To define allow TCP service access rule to a particular network, perform the following steps: a. Click the New button. The New Rule box appears. b. Select Allow from the Action drop-down list. c. Select custom from the Service drop-down list. Select TCP from the Protocol drop-down list. Enter appropriate port number in the Port(s) text box. d.
2. Select Allow from the Action drop-down list. 3. Select pop3 from the Service drop-down list. 4. Select to a particular server from the Destination drop-down list and enter appropriate IP address in the IP text box. 5. Click OK. 5. Click Finish. Figure 77 Defining Rule - Allow POP3 Service to a Particular Server Deny FTP service except to a particular server 1. Click the New link in the Networks tab. To define the access rule to an existing network, click the network. The edit link appears.
Figure 78 Defining Rule - Deny FTP Service Except to a Particular Server Deny bootp service except to a particular network 1. Click the New link in the Networks tab. To define the access rule to an existing network, click the network. The edit link appears. Click the edit link and navigate to the Access tab. 2. In the Basic Info tab, enter the appropriate information. 3. Click Next and set appropriate security levels using the slider button in the Security tab. 4. Click Next. The Access tab appears.
Figure 79 Defining Rule - Deny bootp Service Except to a Particular Network Dell PowerConnect W-Instant Access Point 5.0.3.0-1.1.0.
| Instant Firewall Dell PowerConnect W-Instant Access Point 5.0.3.0-1.1.0.
Chapter 13 Content Filtering Dell Instant uses OpenDNS to implement the Content Filtering feature. OpenDNS is a Domain Name System (DNS) resolution service provider. It offers features such as misspelling correction, phishing protection, and integrated web content filtering. For more information on OpenDNS, refer http://www.opendns.com/.
| Content Filtering Dell PowerConnect W-Instant Access Point 5.0.3.0-1.1.0.
Chapter 14 OS Fingerprinting The OS Fingerprinting feature gathers information about the client that is connected to the Dell Instant network to find the operating system that the client is running on. The following is a list of advantages of this feature: Identifying rogue clients - Helps to identify clients that are running on forbidden operating systems. Identifying outdated operating systems - Helps to locate outdated and unexpected OS in the company network.
| OS Fingerprinting Dell PowerConnect W-Instant Access Point 5.0.3.0-1.1.0.
Chapter 15 Adaptive Radio Management Adaptive Radio Management (ARM) is a radio frequency management technology that optimizes WLAN performance even in the networks with highest traffic by dynamically and intelligently choosing the best 802.11 channel and transmitting power for each IAP in its current RF environment. ARM works with all standard clients, across all operating systems, while remaining in compliance with the IEEE 802.11 standards.
more channels than the 2.4 GHz band, and that the 5Ghz channels operate in 40MHz while the 2.5Ghz band operates in 20MHz. Air Time Fairness This feature provides equal access to all clients on the wireless medium, regardless of client type, capability, or operating system, thus delivering uniform performance to all clients. This feature prevents some clients from monopolizing resources at the expense of other clients.
Default: 127 dBm Monitoring the Network with ARM When ARM is enabled, an IAP dynamically scans all 802.11 channels within its 802.11 regulatory domain at regular intervals and provides reports for network (WLAN) coverage, interference, and intrusion detection, to a virtual controller. ARM Metrics ARM computes coverage and interference metrics for each valid channel and chooses the best performing channel and transmit power settings for each IAP RF environment.
| Adaptive Radio Management Dell PowerConnect W-Instant Access Point 5.0.3.0-1.1.0.
Chapter 16 Intrusion Detection System Intrusion Detection System (IDS) is a feature that monitors the network for the presence of unauthorized IAPs and clients. It also logs information about the unauthorized IAPs and clients, and generates reports based on the logged information.
Instant supports the following types of containment mechanisms: Wired & Wireless - An IAP or client is contained by disrupting its connection on the wired and wireless interfaces. Wired - An IAP or client is contained by disrupting its connection on the wired interface. Wireless - An IAP or client is contained by disrupting its association on the wireless interface. None - Disables all the containment mechanisms.
Chapter 17 SNMP Dell Instant supports versions 1, 2c, and 3 of Simple Network Management Protocol (SNMP) for reporting purposes only. In other words, SNMP cannot be used for setting values in an Dell system in the current IAP. SNMP Parameters for IAP You can configure the following parameters for IAP. Table 12 SNMP Parameters for IAP Field Description Community Strings for SNMPV1 and SNMPV2 Community strings used to authenticate requests for SNMP versions before version 3.
Figure 87 Creating Community Strings for SNMPV1 and SNMPV2 Follow the steps below to create, edit, and delete users for SNMPV3 1. In the Settings tab click the SNMP tab. 2. Click the New button in the Users for SNMPV3 box. 3. Enter the name of the user in the Name text box. 4. Select the type of authentication protocol from the Auth protocol drop-down list. 5. Enter the authentication password in the Password tex box and retype the password in the Retype tex box. 6.
