Wi-Fi Array NAS Identifier (IP address) that the RADIUS servers expect the Array to use—this is normally the IP address of the Array’s Gigabit1 port. c. 4. Accounting: If you would like the Array to send RADIUS Start, Stop, and Interim records to a RADIUS accounting server, click the On button and click Apply. The account settings appear, and must be configured. Accounting Settings: a. Accounting Interval (seconds): Specify how often Interim records are to be sent to the server.
Wi-Fi Array Global Settings (IAP) Internal Radius Access Control List Management Control Security Understanding Groups Internal Radius This window allows you to define the parameters for the Array’s internal RADIUS server for user authentication. However, the internal RADIUS server will only authenticate wireless clients that want to associate to the Array. This can be useful if an external RADIUS server is not available.
Wi-Fi Array Procedure for Creating a New User 1. User Name: Enter the name of the user that you want to authenticate to the internal RADIUS server. 2. SSID Restriction: (Optional) If you want to restrict this user to associating to a particular SSID, choose an SSID from the pull-down list. 3. User Group: (Optional) If you want to make this user a member of a previously defined user group, choose a group from the pull-down list. This will apply all of the user group’s settings to the user.
Wi-Fi Array Global Settings (IAP) Access Control List Management Control Security Understanding Groups Rogue Control List This window allows you to set up a control list for rogue APs, based on a type that you define. You may classify rogue APs as blocked, so that the Array will take steps to prevent stations from associating with the blocked AP. See “About Blocking Rogue APs” on page 276. The Array can keep up to 5000 entries in this list. When finished, click on the Save button to save your changes.
Wi-Fi Array Procedure for Establishing Rogue AP Control 1. Rogue BSSID/SSID: Enter the BSSID or SSID for the new rogue AP. You may use the “*” character as a wildcard to match any string at this position. For example, 00:0f:7d:* matches any string that starts with 00:0f:7d:. Since Xirrus Arrays start with 00:0f:7d:, this applies the Rogue Control Type to all Xirrus Arrays. 2. Rogue Control Type: Define a type for the new rogue AP, either Blocked, Known or Approved. 3.
Wi-Fi Array SSIDs This is a status-only window that allows you to review SSID (Service Set IDentifier) assignments. It includes the SSID name, whether or not an SSID is visible on the network, any security and QoS parameters defined for each SSID, associated VLAN IDs, radio availability, and DHCP pools defined per SSID. You may click on an SSID’s name to jump to the edit page for the SSID.
Wi-Fi Array allowed, time on and time off, days on and off, and whether each SSID is currently active or inactive. Understanding SSIDs The SSID (Service Set Identifier) is a unique identifier that wireless networking devices use to establish and maintain wireless connectivity. Multiple access points on a network or sub-network can use the same SSIDs. SSIDs are case-sensitive and can contain up to 32 alphanumeric characters (do not include spaces when defining SSIDs).
Wi-Fi Array Another example may define an SSID named voice that supports voice over Wireless LAN phones with the highest Quality of Service (QoS) definition. This SSID might also forward traffic to specific VLANs on the wired network. See Also SSID Management SSIDs Understanding SSIDs Understanding QoS Priority on the Wi-Fi Array # For a complete discussion of implementing Voice over Wi-Fi on the Array, see the Xirrus Voice over Wi-Fi Application Note in the Xirrus Library.
Wi-Fi Array possible user priority levels and the Array implements four wireless QoS levels, user priorities are mapped to QoS as described below. End-to-End QoS Handling z Wired QoS - Ethernet Port: Ingress: Incoming wired packets are assigned QoS priority based on their SSID and 802.1p tag (if any), as shown in the table below. This table follows the mapping recommended by IEEE802.11e. FROM Priority Tag 802.
Wi-Fi Array z Egress: Outgoing wired packets are IEEE 802.1p tagged at the Ethernet port for upstream traffic, thus enabling QoS at the edge of the network. FROM Array QoS (Wireless) 0 (Lowest priority) TO Priority Tag 802.1p (Wired) 0 (Default) 1 1 2 5 3 (Highest priority) 6 Wireless QoS - Radios: z Each SSID can be assigned a separate QoS priority (i.e., traffic class) from 0 to 3, where 3 is highest priority and 0 is the default. See “SSID Management” on page 240.
Wi-Fi Array Voice Support z The QoS priority implementation on the Array supports voice applications. In particular, Spectralink voice packets are automatically classified and set to the highest priority level. SSID Management This window allows you to manage SSIDs (create, edit and delete), assign security parameters and VLANs on a per SSID basis, and configure the Web Page Redirect functionality. When finished, click on the Save button to save your changes.
Wi-Fi Array 3. On: Check this box to activate this SSID or clear it to deactivate it. 4. Brdcast: Check this box to make the selected SSID visible to all clients on the network. Although the Wi-Fi Array will not broadcast SSIDs that are hidden, clients can still associate to a hidden SSID if they know the SSID name to connect to it. Clear this box if you do not want this SSID to be visible on the network. 5. Band: Choose which wireless band the SSID will be beaconed on. Select either 5 GHz—802.
Wi-Fi Array 9. Filter List: If you wish to apply a set a filters to this SSID’s traffic, select the desired Filter List. See “Filters” on page 289. 10. Authentication: The following authentication options are available: • Open: This option provides no authentication and is not recommended. • RADIUS MAC: Uses an external RADIUS server to authenticate stations onto the Wi-Fi network, based on the user’s MAC address.
Wi-Fi Array configure encryption, RADIUS, and RADIUS accounting settings. The encryption settings are described in “Procedure for Configuring Network Security” on page 226. The external RADIUS and accounting settings are configured in the same way as for an external RADIUS server (see “Procedure for Configuring an External RADIUS Server” on page 229). Note that external RADIUS servers may be specified using IP addresses or domain names. 13.
Wi-Fi Array Association per IAP. If both station limits are set, both will be enforced. As soon as either limit is reached, no new stations can associate until some other station has terminated its association. 16. Overall Traffic: Choose Unlimited if you do not want to place a restriction on the traffic for this SSID, or enter a value in the Packets/Sec field to force a traffic restriction. 17.
Wi-Fi Array For an in-depth discussion, please see the Xirrus Web Page Redirect Application Note in the Xirrus Library. If enabled, WPR displays a splash or login page when a user associates to the wireless network and opens a browser to any URL (provided the URL does not point to a resource directly on the user’s machine).
Wi-Fi Array allows you to replace the default login page, if you wish. Please see “Web Page Redirect” on page 300 for more information. To set up internal login, set Server to Internal Login. The user name and password are obtained by the login page, and authentication occurs according to your configured authentication information (starting with Step 10 above). These parameters are configured as described in “Procedure for Configuring Network Security” on page 226.
Wi-Fi Array Groups This is a status-only window that allows you to review user Group assignments. It includes the group name, Radius ID, VLAN IDs and QoS parameters and roaming layer defined for each group, and DHCP pools and web page redirect information defined for the group. You may click on a group’s name to jump to the edit page for the group.
Wi-Fi Array A group allows you to define a set of parameter values to be applied to selected users. For example, you might define the user group Students, and set its VLAN, security parameters, web page redirect (WPR), and traffic limits. When a new user is created, you can apply all of these settings just by making the user a member of the group. The group allows you to apply a uniform configuration to a set of users in one step.
Wi-Fi Array Understanding QoS Priority on the Wi-Fi Array Web Page Redirect Configuration Settings Understanding Fast Roaming Group Management This window allows you to manage groups (create, edit and delete), assign usage limits and other parameters on a per group basis, and configure the Web Page Redirect functionality. When finished, click the Save button to save your changes. Figure 136. Group Management Procedure for Managing Groups 1.
Wi-Fi Array 4. Radius ID: Enter a unique Radius ID for the group, to be used on an external Radius server. When adding a user account to the external server, this Radius ID value should be entered for the user. When the user is authenticated, Radius sends this value to the Array. This tells the Array that the user is a member of the group having this Radius ID. 5. VLAN ID: (Optional) From the pull-down list, select a VLAN for this user’s traffic to use.
Wi-Fi Array 9. L3: (Optional) For this group, check this box to enable fast roaming between IAPs or Arrays at Layer 2 and Layer 3. If the box is not checked, then roaming uses Layer 2 only. You may only select fast roaming at Layers 2 and 3 if this has been selected in Global Settings (IAP). See “Understanding Fast Roaming” on page 254. 10. WPR (Web Page Redirect): (Optional) Check this box if you wish to enable the Web Page Redirect functionality.
Wi-Fi Array To eliminate confusion, we recommend that you configure one set of limits or the other, but not both. 11. Stations: Enter the maximum number of stations allowed on this group. The default is 1024. 12. Overall Traffic: Check the Unlimited checkbox if you do not want to place a restriction on the traffic for this group, or enter a value in the Packets/Sec field and make sure that the Unlimited box is unchecked to force a traffic restriction. 13.
Wi-Fi Array IAPs This status-only window summarizes the status of the Integrated Access Points (radios). For each IAP, it shows whether it is up or down, the channel and antenna that it is currently using, its cell size and transmit and receive power, how many users (stations) are currently associated to it, whether it is part of a WDS link, and its MAC address. Figure 137.
Wi-Fi Array z “Global Settings .11n” on page 273 z “Advanced RF Settings” on page 275 z “LED Settings” on page 283 See Also IAP Statistics Summary Understanding Fast Roaming To maintain sessions for real-time data traffic, such as voice and video, users must be able to maintain the same IP address through the entire session. With traditional networks, if a user crosses VLAN or subnet boundaries (i.e., roaming between domains), a new IP address must be obtained.
Wi-Fi Array IAP Settings This window allows you to enable/disable IAPs, define the wireless mode for each IAP, specify the channel to be used and the cell size for each IAP, lock the channel selection, establish transmit/receive parameters, select antennas, and reset channels. Buttons at the bottom of the list allow you to Reset Channels, Enable All IAPs, or Disable All IAPs.
Wi-Fi Array z For all 802.11bg settings, go to “Global Settings .11bg” on page 269. z For all 802.11n settings, go to “Global Settings .11n” on page 273. Procedure for Manually Configuring IAPs 1. In the Enabled column, check the box for a corresponding IAP to enable the IAP, or uncheck the box if you want to disable the IAP. 2. In the Band column for 802.11abg(n) radios, select the wireless band for this IAP from the choices available in the pull-down menu, either 2.4GHz or 5 GHz.
Wi-Fi Array The channels that are available for assignment to an IAP will differ, depending on the country of operation. If Country is set to United States in the Global Settings (IAP) window, then 24 channels are available to 802.11a(n) radios. If you have enabled Public Safety in the Advanced RF Settings window (Step 19), then the public safety band channels (191 and 195) in the 4.9GHz spectrum range will be listed.
Wi-Fi Array 6. In the Cell Size column, select Auto to allow the optimal cell size to be automatically computed (see also, Step 8 on page 279). To set the cell size yourself, choose either Small, Medium, Large, or Max to use the desired pre-configured cell size, or choose Manual to define the wireless cell size manually. If you choose Manual, you must specify the transmit and receive power—in dB—in the Tx dBm (transmit) and Rx dBm (receive) fields. The default is Max.
Wi-Fi Array 9. You may reset all of the enabled IAPs by clicking the Reset Channels button at the bottom of the list. A message will inform you that all enabled radios have been taken down and brought back up. 10. Buttons at the bottom of the list allow you to Enable All IAPs or Disable All IAPs. 11. Click on the Apply button to apply the new settings to this session, or click Save to apply your changes and make them permanent.
