User Guide AirTight Management Console Version 7.
This page is intentionally left blank
END USER LICENSE AGREEMENT Please read the End User License Agreement before installing AirTight Management Console/AirTight Wi-Fi/AirTight WIPS. The End User License Agreement is available at the following location http://www.airtightnetworks.com/fileadmin/pdf/AirTight-EULA.pdf. Installing AirTight Management Console/AirTight Wi-Fi/AirTight WIPS constitutes your acceptance of the terms and conditions of the End User License Agreement.
Table of Contents About This Guide .......................................................................................................................................... 1 Intended Audience..................................................................................................................................... 1 Product and Documentation Updates ....................................................................................................... 1 Contact Information .......................
AirTight Management Console User Guide Activate Event Generation for Location ............................................................................................... 88 Configure Email Recipients ................................................................................................................. 89 Configure Device - Server Communication Settings ............................................................................... 89 Use Key for Device - Server Communication ................
Table of Contents Restore Auto Location Tagging Defaults ........................................................................................... 105 Copy Auto Location Tagging Settings to Another Server .................................................................. 106 Set up and Manage Server Cluster ....................................................................................................... 107 Benefits of Server Cluster .................................................................
AirTight Management Console User Guide Configure Integration with HP MSM Controller.................................................................................. 145 Manage Integration with Cisco WLC ................................................................................................. 148 Manage Integration with Meru ........................................................................................................... 151 Manage AirTight Mobile Clients .................................
Table of Contents Change Location................................................................................................................................ 174 Print AirTight Device Information for Location ................................................................................... 174 Reboot Device ................................................................................................................................... 175 Troubleshoot Device ........................................
AirTight Management Console User Guide Spectrogram .......................................................................................................................................... 196 Monitor Access Points (APs) ................................................................................................................. 196 View AP Properties ............................................................................................................................
Table of Contents Delete Layout ........................................................................................................................................ 220 Show / Hide Location List ...................................................................................................................... 220 Show/Hide Devices on Location Layout................................................................................................ 220 Place Devices/Locations on Location Layout..........
AirTight Management Console User Guide View Participating Devices and Quarantine Status ........................................................................... 234 Locate Participating Device ............................................................................................................... 235 View Administration Action Logs for Event ........................................................................................ 236 Acknowledge Event ..............................................
About This Guide The AirTight Management Console User Guide explains how to configure and manage the AirTight Management Console . Important! Please read the EULA before installing AirTight WIPS or AirTight Wi-Fi. Installing AirTight WIPS or AirTight Wi-Fi constitutes your acceptance of the terms and conditions of the EULA mentioned above in this document. Intended Audience This guide is intended for anyone who wants to configure and use AirTight WIPS or AirTight Wi-Fi or use AirTight Cloud Services.
Introduction AirTight Management Console is a HTML 5 based user interface using which you can configure and monitor AirTight WIPS and/or AirTight Wi-Fi server to access the AirTight Cloud Services. HTML 5 makes AirTight Management Console compatible with most browsers and operating systems. AirTight Management Console is intuitive and easy to use. It can be configured with ease to suit your WIPS and/or Wi-Fi needs.
AirTight Management Console User Guide HTML5 makes AirTight Management Console compatible with most browsers and operating systems. It can be operated using tablets and other smart devices as well. The interface is intuitive and can be used and configured without much effort. Fully user-customizable dashboards and screens The dashboard offers you the flexibility to choose from a good number of graphs displaying access point, client, network, and WIPS statistics. Graphs are seen in widgets.
Introduction Rich Visualization of Heat maps You can view radio frequency heat maps in various views. The AP coverage view is useful to find out the available signal strength at each point. The sensor coverage view enables you to view the detection and prevention zones of visibility for selected sensors. The color-coding scheme used enhances the readability of the heat maps.
AirTight Management Console Configuration AirTight Management Console needs to be configured appropriately for use, before it can start monitoring and/or protecting the network. Click Configuration to view the various options to configure in AirTight Management Console. The Configuration page displays various categories - Device Configuration, WIPS, User Accounts, Events and System Settings, AirTight Mobile, ESM Integration.
AirTight Management Console User Guide Select the appropriate SSID encoding commonly used in your region, in order to correctly see the local language SSIDs in the system. The default value for SSID encoding is UTF-8. To select a different SSID encoding, do the following. 1. Go to Configuration>System Settings>Language Setting. 2. Under SSID Encoding, select the required SSID encoding. 3. Click Save to save the new SSID encoding.
AirTight Management Console Configuration 4. Click Save to save the new time zone. The changed time zone is applied recursively to all the child location folders. Set Location Tag A location tag is the location identifier that could be appended to the circuit ID when DHCP Option 82 is enabled for an SSID profile configured for this location. If '%l 'is used in the circuit ID, the AP replaces it with the location tag. To set the location tag for a location, do the following. 1.
AirTight Management Console User Guide View devices Add, delete, and modify devices (APs, Clients, Sensors) View locations Add, delete, and modify locations Calibrate location tracking Reports Add, delete, modify Shared Report Yes Yes Yes Yes Yes Yes Yes No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No No Yes (all) Yes (only self created) No Generate Shared Report Schedule Shared Report Add, delete, modify, generate, schedule My Report Yes Yes Yes (only self created) Yes Yes Yes (only self creat
AirTight Management Console Configuration Time Zone Language Preference Multi lingual 4. Interface (UI) session should be timed out. Two options are available. Select Never Expires, if you don't want the session to time out. Select Expires After and specify the time in minutes (between 10 and 120 minutes) after which the session should time out. Specifies the time zone in which the user operates. Specifies the language in which the user wants to view the UI text. The default value is English.
AirTight Management Console User Guide Delete User To delete a user, do the following. 1. 2. 3. 4. Go to Configuration>User Accounts>Users. Select the location for which you want to delete the user. The user list appears. Click the Delete hyperlink for the user to delete. A message to confirm delete appears. Click Yes to confirm deletion of user. Configure Password Policy The Password Policy determines the minimum requirements for system passwords.
AirTight Management Console Configuration 4. 5. Select the server to which the password policy is to be copied. Click OK to copy the password policy, Configure Account Suspension Setting Account suspension protects the system from spurious logins through dictionary attacks. Define the account suspension policy using the Configuration>User Accounts>Account Suspension option. There are four roles available in the system- super user, administrator, viewer and operator.
AirTight Management Console User Guide Account Suspension Settings This policy is applicable on the root location only. Copy Account Suspension Settings to Another Server You can copy the account suspension settings from one server to another server when both servers are part of the same server cluster. You can copy account suspension settings from child server to child server, parent server to child server, or child server to parent server.
AirTight Management Console Configuration You can specify the number of concurrent console logins that a user can have, along with the welcome message that the user would see on logging on to AirTight Management Console. The user can have up to 5 concurrent console logins. You must have administrator privileges to configure login parameters. You can copy the login configuration from one server to another server when both servers are part of the same server cluster.
AirTight Management Console User Guide User Authentication Configure LDAP Server Parameters AirTight Management Console enables you to configure an LDAP server for user authentication. After an LDAP server is configured, users or groups defined in the LDAP server can login to AirTight Management Console. In LDAP configuration, you can configure the following details.
AirTight Management Console Configuration Field Base Distinguished Name Filter String User ID Attribute 6. Description The base distinguished name of the directory to which you want to connect, for example, o=democorp, c=au. Distinguished Name is a unique identifier of an entry in the Directory Information Tree (DIT). The name is the concatenation of Relative Distinguished Names (RDNs) from the top of the DIT down to the entry in question. This is a mandatory argument.
AirTight Management Console User Guide x 7. Click Test Settings to test the authentication options. 8. Configure the default role and locations for new LDAP users. They are described in the following table. Field User Role Attribute User Role User Location Attribute Locations 9. Description The user role attribute string that the system uses to identify a user’s role, as defined in the LDAP schema. The default role for the new LDAP users.
AirTight Management Console Configuration Select the Enable RADIUS Authentication check box to activate RADIUS authentication of users. You can configure the Authentication,Accounting , and Advanced Settings after selecting this check box. Click the respective option to view and edit the fields for the individual sections. Configure Authentication Parameters Configure access parameters for the RADIUS Authentication server using the Authentication section.
AirTight Management Console User Guide 2. 3. Click Restore Defaults. Click Save to save the changes. Copy RADIUS Configuration to Another Server You can copy the RADIUS configuration from one server to another server when both servers are part of the same server cluster. You can copy RADIUS configuration from child server to child server, parent server to child server, or child server to parent server. You must be a superuser or an administrator to copy policies from one server to another.
AirTight Management Console Configuration The required authentication option can be activated based on the various combinations of the Enable certificate based authentication box, Allow access without certificate box, and Users must provide password along with certificate box. The following table describes the activation of the authentication options based on the check boxes selected by the user.
AirTight Management Console User Guide Wireless Intrusion Prevention System A Wi-Fi network is easy to set up by way of access points. Small plug-and-play devices can act as access points. Smart phones and tablets that are now widely used, are also Wi-Fi enabled. They can act as mobile hotspots. Wireless clients can connect to any such access points and easily access a network that is not adequately protected against such wireless threats. Thus, a network can become vulnerable to wireless attacks.
AirTight Management Console Configuration Manage Authorized WLAN Policy Specify the Authorized WLAN policy templates for the selected location in the location hierarchy using Configuration>WIPS>Authorized WLAN Policy. Authorized WLAN policy for a location includes a set of one or more policy templates that define the properties of one or more authorized wireless networks.
AirTight Management Console User Guide The authorized policy templates created at other locations can be applied to a selected location but cannot be edited or deleted. The edit and delete operations are possible only at the location where the template is created. A child location automatically inherits the authorized WLAN policy from its parent. You can customize the WLAN policy for a child location. You can also switch back to an inherited policy in case you have created a customized policy.
AirTight Management Console Configuration section altogether in case of commercial or business district environments. Either of the following two mechanisms must be switched on to classify the APs. a) Enter the threshold RSSI value to use for preclassification of APs with signal strength stronger than this value as rogue or unauthorized APs.
AirTight Management Console User Guide Configure Client Auto-classification Policy The client auto-classification policy determines how clients are classified upon initial discovery and subsequent associations with APs. Client auto classification Define how the system should automatically classify the detected wireless clients at the selected location based on their initial discovery and subsequent AP associations. This policy is automatically inherited by child locations of the selected location.
AirTight Management Console Configuration All Guest Clients running AirTight Mobile are classified as Authorized Clients connecting to Authorized APs All External Clients that connect to an Authorized AP are re-classified as Authorized All Uncategorized Clients that connect to an Authorized AP are reclassified as Authorized All Guest Clients that connect to an Authorized AP are reclassified as Authorized You can select the following exceptions.
AirTight Management Console User Guide Classification for Clients connecting to Guest APs 28 Clients connecting to External APs All Uncategorized Clients that connect to an External AP are reclassified as External All Uncategorized Clients that connect to a Potentially External AP are classified as External All Guest Clients that connect to an External AP are re-classified as External All Guest Clients that connect to a Potentially External AP are re-classified as External
AirTight Management Console Configuration Classification of Clients connecting to External APs Clients connecting to Rogue APs All Clients other than Authorized Clients that connect to a Rogue AP are (re)classified as Rogue All Clients other than Authorized Clients that connect to a Potentially Rogue AP are classified as Rogue Classsification of Clients connecting to Rogue APs 29
AirTight Management Console User Guide Bridging to the Corporate Network Classify any non-authorized Client as Rogue if it is detected as bridging Wi-Fi to the corporate network RSSI Based Classification You can enable RSSI based client classification for uncategorized clients and/or external clients and configure RSSI based classification for them. Specify a RSSI threshold and the category for such clients.
