Wireless Array Procedure for Configuring CDP Settings 1. Enable CDP: When CDP is enabled, the Array sends out CDP announcements of the Array’s presence, and gathers CDP data sent by neighbors. When disabled, it does neither. CDP is enabled by default. 2. CDP Interval: The Array sends out CDP announcements advertising its presence at this interval. The default is 60 seconds. 3.
Wireless Array Services This is a status-only window that allows you to review the current settings and status for services on the Array, including DHCP, SNMP, Syslog, and Network Time Protocol (NTP) services. For example, for the DHCP server, it shows each DHCP pool name, whether the pool is enabled, the IP address range, the gateway address, lease times, and the DNS domain being used.
Wireless Array z “Location” on page 186 z “System Log” on page 188 z “SNMP” on page 193 z “DHCP Server” on page 196 Time Settings (NTP) This window allows you to manage the Array’s time settings, including synchronizing the Array’s clock with a universal clock from an NTP (Network Time Protocol) server. We recommend that you use NTP for proper operation of SNMP in XMS (the Xirrus Management System), since a lack of synchronization will cause errors to be detected.
Wireless Array 3. Auto Adjust Daylight Savings: Check this box if you want the system to adjust for daylight savings automatically, otherwise leave this box unchecked (default). 4. Use Network Time Protocol: select whether to set time manually or use NTP to manage system time. 5. Setting Time Manually a. Adjust Time (hrs:min:sec): If you are not using NTP, check this box if you want to adjust the current system time.
Wireless Array b. NTP Primary Authentication: (optional) If you are using authentication with NTP, select the type of key: MD5 or SHA1. Select None if you are not using authentication (this is the default). c. NTP Primary Authentication Key ID: Enter the key ID, which is a decimal integer. d. NTP Primary Authentication Key: Enter your key, which is a string of characters. e.
Wireless Array NetFlow This window allows you to enable or disable the sending of NetFlow information to a designated collector. NetFlow is a proprietary but open network protocol developed by Cisco Systems for collecting IP traffic information. When NetFlow is enabled, the Array will send IP flow information (traffic statistics) to the designated collector. Figure 110. NetFlow NetFlow sends per-flow network traffic information from the Array.
Wireless Array Wi-Fi Tag This window enables or disables Wi-Fi tag capabilities. When enabled, the Array listens for and collects information about Wi-Fi RFID tags sent on the designated channel. These tags are transmitted by specialized tag devices (for example, AeroScout or Ekahau tags). A Wi-Fi tagging server then queries the Array for a report on the tags that it has received. The Wi-Fi tagging server uses proprietary algorithms to determine locations for devices sending tag signals. Figure 111.
Wireless Array Location The Array offers an integrated capability for capturing and uploading visitor analytics data, eliminating the need to install a standalone sensor network. This data can be used to characterize information such as guest or customer traffic and location, visit duration, and frequency. Use this Location window to configure the Array to send collected data to an analytics server, such as Euclid.
Wireless Array For a Euclid analytics server, use the URL that was assigned to you as a customer by Euclid. The Array will send JSON-formatted messages in the form required by Euclid via HTTPS. For any other location analytics server, enter its URL. The Array will send JSON-formatted messages in the form described in “Location Service Data Formats” on page 492. 3. Location Customer Key: (optional) If a Location Customer Key has been entered, data is sent encrypted using AES with that key. 4.
Wireless Array System Log This window allows you to enable or disable the Syslog server, define primary, secondary, and tertiary servers, set up email notification, and set the level for Syslog reporting for each server and for email notification — the Syslog service will send Syslog messages at the selected severity or above to the defined Syslog servers and email address.
Wireless Array 2. Console Logging: If you enabled Syslog, select whether or not to echo Syslog messages to the console as they occur. If you enable console logging, be sure to set the Console Logging level (see Step 9 below). 3. Local File Size (1-2000 lines): Enter a value in this field to define how many Syslog records are retained locally on the Array’s internal Syslog file. The default is 2000. 4.