Wi-Fi Array Global Settings (IAP) This window allows you to establish global IAP settings. Global IAP settings include enabling or disabling all IAPs (regardless of their operating mode), enabling or disabling the Beacon World Mode, specifying the short and long retry limits, and defining the beacon interval and DTIM period. Changes you make on this page are applied to all IAPs, without exception. Figure 139.
Wi-Fi Array Procedure for Configuring Global IAP Settings 1. Country: If no country is set, you may choose from the pull-down list. Once a country has been chosen, it may not be changed. You are responsible for choosing the correct country and conforming to the regulatory laws for wireless transmissions within your country. Please contact Xirrus Customer Support if you need to change the operating country after a country has already been set (see “Contact Information” on page 417).
Wi-Fi Array Beacon Configuration 5. Beacon Interval: When the Array sends a beacon, it includes with it a beacon interval, which specifies the period of time before it will send the beacon again. Enter the desired value in the Beacon Interval field, between 20 and 1000. The value you enter here is applied to all IAPs. 6.
Wi-Fi Array 11. Max Phones per IAP: This option allows you to control the maximum number of phones that are allowed per IAP. The default is set to a maximum of 16 but you can reduce this number, as desired. Enter a value in this field between 0 (no phones allowed) and 16. # This admission control feature applies only to Spectralink phones. It does not apply to all VoIP phones in general. 12.
Wi-Fi Array 15. Load Balancing: The Xirrus Wi-Fi Array supports an automatic load balancing feature designed to distribute Wi-Fi stations across multiple radios rather than having stations associate to the closest radios with the strongest signal strength, as they normally would. In Wi-Fi networks, the station decides to which radio it will associate.
Wi-Fi Array • Pass-thru: The Array forwards the ARP request. It passes along only ARP messages that target the stations that are associated to it. • Proxy: The Array replies on behalf of the stations that are associated to it. The ARP request is not broadcast to the stations. Note that the Array has a broadcast optimization feature that is always on (it is not configurable). Broadcast optimization restricts all broadcast packets (not just ARP broadcasts) to only those radios that need to forward them.
Wi-Fi Array 18. Fast Roaming Layer: Select whether to enable roaming capabilities between IAPs or Arrays at Layer 2 and 3, or at Layer 2 only. Depending on your wired network, you may wish to allow fast roaming at Layer 3. This may result in delayed traffic. 19. Share Roaming Info With: Three options allow your Array to share roaming information with all Arrays; just with those that are within range; or with specifically targeted Arrays. Choose either All, In Range or Target Only, respectively. a.
Wi-Fi Array Global Settings .11a This window allows you to establish global 802.11a IAP settings. These settings include defining which 802.11a data rates are supported, enabling or disabling all 802.11a IAPs, auto-configuration of channel allocations for all 802.11a IAPs, and specifying the fragmentation and RTS thresholds for all 802.11a IAPs. Figure 140. Global Settings .11a Procedure for Configuring Global 802.11a IAP Settings 1. 2. 802.
Wi-Fi Array optimize data rates based on throughput. The Restore Defaults button will take you back to the factory default rate settings. 3. 802.11a IAP Status: Click Enable 802.11a IAPs to enable all 802.11a IAPs for this Array, or click Disable 802.11a IAPs to disable all 802.11a IAPs. 4. Channel Configuration: Click Auto Configure to instruct the Array to determine the best channel allocation settings for each 802.11a IAP and select the channel automatically, based on changes in the environment.
Wi-Fi Array Global Settings .11bg Global Settings .11n IAPs IAP Statistics Summary Advanced RF Settings IAP Settings Global Settings .11bg This window allows you to establish global 802.11b/g IAP settings. These settings include defining which 802.11b and 802.11g data rates are supported, enabling or disabling all 802.11b/g IAPs, auto-configuring 802.11b/g IAP channel allocations, and specifying the fragmentation and RTS thresholds for all 802.11b/g IAPs. Figure 141. Global Settings .
Wi-Fi Array Procedure for Configuring Global 802.11b/g IAP Settings 1. 270 802.11g Data Rates: The Array allows you to define which data rates are supported for all 802.11g radios. Select (or deselect) 11g data rates by clicking in the corresponding Supported and Basic data rate check boxes. • Basic Rate—a wireless station (client) must support this rate in order to associate. • Supported Rate—data rate used to transmit to clients. 2. 802.
Wi-Fi Array 8. 802.11g Only: Choose On to restrict use to 802.11g mode only. In this mode, no 802.11b rates are transmitted. Stations that only support 802.11b will not be able to associate. 9. 802.11g Protection: You should select Auto CTS or Auto RTS to provide automatic protection for all 802.11g radios in mixed networks (802.11 b and g). You may select Off to disable this feature, but this is not recommended. Protection allows 802.11g stations to share an IAP with older, slower 802.11b stations.
Wi-Fi Array special data, such as voice, VoIP (Voice-over IP) and streaming video. Select Auto to instruct the Array to manage the preamble (long and short) automatically, or choose Long Only. 12. Fragmentation Threshold: This is the maximum size for directed data packets transmitted over the 802.11b/g IAP. Larger frames fragment into several packets, their maximum size defined by the value you enter here. Enter the desired Fragmentation Threshold value, between 256 and 2346. 13.
Wi-Fi Array Global Settings .11n This window is displayed only for XN Array models. It allows you to establish global 802.11n IAP settings. These settings include enabling or disabling 802.11n mode for the entire Array, specifying the number of transmit and receive chains (data stream) used for spatial multiplexing, setting a short or standard guard interval, auto-configuring channel bonding, and specifying whether autoconfigured channel bonding will be static or dynamic.
Wi-Fi Array If you select Disabled, then 802.11n operation is disabled on the Array. IAPs abgn1 though abgn4 will behave in the same way as IAPs abg1 to abg4 on the XS Arrays; the 802.11a/n IAPs will operate in 802.11a mode. 274 2. TX Chains: Select the number of separate data streams transmitted by the antennas of each IAP. The default is 3. See “Multiple Data Streams— Spatial Multiplexing” on page 62. 3. RX Chains: Select the number of separate data streams received by the antennas of each IAP.
Wi-Fi Array Advanced RF Settings This window allows you to establish RF settings, including automatically configuring channel allocation and cell size, specifying intrusion detection and blocking of rogue APs, and configuring radio assurance and standby modes. Changes you make on this page are applied to all IAPs, without exception. Figure 143. Advanced RF Settings About Standby Mode Standby Mode supports the Array-to-Array fail-over capability.
Wi-Fi Array enables its radios until it detects that the target Array has come back online. Standby Mode is off by default. Note that you must ensure that the configuration of the standby Array is correct. This window allows you to enable or disable Standby Mode and specify the primary Array that is the target of the backup unit. See also, “Failover Planning” on page 67.
Wi-Fi Array Procedure for Configuring Advanced RF Settings RF Intrusion Detection 1. Intrusion Detection: This option allows you to establish the intrusion detection method, either Standard or Advanced, or you can choose Off to disable this feature. See “Array Monitor and Radio Assurance Capabilities” on page 406 for more information. • Standard—enables the abg(n)2 radio as a monitor which collects Rogue AP information.
Wi-Fi Array RF Resilience 5. Radio Assurance Mode: When this mode is enabled, IAP abg(n)2 performs loopback tests on the Array. This mode requires Intrusion Detection to be set to Standard (Step 1) to enable abg(n)2’s selfmonitoring functions. It also requires abg(n)2 to be set to monitoring mode (see “Enabling Monitoring on the Array” on page 406). Operation of Radio Assurance mode is described in detail in “Array Monitor and Radio Assurance Capabilities” on page 406.
Wi-Fi Array RF Power & Sensitivity For an overview of RF power and cell size settings, please see “Capacity and Cell Sizes” on page 52 and “Fine Tuning Cell Sizes” on page 53. # To use the Auto Cell feature, the following additional settings are required: The abg(n)2 radio must be in monitor mode, and all other IAPs that will use Auto Cell must have Cell Size set to auto. See “Procedure for Manually Configuring IAPs” on page 256. The Intrusion Detection Mode must not be set to Advanced.
Wi-Fi Array 12. Sharp Cell: This feature reduces interference between neighboring Arrays or other Access Points by limiting to a defined boundary (cell size) the trailing edge bleed of RF energy. Choose On to enable the Sharp Cell functionality, or choose Off to disable this feature. See also, “Fine Tuning Cell Sizes” on page 53. The Sharp Cell feature only works when the cell size is Small, Medium, or Large (or Auto)—but not Max.
Wi-Fi Array Factory Preset Channels (US) for both XN and XS models IAP 16-Radio Models 12-Radio Models 8-Radio Models 4-Radio Models abg(n)1 1 1 1 1 abg(n)2 mon mon mon mon abg(n)3 11 11 11 11 abg(n)4 6 6 6 6 a(n)1 36 36 40 - a(n)2 52 52 56 - a(n)3 149 40 48 - a(n)4 40 56 64 - a(n)5 56 44 - - a(n)6 157 60 - - a(n)7 44 48 - - a(n)8 60 64 - - a(n)9 153 - - - a(n)10 48 - - - a(n)11 64 - - - a(n)12 161 - - - 14.
Wi-Fi Array 15. Auto Channel Configuration Mode: This option allows you to instruct the Array to auto-configure channel selection for each enabled IAP when the Array is powered up. Choose On Array PowerUp to enable this feature, or choose Disabled to disable this feature. 16. Auto Channel Configure on Time: This option allows you to instruct the Array to auto-configure channel selection for each enabled IAP at a time you specify here (in hours and minutes, using the format: hh:mm).
Wi-Fi Array Global Settings .11bg Global Settings .11n IAPs IAP Statistics Summary IAP Settings LED Settings This window assigns behavior preferences for the Array’s IAP LEDs. Figure 144.
Wi-Fi Array Procedure for Configuring the IAP LEDs 1. LED State: This option determines which event triggers the LEDs, either when an IAP is enabled or when an IAP first associates with the network. Choose On Radio Enabled or On First Association, as desired. You may also choose Disabled to keep the LEDs from being lit. The LEDs will still light during the boot sequence, then turn off. 2. LED Blink Behavior: This option allows you to select when the IAP LEDs blink, based on the activities you check here.
Wi-Fi Array WDS This is a status-only window that provides an overview of all WDS links that have been defined. WDS (Wireless Distribution System) is a system that enables the interconnection of access points wirelessly, allowing your wireless network to be expanded using multiple access points without the need for a wired backbone to link them. The Summary of WDS Client Links shows the WDS links that you have defined on this Array and identifies the target Array for each by its base MAC address.
Wi-Fi Array The configuration for WDS is performed on the client Array only, as described in “WDS Client Links” on page 287. No WDS configuration is performed on the host Array. First you will set up a client link, defining the target (host) Array and SSID, and the maximum number of IAPs in the link. Then you will select the IAPs to be used in the link. When the client link is created, each member IAP will associate to an IAP on the host Array.
Wi-Fi Array WDS Client Links This window allows you to set up a maximum of four WDS client links. Figure 147. WDS Client Links Procedure for Setting Up WDS Client Links WDS Client Link Settings: 1. Client Link: Shows the ID (1 to 4) of each of the four possible WDS links. 2. Enabled: Check this box if you want to enable this WDS link, or uncheck the box to disable the link. 3. Max IAPs Allowed (1-3): Enter the maximum number of IAPs for this link, between 1 and 3. 4.