AirTight Management Console Configuration Prevention Level enables you to specify a trade-off between the desired level of prevention and the desired number of multiple simultaneous preventions across radio channels. The greater the number of channels across which simultaneous prevention is desired, the lesser is the effectiveness of prevention in inhibiting unwanted communication. Scanning for new devices continues regardless of the chosen prevention level.
AirTight Management Console User Guide Wireless Threats Following is a diagrammatic representation of the various wireless threats. Wireless Threats Non-authorized Associations: Non-authorized and Banned Clients that connect to Authorized APs; an attacker can gain access to your network through Authorized APs if the security mechanisms are weak. Non-authorized or Uncategorized Client connections to an Authorized AP using a Guest SSID are not treated as unauthorized associations.
AirTight Management Console Configuration Activate intrusion prevention for a location using the Configuration>WIPS>Intrusion Prevention Activation option. The following figure explains intrusion prevention activation. Intrusion Prevention Activation The intrusion prevention policy is a location specific policy - it cannot be inherited from the parent location. Authorized APs should be in the Authorized folder before activating intrusion prevention.
AirTight Management Console User Guide Importing an authorized AP List and an authorized or unauthorized client list is an efficient alternative to manual movement of these devices into the authorized / unauthorized bins. After successfully importing these lists, the system automatically classifies the APs and Clients in the respective lists as authorized or unauthorized. This is a location specific property and cannot be inherited from the parent location folder.
AirTight Management Console Configuration clients. Click Import Rogue Client List to import the lists of rogue clients. Click Import Sensor List to import the list of sensors. The file has to be a text file or a csv file. Refer to the subsequent sections for the text and csv file formats for the AP, client and sensor lists. Once imported successfully, the devices are seen under their respective tabs on the Devices page.
AirTight Management Console User Guide You can either enter individual client MAC addresses or to import a list of banned clients to the database. To add an individual client MAC address, do the following. Go to Configuration>WIPS>Banned Device List. Click to expand Banned Client List. Click Add MAC Address. The Add to Banned List dialog box appears. Click Add Device link to add a MAC address manually. Enter the MAC address to add. You can add one or more banned client MAC addresses in this manner. 6.
AirTight Management Console Configuration If you consider an SSID to be vulnerable to hackers, you can open the Hotspot SSIDs screen and enter the SSID under SSID (ASCII character string). Add Hotspot SSIDs The system lists commonly known SSIDs by default. To enter a blank SSID: that is, with no string, click without entering any text. The list shows the SSID as NULL. To add a hotpsot SSID, do the following. 1. Go to Configuration>WIPS>Advanced Settings>Hotspot SSID. 2. Click Add New Hotspot SSID.
AirTight Management Console User Guide 4. 5. Select the server to which the list of hotspot SSIDs is to be copied. Click OK to copy the list of hotspot SSIDs. Manage Vulnerable SSIDs Configure and manage a list of vulnerable SSIDs using the Configuration>WIPS>Advanced Settings>Vulnerable SSIDs option. APs have well known default SSIDs and many users may not change these SSIDs when deploying the APs. Therefore it is highly likely that APs using default SSIDs are present in the enterprise neighborhood.
AirTight Management Console Configuration 3. Click Yes. The default vulnerable SSID list is restored. Copy Vulnerable SSID List to Another Server You can copy the list of vulnerable SSIDs from one server to another server when both servers are part of the same server cluster. You can copy a list of vulnerable SSIDs from child server to child server, parent server to child server, or child server to parent server. You must be a superuser or an administrator to copy policies from one server to another.
AirTight Management Console User Guide parent server to child server, or child server to parent server. You must be a superuser or an administrator to copy policies from one server to another. To copy a list of smart device types, do the following. 1. 2. 3. 4. 5. 40 Go to Configuration>WIPS>Advanced Settings>Smart Device Type on the parent server. Click Copy Policy. The Copy Policies dialog box appears. Select the server from which the list of smart device types is to be copied.
AirTight Management Console Configuration Manage WiFi Access Wi-Fi profiles are used to define the Wi-Fi configuration of an AirTight Device in access point (AP) mode. Wi-Fi Profiles are applied onto a radio of a device. The radio and the device must support access point configuration. Wi-Fi Profiles can be created on any location. Wi-Fi profile is a Wi-Fi network profile. The profile is a set of configuration parameters related to a wireless or Wi-Fi network.
AirTight Management Console User Guide Each Wi-Fi profile has a set of WLAN settings. Configure the WLAN settings for an AP in the WLAN tab. You can configure the following settings for a Wi-Fi profile. Security Settings: Security settings specify the type of security used by the AP to authenticate wireless clients. For details on configuring security settings, refer to the Security Settings section.
AirTight Management Console Configuration Data transfer from client device in bytes Data transfer to client device in bytes Data rate in Kbps Smart device type Local Time Zone The following information is present for each internet domain as content analytics information. Domain name Data transferred to the domain (in bytes) Data received from the domain (in bytes) To add a Wi-Fi profile, do the following. 1. Go to Configuration>Device Configuration>SSID Profiles. 2.
AirTight Management Console User Guide 5. 6. Make the required changes to this profile. Click Save As. A Wi-Fi profile is created with the new name. Edit Wi-Fi Profile The Wi-Fi profile can be edited only at the location where it has been created. To edit a Wi-Fi profile, do the following 1. Go to Configuration>Device Configuration>SSID Profiles. 2. Select the location for which the Wi-Fi profile has been created. 3. Click the Wi-Fi profile name hyperlink to edit. 4. Make the required changes. 5.
AirTight Management Console Configuration x x WPA2: WPA2 is the latest and more robust security protocol. It fully implements the IEEE 802.11i standard. WPA and WPA2 mixed mode: This stands for a mix of the WPA and WPA2 protocols. PSK or Personal Shared key is generally used for small office networks. In case of bigger enterprise networks, RADIUS authentication is used. Large enterprises, sometimes, use RADIUS attributes to propagate network policies across multiple points of access.
AirTight Management Console User Guide The following image illustrates security settings. The following table explains the fields present on the Add/Edit Wi-Fi profile and in the Security Settings. Click Security Settings to view fields under Security Settings. Field Profile Name Description This field specifies the name of the profile. SSID This field specifies the SSID of the wireless profile. This is a mandatory field.
AirTight Management Console Configuration Limit number of associations Security Mode This field specifies the maximum number of clients that can associate with the AP. You can select the check box and then specify the number of clients. This specifies the security mode applied to the virtual AP. The possible values are Open, WEP, WPA, WPA2, WPA and WPA2 mixed mode. Fields related to security mode WEP Authentication Type Select Open if the type of authentication is open.
AirTight Management Console User Guide Opportunistic Key Caching Select the check box to enable client fast handoffs using opportunistic key caching method. Note that the key caching works within the same subnet only and not across subnets. Pre-authentication Select the Pre-Authentication check box to enable client fast handoffs using the Pre-Authentication method. NAS ID Enable dynamic VLANs This field is used when a network access server (NAS) serves as a single point to access network resources.
AirTight Management Console Configuration Enable RADIUS Accounting Select this check box to enable RADIUS Accounting. The other fields on the Accounting tab are enabled on selecting this check box. Define the primary RADIUS Server, and optionally secondary RADIUS Accounting server in the Accounting tab. Fields in the Accounting Tab- Primary Accounting Server area Server IP Enter the IP Address of the primary accounting server here.
AirTight Management Console User Guide A bridged network is used when the AP and the clients associating with the AP can be in the same subnet. Similarly, network Address Translation (NAT) must be used when you want to have the clients in a separate subnet and the AP is in a separate subnet. With NAT, the clients can have a private IP address pool and it is easier to add more clients to the network as they do not require a public IP address.
AirTight Management Console Configuration Tunnel IP Address be able to define the GRE related parameters present on this page. IP address of the GRE tunnel interface on the access point. This IP address should not conflict with any other network setting in the access point. Remote Endpoint IP Address IP address of the remote endpoint of the GRE tunnel. Key Key in the GRE header. If configured, key should be same at both ends of the tunnel. Key is not mandatory to be configured in GRE tunnel.
AirTight Management Console User Guide IP Address Key in the GRE header. If configured, key should be same at both ends of the tunnel. Key is not mandatory to be configured in GRE tunnel. Exempted List of comma separated network and/or IP addresses that are Host/Network List exempted from using the GRE tunnel. Key 4. In case you do not want to use GRE, disable the GRE check box. Click Save to save the changes to the network settings.
AirTight Management Console Configuration Select the DHCP Option 82 check box. Enter the Circuit ID. You can use special formats %s, %m and %l. % s is replaced by AP with the SSID. %m is replaced by AP with the AP MAC address. %l is replaced by AP with the location tag configured for the location to which the AP is assigned. The location tag can be configured from Configuration>System Settings>Location Specific Attributes. 4. Click Save to save the changes. 2. 3.
AirTight Management Console User Guide 4. Click Save to save the changes. The figure below shows the remote bridging enabled and wireless traffic being diverted to a network interface profile by the name ‘remote_us_nw’. To disable remote bridging, do the following. 1. Under Network Settings for a Wi-Fi profile, deselect the Remote Bridging check box. 2. Click Save to save the changes.
AirTight Management Console Configuration (a) Wi-Fi user connects to the guest SSID and opens a URL from any web browser using the HTTP protocol. (b) AirTight AP intercepts this request and throws a portal page hosted on AP to guest user. (c) Guest user will accept terms and condition and submits on portal page. (d) AP will open gate for the client and client will be redirected to redirect URL (if any) or original requested URL.
AirTight Management Console User Guide 3. External Splash Page with RADIUS Authentication: The guest user is redirected to a portal hosted on an external server. The guest user is authenticated by a RADIUS server, when he logs in to the external portal.
AirTight Management Console Configuration Set up Walled Garden A walled garden is a method to provide restricted access to the Internet. Walled garden destination(s) can be accessed at the specified port numbers without displaying the splash page. Domain (e.g. domain.com) also covers its subdomains (e.g. subdomain.domain.com). Configure a list of exempted domains, subdomains, IP address ranges and port numbers. (E.g. 192.168.1.0/24) .
AirTight Management Console User Guide To configure captive portal settings, do the following. 1. Select the Enable Captive Portal check box to display a portal page to be shown to the client on using the guest network. 2. Select the mode of access to the Internet through the captive portal. Do one of the following: (a) Select the AP Hosted Splash Page with click through option. You must create a .zip file of the portal page along with any other files like images, style sheets etc and upload this file.
AirTight Management Console Configuration To restore the portal bundle to factory default file, click Restore Default. (b) Select the External Splash Page for Sign-in/Click-through option. Specify Splash Page URL, using which wireless user will be redirected to external portal. This portal will prompt wireless user to enter username and password. You must select the check box for the shared secret, if applicable, and specify the shared secret for SSID-external portal communication.
AirTight Management Console User Guide Field Description Accounting interval, in minutes. Minimum interval can be 1 minute, Interval and maximum interval can be 60 minutes. Primary accounting server details Server IP IP address of primary accounting server Port number of primary accounting server listens for client Port Number requests. Shared Secret Shared secret between the AP and primary accounting server. Secondary accounting server details Server IP IP address of secondary accounting server.
AirTight Management Console Configuration This parameter can be used by the external portal to implement SSID profile specific functionality. For example, each SSID can have a separate portal page. 10. Click Save to save the settings. Configure External Portal Parameters You must configure the external portal parameters if you want to redirect users to a portal page hosted on an external server. All request and response attributes that are marked with an asterisk are mandatory.
AirTight Management Console User Guide User name field name for user name. Password field name for password. Note: The individual field names used by the AP should match the corresponding field names used by the external server hosting the portal. The AP and the external server may not be able to communicate if the name of the same parameter is different on either side. The fields in External Portal Parameters facilitate the field name change on the AirTight Wi-Fi / AirTight WIPS side.