Figure 88 Creating Users for SNMPV3 Dell PowerConnect W-Instant Access Point 5.0.3.0-1.1.0.
| SNMP Dell PowerConnect W-Instant Access Point 5.0.3.0-1.1.0.
Chapter 18 Airwave Integration and Management AirWave is a solution for managing rapidly changing wireless networks. The easy-to-use interface and user-centric approach lets you to easily solve any connectivity issues. It allows you to efficiently and remotely manage and monitor enterprise wireless LAN. It allows you to monitor and change wireless LAN settings, generate compliance reports, locate users and W-IAPs, and diagnose problems from any Internet connection.
Figure 89 Template Based Configuration Trending Reports AirWave saves up to two years of actionable information, including network performance data and user roaming patterns so you can analyze how network usage and performance trends have changed over time. It also provides the detailed capacity reports with which you can plan the capacity and plan right strategies for your organization. Intrusion Detection System AirWave provides advanced, rules-based rogue classification.
AMP User: "Org Admin" (assigned to the role "Org Admin") Folder: "Org" (under the Top folder in AMP) Configuration Group: "Org" Additional strings in the Organization String are used to create a hierarchy of subfolders under the folder named "Org": subfolder1 would be a folder under the "Org" folder subfolder2 would be a folder under subfolder1 The Shared Key The Shared Secret key is used by the administrator to manually authorize the first Virtual Controller for an organization.
| Airwave Integration and Management Dell PowerConnect W-Instant Access Point 5.0.3.0-1.1.0.
Chapter 19 Monitoring Monitor the Dell Instant network, IAPs, Wi-Fi networks, and clients in the network for various parameters using one or all of the following views: Virtual Controller View Network View Instant Access Point View Client View This chapter provides information about the parameters that can be monitored using these views. It also provides procedures to monitor these parameters. Virtual Controller View The Virtual Controller view is the default view.
RF Dashboard Usage Trends Info The Info section displays the following information about the Virtual Controller: Name - Virtual Controller name. Country Code - Country in which the Virtual Controller is operating. IP address - IP address of the Virtual Controller. Content filtering - Status of the Content Filtering feature: Enabled or Disabled. Organization - Name of the organization. AirWave IP - IP address of the AirWave server.
Figure 93 Throughput Graph For more information about the graphs in the virtual controller view and for monitoring procedures, see Table 13. Table 13 Virtual Controller View - Graphs and Monitoring Procedures Graph Name Description Monitoring Procedure Clients The Clients graph shows the number of clients associated with the virtual controller for the last 15 minutes. To see an enlarged view, click the graph.
Network View All Wi-Fi networks in the Dell Instant network are listed in the Networks tab. Click the network that you want to monitor. Network View for the selected network appears. Similar to the Virtual Controller view, the Network view also has three tabs: Networks, Access Points, and Clients.
Figure 95 Clients Graph Throughput Figure 96 Throughput Graph For more information about the graphs in the network view and for monitoring procedures, see Table 14. Table 14 Network View - Graphs and Monitoring Procedures Graph Name Description Monitoring Procedure Clients To check the number of clients associated with the network for the last 15 minutes, 1. Log in to the Instant UI. The Virtual Controller view appears. This is the default view. 2.
Table 14 Network View - Graphs and Monitoring Procedures (Continued) Graph Name Description Monitoring Procedure Throughput To check the throughput of the selected network for the last 15 minutes, 1. Log in to the Instant UI. The Virtual Controller view appears. This is the default view. 2. In the Networks tab, click the network for which you want to check the client association. The Network view appears. 3. Study the Throughput graph in the Usage Trends pane. For example, the graph on the left shows 22.
Info The Info section provides the following information about the selected IAP: Name - Name of the selected IAP. IP Address - IP address of the IAP. Clients - Number of clients associated with the IAP. Type - Model number of the IAP. CPU Utilization - CPU utilization in percentage. Memory Free - Memory availability of the IAP in Mega Bytes. RF Dashboard In the Instant Access Point view, the RF Dashboard section is moved below the Info section.
For more information about the graphs in the instant access point view and for monitoring procedures, see Table 15. Table 15 Instant Access Point View - RF Trends Graphs and Monitoring Procedures 124 | Monitoring Graph Name Description Monitoring Procedure Utilization The Utilization graph shows the radio utilization percentage of the access point for the last 15 minutes. To see an enlarged view, click the graph.
Usage Trends The Usage Trends section displays the following graphs for the selected network: Clients Graph Throughput Graph For more information about the usage trends graphs in the instant access point view and or monitoring procedures, see Table 16. Table 16 Instant Access Point View - Usage Trends and Monitoring Procedures Graph Name Description Monitoring Procedure Clients The Clients graph shows the number of clients associated with the selected IAP for the last 15 minutes.
Figure 99 Client View Info The Info section provides the following information about the selected IAP: Name - Name of the selected client. IP Address - IP address of the client. MAC Address - MAC Address of the client. OS - Operating System that is running on the client. Network - Network to which the client is connected to. Access Point - IAP to which the client is connected to. Channel - Channel that the client is using.