Wi-Fi Array 5. Target SSID: Enter the SSID that the target Array is using. 6. Username: Enter a username for this WDS link. A username and password is required if the SSID is using PEAP for WDS authentication from the internal RADIUS server. 7. Password: Enter a password for this WDS link. 8. Clear Settings: Click on the Clear button to reset all of the fields on this line. 9.
Wi-Fi Array Filters The Wi-Fi Array’s integrated firewall uses stateful inspection to speed the decision of whether to allow or deny traffic. Filters are used to define the rules used for blocking or passing traffic. Filters can also set the VLAN and QoS level for selected traffic. User connections managed by the firewall are maintained statefully—once a user flow is established through the Array, it is recognized and passed through without application of all defined filtering rules.
Wi-Fi Array Filter Lists This window allows you to create filter lists. The Array comes with one predefined list, named Global, which cannot be deleted. Filter lists (including Global) may be applied to SSIDs or to Groups. Only one filter list at a time may be applied to a group or SSID (although the filter list may contain a number of filters). All filters are created within filter lists. Figure 149. Filter Lists Procedure for Managing Filter Lists 290 1.
Wi-Fi Array 4. SSIDs: This read-only field lists the SSIDs that use this filter list. 5. User Groups: This read-only field lists the Groups that use this filter list. 6. Delete: Click this checkbox and then click the Apply or Save button to delete this filter list. 7. Click on the Apply button to apply your changes to the selected filter, or click Save to apply your changes and make them permanent. 8.
Wi-Fi Array Procedure for Managing Filters 292 1. Filter List: Select the filter list to display and manage on this window. All of the filters already defined for this list are shown, and you may create additional filters for this list. 2. New Filter Name: Enter a name for the new filter in the field next to the Create button, then click on the Create button to create the filter. All new filters are added to the table of filters at the top of the window.
Wi-Fi Array 9. VLAN ID: (Optional) Set packets that match the filter criteria to this VLAN. Select a VLAN from the pull-down list, or select numeric and enter the number of a previously defined VLAN (see “VLANs” on page 205). 10. Move Up/Down: The filters are applied in the order in which they are displayed in the list, with filters on the top applied first. To change an entry’s position in the list, just click its Up or Down button. 11.
Wi-Fi Array 294 Configuring the Wi-Fi Array
Wi-Fi Array Using Tools on the Wi-Fi Array These WMI windows allow you to perform administrative tasks on your Array, such as upgrading software, rebooting, uploading and downloading configuration files, and other utility tasks. Tools are described in the following sections: z “System Tools” on page 296 z “CLI” on page 303 z “Logout” on page 305 This section does not discuss using status or configuration windows.
Wi-Fi Array System Tools This window allows you to manage files for software images, configuration, and Web Page Redirect (WPR), manage the system’s configuration parameters, reboot the system, and use diagnostic tools. Status is shown here Progress is shown here Figure 151.
Wi-Fi Array z Web Page Redirect z Tools z Progress and Status Frames System 1. Save & Reboot or Reboot: Use Save & Reboot to save the current configuration and then reboot the Array. The LEDs on the Array indicate the progress of the reboot, as described in “Powering Up the Wi-Fi Array” on page 107. Alternatively, use the Reboot button to discard any configuration changes which have not been saved since the last reboot. 2.
Wi-Fi Array Configuration 4. Update from Remote File: This field allows you to define the path to a configuration file (one that you previously saved—see Step 6 below). Click on the Browse button if you need to browse for the location of the file, then click Update to update your configuration settings. 5. Update from Local File: This field updates Array settings from a local configuration file on the Array. Select one of the following files from the drop-down list: • factory.
Wi-Fi Array Click Reset to reset all of the system’s current configuration settings to the factory default values, including the management IP address—all previous configuration settings will be lost. The Array’s Gigabit Ethernet ports default to using DHCP to obtain an IP address. # If the IP settings change, the connection to the WMI may be lost. Diagnostics 8. Diagnostic Log: Click the Create button to save a snapshot of Array information for use by Xirrus Customer Support personnel.
Wi-Fi Array between the two snapshots (for example, to see traffic and error statistics for the interval). Thus, you must rename the first diagnostic log file. # All passwords are stored on the array in an encrypted form and will not be exposed in the diagnostic log. Web Page Redirect The Array uses a Perl script and a cascading style sheet to define the default splash/login Web page that the Array delivers for WPR. You may replace these files with files for one or more custom pages of your own.
Wi-Fi Array Enter the filename and directory location (or click Browse to locate the splash/login page files), then click on the Upload button to upload the new files to the Array. You must reboot to make your changes take effect. 10. Remove File: Enter the name of the WPR file you want to remove, then click on the Delete button. You can use the List Files button to show you a list of files that have been saved on the Array for WPR.
Wi-Fi Array Password. When using a RADIUS server, this command allows you to verify that the server configuration is correct and whether a particular Username and Password are set up properly. If a client is having trouble accessing the network, you can quickly determine if there is a basic RADIUS problem by using the RADIUS Ping tool. For example, in Figure 155 (A), RADIUS Ping is unable to contact the server.
Wi-Fi Array 15. Execute System Command: Click Execute to start the specified command. Progress of command execution is displayed in the Progress frame. Results are displayed in the Status frame. Progress and Status Frames The Progress frame displays a progress bar for commands such as Software Upgrade and Ping. The Status frame presents the output from system commands (Ping and Trace Route), as well as other information, such as the results of software upgrade. 16.
Wi-Fi Array Figure 156. CLI Window To enter a command, simply type it in. The command is echoed and output is shown in the normal way—that is, the same way it would be if you were using the CLI directly. You may use the extra scroll bar inside the right edge of the window to scroll through your output. This window has some minor differences, compared to direct use of the CLI via the console or an SSH connection: z The CLI starts in config mode.
Wi-Fi Array Logout Click on the Logout button to terminate your session. When the session is terminated, you are presented with the Array’s login window. Figure 157.
Wi-Fi Array 306 Using Tools on the Wi-Fi Array
Wi-Fi Array The Command Line Interface This section covers the commands and the command structure used by the Wi-Fi Array’s Command Line Interface (CLI), and provides a procedure for establishing a Telnet connection to the Array. Topics discussed include: z “Establishing a Secure Shell (SSH) Connection” on page 307. z “Getting Started with the CLI” on page 309. z “Top Level Commands” on page 311. z “Configuration Commands” on page 320. z “Sample Configuration Tasks” on page 355.
Wi-Fi Array is connected to the Array—change that port’s IP address so that it is on the same 10.0.2.xx subnet as the Array port. • 2. If your Array is an 8-, 12-, or 16-port model, it has a 10/100Mb Ethernet port called Ethernet0. This management port has a default IP address of 10.0.1.1. You may connect your computer directly to this port, but you will need to set the IP address of the connected port on your computer to the 10.0.1.xx subnet.
Wi-Fi Array Getting Started with the CLI The root command prompt (Root Command Prompt) is the first prompt you see after logging in to the CLI. If you are at a level other than the root command prompt you can return to this prompt at any time by using the exit command to step back through each command prompt level. The root command prompt you see in the CLI window is determined by the host name you assigned to your Array.
Wi-Fi Array z ? Command This command is available at any prompt and provides either FULL or PARTIAL help. Using the ? (question mark) command when you are ready to enter an argument will display all the possible arguments (full help). Partial help is provided when you enter an abbreviated argument and you want to know what arguments will match your input. Figure 160.
Wi-Fi Array Top Level Commands This section offers an at-a-glance view of all top level commands—organized alphabetically. Top level commands are defined here as commands that are directly accessible from the root command prompt (Xirrus_Wi-Fi_Array#). The root command prompt is based on the host name assigned to your Array. When inputting commands, be aware that all commands are case-sensitive.
Wi-Fi Array Command show Description Display information about the selected item. See “show Commands” on page 315. statistics Display statistical data about the Array. See “statistics Commands” on page 318. uptime Display the elapsed time since the last boot. configure Commands The following table shows the second level commands that are available with the top level configure command [Xirrus_Wi-Fi_Array(config)#].
Wi-Fi Array Command Description group Define user groups with parameter settings help Description of the interactive Help system. history hostname https interface license load location management more netflow no pci-audit quit radius-server reboot reset run-tests save search security List history of commands that have been executed. Host name for this Array. Enable/disable HTTPS. Select the interface to configure. Enter a license key.
Wi-Fi Array Command show Display current information about the selected item. snmp Enable, disable or configure SNMP. ssh Enable/disable SSH. ssid Configure the SSID parameters. standby Configure the standby parameters. statistics Display statistics. syslog Enable, disable or configure the Syslog Server. telnet Enable/disable Telnet. uptime vlan 314 Description Display time since the last boot. Configure VLAN parameters.
Wi-Fi Array show Commands The following table shows the second level commands that are available with the top level show command [Xirrus_Wi-Fi_Array# show]. Command acl admin Description Display the Access Control List. Display the administrator list or login information. array-info Display system information. associatedstations Display stations that have associated to the Array. boot-env capabilities Display Boot loader environment variables. Display detailed station capabilities.
Wi-Fi Array Command diff Display the difference between configurations. dns Display DNS summary information. env-ctrl error-numbers ethernet Display the environmental controller status for the outdoor enclosure. Display the detailed error number in error messages. Display Ethernet interface summary information. external-radius Display summary information for the external RADIUS server settings. factory-config Display the Array factory configuration information.
Wi-Fi Array Command saved-config Description Display the last saved Array configuration. security Display security settings summary information. self-test Display self test results. snmp spanning-tree spectrumanalyzer ssid Display SNMP summary information. Display spanning tree information. Display spectrum analyzer measurements. Display SSID summary information. stations Display station information. statistics Display statistics. syslog Display the system log.
Wi-Fi Array statistics Commands The following table shows the second level commands that are available with the top level statistics command [Xirrus_Wi-Fi_Array# statistics]. Command ethernet Ethernet Name eth0, gig1, gig2 filter filter-list iap 318 Description Display statistical data for all Ethernet interfaces. Display statistical data for the defined Ethernet interface (either eth0, gig1 or gig2). FORMAT: statistics gig1 Display statistics for defined filters (if any).
Wi-Fi Array Command Description Display configuration or status information.
Wi-Fi Array Configuration Commands All configuration commands are accessed by using the configure command at the root command prompt (Xirrus_Wi-Fi_Array#). This section provides a brief description of each command and presents sample formats where deemed necessary. The commands are organized alphabetically. When inputting commands, be aware that all commands are case-sensitive.
Wi-Fi Array admin The admin command [Xirrus_Wi-Fi_Array(config-admin)#] is used to configure the Administrator List. Command Description add Add a user to the Administrator List. FORMAT: admin add [userID] del Delete a user to the Administrator List. FORMAT: admin del [userID] edit Modify user in the Administrator List. FORMAT: admin edit [userID] radius reset Define a RADIUS server to be used for authenticating administrators.
Wi-Fi Array cdp The cdp command [Xirrus_Wi-Fi_Array(config)# cdp] is used to configure the Cisco Discovery Protocol. Command 322 Description disable Disable the Cisco Discovery Protocol FORMAT: cdp disable enable Enable the Cisco Discovery Protocol FORMAT: cdp enable hold-time Select CDP message hold time before messages received from neighbors expire. FORMAT: cdp hold-time [# seconds] interval The Array sends out CDP announcements at this interval.