AirTight Management Console Configuration Click Open to upload the portal bundle. To restore the portal bundle to factory default file, click Restore Default. (b) Select the External Splash Page for Sign-in/Click-through option. Specify Splash Page URL, using which wireless user will be redirected to external portal. This portal will prompt wireless user to enter username and password.
AirTight Management Console User Guide Secondary authentication server details Server IP IP address of secondary authentication server. port number of secondary authentication server listens for client Port Number requests. shared secret between the AP and secondary authentication Shared Secret server. If you want RADIUS accounting to be enabled, select the accounting check box and specify the accounting details, using which AP will actually authenticate wireless user.
AirTight Management Console Configuration Specify Blackout Time, in minutes. This is the time for which a user is not allowed to login after his previous successful session was timed out. For example, if the session time-out is 1 hour and the blackout time is 30 mins, a user will be timed out one hour after a successful login. Now after this point, the user will not be able to login again for 30 minutes. At the end of 30 minutes, the user can login again. 8. Specify the Redirect URL.
AirTight Management Console User Guide Port Action Protocol Protocol No. Direction here. For example, 192.168.8.173, www.facebook.com,192.168.121.0/24. port number. You can provide a comma-separated list of port numbers or port ranges here. For example, 20-22, 80, 443. if you want to block the traffic to or from the host option, select block. if you want to allow traffic to or from the host, select allow. network protocol. The following options are available.
AirTight Management Console Configuration 1. 2. 3. 4. Click the rule to move. Hold the mouse down and drag the rule to the desired position, for instance between 2 other rules. Release the mouse. The rule is placed at the new position. Click Save to save the rule reordering. Edit Firewall Rule Do the following to add a firewall rule. 1. 2. Click the radio button for the rule to edit. Edit the rule details as specified in the following table. Field Rule Name Host Port Action Protocol Protocol No.
AirTight Management Console User Guide 3. Click Save to save changes to the set of firewall rules. Traffic Shaping & QoS Effective utilization of network bandwidth can be achieved in various ways. Some of the ways in which you can do this is by setting an upload and download limit for the network, restricting the number of client association, band steering and defining QoS parameters.
AirTight Management Console Configuration Large enterprises, sometimes, use RADIUS attributes to propagate network policies across multiple points of access. Users are divided into groups, and policies are applied to each group to effectively control access to network resources. Each user group is assigned an upload bandwidth and a download bandwidth, based on the need of that user group.
AirTight Management Console User Guide AirTight Per User Upload Limit 6 Limit Clients associating with the AP You can limit the number of clients associating with the AP to restrict the network bandwidth. To limit the number of clients associating with the AP, do the following. Select the Limit number of associations check box if you want to specify the maximum number of clients that can associate with the AP. 2.
AirTight Management Console Configuration TOS value or 802.1p access category. The only exception will be DSCP value 46 which will be mapped to WMM access category 'Voice'. 5. Select the Upstream marking option as per the requirement. The incoming wireless access category is mapped to a priority subject to a maximum of the selected SSID priority and set in the 802.1p header and the IP header as selected. 6. Click Save to save the changes. Refer to the following table for downstream mapping. 802.
AirTight Management Console User Guide BYOD - Device Onboarding To configure BYOD device onboarding, do the following. Select the Enable Device Onboarding check box to enable BYOD device onboarding. Select Smartphones/Tablets Only if you want this technique to be enabled for unapproved smart clients only, and not for other wireless clients (like laptops etc.). Alternatively,select All Clients if you want to enable this technique for all types of unapproved wireless clients. 3.
AirTight Management Console Configuration The Hotspot 2.0 settings for an AirTight AP are divided into general settings, roaming consortium list, venue settings, domain name list, 3GPP Cellular network info list, NAI realm list, WAN metrics, Operator Friendly Name List, connection capability. General Settings The General Settings refer to the network configuration. It includes the network access type, network authentication type element, IP address type etc.
AirTight Management Console User Guide Venue Settings The Venue Settings specify the configuration of the venue details where the AP is to be deployed. You can configure zero or more venues. The venue settings consist of venue groups and venue types. The venue group is selected from a predefined list of values. The venue type is dependent on the venue group and the list of values for the venue type is populated based on the venue type selected.
AirTight Management Console Configuration Under connection capability, you can specify the protocols supported by the network connection and the corresponding port numbers and whether the port is open or closed. These settings signify the capabilities of the wired network that the AP is connected to. They provide information on the connection status of the most commonly used communication protocols and ports within the hotspot. Configure Hotspot 2.0 Settings To configure Hotspot 2.
AirTight Management Console User Guide Field Description options available for Venue type are unspecified Educational; School, Primary; School, Secondary; and University or College Venue Name of the venue. Maximum length is 252 bytes. Up to 32 venue names Name can be added. Language The language code in which the service is to be provided. Refer to the ISO Code 639.2 standard for the language codes. 5. 6. 7. 8. 9. Enter domain name of the Hotspot 2.0 operator. Click Add to add it.
AirTight Management Console Configuration 12. Click Save. The Wi-Fi profile with the Hotspot 2.0 settings is saved. The following image is an example of the Hotspot 2.0 configuration. It describes a Hotspot 2.0 AP that is a part of a free public educational network at the Aalto University. It is accessible on acceptance of certain terms and conditions. It provides Internet access and the mobile device is redirected to the URL www.example.com/index.
AirTight Management Console User Guide 78
AirTight Management Console Configuration Manage Network Interface Profiles A network interface profile represents the tunnel through which network traffic from the configured SSIDs can be routed to a remote endpoint. The remote endpoint then reroutes this traffic to their respective path or destination. A network interface profile is used to configure Ethernet over GRE (EoGRE) settings.
AirTight Management Console User Guide Field Description Remote The IP address of the primary remote server or endpoint. It can be left Endpoint(IP blank, if you want to use NTP server IP (from DHCP option 42) as the Address) remote endpoint. Local The VLAN ID through which AP will form tunnel to the remote endpoint. . Endpoint A value between 0 and 4094 should be entered here. Remote Endpoint VLAN must be reachable through this VLAN.
AirTight Management Console Configuration Field Description The IP address of the primary remote server or endpoint. It can Remote Endpoint(IP be left blank, if you want to use NTP server IP (from DHCP Address) option 42) as the remote endpoint. The VLAN ID through which AP will form tunnel to the remote Local Endpoint VLAN endpoint. A value between 0 and 4094 should be entered here. Remote Endpoint must be reachable through this vlanVLAN.
AirTight Management Console User Guide Print Network Interface Profile You can print all the information seen for all network interface profiles. You can choose the columns to be viewed on the UI by selecting them. To print the network interface profiles' list for a location, do the following. 1. Go to Configuration>Device Configuration>Network Interfaces. 2. Select the location for which you want to print the network interface profiles' list. 3. Select the columns that you want in the printed list.
AirTight Management Console Configuration Wireless mesh networks are used indoors or outdoors where laying a wired network may not be a costeffective option. They can be used in specific areas where there is a need to be connected to the network while moving around in the specified area. They can be used in stadiums, schools, military establishments etc.
AirTight Management Console User Guide 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. Go to Configuration>Device Configuration>SSID Profiles>Mesh Profiles. Configure a mesh profile. Refer to the Add Mesh Profile given below for adding a mesh profiles. Go to Configuration>Device Configuration>Device Template. Define a device template for the AirTight device models that are to function as mesh APs. Refer to Manage Device Templates for details. Remember to enable the device-specific configuration for this device template.
AirTight Management Console Configuration Edit Mesh Profile To edit a mesh profile, do the following. 1. Go to Configuration>Device Configuration>SSID Profiles>Mesh Profiles. 2. Select the location of the mesh profile to be edited, from the location tree. A list of mesh profiles available at the location is seen in Mesh Profiles. 3. Click the name of the mesh profile to edit. 4. Edit the mesh profile parameters. Field Description Profile Name Name of the mesh profile. SSID of the mesh profile.
AirTight Management Console User Guide Min RSSI 5. parent node can have in the mesh tree topology. You can enter a value between 0 and 5. Minimum RSSI for an AP to connect to another AP in the mesh. An AP requesting to connect to another AP should have the specified RSSI to be able to connect to the other AP. You can enter a value between -100 and 0 dbm. Click Save to save the changes to the mesh profile.
AirTight Management Console Configuration Configure Event Notification The occurrence of certain events needs to be notified to external entities like Syslog, SNMP, Arcsight and OPSEC. This configuration is done using the Configuration->Events->Configuration option. Different types of events occur when the WLAN is functional. These are classified as security, performance and system events by AirTight Management Console. Each of these types is listed in the respective tab on the Configuration page.
AirTight Management Console User Guide Note: The event 'Client RF Signature Anomaly Detected' that is visible under Security>MAC Spoofing option is available in specific deployments only. Activate Event Generation for Location Activate event generation for the selected location using the Configuration>Events>Event Activation option. Activation Switch defines the high level administrative settings for the selected location. It takes precedence over any conflicting policies.
AirTight Management Console Configuration Configure Email Recipients Specify the e-mail addresses of the users that need to be notified on occurrence of certain events at the selected location. The events for which e-mail is to be sent are configured under Configuration->Events>Email Recipients. You can use the e-mail addresses available in the system or add an e-mail address that is not available in the system. Separate all the e-mail addresses using a comma or a space, or press Tab or Enter.
AirTight Management Console User Guide Manage Policy Templates Policy templates form a part of the authorized WLAN policy for a location. A policy template comprises properties of the authorized SSIDs or networks. It is a collection of different network related settings such as wireless network protocols, encryption protocol used, allowed network SSIDs, security settings, authentication type used, allowed networks, and so on.
AirTight Management Console Configuration Higher layer authentication types that clients can use while connecting to the SSID. Authentication types do not determine the classification of APs, but are used to raise an event if a client uses non-allowed authentication Authentication type. The system raises this event only if the system sees authentication Type protocol handshake frames. 'Any' is the default value.
AirTight Management Console User Guide Protocol 4. select one or more protocols from 802.11a, 802.11b, and 802.11b/g after deselecting 'Any'. Security protocol for the SSID. 'Any' is the default value. You can select Security one or more protocols from 802.11i, Open, WPA, WEP after deselecting Settings 'Any'. Encryption Encryption protocol for the SSID. This field is enabled only when the Protocol security protocol for the SSID is WPA or 802.11i. Authentication Authentication protocols for the SSID.
AirTight Management Console Configuration 5. The policy templates containing the search string as the SSID or policy template name are displayed in the policy template. The search utility also returns the policy templates having the search string as a substring in the SSID or policy template name. Copy Policy Template to Another Location To copy an authorized WLAN policy created at a location to another location, do the following. 1. Select the location at which the policy to be copied exists. 2.
AirTight Management Console User Guide Manage Authorized WLAN Policy Specify the Authorized WLAN policy templates for the selected location in the location hierarchy using Configuration>WIPS>Authorized WLAN Policy. Authorized WLAN policy for a location includes a set of one or more policy templates that define the properties of one or more authorized wireless networks.
AirTight Management Console Configuration Only the policy templates that are applied to a location are used for AP classification at that location. Other templates that are configured but not applied to the location, will not be used for AP classification, as they are not a part of the WLAN policy for that location. The authorized policy templates created at other locations can be applied to a selected location but cannot be edited or deleted.
AirTight Management Console User Guide c) Enter the SSID or IP address of the network to add. Define RSSI based classification, if the WIPS is intended for use in an isolated environment without much of a neighborhood activity like defense and military facilities. It is recommended to skip this section altogether in case of commercial or business district environments. Either of the following two mechanisms must be switched on to classify the APs.