Figure 100 Signal Graph Frames Figure 101 Frames Graph Speed Figure 102 Speed Graph Throughput Dell PowerConnect W-Instant Access Point 5.0.3.0-1.1.0.
Figure 103 Throughput Graph For more information about RF trends graphs in the client view and for monitoring procedures, see Table 17. Table 17 Client View - RF Trends Graphs and Monitoring Procedures 128 | Monitoring Graph Name Description Monitoring Procedure Signal The Signal graph shows the signal strength of the client for the last 15 minutes. It is measured in decibels. To see an enlarged view, click the graph.
Table 17 Client View - RF Trends Graphs and Monitoring Procedures (Continued) Graph Name Description Monitoring Procedure Throughput The Throughput Graph shows the throughput for the selected client for the last 15 minutes. Outgoing traffic - Throughput for outgoing traffic is displayed in green. Outgoing traffic is shown above the median line. Incoming traffic - Throughput for incoming traffic is displayed in blue. Incoming traffic is shown below the median line.
| Monitoring Dell PowerConnect W-Instant Access Point 5.0.3.0-1.1.0.
Chapter 20 Alert Types and Management Alerts are generated when a user encounters problems while accessing or connecting to the Wi-Fi network. These alerts enable you to troubleshoot the problems. The alerts that are generated on Dell Instant can be categorized as follows: 802.11 related association and authentication failure alerts. 802.1X related mode and key mismatch, server, and client time-out failure alerts. IP address related failure - Static IP address or DHCP related alerts.
Table 18 Alerts List (Continued) Type Code Description Details Corrective Action 100309 RADIUS server authentication failure The IAP cannot authenticate this client using 802.1X because the RADIUS server rejected the authentication credentials (password, etc) provided by the client. Ascertain the correct authentication credentials and log in again.
Chapter 21 User Database In Dell Instant, the user database consists of a list of guest and employee users. Addition of a user involves specifying a username and password for the user. The login credentials for these users are provided outside the Dell Instant system. A guest user can be a visitor who will be temporarily using the enterprise network to access the internet. However, you would not want to share the internal network and the intranet with them.
Deleting a User To delete a user, perform the following steps: 1. At the top right corner of the Instant UI, click the Users link. The Users box appears. 2. In the Users section, select the username that you want to delete and click Delete. To delete all users or multiple users at a time, select the usernames that you want to delete, and click Delete All. NOTE: Deleting a user only removes the user record from the user database, and won't disconnect the online user under this username.
Chapter 22 Regulatory Domain The IEEE 802.11/b/g/n Wi-Fi networks operate in 2.4 GHz and IEEE 802.11a/n operate in 5.0 GHz spectrum. These spectrums are divided into channels. The 2.4 GHz spectrum is divided into 14 overlapping, staggered 20 MHz wireless carrier channels. These channels are spaced 5 MHz apart. The 5 GHz spectrum is divided into more channels. The channels that can be used in a particular country differ based on the regulations of that country.
Table 19 Country Codes List (Continued) Code Country Name DK Denmark CH Switzerland CZ Czech Republic ES Spain GB United Kingdom KR Republic of Korea (South Korea) CN China FR France HK Hong Kong SG Singapore TW Taiwan BR Brazil IL Israel SA Saudi Arabia LB Lebanon AE United Arab Emirates ZA South Africa AR Argentina AU Australia AT Austria BO Bolivia CL Chile GR Greece IS Iceland IN India IE Ireland KW Kuwait LI Liechtenstein LT Lithuania MX Mexi
Table 19 Country Codes List (Continued) Code Country Name SK Slovak Republic SI Slovenia TH Thailand UY Uruguay PA Panama RU Russia KW Kuwait LI Liechtenstein LT Lithuania MX Mexico MA Morocco NZ New Zealand PL Poland PR Puerto Rico SK Slovak Republic SI Slovenia TH Thailand UY Uruguay PA Panama RU Russia EG Egypt TT Trinidad and Tobago TR Turkey CR Costa Rica EC Ecuador HN Honduras KE Kenya UA Ukraine VN Vietnam BG Bulgaria CY Cyprus EE Eston
Table 19 Country Codes List (Continued) Code Country Name CS Serbia and Montenegro ID Indonesia PE Peru VE Venezuela JM Jamaica BH Bahrain OM Oman JO Jordan BM Bermuda CO Colombia DO Dominican Republic GT Guatemala PH Philippines LK Sri Lanka SV El Salvador TN Tunisia PK Islamic Republic of Pakistan QA Qatar DZ Algeria 138 | Regulatory Domain Dell PowerConnect W-Instant Access Point 5.0.3.0-1.1.0.
Appendix A Abbreviations The following table lists the abbreviations used in this user guide.
Table 20 Abbreviations (Continued) 140 | Abbreviation Expansion VC Virtual Controller VSA Vendor-Specific Attributes WLAN Wireless Local Area Network Dell PowerConnect W-Instant Access Point 5.0.3.0-1.1.0.