Wi-Fi Array clear The clear command [Xirrus_Wi-Fi_Array(config)# clear] is used to clear requested elements. Command authentication Description Deauthenticate a station. FORMAT: clear station [authenticated station] history Clear the history of CLI commands executed. FORMAT: clear history screen Clear the screen where you’re viewing CLI output. FORMAT: clear syslog statistics Clear the statistics for a requested interface.
Wi-Fi Array contact-info The contact-info command [Xirrus_Wi-Fi_Array(config)# contact-info] is used for managing administrator contact information. Command 324 Description email Add an email address for the contact (must be in quotation marks). FORMAT: contact-info email [“contact@mail.com”] name Add a contact name (must be in quotation marks). FORMAT: contact-info name [“Contact Name”] phone Add a telephone number for the contact (must be in quotation marks).
Wi-Fi Array date-time The date-time command [Xirrus_Wi-Fi_Array(config-date-time)#] is used to configure the date and time parameters. Your Array supports the Network Time Protocol (NTP) in order to ensure that the Array’s internal time is accurate. NTP is set to UTC time by default; however, you can set the time zone so that your Array will display local time. This is done by defining an offset from the UTC value.
Wi-Fi Array dhcp-server The dhcp-server command [Xirrus_Wi-Fi_Array(config-dhcp-server)#] is used to add, delete and modify DHCP pools. Command 326 Description add Add a DHCP pool. FORMAT: dhcp-server add [dhcp pool] del Delete a DHCP pool. FORMAT: dhcp-server del [dhcp pool] edit Edit a DHCP pool FORMAT: dhcp-server edit [dhcp pool] reset Delete all DHCP pools.
Wi-Fi Array dns The dns command [Xirrus_Wi-Fi_Array(config-dns)#] is used to configure your DNS parameters. Command Description domain Enter your domain name. FORMAT: dns domain [www.mydomain.com] server1 Enter the IP address of the primary DNS server. FORMAT: dns server1 [1.2.3.4] server2 Enter the IP address of the secondary DNS server. FORMAT: dns server1 [2.3.4.5] server3 Enter the IP address of the tertiary DNS server. FORMAT: dns server1 [3.4.5.
Wi-Fi Array file The file command [Xirrus_Wi-Fi_Array(config-file)#] is used to manage files. Command active-image backup-image check-image chkdsk copy dir erase format 328 Description Validate and commit a new array software image. Validate and commit a new backup software image. Validate a new array software image. Check flash file system. Copy a file to another file. FORMAT: file copy [sourcefile destinationfile] List the contents of a directory.
Wi-Fi Array Command Description remote-config When the Array boots up, it fetches the specified configuration file from the TFTP server defined in the file remote-server command, and uses this configuration. This must be an Array configuration file with a .conf extension. A partial configuration file may be used. For instance, if you wish to use a single configuration file for all of your Arrays but don't want to have the same IP address for each Array, you may remove the ipaddr line from the file.
Wi-Fi Array Command tftp 330 Description Open a TFTP connection with a remote server. FORMAT: file tftp host { |} [port ] [user {anonymous | password } ] { put [] | get [] } Note: Any time you transfer any kind of software image file for the Array, it must be transferred in binary mode, or the file may be corrupted.
Wi-Fi Array filter The filter command [Xirrus_Wi-Fi_Array(config-filter)#] is used to manage protocol filters and filter lists. Command add add-list del del-list edit Description Add a filter. FORMAT: filter add [name] Add a filter list. FORMAT: filter add-list [name] Delete a filter. FORMAT: filter del [name] Delete a filter list. FORMAT: filter del-list [name] Edit a filter.
Wi-Fi Array Command off Disable a filter list. FORMAT: filter off on Enable a filter list. FORMAT: filter on reset 332 Description Delete all protocol filters and filter lists.
Wi-Fi Array fips The fips command [Xirrus_Wi-Fi_Array(config)# fips] is used to set the parameter values required for FIPS 140-2, Level 2 security. For more information, see Appendix E: Implementing FIPS Security. Command Description disable Reverts FIPS settings to the values they had before performing a fips on command. FORMAT: fips disable enable Set FIPS security on the Array. Remembers the values of parameters prior to setting them.
Wi-Fi Array group The group command [Xirrus_Wi-Fi_Array(config)# group] is used to create and configure user groups. User groups allow administrators to assign specific network parameters to users through RADIUS privileges rather than having to map users to a specific SSID. Groups provide flexible control over user privileges without the need to create large numbers of SSIDs. For more information, see “Groups” on page 247. Command Description add Create a new user group.
Wi-Fi Array https The https command [Xirrus_Wi-Fi_Array(config)# https] is used to enable or disable the Web Management Interface (https), which is enabled by default. It also allows you to establish a timeout for your Web management session. Command Description disable Disable the https feature. FORMAT: https disable enable Enable the https feature. FORMAT: https enable off Disable the https feature. FORMAT: https off on Enable the https feature.
Wi-Fi Array interface The interface command [Xirrus_Wi-Fi_Array(config)# interface] is used to select the interface that you want to configure. To see a listing of the commands that are available for each interface, use the ? command at the selected interface prompt. For example, using the ? command at the Xirrus_Wi-Fi_Array(config-gig1}# prompt displays a listing of all commands for the gig1 interface. Command 336 Description console Select the console interface.
Wi-Fi Array license The license command [Xirrus_Wi-Fi_Array(config)# license] is used to set the license key for the Array. A valid license is required for Array operation, and it controls the features available on the Array. Command Description Set the license for the Array. FORMAT: license When you enter the new key obtained from Xirrus, simply hit the Enter key to apply it. load The load command [Xirrus_Wi-Fi_Array(config)# load] loads a configuration file.
Wi-Fi Array location The location command [Xirrus_Wi-Fi_Array(config)# location] is used to set the location for the Array. Command Description Set the location for the Array. FORMAT: location [newlocation] management The management command [Xirrus_Wi-Fi_Array(config)# management] enters management mode, where you may configure console management parameters. Command Description Enter management mode.
Wi-Fi Array netflow The netflow command [Xirrus_Wi-Fi_Array(config-netflow)#] is used to enable or disable, or configure sending IP flow information (traffic statistics) to the collector you specify. Command Description disable Disable netflow. FORMAT: netflow disable enable Enable netflow. FORMAT: netflow enable off Disable netflow. FORMAT: netflow off on Enable netflow. FORMAT: netflow on collector Set the netflow collector IP address or fully qualified domain name (host.domain).
Wi-Fi Array no The no command [Xirrus_Wi-Fi_Array(config)# no] is used to disable a selected element or set the element to its default value. Command acl dot11a dot11bg https Disable the Access Control List. FORMAT: no acl Disable all 802.11a(n) IAPs (radios). FORMAT: no dot11a Disable all 802.11bg(n) IAPs (radios). FORMAT: no dot11bg Disable https access. FORMAT: no https intrude-detect Disable intrusion detection.
Wi-Fi Array Command snmp ssh Description Disable SNMP features. FORMAT: no snmp Disable ssh access. FORMAT: no ssh syslog Disable the Syslog services. FORMAT: no syslog telnet Disable Telnet access. FORMAT: no telnet ETH-NAME Disable the selected Ethernet interface (eth0, gig1 or gig2). You cannot disable the console interface. with this command.
Wi-Fi Array pci-audit The pci-audit command [Xirrus_Wi-Fi_Array(config)# pci-audit] checks the configuration of the Array for conformance with PCI DSS standards. When you enter the pci-audit command, it lists any settings that violate PCI DSS requirements. In addition, if pci-audit is on (enabled), the Array will warn you if you change any parameters in a way that violates PCI DSS requirements.
Wi-Fi Array quit The quit command [Xirrus_Wi-Fi_Array(config)# quit] is used to exit the Command Line Interface. Command Description Exit the Command Line Interface. FORMAT: quit If you have made any configuration changes and your changes have not been saved, you are prompted to save your changes to Flash. At the prompt, answer Yes to save your changes, or answer No to discard your changes.
Wi-Fi Array reboot The reboot command [Xirrus_Wi-Fi_Array(config)# reboot] is used to reboot the Array. If you have unsaved changes, the command will notify you and give you a chance to cancel the reboot. Command Description Reboot the Array. FORMAT: reboot delay Reboot the Array after a delay of 1 to 60 seconds. FORMAT: reboot delay [n] reset The reset command [Xirrus_Wi-Fi_Array(config)# reset] is used to reset all settings to their default values then reboot the Array.
Wi-Fi Array run-tests The run-tests command [Xirrus_Wi-Fi_Array(run-tests)#] is used to enter runtests mode, which allows you to perform a range of tests on the Array. Command Description Enter run-tests mode. FORMAT: run-tests iperf Execute iperf utility. FORMAT: run-tests iperf kill-beacons Turn off beacons for selected single IAP. FORMAT: run-tests kill-beacons [off | iap-name] kill-proberesponses led Turn off probe responses for selected single IAP.
Wi-Fi Array Command radius-ping Description Special ping utility to test the connection to a RADIUS server.
Wi-Fi Array Command telnet Description Execute telnet utility. FORMAT: run-tests telnet [hostname | ip-addr] [command-line-switches (optional)] traceroute Execute traceroute utility. FORMAT: run-tests traceroute [host-name | ip-addr] security The security command [Xirrus_Wi-Fi_Array(config-security)#] is used to establish the security parameters for the Array. Command Description wep Set the WEP encryption parameters. FORMAT: security wep wpa Set the WEP encryption parameters.
Wi-Fi Array snmp The snmp command [Xirrus_Wi-Fi_Array(config-snmp)#] is used to enable, disable, or configure SNMP. Command Description v2 Enable SNMP v2. FORMAT: snmp v2 v3 Enable SNMP v3. FORMAT: snmp v3 trap Configure traps for SNMP. Up to four trap destinations may be configured, and you may specify whether to send traps for authentication failure. FORMAT: snmp trap ssh The ssh command [Xirrus_Wi-Fi_Array(config)# ssh] is used to enable or disable the SSH feature.
Wi-Fi Array Command Description off Disable SSH. FORMAT: ssh off on Enable SSH. FORMAT: ssh on timeout Set the SSH inactivity timeout.
Wi-Fi Array ssid The ssid command [Xirrus_Wi-Fi_Array(config-ssid)#] is used to establish your SSID parameters. Command Description add Add an SSID. FORMAT: ssid add [newssid] del Delete an SSID. FORMAT: ssid del [oldssid] edit Edit an existing SSID. FORMAT: ssid edit [existingssid] reset Delete all SSIDs and restore the default SSID. FORMAT: ssid reset standby The standby command [Xirrus_Wi-Fi_Array(config-ssid)#] sets this Array to function as a standby unit for another Array.
Wi-Fi Array syslog The syslog command [Xirrus_Wi-Fi_Array(config-syslog)#] is used to enable, disable, or configure the Syslog server. Command Description console Enable or disable the display of Syslog messages on the console, and set the level to be displayed. All messages at this level and lower (i.e., more severe) will be displayed. FORMAT: syslog console [on/off] level [0-7] disable Disable the Syslog server. FORMAT: syslog disable email Disable the Syslog server.
Wi-Fi Array Command off Disable the Syslog server. FORMAT: syslog off on Enable the Syslog server. FORMAT: syslog on primary secondary 352 Description Set the IP address of the primary Syslog server and/or the severity level of messages to be logged. FORMAT: syslog primary [1.2.3.4] level [0-7] Set the IP address of the secondary (backup) Syslog server and/or the severity level of messages to be logged. FORMAT: syslog primary [1.2.3.