AirTight Management Console Configuration interface or Network Interface can be used as ‘Data Sync Link’ between the servers. During HA setup, user can skip use of HA interface. This field indicates whether two servers are reachable over ‘Data Sync Link’ interface. HA Failover Mode This field Indicates whether the HA failover mode is automatic or manual. Active ServerNetwork IP This is the IP Address of the network interface of the Active server.
AirTight Management Console User Guide Forensics Specifies whether the forensics feature is available in the license or not. Manage Look and Feel of Reports You can customize the look and feel of the AirTight Management Console reports, using the Configuration>System>Advanced Settings>Reports Look and Feel option. A report is divided into different sections such as header text, report summary and report sections specifying the details. You can customize each of these components.
AirTight Management Console Configuration 9. 10. 11. 12. 13. To display the section query type in a report, select the Display Query Type check box present under Summary Table Column Header Definition. To display a different text instead of section query type in the report, enter the changed text in Section Query Type. To display the result count in a report, select the Result Count check box present under Summary Table Column Header Definition.
AirTight Management Console User Guide Configure NTP NTP stands for network time protocol and is used for clock synchronization between computer systems. You can synchronize the AirTight server clock with an NTP server. You must be a super user to synchronize the server with an NTP server. You can specify an NTP server and find the time drift between the AirTight server and the NTP server.
AirTight Management Console Configuration Default RF Propagation Settings contains the following options: Default Antenna Gain Values: Antenna gain is a characteristic of an antenna used for transmitting or receiving signal, defined as gain in power when signal is received (or transmitted) using the antenna. Note: If better antennas are used, you should increase the gain. Transmitter Losses: Select the transmitter signal loss value suited to your environment.
AirTight Management Console User Guide 6. Specify the following for nodes imported with AirTight Planner- Minimum Signal Decay Constant, Maximum Signal Decay Constant, signal decay slope(beta), signal decay slope(alpha). 7. Specify the following for nodes with GIF, JPEG or blank layout- Minimum Signal Decay Constant, Maximum Signal Decay Constant, signal decay slope(beta), signal decay slope(alpha). 8. Click Save to save the changes.
AirTight Management Console Configuration Configure Live RF View Setting Define the parameters that are used in live RF views using Configuration>System>Advanced Settings>Live RF View Setting option. These parameters are specific to each environment. Tuning the parameters enables you to see more accurate views. Under Intrusion Detection and Prevention Regions, specify the dbm values for which the system shows the intrusion detection and prevention regions in the sensor coverage views.
AirTight Management Console User Guide Configure Location Tracking The location of a particular device can be tracked using the Configuration->System->Advanced Settings->Location Tracking option. The system needs at least three sensors to perform location tracking. The Location Tracking screen enables you to define the parameters that control location tracking. Default Location Tracking Parameters contains the following options.
AirTight Management Console Configuration To copy location tracking configuration, do the following. 1. 2. 3. 4. 5. Go to Configuration>System Settings>Advanced Settings>Location Tracking Configuration on the parent server. Click Copy Policy. The Copy Policies dialog box appears. Select the server from which the location tracking configuration is to be copied. Select the server to which the location tracking configuration is to be copied.
AirTight Management Console User Guide 1. 2. 3. Go to Configuration>System Settings>Advanced Settings>Auto Location Tagging. Click Restore Defaults to restore the default values of the auto location tagging fields on the page. Click Save to save the changes. Copy Auto Location Tagging Settings to Another Server You can copy the auto location tagging settings from one server to another server when both servers are part of the same server cluster.
AirTight Management Console Configuration Set up and Manage Server Cluster A server cluster consists of 2 or more AirTight servers grouped together. One of these servers is the managing server and it manages one or more AirTight servers. Thus, multiple servers can be managed from a single server console in a server cluster. The managing server is called the parent server and the servers that are managed from the parent server are called the child servers.
AirTight Management Console User Guide Replication of policies from one server to another server in server cluster: Replication of most policies from one server to another server in a server cluster is possible. This is regardless of whether the policies are being copied from parent server to child server or child server to parent server.
AirTight Management Console Configuration Limitations of Server Cluster Following are the limitation of a server cluster. A server (parent server or child server) can be a part of only one cluster at any given point. A child server cannot be the parent of any other server in the cluster. Server Cluster related Commands You can set up a cluster comprising one parent and multiple child servers through the server command line interface.
AirTight Management Console User Guide cluster delete child cluster show status the parent server in the server cluster. Deletes or removes a child from a server cluster. This command must be executed on the parent server in the server cluster. Displays the status of a server cluster. Using this command you can check whether a server is in a cluster and/or the status of a server in a cluster. This command can be executed on any server regardless of whether it is in a server cluster or not.
AirTight Management Console Configuration Add Child Server to Server Cluster There are two ways to add a child server to a server cluster. Use the server cluster setup wizard available after executing the cluster set command. This has been explained in the Set up Server Cluster section. 2. Execute cluster add child command. This command must be executed on the command line of the parent server. This is explained below. 1.
AirTight Management Console User Guide Delete Child Server from Server Cluster A child server can be deleted from a server cluster using the cluster delete child command. When you delete a child server from a server cluster, the link between the parent server and the child server is broken. The rest of the server cluster continues to function as a cluster. To delete a child server from a server cluster, do the following.
AirTight Management Console Configuration Delete Server Cluster A server cluster can be deleted using the cluster reset command. This command must be executed on the parent server command line to delete the entire cluster. Note: When the cluster reset command is executed on a child server command line, it removes the child from the cluster. This action, however, is NOT recommended unless there is no other way to remove the child server from the cluster.
AirTight Management Console User Guide Check Server Status with respect to Server Cluster You can check if a server is part of a server cluster using the cluster show status command. When a server is part of a server cluster, you can find out whether a server is a parent server or a child server using the cluster show status command. You can execute this command on a server that may or may not be in a server cluster, that is, you can execute this command on any active server.
AirTight Management Console Configuration Event Activation Device List Locking However, if you make changes these policies at the mount point of a child server and save these changes to be applied recursively, the changes are pushed to all the locations present directly under the mount point. To inherit a policy from the parent server, do the following. 1. Select the location on the child server where you want to inherit policies from the parent server. 2. Navigate to the policy to inherit. 3.
AirTight Management Console User Guide If the parent server in an existing server cluster has been upgraded, and the parent server and child server versions do not match. Refer to Fix Version Mismatch between Parent Server and Child Server section to fix the version mismatch. If a valid license has not been applied on the child server or the license on the child server has expired. Refer to Fix Invalid License State on Child Server section to fix the license error state.
AirTight Management Console Configuration parent server and there is a version mismatch between the parent server and a mounted child server, you are not allowed to access the child server locations from the parent server location tree. You must fix the version mismatch to be able to access the child server locations from the parent server location tree. When there is a version mismatch, the Fix version mismatch link is enabled. You can click this link to fix the version mismatch of the child server.
AirTight Management Console User Guide RADIUS Configuration Smart Device Type Certificate Configuration LDAP Configuration Location Tracking Configuration ArcSight Integration Banned Device List - AP Banned Device List - Client Live RF View Settings AirTight Mobile Settings Reports Look and Feel HotSpot SSIDs Vulnerable SSIDs Syslog Integration SNMP To copy one or more policies from one server to another, do the following. Go to Configuration>System>Server Cluster.
AirTight Management Console Configuration Manage Vendor OUIs A list of popular vendors along with the individual MAC prefix can be seen and managed using the Configuration>System>Vendor OUIs option. A 3-byte MAC prefix identifies the vendor for any given 802.11 device. Add Vendor or MAC Prefix Click Add Vendor/MAC Prefix to add a new vendor-MAC prefix pair or a new prefix to an existing vendor name. Select an existing vendor and add a new MAC address for the vendor.
AirTight Management Console User Guide SS-300-AT-C-55-E is a dual radio a/b/g/n device. Both the radios need to be configured to function either in AP mode only or in WIPS sensor mode only. You cannot configure one radio as an AP and the other as a sensor. SS-300-AT-C-10 is an 802.11a/b/g/n device. SS-200-AT-01 is an 802.11a/b/g device.SS-300-AT-C-10 and SS-200-AT-01 function as WIPS sensors only. They cannot be configured to function as APs.
AirTight Management Console Configuration You can configure a template as the default template for a location. This template will be applied to any new device tagged to that location. When you delete a user-defined device template, System Template is applied to all the devices associated with that template. You can manually override the template applied to an AirTight device from the Devices > AirTight Devices tab.
AirTight Management Console User Guide 3. If you want to apply the inherited device template to existing devices at the location click Yes. If you want the existing devices to continue using the customized default device template, click No. Add Device Template When adding a device template, you can specify the name and description of the device template and save the template.
AirTight Management Console Configuration IMPORTANT: If a VLAN is configured with a static IP address, then configure the VLAN from the CLI. If you want to customize the VLANs to be monitored for one or more specific devices to which a device template is applied, you can do it using the Devices > Device Properties. In order to override the additionally monitored VLANs, you must select the Allow Device Specific Customization check box.
AirTight Management Console User Guide If you want to classify networked APs as authorized APs, select the Move networked APs to check box and select the Authorized option from the drop-down list next to this check box. If you want to classify non-networked APs as external APs, select the Move non-networked APs to the External Folder check box. 3. Intrusion Prevention Policy: Specify the threats for which intrusion prevention is to be enabled on the sensor when it is not connected to the server.
AirTight Management Console Configuration 10 b/g/n 2.457 48 a/n/ac 5.24 132 a/n/ac 5.66 11 b/g/n 2.462 50 a/n/ac 5.25 136 a/n/ac 5.68 12 b/g/n 2.467 52 a/n/ac 5.26 140 a/n/ac 5.7 13 b/g/n 2.472 56 a/n/ac 5.28 149 a/n/ac 5.745 14 b/g/n 2.487 56 a/n/ac 5.28 152 a/n/ac 5.76 184 a/n/ac 4.92 58 a/n/ac 5.29 153 a/n/ac 5.765 188 a/n/ac 4.94 60 a/n/ac 5.3 153 a/n/ac 5.765 192 a/n/ac 4.96 64 a/n/ac 5.32 157 a/n/ac 5.785 196 a/n/ac 4.
AirTight Management Console User Guide Field Description The radio frequency band. The possible values are 2.4 GHz and 5 Frequency Band GHz. Default value is 2.4 GHz. The channel width for the radio. Possible values are 20 MHz or 20 MHz /40 Channel Width MHz. In case of a/n/ac devices, the 20/40/80 MHz option is available. The options are enabled for 2.4 GHz and 5 GHz modes. The operating channel for the radio. By default, the AP automatically selects the operating channel automatically (Auto).
AirTight Management Console Configuration Spectrum Load Balancing Threshold The load balancing parameter that is useful for tuning the load distribution between 2.4 GHz and 5 GHz bands. If the difference between the number of clients associated in 5 GHz and 2.4 GHz exceeds this threshold, band steering to 5 GHz is not performed (as the load on 5 GHz is more) until the difference comes below the threshold again. This field is 802.11n specific.
AirTight Management Console User Guide 5. Change the required settings and save the changes. Refer to Customize Device Template Settings for details on customizing these settings. Note: You can specify the customized settings at a later point, even if you enable per device configuration in the device template. Edit Device Template To edit a device template, do the following. 1. 2. 3. Go to Configuration>Device Configuration>Device Templates. Click the link with the device template name.
AirTight Management Console Configuration 1. 2. 3. 4. 5. Go to Configuration>Device Configuration>Device Templates. Select the device template. Click the Move to icon. The Select Location dialog box appears. Select the location where you want to copy the device template. Click OK. Print Device Template List for Location You can print the list of device templates for a location. To print a list of device templates for a location, do the following. 1.