Wireless Array e. Email Syslog SMTP Recipient Addresses: Specify the entire email address of the recipient of the email notification. You may specify additional recipients by separating the email addresses with semicolons (;). 7. Station Formatting: If you are sending event information to a Splunk server, select Key/Value to send data in Splunk’s expected format, otherwise leave this at the default value of Standard. See “About Using the Splunk Application for Xirrus Arrays” on page 191. 8.
Wireless Array make it very difficult to work with the CLI or view other output on the console. b. Local File: For records to be stored on the Array’s internal Syslog file, choose your preferred level of Syslog reporting from the pull-down list. The default level is Debugging and more serious. c. Primary Server: Choose the preferred level of Syslog reporting for the primary server. The default level is Debugging and more serious. d.
Wireless Array See Also System Log Window Services SNMP Time Settings (NTP) 192 Configuring the Wireless Array
Wireless Array SNMP This window allows you to enable or disable SNMP v2 and SNMP v3 and define the SNMP parameters. SNMP allows remote management of the Array by the Xirrus Management System (XMS) and other SNMP management tools. SNMP v3 was designed to offer much stronger security. You may enable either SNMP version, neither, or both. Complete SNMP details for the Array, including trap descriptions, are found in the Xirrus MIB, available at support.xirrus.
Wireless Array Procedure for Configuring SNMP SNMPv2 Settings 1. Enable SNMPv2: Choose Yes to enable SNMP v2 functionality, or choose No to disable this feature. When used in conjunction with the Xirrus Management System, SNMP v2 (not SNMP v3) must be enabled on each Array to be managed with XMS. The default for this feature is Yes (enabled). 2. SNMP Read-Write Community String: Enter the read-write community string. The default is xirrus. 3.
Wireless Array 10. SNMP Read-Write Privacy Password: Enter the read-write password for privacy (i.e., a key for encryption). The default is xirrus-rw. 11. SNMP Read-Only Username: Enter the read-only user name. This username and password do not allow configuration changes to be made on the Array. The default is xirrus-ro. 12. SNMP Read-Only Authentication Password: Enter the read-only password for authentication (i.e., logging in). The default is xirrus-ro. 13.
Wireless Array System Log Time Settings (NTP) DHCP Server This window allows you to create, enable, modify and delete DHCP (Dynamic Host Configuration Protocol) address pools. DHCP allows the Array to provide wireless clients with IP addresses and other networking information. The DHCP server will not provide DHCP services to the wired side of the network.
Wireless Array Procedure for Configuring the DHCP Server 1. New Internal DHCP Pool: Enter a name for the new DHCP pool, then click on the Create button. The new pool ID is added to the list of available DHCP pools. You may create up to 16 DHCP pools (up to 8 on the XR-500 Series). 2. On: Click this checkbox to make this pool of addresses available, or clear it to disable the pool. 3. Lease Time — Default: This field defines the default DHCP lease time (in seconds).
Wireless Array information is sent to the stations. DHCP will not default to sending the DNS servers that are configured in DNS Settings. See also, “DNS Settings” on page 177. 12. Click Save changes to flash if you wish to make your changes permanent.
Wireless Array VLANs This is a status-only window that allows you to review the current status of configured VLANs. VLANs are virtual LANs used to create broadcast domains. # You should create VLAN entries on the Array for all of the VLANs in your wired network if you wish to make traffic from those VLANs available on the wireless network. Each tagged VLAN should be associated with a wireless SSID (see “VLAN Management” on page 201).
Wireless Array Virtual Tunnel Server (VTS) Tunneling capability is provided by a Virtual Tunnel Server. You supply the server and deploy it in your network using open-source VTun software, available from vtun.sourceforge.net. To enable the Array to use tunneling for a VLAN, simply enter the IP address, port and secret for the tunnel server as described in Step 11 on page 203. VTun may be configured for a number of different tunnel types, protocols, and encryption types.