Wi-Fi Array telnet The telnet command [Xirrus_Wi-Fi_Array(config)# telnet] is used to enable or disable Telnet. Command Description disable Disable Telnet. FORMAT: telnet disable enable Enable Telnet. FORMAT: telnet enable off Disable Telnet. FORMAT: telnet off on Enable Telnet. FORMAT: telnet on timeout Set the Telnet inactivity timeout.
Wi-Fi Array vlan The vlan command [Xirrus_Wi-Fi_Array(config-vlan)#] is used to establish your VLAN parameters. Command add default-route delete edit native-vlan 354 Description Add a VLAN. FORMAT: vlan add [newvlan] Assign a VLAN for the default route (for outbound management traffic). FORMAT: vlan default-route [defaultroute] Delete a VLAN. FORMAT: vlan delete [oldvlan] Modify an existing VLAN. FORMAT: vlan edit [existingvlan] Assign a native VLAN (traffic is untagged).
Wi-Fi Array Sample Configuration Tasks This section provides examples of some of the common configuration tasks used with the Wi-Fi Array, including: z “Configuring a Simple Open Global SSID” on page 356. z “Configuring a Global SSID using WPA-PEAP” on page 357. z “Configuring an SSID-Specific SSID using WPA-PEAP” on page 358. z “Enabling Global IAPs” on page 359. z “Disabling Global IAPs” on page 360. z “Enabling a Specific IAP” on page 361. z “Disabling a Specific IAP” on page 362.
Wi-Fi Array Configuring a Simple Open Global SSID This example shows you how to configure a simple open global SSID. Figure 162.
Wi-Fi Array Configuring a Global SSID using WPA-PEAP This example shows you how to configure a global SSID using WPA-PEAP encryption in conjunction with the Array’s Internal RADIUS server. Figure 163.
Wi-Fi Array Configuring an SSID-Specific SSID using WPA-PEAP This example shows you how to configure an SSID-specific SSID using WPAPEAP encryption in conjunction with the Array’s Internal RADIUS server. Figure 164.
Wi-Fi Array Enabling Global IAPs This example shows you how to enable all IAPs (radios), regardless of the wireless technology they use. Figure 165.
Wi-Fi Array Disabling Global IAPs This example shows you how to disable all IAPs (radios), regardless of the wireless technology they use. Figure 166.
Wi-Fi Array Enabling a Specific IAP This example shows you how to enable a specific IAP (radio). In this example, the IAP that is being enabled is a1 (the first IAP in the summary list). Figure 167.
Wi-Fi Array Disabling a Specific IAP This example shows you how to disable a specific IAP (radio). In this example, the IAP that is being disabled is a2 (the second IAP in the summary list). Figure 168.
Wi-Fi Array Setting Cell Size Auto-Configuration for All IAPs This example shows how to set the cell size for all enabled IAPs to be autoconfigured (auto). (See “Fine Tuning Cell Sizes” on page 53.) The auto_cell option may be used with global_settings, global_a_settings, or global_bg_settings. It sets the cell size of the specified IAPs to auto, and it launches an autoconfiguration to adjust the sizes.
Wi-Fi Array Setting the Cell Size for All IAPs This example shows you how to establish the cell size for all IAPs (radios), regardless of the wireless technology they use. Be aware that if the intrude-detect feature is enabled on abg(n)2 the cell size cannot be set globally—you must first disable the intrude-detect feature on abg(n)2. In this example, the cell size is being set to small for all IAPs. You have the option of setting IAP cell sizes to small, medium, large, or max.
Wi-Fi Array Setting the Cell Size for a Specific IAP This example shows you how to establish the cell size for a specific IAP (radio). In this example, the cell size for a2 is being set to medium. You have the option of setting IAP cell sizes to small, medium, large, or max (the default is max). See also, “Fine Tuning Cell Sizes” on page 53. Figure 171.
Wi-Fi Array Configuring VLANs on an Open SSID This example shows you how to configure VLANs on an Open SSID. # Setting the default route enables the Array to send management traffic, such as Syslog messages and SNMP information to a destination behind a router. Figure 172.
Wi-Fi Array Configuring Radio Assurance Mode (Loopback Tests) The Array uses the built-in monitor radio, IAP abg(n)2, to monitor other radios in the Array. Tests include sending probes on all channels and checking for a response, and checking whether beacons are received from the other radio. If a problem is detected, corrective actions are taken to recover. Loopback mode operation is described in detail in “Array Monitor and Radio Assurance Capabilities” on page 406.
Wi-Fi Array Figure 173.
Wi-Fi Array Appendices 369
Wi-Fi Array Page is intentionally blank 370
Wi-Fi Array Appendix A: Servicing the Wi-Fi Array This appendix contains procedures for servicing the Xirrus Wi-Fi Array, including the removal and reinstallation of major hardware components. Topics include: z “Removing the Access Panel” on page 373. z “Reinstalling the Access Panel” on page 376. z “Replacing the FLASH Memory Module” on page 378. z “Replacing the Main System Memory” on page 380. z “Replacing the Integrated Access Point Radio Module” on page 382.
Wi-Fi Array See Also Reinstalling the Access Panel Removing the Access Panel Replacing the FLASH Memory Module Replacing the Integrated Access Point Radio Module Replacing the Main System Memory Replacing the Power Supply Module 372 Appendix A: Servicing the Wi-Fi Array
Wi-Fi Array Removing the Access Panel Use this procedure when you want to remove the system’s access panel. You must remove this panel whenever you need to service the internal components of the Array. 1. Turn OFF the Array’s main power switch (XS-3900 and XS-3700 only). 2. Disconnect the AC power cord or Ethernet cable supplying power from the Array. 3. Place the Array face-down on a flat surface. Avoid moving the unit to reduce the risk of damage (scratching) to the finished enclosure. 4.
Wi-Fi Array 5. Lift up the access panel to reveal the main system board. Lift up the access panel Figure 176. Removing the Access Panel 6. Disconnect the connectors to the power supply and the fan. Fan connector Power supply connector Figure 177. Disconnecting the Power Supply and Fan 7. 374 The access panel can now be safely removed.
Wi-Fi Array See Also Reinstalling the Access Panel Replacing the FLASH Memory Module Replacing the Integrated Access Point Radio Module Replacing the Main System Memory Replacing the Power Supply Module Appendix A: Servicing the Wi-Fi Array Appendix A: Servicing the Wi-Fi Array 375
Wi-Fi Array Reinstalling the Access Panel Use this procedure when you need to reinstall the access panel after servicing the Array’s internal components. 1. Reconnect the fan and power supply. Fan connector Power supply connector Figure 178. Reconnecting the Fan and Power Supply 2. Reinstall the access panel and secure the panel with the three screws. Screw ! Do not overtighten Screw ! Do not overtighten Screw ! Do not overtighten Figure 179.
Wi-Fi Array 3. Reconnect the power source and turn ON the main power switch (if applicable).
Wi-Fi Array Replacing the FLASH Memory Module Use this procedure when you want to replace the system’s FLASH memory module. 1. Remove the system’s access panel. Refer to “Removing the Access Panel” on page 373. 2. Remove the FLASH memory module, taking care not to “wiggle” the module and risk damaging the connection points. FLASH memory module Figure 180. Removing the FLASH Memory Module 3. 378 The removal procedure is complete.
Wi-Fi Array 4. Reinstall the access panel (refer to “Reinstalling the Access Panel” on page 376).
Wi-Fi Array Replacing the Main System Memory Use this procedure when you want to replace the main system memory. 1. Remove the access panel (refer to “Removing the Access Panel” on page 373). 2. Remove the DIMM memory module, taking care not to “wiggle” the module and risk damaging the connection points. DIMM memory module Push down on the two locking tabs to release the DIMM memory module Figure 181. Removing the DIMM Memory Module 3. The removal procedure is complete.
Wi-Fi Array Replacing the Integrated Access Point Radio Module Replacing the Power Supply Module Appendix A: Servicing the Wi-Fi Array Appendix A: Servicing the Wi-Fi Array 381
Wi-Fi Array Replacing the Integrated Access Point Radio Module Use this procedure when you want to replace the integrated access point radio module. 1. Remove the access panel (refer to “Removing the Access Panel” on page 373). 2. Remove the locking screws (8 places) that secure the chassis cover to the main body of the Wi-Fi Array. Screws (8 places) Figure 182. Removing the Chassis Cover Screws 3. Lift and remove the chassis cover. Remove the chassis cover Figure 183.
Wi-Fi Array 4. Lift the edge of the integrated access point module. Lift here (do not force) Figure 184. Lifting the Integrated Access Point Module 5. Slide the integrated access point module away from the unit to disconnect it from the main system board. Disconnect the module Figure 185. Disconnect the Integrated Access Point Module 6. The removal procedure is complete. You can now reinstall the integrated access point module (or install a new module).
Wi-Fi Array 7. Reinstall the chassis cover (see warnings). ! When reinstalling the chassis cover, take care to align the cover correctly to avoid damaging the antenna modules. Do not force the chassis cover onto the body of the unit. ! Do not overtighten the locking screws. 8. Reinstall the locking screws (8 places) to secure the chassis cover in place—do not overtighten. 9. Reinstall the access panel (refer to “Reinstalling the Access Panel” on page 376).
Wi-Fi Array Replacing the Power Supply Module Use this procedure when you want to replace the power supply module. 1. Remove the access panel (refer to “Removing the Access Panel” on page 373). 2. Because the power supply unit is molded into the access panel, you must install a new access panel assembly (with the power supply attached). Refer to “Reinstalling the Access Panel” on page 376. Access panel (with power supply and fan) Figure 186.
Wi-Fi Array Use this Space for Your Notes 386 Appendix A: Servicing the Wi-Fi Array
Wi-Fi Array Appendix B: Quick Reference Guide This section contains product reference information. Use this section to locate the information you need quickly and efficiently. Topics include: z “Factory Default Settings” on page 387. z “Keyboard Shortcuts” on page 394. Factory Default Settings The following tables show the Wi-Fi Array’s factory default settings.
Wi-Fi Array Gigabit 1 and Gigabit 2 Setting Default Value Enabled Yes DHCP Bind Yes Default IP Address 10.0.2.1 Default IP Mask 255.255.255.0 Default Gateway None Auto Negotiate On Duplex Full Speed 1000 Mbps MTU Size 1504 Management Enabled Yes Fast Ethernet Setting Enabled Yes DHCP Bind Yes Default IP Address 388 Default Value 10.0.1.1 Default IP Mask 255.255.255.
Wi-Fi Array Setting Default Value MTU Size 1500 Management Enabled Yes Integrated Access Points (IAPs) Setting IAP abg2 Defaults Enabled (Radio State) Default Value Enabled Mode = Monitor Channel = Monitor Cell Size = Manual Antenna = Internal-Omni No Mode z XS16, XS-3900 802.11a for a1 to a12 802.11bg for abg1 to abg4 z XS12 802.11a for a1 to a8 802.11bg for abg1 to abg4 z XS8, XS-3700 802.11a for a1 to a4 802.11bg for abg1 to abg4 z XS4, XS-3500 802.
Wi-Fi Array Server Settings NTP Setting Default Value Enabled No Primary time.nist.gov Secondary pool.ntp.