AirTight Management Console User Guide x x x Port Email Address in From field Enforce use of StartTLS (TLSv1) Verify SMTP Server's Certificate Set Certificate Authentication Required Username Password 3. 4. PLAIN (For sendmail 8.10 and above) LOGIN (For sendmail 8.10 and above) NTLM (Windows proprietary authentication method) Port number of the SMTP server used by the system for sending e-mail alerts.
AirTight Management Console Configuration 1. 2. 3. Go to Configuration>System Settings>SMTP Configuration. Click Restore Defaults to restore the default values of the SMTP configuration fields . Click Save to save the changes. Test SMTP Settings To test SMTP settings, you can send a test email. The SMTP configuration settings are used for this mail. The settings used for this mail are the SMTP settingsspecified by you. Make sure you have configured SMTP correctly before testing the settings.
AirTight Management Console User Guide Console server. Maximum AirTight Devices Allowed Allowable Conversions to AP Software Version Specifies the maximum number of AirTight devices allowed on the license. Specifies the maximum number of AirTight devices that are allowed to be converted to function as access point, per the current license. Specifies the version number of the AirTight Management Console software. Specifies the build number of the AirTight Management Console Software Build software.
AirTight Management Console Configuration Recommended: To upgrade the server to a newer version, ensure that you access the Console using a computer whose IP address has not been changed by Network Address Translation (NAT). If you access the Console, using a NATed IP, upgrade will continue in the background but you cannot view the upgrade progress messages. Upgrade Process 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. Click Browse to select the Upgrade Bundle.
AirTight Management Console User Guide category. The minimum number of days of inactivity is 1 and the maximum number of days of inactivity is 30. Client Deletion Parameters: The available client categories are Uncategorized, Authorized, External, Rogue, Guest. Select the client categories for which you want to set the auto-delete duration.
AirTight Management Console Configuration 4. 5. Select the server to which the auto deletion settings are to be copied. Click OK to copy the auto deletion settings, Manage Audit Log Settings AirTight Management Console keeps a track of the user activity. The user action logs can be downloaded from the server for viewing purpose. This is done using the Configuration>System Settings>Audit Logs option. Only a super user has the privilege to download the user action logs.
AirTight Management Console User Guide Copy Audit Log Settings to Another Server You can copy the audit log settings from one server to another server when both servers are part of the same server cluster. You can copy audit log settings from child server to child server, parent server to child server, or child server to parent server. You must be a superuser or an administrator to copy policies from one server to another. To copy audit log settings, do the following. 1. 2. 3. 4. 5.
AirTight Management Console Configuration Configure Integration with Enterprise Security Management Servers You can configure AirTight Management Console to integrate with various enterprise security management (ESM) servers using the Configuration->ESM Integration page. AirTight Management Console integrates with ESM servers that collect, analyze, and display events. AirTight Management Console sends security events related information to these servers.
AirTight Management Console User Guide Edit Syslog Server To edit syslog server settings for a syslog server, do the following. 1. 2. 3. 4. Go to Configuration>ESM Integration>Syslog Integration. Click the Syslog server IP address and port hyperlink in the list of Syslog servers. Make the necessary changes. Click OK to save the changes. Delete a Syslog Server You can delete a syslog server from the list of syslog servers, Once deleted from the list, the entries will not be sent to this server.
AirTight Management Console Configuration Arcsight Integration Add Arcsight Server To add an Arcsight server, do the following. Go to Configuration>ESM Integration>Arcsight Integration. Click the Add Arcsight Server hyperlink. Enter the Arcsight IP address, port number. Select the Enabled check box if you want to enable sending CEF messages and/or audit logs generated by AirTight Wi-Fi/AirTight WIPS to this server. 5. Select the Forward Events check box to send CEF messages to the Arcsight server. 6.
AirTight Management Console User Guide 2. Click the Delete hyperlink for the Arcsight server IP address and port to delete the Arcsight server. Once deleted from the list, the CEF messages will not be sent to this server. Copy Arcsight Server Settings to Another Server You can copy the Arcsight server settings from one server to another server when both servers are part of the same server cluster.
AirTight Management Console Configuration Select SNMP v1,v2 check box to send traps to all Trap receivers accepting traps using SNMP v1, v2 protocol. You can change the Community String for the SNMP agent. All SNMP v1, v2 Trap receivers configured, should use this community string to receive traps.(Default: public). Select the SNMP v3 check box, to send traps to all Trap receivers accepting traps using SNMP v3 protocol.
AirTight Management Console User Guide Edit SNMP Trap Destination Server Click the SNMP trap destination server IP address and port hyperlink in the list of SNMP trap desitnation servers. Make the necessary changes. Click OK to save the changes. Delete SNMP Trap Destination Server Click the Delete hyperlink for the SNMP trap destination server to delete the server. Once deleted from the list, the events will not be sent to this server.
AirTight Management Console Configuration The Aruba WLAN architecture consists of Aruba Mobility Controllers and APs. At any time, the Aruba Mobility Controller has all the information about the APs and devices seen/associated with these APs. Integration with Aruba allows the system to fetch this information from Aruba Mobility Controller.
AirTight Management Console User Guide SNMP Version SNMP version. Select SNMPv2 if the v2 is the SNMP version. Select SNMPv3 if the v3 is the SNMP version. User-defined community string using which AirTight WIPS communicates with Aruba Mobility Controller. Default value is 'public'. Select the check box to enable import of data from Aruba Mobility Data Import Enabled? Controller. Select this check box to import managed APs from Aruba Mobility Import Managed APs Controller.
AirTight Management Console Configuration Print Aruba Mobility Controller List for Location You can print a list of Aruba Mobility Controllers for a location. To print a list of Aruba Mobility Controllers, do the following. 5. Go to Configuration>WIPS>WLAN Integration>Aruba. 6. Select the location for which you want to print the Aruba Mobility Controller list. 7. Click the print icon to print the list of Aruba Mobility Controllers. A print preview appears. 8. Click Print to print the list.
AirTight Management Console User Guide 1. Go to Configuration>WIPS>WLAN Integration>HP MSM Controller. 1 Select the location for which you want to add a HP MSM Controller. 2. Click Add Controller. The MSM Controller dialog box appears. 3. Configure the fields in the MSM Controller dialog box as described in the table below. Field Description Controller Name or IP address of the HP MSM Controller with which Controller Name AirTight WIPS communicates.
AirTight Management Console Configuration Port Number Authentication Username Password Using Client Certificate Data import enabled 6. which AirTight WIPS communicates. Port number of the HP MSM Controller from which data is imported. Type of authentication for MSM Controller. Select the Secure HTTP (SSL/TLS) option if the MSM Controller is configured to use HTTPS for authentication. Select the HTTP Authentication if HP MSM Controller requires HTTP authentication.
AirTight Management Console User Guide Disable Integration with HP MSM Controllers To disable integration with HP MSM Controller, do the following. 1. Go to Configuration>WIPS>WLAN Integration>HP MSM Controller. 2. Select the location for which you want to disable integration with the HP MSM Controllers. 3. Select the HP MSM Integration Enabled check box to enable integration with HP MSM Controllers. 4. Click Save to save the changes.
AirTight Management Console Configuration exceeds 80%,the system performance may degrade and result in side effects such as sluggish UI and sensor disconnections. Under Automatic Synchronization Settings, specify the AirTight Management Console-WLC Synchronization Interval, in minutes.
AirTight Management Console User Guide To edit the details of a WLC, do the following. 1. 2. 3. 4. 5. 6. Go to Configuration>WIPS>WLAN Integration>Cisco WLC Select the location for which you want to edit a WLC Select the check box for the WLC to edit. Click the edit icon. Make the required changes. Click Save to save the changes. Delete WLAN Controller 1. 2. 3. 4. 5.
AirTight Management Console Configuration Manage Integration with Meru Meru Integration enables the system to use Virtual Cell and Virtual Port Architecture for reporting accurate AP inventory. System also detects the physical APs to which the Clients are associated. This helps the user for accurate location tracking and to protect against advanced threats. Configure integration with Meru using the Configuration>WIPS>WLAN Integration>Meru option. To activate integration with Meru, do the following. 1.
AirTight Management Console User Guide Manage AirTight Mobile Clients AirTight Mobile provides wireless security for mobile computers. It protects the sensitive data on laptops, computers and smart phones, and protects against wireless attacks. AirTight Mobile integrates with AirTight Management Console. With this integration, it is possible to centrally manage AirTight Mobile users. You can create client groups and apply common policies to them.
AirTight Management Console Configuration License File Path: The path to the AirTight Mobile license file. You can change the path by clicking Choose file and choosing a new path. Manage AirTight Mobile Clients You can centrally manage the AirTight Mobile clients using the Configuration>AirTight Mobile>Manage AirTight Mobile clients option.
AirTight Management Console User Guide The AirTight Management Console servers with version 6.7, 6.7 Update 1, 6.7 Update 2, 6.7 Update 3 and 6.7 Update 4 are compatible with AirTight Mobile versions 2.5 and 2.7, 3.0 and 3.1. Fetch Report from AirTight Mobile Client This option is available for an active AirTight Mobile Client. To fetch report from an active AirTight Mobile client, do the following. 1. 2. 3. Go to Configuration>AirTight Mobile>Manage AirTight Mobile Clients.
AirTight Management Console Configuration 1. Go to Configuration>AirTight Mobile>Manage AirTight Mobile Clients. 2. Select one or more clients to delete. 3. Click the Delete AirTight Mobile Client icon to delete an Airtight Mobile client. Confirm the deletion by clicking OK. Filter/Search AirTight Mobile Clients You can filter the AirTight Mobile Client List based on the Name, Group, or AirTight Mobile Reported Group. Do the following to filter AirTight Mobile Client list. 1.
AirTight Management Console User Guide 6. 7. Select the printer. Click Print. Enable Pagination for AirTight Mobile Client Listing and Set Page Size By default, the AirTight Mobile client listing is presented in a grid. You can scroll down to the last AirTight Mobile row without having to browse across pages. A paginated view is also available if you want to view a page-wise list of AirTight Mobile clients.
AirTight Management Console Configuration Each group can have an AirTight Mobile policy attached to it. The AirTight Mobile policies are created using an AirTight Mobile Client. The policy configuration is then imported in AirTight Management Console in XML format. If no policy is attached to a group, the server does not push any policy to the Clients in that group. The Clients retain the previous policy.
AirTight Management Console User Guide Attach Policy to AirTight Mobile Group Use the following steps to attach a policy to a new or existing AirTight Mobile group. Go to Configuration>AirTight Mobile>AirTight Mobile Groups. Select the location for which the policy is to be attached. If you are adding a new group, click Add AirTight Mobile Group hyperlink on the AirTight Mobile Groups page.
AirTight Management Console Configuration If you have defined a default policy, you can view it in HTML format. To view the default policy in HTML format, do the following. 1. Go to Configuration>AirTight Mobile>AirTight Mobile Groups. 2. Select the location for which the policy is to be viewed. 3. Scroll down to the Default Policy Setting section. 4. Click the View HTML hyperlink for the policy to view the policy in HTML format.
AirTight Management Console User Guide 5. 6. 7. Click Print seen on top of the list. Select the printer. Click Print. Delete AirTight Mobile Group When a group is deleted, all clients belonging to the deleted group are assigned to the 'Default' group. Do the following to delete an AirTight Mobile group 1. Go to Configuration>AirTight Mobile>AirTight Mobile Groups. 2. Select the location for which you want to delete an AirTight Mobile group. A list of Airtight Mobile groups appears. 3.
Dashboard The dashboard is a snapshot of the wireless LAN performance. AirTight Management Console provides an easy-to-use dashboard that can be configured by the user. The user can select from a predefined collection of widgets and add them to the dashboard. The dashboard widgets are categorized as access point widgets, client widgets, network widgets and WIPS widgets.