Wi-Fi Array Setting Default Value Trap Port 162 Authorization Fail Port On DHCP Setting Enabled Default Value No Maximum Lease Time 300 minutes Default Lease Time 300 minutes IP Start Range 192.168.1.2 IP End Range 192.168.1.
Wi-Fi Array Setting Broadcast Default Value On Security Global Settings - Encryption Setting Enabled Default Value Yes WEP Keys null (all 4 keys) WEP Key Length null (all 4 keys) Default Key ID 1 WPA Enabled No TKIP Enabled Yes AES Enabled Yes EAP Enabled Yes PSK Enabled No Pass Phrase null Group Rekey Disabled External RADIUS (Global) Setting Enabled 392 Default Value Yes Primary Server None Primary Port 1812 Appendix B: Quick Reference Guide
Wi-Fi Array Setting Primary Secret Default Value xirrus Secondary Server Secondary Port null (no IP address) 1812 Secondary Secret Time Out (before primary server is retired) Accounting null (no secret) 600 seconds Disabled Interval 300 seconds Primary Server None Primary Port 1813 Primary Secret xirrus Secondary Server None Secondary Port 1813 Secondary Secret null (no secret) Internal RADIUS Setting Enabled Default Value No The user database is cleared upon reset to the factory def
Wi-Fi Array Administrator Account and Password Setting Default Value ID admin Password admin Management Setting SSH Default Value On SSH timeout 300 seconds Telnet Off Telnet timeout 300 seconds Serial On Serial timeout 300 seconds Management over IAPs http timeout Off 300 seconds Keyboard Shortcuts The following table shows the most common keyboard shortcuts used by the Command Line Interface. Action 394 Shortcut Cut selected data and place it on the clipboard.
Wi-Fi Array Action Shortcut Paste data from the clipboard into a document (at the insertion point). Ctrl + V Go to top of screen. Ctrl + Z Copy the active window to the clipboard. Copy the entire desktop image to the clipboard. Abort an action at any time. Alt + Print Screen Print Screen Esc Go back to the previous screen. b Access the Help screen.
Wi-Fi Array Use this Space for Your Notes 396 Appendix B: Quick Reference Guide
Wi-Fi Array Appendix C: Technical Support This appendix provides valuable support information that can help you resolve technical difficulties. Before contacting Xirrus, review all topics below and try to determine if your problem resides with the Wi-Fi Array or your network infrastructure.
Wi-Fi Array z If you are deploying multiple units, the Array should be oriented so that the abg(n)2 radio is oriented in the direction of the least required coverage, because when in monitor mode the abg(n)2 radio does not function as an AP servicing stations. z The Wi-Fi Array should only be used with Wi-Fi certified client devices.
Wi-Fi Array Q. What would I use SSIDs for? A. The creation of different wireless network names allows system administrators to separate types of users with different requirements. The following policies can be tied to an SSID: z Minimum security required to join this SSID. z The wireless Quality of Service (QoS) desired for this SSID. z The wired VLAN associated with this SSID.
Wi-Fi Array 6. If desired (optional), you can select which radios this SSID will not be available on—the default is to make this SSID available on all radios. 7. Click on the Apply button to apply your changes to this session. 8. Click on the Save button to save your changes. 9. If you need to edit any of the SSID settings, you can do so from the SSID Management page. See Also Contact Information General Hints and Tips Security SSIDs SSID Management VLAN Support Security Q.
Wi-Fi Array Be aware that Telnet is not secure over network connections and should be used only with a direct serial port connection. When connecting to the unit’s Command Line Interface over a network connection, you must use a Secure SHell (SSH) utility. The most commonly used freeware providing SSH tools is PuTTY. The Array only allows SSH-2 connections, so your SSH utility must be set up to use SSH-2. z Configuration auditing Do not change approved configuration settings.
Wi-Fi Array TKIP solves security issues with WEP. It also allows you to establish encryption keys on a per-user-basis, with key rotation for added security. In addition, TKIP provides Message Integrity Check (MIC) functionality and prevents active attacks on the wireless network. AES is the strongest encryption standard and is used by government agencies; however, old legacy hardware may not be capable of supporting the AES mode (it probably won’t work on older wireless clients).
Wi-Fi Array z MAC Address ACLs (Access Control Lists) MAC address ACLs provide a list of client adapter MAC addresses that are allowed or denied access to the wireless network. Access Control Lists work well when there are a limited number of users—in this case, enter the MAC addresses of each user in the Allow list. In the event of a lost or stolen MAC adapter, enter the affected MAC address in the Deny list. Q. Why do I need to authenticate my Wi-Fi Array units? A.
Wi-Fi Array particular VLAN can be on any segment of the physical network but logically only members of a particular VLAN can see each other. VLANs are defined and implemented using the wired network switches that are VLAN capable. Packets are tagged for transmission on a particular VLAN according to the IEEE 802.1Q standard, with VLAN switches processing packets according to the tag. Q. What would I use VLANs for? A.
Wi-Fi Array selected VLAN, but would be able to access other privileged network resources.
Wi-Fi Array Array Monitor and Radio Assurance Capabilities All models of the Wi-Fi Array have a monitor radio, abg(n)2, that checks that the Array’s radios are functioning correctly, and acts as a dedicated threat sensor to detect and prevent intrusion from rogue access points. Enabling Monitoring on the Array IAP abg(n)2 may be set to monitor the Array or to be a normal IAP radio.
Wi-Fi Array Radio Assurance The Array is capable of performing continuous, comprehensive tests on its radios to assure that they are operating properly. Testing is enabled using the Radio Assurance Mode setting on the Advanced RF Settings window (Step 5 in “Advanced RF Settings” on page 275). When this mode is enabled, IAP abg(n)2 performs loopback tests on the Array. Radio Assurance Mode requires Intrusion Detection to be set to Standard (See Step 1 in “Advanced RF Settings” on page 275).
Wi-Fi Array Radio Assurance Options If the monitor detects a problem with an Array radio as described above, it will take action according to the preference that you have specified in the Radio Assurance Mode setting on the Advanced RF Settings window (see Step 5 page 278): 408 z Failure alerts only—The Array will issue alerts in the Syslog, but will not initiate repairs or reboots.
Wi-Fi Array Upgrading the Array via CLI If you are experiencing difficulties communicating with the Array using the Web Management Interface, the Array provides lower-level facilities that may be used to accomplish an upgrade via the CLI and the Xirrus Boot Loader (XBL). 1. Download the latest software update from the Xirrus FTP site using your Enhanced Care FTP username and password. If you do not have an FTP username and password, contact Xirrus Customer Service for assistance (support@xirrus.com).
Wi-Fi Array Boot your Array and watch the progress messages. When Press space bar to exit to bootloader: is displayed, press the space bar. The rest of this procedure is performed using the bootloader. The following steps assume that you are running DHCP on your local network. 5. Type dhcp and hit return. This instructs the Array to obtain a DHCP address and use it during this boot in the bootloader environment. 6. Type dir and hit return to see what's currently in the compact flash. 7.
Wi-Fi Array L1 cache | Data: 32 KB Inst: 32 KB Status : Enabled Watchdog | Enabled (5 secs) I2C Bus | 400 KHz DTT | CPU:34C RF0:34C RF1:34C RF2:27C RF3:29C RTC | Wed 2007-Nov-05 6:43:14 GMT System DDR | 256 MB, Unbuffered Non-ECC (2T) L2 cache | 256 KB, Enabled FLASH | 4 MB, CRC: OK FPGA | 2 Devices programmed Packet DDR | 256 MB, Unbuffered Non-ECC, Enabled Network | Mot FEC Mot TSEC1 [Primary] Mot TSEC2 IDE Bus 0 | OK CFCard | 122 MB, Model: Hitachi XXM2.3.
Wi-Fi Array XBL>del * [CFCard] Delete : 2 file(s) deleted XBL>update server 192.168.39.102 xs-3.0-0425.bin [TFTP ] Device : Mot TSEC1 1000BT Full Duplex [TFTP ] Client : 192.168.39.195 [TFTP ] Server : 192.168.39.102 [TFTP ] File : xs-3.0-0425.bin [TFTP ] Address : 0x1000000 [TFTP ] Loading : ################################################## [TFTP ] Loading : ################################################## [TFTP ] Loading : ###### done [TFTP ] Complete: 12.9 sec, 2.
Wi-Fi Array L2 cache | 256 KB, Enabled FLASH | 4 MB, CRC: OK FPGA | 2 Devices programmed Packet DDR | 256 MB, Unbuffered Non-ECC, Enabled Network | Mot FEC Mot TSEC1 [Primary] Mot TSEC2 IDE Bus 0 | OK CFCard | 122 MB, Model: Hitachi XXM2.3.0 Environment| 4 KB, Initialized In: serial Out: serial Err: serial Press space bar to exit to bootloader: [CFCard] File : xs*.bin [CFCard] Address : 0x1000000 [CFCard] Loading : ############################################### done [CFCard] Complete: 26.9 sec, 1.
Wi-Fi Array Power over Gigabit Ethernet Compatibility Matrix The Xirrus Power over Gigabit Ethernet (PoGE) solution includes different modules to be used with particular Array models. The following two tables indicate the proper PoGE injector/splitters to use with each Array. X indicates products are INCOMPATIBLE. NA=Not Applicable.
Wi-Fi Array # IMPORTANT NOTE: Only use -H versions of injectors/splitters together, and use non-H versions of injectors/splitters together - do not mix or match the two types.
Wi-Fi Array Determining If an XS-3700 or XS-3900 is Modified for PoGE The following pictures show how different Array power supply types look. On the XS-3700/XS-3900 Arrays, it is VERY important to note the yellow sticker (Figure 188 on page 416) that differentiates between modified and unmodified DC power versions. Connect Data OUT to Gig1 or Gig2 port with short cable Connect Cat 5e (from PoGE Injector) to IN port Figure 187.
Wi-Fi Array Contact Information Xirrus, Inc. is located in Thousand Oaks, California, just 55 minutes northwest of downtown Los Angeles and 40 minutes southeast of Santa Barbara. Xirrus, Inc. 2101 Corporate Center Drive Thousand Oaks, CA 91320 USA Tel: Fax: 1.805.262.1600 1.800.947.7871 Toll Free in the US 1.866.462.3980 www.xirrus.com support.xirrus.
Wi-Fi Array 418 Appendix C: Technical Support
Wi-Fi Array Appendix D: Implementing PCI DSS The Payment Card Industry (PCI) Data Security Standard (DSS) was developed by major credit card companies to help those that process credit card transactions (or cardholder information) in order to secure cardholder information and protect it from unauthorized access, fraud and other security issues. The major contributors to the standard are VISA, MasterCard, American Express, JCB, and Discover.
Wi-Fi Array PCI DSS Control Objectives and Associated Requirements Objective: Maintain a Vulnerability Management Program z Requirement 5: Use and regularly update anti-virus software. z Requirement 6: Develop and maintain secure systems and applications. Objective: Implement Strong Access Control Measures z Requirement 7: Restrict access to cardholder data by business need-toknow. z Requirement 8: Assign a unique ID to each person with computer access.
Wi-Fi Array The Xirrus Array PCI Compliance Configuration The check list below is designed to help ensure that Xirrus Wi-Fi Arrays are configured in a manner that is supportive of PCI Data Security Standards. Detailed configuration steps for each item are found in the referenced section of the User’s Guide. 3 Xirrus Wi-Fi Array Configuration for PCI DSS ( ) Register at the Xirrus Support Site to ensure notification and access to software updates.