AirTight Management Console User Guide . Number of widgets and their layout on the new page Delete a page from dashboard Click to delete the current page from the dashboard. To delete a particular page, click the page number to go to the page. Now click to delete it. Print dashboard page You can print a dashboard page. All the widgets seen on the dashboard page are printed when you print the page. The page must be printed in landscape mode only. It is rendered best by the Google Chrome browser.
Dashboard Security Status AirTight Devices This chart presents the AirTight devices and their operating modes. Use the status filter to view, all, active or inactive devices. AP Classification This chart presents the Access Points based on their categories. Use the status filter to view, all, active or inactive APs. Client Classification This chart presents the clients based on their categories. Use the status filter to view, all, active or inactive clients.
AirTight Management Console User Guide You can see widgets related to network by clicking Network on the dashboard. The network widgets on the dashboard are as follows. Location Map This widget displays your network locations along with the number of managed APs, the number of associations and the number of associated smart phones and tablets at each location. to use this widget, upload an appropriate map for each location folder and a floor plan for each loc ation floor in the location tree.
Dashboard In general, click , wherever available, to refresh the data on the widget. Click of the widget functionality. Click to view a description to close the widget. Client Widgets You can see widgets related to clients by clicking Clients on the dashboard. The client widgets on the dashboard are as follows. Smart Devices Distribution This chart displays the number of smart phones and tablets on your Wi-Fi network.
AirTight Management Console User Guide Use the SSID and Time filters to respectively view the statistics for a specific Wi-Fi network and during a specific period. APs by Utilization This Chart displays the APs which utilize the channel the maximum. AP channel utilization is defined as the act of the AP either transmitting or receiving any frames. Data and management frames are considered for this calculation.
Devices The Devices page provides information about APs, clients, and AirTight devices visible to the system. You can view device properties, sort the display based on their properties, and change the device template used. You can view the APs, clients, networks associated with the devices. Select a location to view devices at that location. The AirTight Devices tab displays a list of AirTight devices associated with the selected location.
AirTight Management Console User Guide The following table provides a description of the fields seen in the upper pane of the AirTight Devices tab. Field Active Status Upgrade Status Description Indicates whether the AirTight device is currently active or not. Indicates if the AirTight device has been successfully upgraded. Indicates the troubleshoot status of the AirTight device. The possible Troubleshoot Status values are 'Troubleshooting on', 'Troubleshooting off'.
Devices The following table describes the device properties. Field Currently Active? Name MAC Address Device Tag Country of Operation Model IP Address Device Template Location Placed on Floor map? Up/Down Since Channel Scan Capability (a) Channel Defend Capability (a) Channel Scan Capability (b/g) Channel Defend Capability (b/g) Channel Scan Capability (Turbo a) Channel Scan Capability (Turbo b/g) Software Build First Detected At Description State of the AirTight device.
AirTight Management Console User Guide Additional VLAN Monitoring Is Mesh Root Node (Radio )? Template Settings for more details. Customized additional VLAN monitoring settings. You can customize the additional VLANs monitored and override the additional VLANs monitored by the device and customize the settings. Double-click here to customize the additionally monitored VLANs. Refer to Customize Device Template Settings for more details.
Devices Customize Radio Settings for an AirTight Device To customize the operating channel, do the following. 1. Select the Customize Operating Channel check box. 2. If you want an auto selection of channel, select Auto and specify the channel selection interval, in hours, in the Selection Interval. 3. If you want to manually set the channel, select Manual and select the Channel Number. Note: You are not allowed to change the operating channel for a mesh radio.
AirTight Management Console User Guide Select the Customize Additional VLANs to monitor check box. Specify the additional VLANs to be monitored as a comma-separated list. Change the communication VLAN, if needed. 0 is the communication VLAN. However, you can specify another number as the communication VLAN. Before the 6.7 Update 5 release, the communication VLAN was set from the CLI only with the set vlan config command. Note: Prior to the 6.
Devices c) You might see a few VLANs with the Delete link under Advanced. These are the previously monitored additional VLANs that are no longer relevant. You must delete these from the monitored list. 7. Click Save below Additional VLAN monitoring on Device Properties to save the customization to the additional monitored VLANs for the device. View Visible LANs Under the Visible LANs section, you can view a list of LANs that are visible to the selected AirTight device if it is operating as a WIPS sensor.
AirTight Management Console User Guide View Interference Under the Interference section, you can select a channel number to view a graphical representation of the interference experienced over that channel in the past 12 hours. The interference seen here is visible to the AirTight device selected in the upper pane. View Mesh Network Links This is relevant only if the selected AirTight device is part of a mesh wireless network. 1. Click Devices. 2. Select the AirTight Devices tab. 3.
Devices You can print all the information seen for all AirTight devices in the upper pane. You can choose the columns to be viewed on the UI by selecting them. The information seen in the upper pane is the information that will be seen in the printout. If pagination is enabled, the list of AirTight devices on the current page are printed. To print a list of all AirTight devices for a location, you must go to each page and print the individual pages.
AirTight Management Console User Guide A troubleshooting session automatically times out or terminates after the specified timeout irrespective of the activity. Refer to the 'Stop Troubleshooting' sub-section in this section to manually terminate a troubleshooting session. If you are an AirTight Cloud Services user, you can upload the packet capture file directly into WizShark. You can then use WizShark to analyze the packet capture or trace files.
Devices 7. 8. 9. 10. 11. Enter a suitable prefix for the file name in Filename Prefix. This helps you identify the troubleshooting files when you download the packet history. Specify the time-out interval in Timeout. The default time-out for packet level troubleshooting mode is 5 minutes. Minimum allowed value is 1 minute and maximum is 720 minutes for the time-out. Select the packet type. If you want to capture all packets, select the All option.
AirTight Management Console User Guide and WizShark opens up in a separate browser tab or browser window. You can then analyze the packet capture file using WizShark. Delete Packet Capture File AirTight server maintains a packet capture history for the troubleshooting instances for a period of 30 minutes, after you stop troubleshooting. You can delete this packet capture history from the server. The packet capture files are available in .pcap format. To delete a packet capture file, do the following.
Devices To enable pagination, do the following. 1. Go to Devices>AirTight Devices tab. 2. Click the icon seen on the right side of the tool bar. A message to confirm pagination for all grids/listings on the UI appears. 3. Click OK. The pagination for AirTight device listing is enabled. The pagination for all other grids such as clients, APs, networks, events and AirTight Mobile clients is enabled as well. Note that this setting is restricted to your login only and is not applicable to other users.
AirTight Management Console User Guide Disable Pagination for AirTight Device Listing If you have enabled pagination and want to disable it, you can restore the default view of having a complete listing of all AirTight devices on a single page. To disable pagination, do the following. 1. Go to Devices>AirTight Devices tab. 2. Click the icon seen on the right side of the tool bar. A message to confirm disabling of pagination for all grids/listings on the UI appears. 3. Click OK.
Devices Delete Custom Filter To delete a custom filter, do the following. 1. Go to Devices>AirTight Devices. 2. Click the icon next to Filter on the tool bar and click the asking you to confirm delete appears. 3. Click Yes to confirm deletion of the custom filter. icon for the filter to delete. A message Delete Device To delete an AirTight device, do the following. 1. 2. 3. 4. 5. Click Devices. Select the AirTight Devices tab. Select the AirTight device to be deleted.
AirTight Management Console User Guide Station virtual APs of the non-root mesh APs that are connected to uplink mesh APs in a wireless mesh network are seen as clients. These are categorized as Authorized, by default. You cannot change the category of these clients. You cannot quarantine or automatically ban such clients. Hence the options under More in the toolbar are disabled for such clients.
Devices Location Protocol Up/Down Since Cell ID Troubleshooting First Detected At IP Address User name Is Misbehaving Location of the client. 802.11 protocol (with or without 802.11 n or 802.11ac capability) used by the AP with which the Client is associated. Date and time since the AP is up or down. ID for clients in ad hoc mode. The Cell ID is common for all the Clients that form a single ad hoc connection. Indicates if troubleshooting is in progress for the client. Possible values are Yes, No.
AirTight Management Console User Guide IP Address IP address of the client. Name of the Client manufacturer. The vendor name is inferred from Vendor the first three bytes of the MAC address. Protocol 802.11 protocol in which the client is currently operating. Channel Channel number that the client operates on. Security standard applied to the AP. This is derived from the Security template applied to the AP.
Devices MU Beamformer Capability MU Beamformee Capability If this reception is supported, the number of spatial streams supported is indicated. Upto 4 spatial streams are supported for the 802.11ac protocol. If this reception is not supported, the value of this field is 'Not supported'. This field is visible for active 802.11ac clients only. Indicates support for operation as a multiuser beamformer. 'Yes' indicates that the operation as a multiuser beamformer is supported.
AirTight Management Console User Guide View Client Average Data Rate Client Average Data Rate section is seen only for authorized clients. AirTight device seeing the client keep track of the transmission rates of the data frames in the AP's BSS and reports weighted average transmission rate over every 15 minutes. View Client Traffic Client Traffic section is seen only for authorized clients. AirTight device seeing the client reports data traffic sent and received by the client every 15 minutes.
Devices Add to banned list To add a client to the banned client list, do the following. 1. 2. 3. 4. Go to Devices Select the Clients tab. Select the client. Click the Add to banned list icon present on the toolbar. The client is added to the banned list. Classify / Declassify as Smart Device To classify a client as a smart device, do the following. 1. Go to Devices 2. Select the Clients tab. 3. Select the client. 4.
AirTight Management Console User Guide To view recently probed SSIDs, do the following. 1. 2. 3. Go to Devices>Clients tab. Select a client. Go to Recently Probed SSIDs widget in the lower pane to view the recently probed SSIDs and its details for the selected client. Troubleshoot Client You can troubleshoot clients using an AirTight device operating in sensor mode.
Devices 5. 6. 7. 8. 9. 10. 11. 12. Select the Live Packet Capture option. Specify the timeout interval in Timeout. The default timeout for packet level troubleshooting mode is 5 mins. Minimum allowed value is 1 minute and maximum is 720 minutes for the timeout. Select the type of packets you want to see while troubleshooting under Traffic Selection. If you want to view all packets visible to the troubleshooting sensor, select the All packets on the channel option.
AirTight Management Console User Guide Troubleshoot Client in Event Level Mode To troubleshoot a client in event level mode, do the following. 1. Click Devices. 2. Select the Clients tab. 3. Select the check box for the client to troubleshoot. 4. Click the More>Packet Capture option on the toolbar. The Troubleshoot on Client device dialog box appears. 5. Select the Generate additional events for the device option. 6. Specify the timeout interval in Timeout.
Devices 5. Click the Download link for the packet capture file to download and select the path to store it. The packet capture file is saved to the specified location. If you are an AirTight Cloud Services user, and wish to upload the packet capture file to WizShark from AirTight Management Console, click the View in WizShark link. The file is directly uploaded to WizShark and WizShark opens up in a separate browser tab or browser window. You can then analyze the packet capture file using WizShark.
AirTight Management Console User Guide Once you stop troubleshooting, you can download the connection log history for future reference. It is saved as a text (.txt) file. For details on downloading the connection log history, refer to Download Connection Log To troubleshoot a device visible under Devices>Clients, do the following. 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. Select the required location on the location tree. Click Devices. Select the Clients tab. Select the check box for the client to troubleshoot.
Devices To download the connection logs for a client not visible under Devices>Clients, do the following. 1. Select the required location from the location tree. 2. Click Devices. 3. Select the Clients tab. 4. Click the More>Connection Log History option on the toolbar. The Previous Connection Logs dialog box appears. 5. Enter the MAC address of the client in MAC Address. 6. Click Get History. The list of connection logs for this client stored on the AirTight server are displayed.
AirTight Management Console User Guide Enable Pagination for Client Listing and Set Page Size By default, the client listing in the upper pane is presented in a grid. You can scroll down to the last client row in the upper pane without having to browse across pages. A paginated view is also available if you want to view a page-wise list of clients. You can enable pagination for the clients that are visible to you and configure the number of rows on each page in the upper pane.
Devices An unsaved filter is indicated by an asterisk next to the filter name seen next to Filter on the tool bar. An unsaved filter is not saved if the user logs out without saving the filter To create a custom filter, do the following. 1. 2. 3. 4. 5. Go to Devices>Clients. Click the icon next to a column header. A list of options is displayed. Point the mouse at the Filters option and enter the filter text for the column. Click the icon next to Filter on the tool bar and click Save as.
AirTight Management Console User Guide Delete Client To delete a client, do the following. 1. 2. 3. 4. 5. Go to Devices Select the Clients tab. Select the client. Click the Delete client icon present on the toolbar, to initiate the delete operation for the client. To delete, click Yes when asked to confirm the deletion. Active clients that are deleted may be rediscovered by sensors and would be visible once again in the client list. Inactive clients will disappear from the client list on deletion.
Devices AirTight APs that form a wireless mesh network will always be categorized as Authorized APs only. You cannot change the category of such AirTight APs. If APs from vendors other than AirTight are part of the mesh network, you are allowed to change the category of these APs from authorized to any other category. The APs tab is divided horizontally into two panes. The upper pane shows a list of APs for the selected location.
AirTight Management Console User Guide Security Location Network Up/Down Since Networked Status Vendor Is Banned Quarantine Status First Detected At Encryption Troubleshooting MFP/11w Authentication Classification Manually Classified Security standard such as Open, WEP, WPA, 802.11i, or Unknown, applied to the AP. This is derived from the template applied to the AP. Location of the AP. Network to which AP is connected. Date and time since which the AP is up or down.
Devices Basic Link Rates (Mbps) Comma-separated list of link rates supported by the AP. Security standard applied to the AP. This is derived from the template applied to the AP. Authentication Procedure used by APs to verify the identity of a client. Encryption used for unicast communication between the AP and a Client. Pairwise Encryption MULTIPLE is displayed, if 'For All BSSIDs' is selected in the MAC/Protocol field.
AirTight Management Console User Guide MFP/802.11w Quarantine Status Defending Sensor Name Quarantine Pending Reason Tx STBC 802.11n Rx STBC 802.11n 802.11ac capability Supported Channel width GI (80MHz) GI (160 MHz and 80+80 MHz) Tx STBC 802.11ac Rx STBC 802.11ac SU Beamformer 200 receiving Client. This improves signal reception at the client and consequently the throughput. Indicates if MFP/802.11w is enabled on the selected AP. Quarantine status of the selected AP.
Devices Capability SU Beamformee Capability MU Beamformer Capability MU Beamformee Capability 802.11ac MCS for each Stream Number of Spatial Streams Channel List Mesh mode support for operation as a single user beamformer. 'Yes' indicates that the operation as a single user beamformer is supported. 'No' indicates that the operation as a single user beamformer is not supported. This field is visible only if the selected AP is an 802.11ac AP.
AirTight Management Console User Guide View AP Associated Clients Under AP Associated Clients section, you can see a graphical representation of the clients associated with the AP, over the last 12 hours. The AirTight device samples the number of client associations with the AP every 15 minutes. View AP Traffic Under the AP traffic section, you can see a graphical representation of the AP traffic over the last 12 hours. AP Traffic section is seen only for authorized clients.
Devices 4. 5. 6. Click the Change location icon. The Select New Location dialog box appears. Select the new location for the AP. Click OK. Locate AP To locate an AP on the floor map, do the following. 1. 2. 3. 4. Go to Devices>APs tab. Select the location at which the AP is placed. Select the AP. Click the Locate icon to locate the AP on the location floor map. Quarantine an AP To quarantine an AP, do the following. 1. 2. 3. 4. Go to Devices>APs tab.
AirTight Management Console User Guide You can sort AP details on the columns in the upper pane of the APs tab. You can sort the APs in the ascending or descending order. 1. Go to Devices>APs tab. 2. Select the location. 3. Point to the column in the upper pane on which you want to sort and click . 4. You can click the arrow again to reverse the sort order. The icon could be an up arrow or a down arrow based on the current sort order.
Devices 3. Click OK. The pagination for AP listing is enabled. The pagination for all other grids such as AirTight devices, clients, networks, events and AirTight Mobile clients is enabled as well. Note that this setting is restricted to your login only and is not applicable to other users. To set the page size, do the following. 1. Go to Devices>APs tab. 2. On the tool bar, click the down arrow next to the number of rows displayed to the left of the The options First Page and Set page size appear. 3.
AirTight Management Console User Guide To edit a custom filter, do the following. Go to Devices>APs. Click the icon next to Filter on the tool bar and select the required filter. Click the icon next to a column header. A list of options is displayed. Point the mouse at the Filters option and enter the filter text for the column or make changes to the filter criteria as required. 5. Click the icon next to Filter on the tool bar and click Save. The modified custom filter is saved. 1. 2. 3. 4.
Devices Split AP One or more virtual APs that have been merged to form a single AP can be split back to the original number of APs. The split option is available only if you select merged APs. As merging is available for authorized APs only, the split AP option is also available for authorized APs only. To split an authorized AP, do the following. 1. 2. 3. 4. Go to Devices>APs tab. Select the location for which you want to split a merged AP. Select the merged AP to split and click More on the toolbar.
AirTight Management Console User Guide The file size must not exceed the maximum file size prescribed by WizShark. When the file is uploaded, the total storage quota for your account must not be exceeded. Troubleshoot AP in Packet Level Mode with Wireshark on local machine To troubleshoot an AP in packet level mode, do the following. 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. Click Devices. Select the APs tab. Select the check box for the AP to troubleshoot.
Devices 9. 10. 11. 12. 13. Specify the time-out interval in Timeout. The default time-out for packet level troubleshooting mode is 5 minutes. Minimum allowed value is 1 minute and maximum is 720 minutes for the time-out. Select the packets you want to capture while troubleshooting, under Traffic Selection. If you want to capture packets for all BSSIDs on the AirTight AP visible to the troubleshooting AirTight device, select the Packets of all BSSID on this AirTight AP option.
AirTight Management Console User Guide Click the Notifications icon at the top right corner. The active troubleshooting sessions are displayed along with other notifications, if any. 2. Click the notification for active troubleshooting sessions. A list of sensor troubleshooting sessions is displayed. 3. Select the check box for the troubleshooting session to terminate. 4. Click Stop.
Devices You can delete one or more APs at the same location at a time. Active APs could be rediscovered by the AirTight devices configured as sensors, and could reappear in the APs tab under the relevant category based on the AP classification policy. Inactive APs will be deleted and might not be visible until they are active. To delete an AP, do the following. Go to Devices>APs tab. Select the location for which you want to delete the AP. Select one or more APs to delete and click More on the toolbar.
AirTight Management Console User Guide Exposed Since Date and time since which the network is exposed. Change location of network Location of a network is same as location of the Sensor that reported the network first. If there are multiple sensors connected to a network, location of such network is the nearest common location of all reporting sensors. To change the location of a network, do the following. 1. Go to Devices 2. Select the Networks tab. 3.
Devices You can browse through the paginated network listing by clicking the (next page) and (previous page) icons. To go to the first page, click the down arrow next to the number of rows on the page and select the First page option. Disable Pagination for Network Listing If you have enabled pagination and want to disable it, you can restore the default view of having a complete listing of all networks on a single page. To disable pagination, do the following. 1. Go to Devices>Networks tab. 2.
AirTight Management Console User Guide 4. Click Yes to confirm deletion of the custom filter. Print Network List for Location You can print all the information seen for all networks in the upper pane for the selected location. You can choose the columns to be viewed on the UI by selecting them. The information seen in the upper pane is the information that will be seen in the printout. If pagination is enabled, the list of networks on the current page is printed.
Manage Locations and Location Layout In AirTight Management Console, you can have a graphical representation of the placement of locations and devices with respect to one another for the given location. This is called a location layout. Layout for a location floor represents a floor plan. Similarly, the layout for a location folder could represent the geographical placement of the sub-locations.
AirTight Management Console User Guide 216
Manage Layout You can select a location folder or a location floor and add a layout to it. A layout for a location folder could be a geographical map, while a layout for a location floor could be a floor map. You can add location folders and location floors to the layout for a location folder. You can add devices, configured to work with AirTight Management Console, to the layout for location floors.
AirTight Management Console User Guide 4. 5. Make the required changes. Click OK. Move Location To move a location folder or location floor from one location to another, do the following. Go to Locations. Select the location folder or location floor to move. Click the move icon (cross arrows) seen below the location tree. The Select Destination Location dialog box appears. 4. Select the destination location. 5. Click OK. The location folder or location floor is moved to the new destination. 1. 2. 3.
Manage Layout To add a layout to a location folder, do the following. 1. 2. 3. 4. 5. 6. 7. 8. Go to Locations. From the location tree, select the location folder for which you want to add a layout. When no layout is attached to a location, a message indicating this is seen, along with the Configure Location Layout link. Click Configure Location Layout link. Click the Add Layout link. Click Choose File. The file open dialog box is displayed.
AirTight Management Console User Guide To edit a layout, do the following. 1. 2. 3. 4. 5. Go to Locations. From the location tree, select the location folder or floor for which you want to edit the layout. Click the Edit Layout link. Make the necessary changes. Click Save to save the changes to the layout. Delete Layout You can delete a location layout attached to a location folder or a location node. When you delete a layout, all the device placement is undone.
Manage Layout You must add a layout to a location folder to be able to place locations on to the layout for the location folder. Similarly, you must add a layout to a location floor to be able to place devices on to the layout for the location floor. You cannot place a server on location layouts in case you are logged in to and working on a parent server in a server cluster. To place a location on the layout for a location folder, do the following. Go to Locations.
AirTight Management Console User Guide The AP Coverage View enables you to view an 802.11 RF coverage map based on the dbm at each point on the layout. This information is useful to find out available signal strength at each point. The Sensor Coverage View enables you to view the detection and prevention zones of visibility for selected Sensors.
Manage Layout Go to Locations. From the location tree, select the location floor for which you want to see the Sensor coverage view. Place devices on the location layout if they are not already placed. Click the Sensor Coverage link under Heatmap Views. Select 802.11a if you want to view APs operating in 802.11a mode. Select 802.11b/g if you want to view APs operating in 802.11b/g mode. Select the appropriate resolution in Resolution. You can see the sensor coverage view.
AirTight Management Console User Guide When you change the Minimum Signal Decay exponent, Maximum Signal Decay exponent, Signal Decay Slope (Beta), and Signal Decay Inflection (Alpha) the RF view and location tracking for unobstructed regions is affected. In the obstructed regions, only Location Tracking is affected, RF view is not affected. When you calibrate manually, the graph is automatically updated. To calibrate RF views automatically, do the following. 1. 2. 3. 4. 5. 6. 7. 8. Go to Locations.
Manage Layout 3. 4. 5. 6. 7. 8. Click the Add Note link. Enter the name of the note. Enter the description of the note. Click OK. A note is created. The note moves with the mouse. Point the mouse to the desired position on the layout. Click the mouse to place the note at that position on the layout. Edit Note To edit a note placed on the location layout, do the following. 1. 2. 3. 4. 5. 6. Go to Locations. Select the location where the note to be edited exists.