Wi-Fi Array 3 Xirrus Wi-Fi Array Configuration for PCI DSS See... ( ) Check that external RADIUS servers have been configured for use with 802.1x and WPA/WPA2 wireless security. ( ) Ensure that Array Administration Accounts are being validated by External RADIUS servers. SSIDs, p. 235 and Global Settings, p. 225 Admin RADIUS, p. 216 ( ) Ensure that each Xirrus Array is physically inaccessible such that console ports and management ports are not accessible. Securing the Array, p.
Wi-Fi Array Compliance Configuration above to ensure that you are using the Array in accordance with the PCI DSS requirements. The pci-audit command checks items such as: z Telnet is disabled. z Admin RADIUS is enabled (admin login authentication is via RADIUS server). z An external Syslog server is in use. z All SSIDs must set encryption to WPA or better (which also enforces 802.1x authentication) Sample output from this command is shown below.
Wi-Fi Array 424 Appendix D: Implementing PCI DSS
Wi-Fi Array Appendix E: Implementing FIPS Security Wi-Fi Arrays may be configured to satisfy the requirements for Level 2 of Federal Information Processing Standard (FIPS) Publication 140-2. The procedure in this section lists simple steps that must be followed exactly to implement FIPS 140-2, Level 2. The procedure includes physical actions, and parameters that must be set in Web Management Interface (WMI) windows in the Security section and in other sections.
Wi-Fi Array • XS16, XS12, XS8, XS-3900, or XS-3700—Apply two seals, one on either side of the Array about 180° apart from each other, as shown. Apply a third seal to the access panel opening, as shown. IMPORTANT: Make sure that each seal straddles a seam. 1 3 2 Figure 190.
Wi-Fi Array • XS4 or XS-3500—Apply two seals, one on either side of the Array about 180° apart from each other, as shown. IMPORTANT: Make sure that each seal straddles a seam. 1 2 Figure 191. Applying Two Tamper-evident seals to the XS4 or XS-3500 2. Enable HTTPS using the CLI if it is not already enabled, using the following command: Xirrus_Wi-Fi_Array(config)# https on This allows the Web Management Interface to be used for the rest of this procedure. HTTPS is enabled on Arrays by default.
Wi-Fi Array 3. Select the SSIDs/SSID Management window. Set Encryption Type to WPA2 (Figure 192 ). Click Modify, then Save. Make sure that this is set for each SSID. Figure 192.
Wi-Fi Array 4. In the Security/Global Settings window, select No for TKIP Enabled and Yes for AES Enabled. Click Apply, then Save. Figure 193.
Wi-Fi Array 5. In the Security/Management Control window, select Yes for Enable Management over SSH. Select No for Enable Management over Telnet and for Enable Management over IAPs. Click Apply, then Save. Figure 194. Security/Management Control Window 6. In the Services/SNMP window, select No for Enable SNMP. Click Apply, then Save. Figure 195.
Wi-Fi Array 7. In the IAPs/Global Settings window, select Off for Fast Roaming. Click Apply, then Save. Figure 196. IAPs/Global Settings Screen To check if an Array is in FIPS mode: You may determine whether or not the Array is running in FIPS mode by verifying that the settings described in the previous procedure are in effect. To implement FIPS 140-2, Level 2 using CLI: 1. The following CLI command will perform all of the settings required to put the Array in FIPS mode:.
Wi-Fi Array See Also The Web Management Interface The Command Line Interface 432 Appendix E: Implementing FIPS Security
Wi-Fi Array Appendix F: Notices This appendix contains the following information: z “Notices” on page 433 z “EU Directive 1999/5/EC Compliance Information” on page 436 z “Safety Warnings” on page 443 z “Translated Safety Warnings” on page 444 z “Software Warranty and License Agreement” on page 445 z “Hardware Warranty Agreement” on page 452 Notices FCC Notice This device complies with Part 15 of the FCC Rules, with operation subject to the following two conditions: (1) This device may not cause
Wi-Fi Array RF Radiation Hazard Warning To ensure compliance with FCC RF exposure requirements, this device must be installed in a location where the antennas of the device will have a minimum distance of at least 25 cm (9.84 inches) from all persons. Using higher gain antennas and types of antennas not certified for use with this product is not allowed. The device shall not be co-located with another transmitter.
Wi-Fi Array Power Cord If you will be using the Array with a power cord, you must use a UL-Approved cord (supplied with the unit). Order new power cords from the Xirrus product list—Xirrus supplies only UL-approved power cords. Maximum Antenna Gain Currently, the maximum antenna gain for external antennas is limited to 5.2dBi for operation in the 2400MHz to 2483.5MHz, 5150MHz to 5250MHz and 5725MHz to 5825MHz bands. The antenna gains must not exceed maximum EIRP limits set by the FCC / Industry Canada.
Wi-Fi Array EU Directive 1999/5/EC Compliance Information This section contains compliance information for the Xirrus Wi-Fi Array family of products, which includes the XN16, XN12, XN8, XN4, XS16, XS12, XS8, XS4, XS3900, XS-3700 and XS-3500. The compliance information contained in this section is relevant to the European Union and other countries that have implemented the EU Directive 1999/5/EC.
Wi-Fi Array Ďslenska [Icelandic] Þetta tæki er samkvæmt grunnkröfum og öðrum viðeigandi ákvæðum Tilskipunar 1999/5/EC. Italiano [Italian] Questo apparato é conforme ai requisiti essenziali ed agli altri principi sanciti dalla Direttiva 1999/5/CE. Latviski [Latvian] Š! iek"rta atbilst Direkt!vas 1999/5/EK b#tiskaj" pras!b"m un citiem ar to saist!tajiem noteikumiem. Lietuviǐ [Lithuanian] Šis $renginys tenkina 1995/5/EB Direktyvos esminius reikalavimus ir kitas šios direktyvos nuostatas.
Wi-Fi Array Slovensky [Slovak] Toto zariadenie je v zhode so základnými požadavkami a inými prislušnými nariadeniami direktiv: 1999/5/EC. Suomi [Finnish] Tämä laite täyttää direktiivin 1999/5//EY olennaiset vaatimukset ja on siinä asetettujen muiden laitetta koskevien määräysten mukainen. Svenska [Swedish] Denna utrustning är i överensstämmelse med de väsentliga kraven och andra relevanta bestämmelser i Direktiv 1999/5/EC.
Wi-Fi Array WEEE Compliance Appendix F: Notices z Natural resources were used in the production of this equipment. z This equipment may contain hazardous substances that could impact the health of the environment. z In order to avoid harm to the environment and consumption of natural resources, we encourage you to use appropriate take-back systems when disposing of this equipment.
Wi-Fi Array National Restrictions In the majority of the EU and other European countries, the 2.4 GHz and 5 GHz bands have been made available for the use of Wireless LANs. The following table provides an overview of the regulatory requirements in general that are applicable for the 2.4 GHz and 5 GHz bands. Frequency Band (MHz) Max Power Level (EIRP) (mW) Indoor Outdoor 2400–2483.
Wi-Fi Array Les liasons sans fil pour une utilisation en extérieur d’une distance supérieure à 300 mèters doivent être notifiées à l’Institut Belge des services Postaux et des Télécommunications (IBPT). Visitez www.bipt.be pour de plus amples détails. Greece A license from EETT is required for the outdoor operation in the 5470 MHz to 5725 MHz band. Xirrus recommends checking www.eett.gr for more details.
Wi-Fi Array Antennas The Xirrus Wi-Fi Array employs integrated antennas that cannot be removed and which are not user accessible. Nevertheless, as regulatory limits are not the same throughout the EU, users may need to adjust the conducted power setting for the radio to meet the EIRP limits applicable in their country or region. Adjustments can be made from the product’s management interface—either Web Management Interface (WMI) or Command Line Interface (CLI).
Wi-Fi Array Safety Warnings ! Safety Warnings ! Explosive Device Proximity Warning ! Lightning Activity Warning ! Circuit Breaker Warning Read all user documentation before powering this device. All Xirrus interconnected equipment should be contained indoors. This product is not suitable for outdoor operation. Please verify the integrity of the system ground prior to installing Xirrus equipment. Additionally, verify that the ambient operating temperature does not exceed 50°C.
Wi-Fi Array Translated Safety Warnings Avertissements de Sécurité 444 ! Sécurité ! Proximité d'appareils explosifs ! Foudre ! Disjoncteur Lisez l'ensemble de la documentation utilisateur avant de mettre cet appareil sous tension. Tous les équipements Xirrus interconnectés doivent être installés en intérieur. Ce produit n'est pas conçu pour être utilisé en extérieur. Veuillez vérifier l'intégrité de la terre du système avant d'installer des équipements Xirrus.
Wi-Fi Array Software Warranty and License Agreement THIS SOFTWARE LICENSE AGREEMENT (THE “AGREEMENT”) IS A LEGAL AGREEMENT BETWEEN YOU (“CUSTOMER”) AND LICENSOR (AS DEFINED BELOW) AND GOVERNS THE USE OF THE SOFTWARE INSTALLED ON THE PRODUCT (AS DEFINED BELOW).
Wi-Fi Array 2. Grant of Rights 2.1 Software. Subject to the terms and conditions of this Agreement, Licensor hereby grants to Customer a perpetual, non-exclusive, nonsublicenseable, non-transferable right and license to use the Software solely as installed on the Product in accordance with the accompanying Documentation and for no other purpose. 2.2 Ownership. The license granted under Sections 2.
Wi-Fi Array computer software or hardware which is designated to defeat any copy protection or other use limiting device, including any device intended to limit the number of users or devices accessing the Product. 3. Limited Warranty and Limitation of Liability 3.1 Limited Warranty & Exclusions.
Wi-Fi Array DEVICES OR SYSTEMS IN WHICH A MALFUNCTION OF THE SOFTWARE WOULD RESULT IN FORESEEABLE RISK OF INJURY OR DEATH TO THE OPERATOR OF THE DEVICE OR SYSTEM OR TO OTHERS (“HAZARDOUS APPLICATIONS”). CUSTOMER ASSUMES ANY AND ALL RISKS, INJURIES, LOSSES, CLAIMS AND ANY OTHER LIABILITIES ARISING OUT OF THE USE OF THE SOFTWARE IN ANY HAZARDOUS APPLICATIONS. 3.4 Limitation of Liability. (a) TOTAL LIABILITY.
Wi-Fi Array 4. Confidential Information 4.1 Generally. The Software (and its accompanying Documentation) constitutes Licensor's and its suppliers' proprietary and confidential information and contains valuable trade secrets of Licensor and its suppliers (“Confidential Information”).
Wi-Fi Array 5.3 Effect of Termination. (a) Upon termination of this Agreement, in whole or in part, Customer shall pay Licensor for all amounts owed up to the effective date of termination. Termination of this Agreement shall not constitute a waiver for any amounts due. (b) The following Sections shall survive the termination of this Agreement for any reason: Sections 1, 2.2, 2.4, 3, 4, 5.3, and 6.
Wi-Fi Array Information Transactions Act (as promulgated by any State) to this Agreement. Suits or enforcement actions must be brought within, and each party irrevocably commits to the exclusive jurisdiction of, the state and federal courts located in Ventura County, California. Customer may not assign this Agreement by operation of law or otherwise, without the prior written consent of Licensor and any attempted assignment in violation of the foregoing shall be null and void.