AirTight Management Console User Guide View Mesh Topology On the Locations page, you can see a pictorial representation of the active AirTight devices functioning as mesh APs. You can view the placement of the root and non-root mesh APs connected to each other to form a wireless mesh network. To view mesh topology, do the following. 1. Go to Locations. 2. Click the View Mesh Topology link. The mesh wireless network of APs is seen.
View and Manage Events The Events page provides information about events generated in the system. On this page, you can view, filter, locate, acknowledge, mark as read or unread, and toggle the state of the event’s participation in vulnerability computation. You can also print the list of events seen at a location. AirTight WIPS classifies events into the following types - Security, System, and Performance. Security events are related to wireless security threats.
AirTight Management Console User Guide Category Location Start Time Event Read Status Event Vulnerability Status Event Type Stop Time Event category. Location at which event has occurred. Time at which the event has started. Indicates if the event is read, unread, acknowledged or unacknowledged. Indicates the event vulnerability. Type of event. The type is indicated by icons. The possible values are security, system, performance. Time at which the event has stopped.
Events 3. 4. 5. Select the check box for the event for which you want to change the location. Click the change location icon. The Select Location dialog box appears. Select the new location and click OK. The event is moved to the new location. Acknowledge Event To acknowledge an event, do the following. 1. 2. 3. 4. Go to Events. Select the location for which you want to acknowledge an event. Select the check box for the event for which you want to turn off the vulnerability status.
AirTight Management Console User Guide Enable Pagination for Event Listing and Set Page Size By default, the event listing in the upper pane is presented in a grid. You can scroll down to the last event row in the upper pane without having to browse across pages. A paginated view is also available if you want to view a page-wise list of events. You can enable pagination for the events that are visible to you and configure the number of rows on each page in the upper pane.
Events Custom filters are user-specific. They are saved for the user who has defined the custom filter and is not visible to any other user. An unsaved filter is indicated by an asterisk next to the filter name seen next to Filter on the tool bar. An unsaved filter is not saved if the user logs out without saving the filter. To create a custom filter, do the following. 1. 2. 3. 4. 5. Go to Events. Click the icon next to a column header. A list of options is displayed.
Forensics You can drill down into forensic data about wireless threats detected in the network, using the Forensics page. AirTight Management Console captures important details about the detected threats and presents them in an easy-to-understand format on the Forensics page. You can review details such as device identities and configurations, connection records, device locations, system responses, and administrator actions about the detected wireless threats under Forensics.
AirTight Management Console User Guide The threat details or the events are seen in the upper half of the page. The lower half of the page displays the details of the participating device. and the administrator action logs. The middle of the page contains the toolbar using which you can perform various operations related to the events seen in the upper half of the page. To view the threats for a location, do the following. 1. Go to Forensics. 2. Select the location for which you want to view the threats.
Forensics In case of AP based threats, client is the device that is associated with the primary device (AP). In case of Client based threats, client is the primary device. When you select an event seen under Forensics, you can view the details of the devices participating in the event. You can also view the quarantine status of these devices To view the participating device details and quarantine status, do the following. 1. Go to Forensics. 2. Select the location for which you want to view the threats.
AirTight Management Console User Guide View Administration Action Logs for Event The Administrator Action Logs show all the administrator actions taken on the AP between the start time and end time of an event. To view administrator action logs for an event, do the following. 1. Go to Forensics. 2. Select the location for which you want to view the threats. The AP and client based threats for the selected location are displayed. 3.
Forensics Turn Vulnerability On/Off To turn the vulnerability on/off for an event, do the following. 1. Go to Forensics. 2. Select the location for which you want to view the threats. The AP and client based threats for the selected location are displayed. 3. Click the time hyperlink next to Select duration to define the time duration for which you want to view the threats. The AP related threats and client related threats for this duration are displayed. 4.
AirTight Management Console User Guide 2. 3. 4. 5. 6. Select the location for which you want to view the threats. The AP and client based threats for the selected location are displayed. Click the time hyperlink next to Select duration to define the time duration for which you want to view the threats. The AP related threats and client related threats for this duration are displayed. Click the type of threat under AP related threats or client related threats.
Reports The Reports page enables you to generate pre-defined and customized reports. The system provides pre-defined compliance reports: Health Insurance Portability and Accountability Act (HIPAA), SarbanesOxley (SOX), Gramm-Leach-Bliley (GLBA), Payment Card Industry (PCI) Standard, and so on. Additionally, information about devices and events is also available in the form of readymade reports. You can generate the reports PDF, HTML and XML formats.
AirTight Management Console User Guide AirTight Management Console provides various compliance reports related to wireless security vulnerabilities, mandated by federal agencies, and other regulatory agencies. You can generate the following reports using Reports in AirTight Management Console. x DoD Directive 8100.2 Compliance Report - The sections of this report list the wireless vulnerabilities detected in your network and the severity of security risk caused by these vulnerabilities.
Reports x MITS wireless compliance report - The Management of Information Technology Security (MITS) is an operational security standard established by Treasury Board of Canada Secretariat. This standard (established in 2004) defines baseline security requirements that Canadian federal departments must fulfill to ensure the security of information and information technology (IT) assets under their control. MITS seeks to protect the confidentiality, integrity, and availability of information and IT assets.
AirTight Management Console User Guide 4. Requirement 6.2: Establishing a process to identify newly discovered vulnerabilities and updating configuration standards to address the new vulnerability issues. Generate and review contents of this report periodically so that newly discovered vulnerabilities can be identified and acted upon. 5. Requirement 10.5.4: Copy logs for wireless networks onto a centralized internal log server or media that is difficult to alter.
Reports 3. Requirement 4.1.1: Verify that wireless networks transmitting cardholder data use appropriate encryption methods. Reliance on WEP (Wired Equivalent Privacy) for cardholder data protection should be avoided. This report provides a list of wireless access points and clients communicating using open or insecure encryption methods. 4. Requirement 6.2: Establishing a process to identify newly discovered vulnerabilities and updating configuration standards to address the new vulnerability issues.
AirTight Management Console User Guide misconfigured wireless access points detected during the report interval. Unauthorized cardholder data access is possible through these access points. 2. Requirement 2.1.1: Change vendor-supplied defaults for wireless equipment. For wireless equipment, default password, SSID, WEP key and security settings should be changed. WPA or WPA2 should be used wherever possible. This report provides a list of wireless access points using default SSID or security configurations.
Reports WPA2 should be used wherever possible. This report provides a list of wireless access points using default SSID or security configurations. 3. Requirement 2.2: Develop configuration standards of all system components (including any wireless access points and clients).It also requires the institution to assure that these standards address all known security vulnerabilities and are consistent with industry-accepted system hardening procedures.
AirTight Management Console User Guide WPA2 should be used wherever possible. This report provides a list of wireless access points using default SSID or security configurations. 3. Requirement 2.2: Develop configuration standards of all system components (including any wireless access points and clients).It also requires the institution to assure that these standards address all known security vulnerabilities and are consistent with industry-accepted system hardening procedures.
Reports this SOX report establishes that your organization has a rapid response and exposure assessment program if non-public information leaks through wireless. Since wireless environments change dynamically, it is recommended that you conduct a SOX wireless vulnerability assessment at least once every 15 days. Archive the SOX Wireless Compliance reports. Establish an ongoing wireless security program to fix the top vulnerabilities and to minimize your wireless security exposure.
AirTight Management Console User Guide Analytics Analytics data is available with respect to the Wi-Fi clients that are visible to AirTight sensors, and the WiFi clients that associate with AirTight APs. Visibility analytics presents information about clients in the vicinity of AirTight devices. Association analytics presents information about the clients that connect to or associate with the AirTight APs.
Reports Sample macros would be available on request. Analytics is a license-based feature. The Analytics tab in the Reports page would be enabled and displayed, only after applying the Analytics license to the server. Contact support@airtightnetworks.com for further details to procure the license for analytics and for the sample macros. Download Analytics Data Do the following to download visibility analytics data. 1. 2. 3. Select the Visibility Analytics option.
AirTight Management Console User Guide Protocol SSID Location Association start time (GMT) of the client Association end time (GMT) Association start time of the client per the local time zone of the user- When the analytics data pertains to a location floor, the local time zone set for its immediate parent location folder is considered. If the time zone for the location folder has not been set, this field shows the client association start time the server time zone.
Reports If you are logged in to the parent server of a server cluster, based on your role, you can see an aggregated set of archived reports from the parent and child servers, You can fetch, rename, and delete archived reports. You can also print a list of archived reports for a location. If an archived report has been generated on the parent server of a server cluster, it shows aggregated data from the parent and child servers. Fetch Archived Report To fetch and view an archived report, do the following.
AirTight Management Console User Guide You can schedule a report for one-time generation, or a recurring generation. You can schedule to e-mail a report. While scheduling the report generation, you can also specify report archival details. Once the report generation schedule has been defined, it is seen under Reports Scheduled by Me reports for the user who has scheduled the report.
Reports Add Schedule - One time Generation The following table describes the fields present on the One Time Generation tab. Field Description Generate Report at Click the calendar icon to specify the date of report generation. Also specify the time of the report generation. Report Time Period Select the Last option to specify the time period preceding the report delivery date and time. Specify the number of preceding hours, days or months for which you want to generate the report.
AirTight Management Console User Guide If you want to schedule the report for recurring generation, specify the details under the Recurring Generation tab. Add Schedule - Recurring Generation The following table describes the fields present on the Recurring Generation tab. Field Description Generate Report every Specify the frequency in number of hours, days, or months for report generation. Start Date Select the start date and time for which you want to generate the report.
Reports Report Time Period Select the time period in number of hours, days, or months for which the report is to be generated. Send report by e-mail If you want to email the report on generation, select the Email Report check box. If you want to zip the report before sending it in an email, select the Zip before email check box. If your email id is mentioned in the schedule, you will be able to see the report under Reports Scheduled for Me section in the Schedules tab.
Glossary of Icons Following is a list of the device related icons seen on AirTight Management Console. Icon Description Rogue AP-Active: This icon shows that a Rogue AP is active and visible to Sensor(s). Authorized AP: This icon shows that the AP is an authorized AP Authorized AP-Active: This icon shows that an authorized AP is active and visible to Sensor(s). Authorized AP-Inactive: This icon shows that an Authorized AP that was earlier visible to Sensor(s) is inactive.
AirTight Management Console User Guide Uncategorized Client-Inactive: This icon shows that an Uncategorized Client that was earlier visible to Sensor(s) is inactive. DoS Attacker: This icon shows the device from which the DoS attack is being launched. Client in Adhoc Mode-Active: This icon shows that a Client in adhoc mode is active and visible to Sensor(s). Client in Adhoc Mode-Inactive: This icon shows that a Client that was earlier in adhoc mode and visible to Sensor(s) is inactive.
glossary_of_icons RSSI level 3: This icon shows strong signal strength RSSI Level 4: This icon shows very strong signal strength. Display Columns: Most fields in the table can be selected for display or optionally hidden. This button allows selection and configuration of parameters to show and hide in the table. Monitored Network: This icon indicates that the network is being monitored by a sensor. Unmonitored Network: This icon indicates that the network is not being monitored by a sensor.
AirTight Management Console User Guide This icon indicates a location floor. This icon indicates an unknown location floor. This icon indicates root location. This icon indicates a secure location floor. This icon indicates a vulnerable location floor. This icon indicates a secure location folder. This icon indicates a vulnerable location folder. This icon indicates a vulnerable root location. This icon indicates a secure root location. This icon indicates a vulnerable unknown location floor.
Industry Canada Statement This device complies with RSS-210 of the Industry Canada Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. Ce dispositif est conforme a la norme CNR-210 d’Industrie Canada applicable aux appareils radio exempts de licence.
This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasoable protection against harmful interference in a residential installation. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.