Wi-Fi Array Hardware Warranty Agreement PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THIS PRODUCT BY USING THIS PRODUCT, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD ALL THE TERMS AND CONDITIONS OF THIS AGREEMENT AND THAT YOU ARE CONSENTING TO BE BOUND BY THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, RETURN THE UNUSED PRODUCT TO THE PLACE OF PURCHASE FOR A FULL REFUND. LIMITED WARRANTY.
Wi-Fi Array whether in contract, tort (including negligence), or otherwise, exceed the price paid by Customer. The foregoing limitations shall apply even if the above-stated warranty fails of its essential purpose. SOME STATES DO NOT ALLOW LIMITATION OR EXCLUSION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES. The above warranty DOES NOT apply to any evaluation Equipment made available for testing or demonstration purposes. All such Equipment is provided AS IS without any warranty whatsoever.
Wi-Fi Array 454 Appendix F: Notices
Wi-Fi Array Glossary of Terms 802.11a A supplement to the IEEE 802.11 WLAN specification that describes radio transmissions at a frequency of 5 GHz and data rates of up to 54 Mbps. 802.11b A supplement to the IEEE 802.11 WLAN specification that describes radio transmissions at a frequency of 2.4 GHz and data rates of up to 11 Mbps. 802.11d A supplement to the Media Access Control (MAC) layer in 802.11 to promote worldwide use of 802.11 WLANs.
Wi-Fi Array authentication The process that a station, device, or user employs to announce its identify to the network which validates it. IEEE 802.11 specifies two forms of authentication, open system and shared key. bandwidth Specifies the amount of the frequency spectrum that is usable for data transfer. In other words, it identifies the maximum data rate a signal can attain on the medium without encountering significant attenuation (loss of power).
Wi-Fi Array cell The basic geographical unit of a cellular communications system. Service coverage of a given area is based on an interlocking network of cells, each with a radio base station (transmitter/receiver) at its center. The size of each cell is determined by the terrain and forecasted number of users. channel A specific portion of the radio spectrum—the channels allotted to one of the wireless networking protocols. For example, 802.11b and 802.11g use 14 channels in the 2.
Wi-Fi Array DNS (Domain Name System) A system that maps meaningful domain names with complex numeric IP addresses. DNS is actually a separate network—if one DNS server cannot translate a domain name, it will ask a second or third until a server is found with the correct IP address. domain The main name/Internet address of a user's Internet site as registered with the InterNIC organization, which handles domain registration on the Internet. For example, the “domain” address for Xirrus is: http://www.
Wi-Fi Array EDCF (Enhanced Distributed Coordinator Function) A QoS extension which uses the same contention-based access mechanism as current devices but adds “offset contention windows” that separate high priority packets from low priority packets (by assigning a larger random backoff window to lower priorities than to higher priorities). The result is “statistical priority,” where high-priority packets usually are transmitted before low-priority packets.
Wi-Fi Array Gigabit 2 The secondary Gigabit Ethernet interface. See also, Gigabit Ethernet. Gigabit Ethernet The newest version of Ethernet, with data transfer rates of 1 Gigabit (1,000 Mbps). Group A user group, created to define a set of attributes (such as VLAN, traffic limits, and Web Page Redirect) and privileges (such as fast roaming) that apply to all users that are members of the group. This allows a uniform configuration to be easily applied to multiple user accounts.
Wi-Fi Array MTU (Maximum Transmission Unit) The largest physical packet size—measured in bytes—that a network can transmit. Any messages larger than the MTU are divided into smaller packets before being sent. Every network has a different MTU, which is set by the network administrator. Ideally, you want the MTU to be the same as the smallest MTU of all the networks between your machine and a message's final destination.
Wi-Fi Array preamble Preamble (sometimes called a header) is a section of data at the head of a packet that contains information that the access point and client devices need when sending and receiving packets. PLCP has two structures, a long and a short preamble. All compliant 802.11b systems have to support the long preamble.
Wi-Fi Array SDMA (Spatial Division Multiple Access) A wireless communications mode that optimizes the use of the radio spectrum and minimizes cost by taking advantage of the directional properties of antennas. The antennas are highly directional, allowing duplicate frequencies to be used for multiple zones. SNMP (Simple Network Management Protocol) A standard protocol that regulates network management over the Internet. SNTP (Simple Network Time Protocol) A simplified version of NTP.
Wi-Fi Array subnet mask A mask used to determine what subnet an IP address belongs to. An IP address has two components: (1) the network address and (2) the host address. For example, consider the IP address 150.215.017.009. Assuming this is part of a Class B network, the first two numbers (150.215) represent the Class B network address, and the second two numbers (017.009) identify a particular host on this network.
Wi-Fi Array multiple switches from different vendors. This interoperability and traffic containment across different switches is the result of a switch's ability to use and recognize 802.1Q tag headers—called VLAN tagging. Switches that implement 802.1Q tagging add this tag header to the frame directly after the destination and source MAC addresses. The tag header indicates: 1. That the packet has a tag. 2. Whether the packet should have priority over other packets. 3.
Wi-Fi Array WPA2 (Wi-Fi Protected Access 2) WPA2 is the follow-on security method to WPA for wireless networks and provides stronger data protection and network access control. It offers Enterprise and consumer Wi-Fi users with a high level of assurance that only authorized users can access their wireless networks. Like WPA, WPA2 is designed to secure all versions of 802.11 devices, including 802.11a, 802.11b, 802.11g, and 802.11n, multi-band and multi-mode.
Wi-Fi Array Index Numerics 11n see IEEE 802.11n 59 4.9 GHz Public Safety Band 282 802.11a 7, 9, 255, 267 802.11a/b/g 48 802.11a/b/g/n 17 802.11a/n 17, 107, 240 802.11b 7, 9, 269 802.11b/g 255, 269 802.11b/g/n 17, 107, 240 802.11e 19 802.11g 7, 9, 269 802.11i 9, 112, 176 802.11n see IEEE 802.11n 59 WMI page 273 802.11p 19 802.11q 19 802.
Wi-Fi Array associated users 50 assurance (radio loopback testing) 275 authentication 18 of admin via RADIUS 216 authority certificate 213, 221 auto negotiate 183 auto-blocking rogue APs 276 auto-configuration 112, 260, 267, 269 channel and cell size 275 B backhaul see WDS 76 backup unit see standby mode 275 band association 240 beacon interval 260 Beacon World Mode 260 beam distribution 17 benefits 16 blocking rogue APs 276 blocking rogue APs 275 boot 297 broadcast 265 fast roaming 265 browser certificate
Wi-Fi Array getting help 309 getting started 309 inputting commands 309 sample configuration tasks 355 SSH 307 top level commands 311 command, utilities ping, traceroute, RADIUS ping 301 commands acl 320 admin 321 cdp 322 clear 323 configure 312 contact-info 324 date-time 325 dhcp-server 326 dns 327 file 328 filter 331 fips 333 group 334 hostname 334 https 335 interface 336 license 337 load 337 location 338 management 338 more 338 netflow 339 no 340 pci-audit 342 quit 343 radius-server 343 reboot 344, 353 r
Wi-Fi Array default settings 387 Default Value 391, 392 DHCP 391 defaults reset configuration to factory defaults 298 Delivery Traffic Indication Message 260 deny traffic see filters 289 deployment 48, 57, 75, 79, 83, 400 ease of 19 examples 57 scenarios 57 DHCP 50, 110, 112, 176, 183, 390 default settings 391 leases window 139 DHCP Server 193 diagnostics log, create file 299 DIMM 380 DIMM Memory Module 380 DIMM module replacing 380 DNS 112, 176, 190 DNS domain 190 DNS server 190 Domain Name System 190 DTIM
Wi-Fi Array fail-over standby mode 275 failover 67, 79 Fan 373, 376 FAQs 398 Fast Ethernet 83, 110, 176, 183, 387 fast roaming 19, 135, 265 about 254 features 16, 75, 183, 196, 197, 260, 400 and license key 297 Federal Information Processing Standard (FIPS) see FIPS 425 feedback 124 filter list 290 filter name 291 filters 289, 290, 291 statistics 171 FIPS CLI command 333 FIPS 140-2 Security 425 firewall 289 and port usage 72 FLASH 378 FLASH memory replacing 378 FLASH Memory Module 378 fragmentation threshol
Wi-Fi Array IEEE 802.
Wi-Fi Array M MAC 70, 110, 398, 400 MAC Access Control Lists 70 MAC Access List 223 MAC address 223, 398, 400 MAC throughput improved by IEEE 802.
Wi-Fi Array network management 75 port failover 67 power 69 security 70 switch failover 67 WDS 76 PoGE 13, 45 see Power over Gigabit Ethernet 13 port failover 67 port requirements 72 power cord 373 power distribution 13 power outlet 45 Power over Gigabit Ethernet 3, 13, 21, 27, 35, 41, 45, 69, 84 compatibility with Array models 414 Power over Gigabit Ethernet (PoGE) 13 power planning 69 Power Supply 373, 376, 385 power supply replacing 385 power switch 373 pre-shared key 70, 79, 400 Print button 120 print b
Wi-Fi Array traffic 251 RF intrusion detection 275 spectrum management 275 RF configuration 275 RF management see channel 275 RF resilience 275 RFprotect, see XDM 277 roaming 19, 135, 265 roaming, fast 254 Rogue AP 9, 75, 148, 233, 400 rogue AP blocking 276 Rogue AP List 148 rogue APs blocking 275 Rogue Control List 233 rogue detection 17 rogues setting as known or approved 148 root command prompt 311 route trace route utility 301 routing table window 138 RSSI 148 RTS 267, 269 RTS threshold 267, 269 S samp
Wi-Fi Array speed 7, 110, 183 11 Mbps 7 54 Mbps 7 splash page web page redirect 300 SSH 45, 46, 75, 112, 176, 183, 210, 394, 400 SSH-2 210 SSID 9, 112, 120, 148, 176, 233, 240, 391, 398, 403 about usage 399 QoS 236, 241 about using 399 QoS, about usage 399 SSID Management 240, 391, 398 standby mode 275 static IP 112, 176, 183 station timeout period 260 Stations 398 stations limits and interactions 251 rogues 148 statistics 171 statistics per station 172 statistics 176 filters 171 netflow 196 per-station 172
Wi-Fi Array trap port 200, 390 tunneled fast roaming 265 tunnels see VTun 205, 208 U UDP port requirements 72 Unit 86 attaching 86 mounting 86 unknown setting rogues 148 unpacking the unit 81 upgrade license key 297 software image 297 upgrading software image via CLI 409 UPS 45, 79 user group 247 QoS 250 user group limits and interactions 251 user interface 119 utilities ping, trace route, RADIUS ping 301 utility buttons 124 V virtual tunnels see VTun 208 VLAN 9, 79, 240, 391, 398, 403 broadcast optimizat
Wi-Fi Array wireless LAN 7 wireless security 176 WLAN 176 WMI 9, 75, 79, 110, 119, 255 certificate error 213, 221 executing CLI commands 303 workflow 80 WPA 9, 79, 112, 176, 209, 240, 392, 400 WPA (Wi-Fi Protected Access) and WPA2 encryption method 211 WPA2 9 WPR 300 wpr.pl 300, 301 management 295 XP1, XP8 see Power over Gigabit Ethernet 13 XP-3100 2, 45, 79, 83 XPS 45 XRP 19, 135, 265 xs_current.conf 298 xs_diagnostic.