Wireless Array VLAN Management This window allows you to assign and configure VLANs. After creating a new VLAN (added to the list of VLANs), you can modify the configuration parameters of an existing VLAN or delete a selected VLAN. You may create up to 64 VLANs (up to 32 on the XR-500 Series). Figure 117. VLAN Management # The Wireless Array supports dynamic VLAN assignments specified by RADIUS policy settings.
Wireless Array Procedure for Managing VLANs 202 1. Default Route: This option sets a default route from the Array. The Array supports a default route on native and tagged interfaces. Once the default route is configured the Array will attempt to use Address Resolution Protocol (ARP) to find the default router. ARP finds the MAC address of a device with a given IP address by sending out a broadcast message requesting this information.
Wireless Array 10. Gateway: If the DHCP option is disabled, enter the IP gateway address for this VLAN association. 11. Tunnel Server: If this VLAN is to be tunneled, enter the IP address or host name of the tunnel server that will perform the tunneling. For more information on virtual tunnels, please see “Understanding Virtual Tunnels” on page 199. 12. Port: If this VLAN is to be tunneled, enter the port number of the tunnel server. 13. New Secret: Enter the password expected by the tunnel server. 14.
Wireless Array Tunnels This read-only window allows you to review the tunnels that have been defined on the Array. It lists all tunnels and their settings, including the type of authentication and the local and remote endpoints for each tunnel. Figure 118. Tunnel Summary About Xirrus Tunnels Xirrus Arrays offer GRE (Generic Routing Encapsulation) tunneling with VLAN support.
Wireless Array encapsulation is stripped and the resultant packets are passed to your switch with 802.1q VLAN tags for final Layer 2 processing. The process occurs in reverse for packets traveling in the other direction. One tunnel is able to transport up to 16 VLANs. Tunnel Management This window allows you to create tunnels. Figure 119. Tunnel Management Procedure for Managing Tunnels 1. New Tunnel Name: Enter a name for the new tunnel in this field, then click on the Create button.
Wireless Array 7. DHCP Option: When this option is enabled, the Array snoops station DHCP requests and inserts relay agent information (option 82, in the circuit-ID sub-option) into these DHCP packets. Information inserted includes Array BSSID, SSID name, and SSID encryption type. 8. MTU: Set maximum transmission unit (MTU) size. 9. Interval: The tunnel mechanism will ping the current remote endpoint periodically to ensure that it is still reachable. Enter the ping interval (in seconds). 10.
Wireless Array SSID Assignments This window allows you to select the SSIDs to be bridged by each tunnel. Station traffic for SSIDs assigned will be bridged through a tunnel regardless of whether these SSIDs have VLANs defined for them. If there is a VLAN defined for an SSID that is assigned to a tunnel, then station traffic bridged through that tunnel will be tagged accordingly. Figure 120.
Wireless Array Security This status- only window allows you to review the Array’s security parameters. It includes the assigned network administration accounts, Access Control List (ACL) values, management settings, encryption and authentication protocol settings, and RADIUS configuration settings. There are no configuration options available in this window, but if you are experiencing issues with security, you may want to print this window for your records. Figure 121.
Wireless Array Security settings are configured with the following windows: z “Admin Management” on page 214 z “Admin Privileges” on page 216 z “Admin RADIUS” on page 218 z “Management Control” on page 221 z “Access Control List” on page 228 z “Global Settings” on page 230 z “External Radius” on page 234 z “Internal Radius” on page 238 z “Rogue Control List” on page 241 z “OAuth 2.
Wireless Array The Array allows you to establish the following data encryption configuration options: • Open — this option offers no data encryption and is not recommended, though you might choose this option if clients are required to use a VPN connection through a secure SSH utility, like PuTTy. • WEP (Wired Equivalent Privacy) — this option provides minimal protection (though much better than using an open network).
Wireless Array The encryption mode (WEP, WPA, etc.) is selected in the SSIDs >SSID Management window (see “SSID Management” on page 253). The encryption standard used with WPA or WPA2 (AES or TKIP) is selected in the Security>Global Settings window under WPA Settings (see “Global Settings” on page 230). z Choosing an authentication method: User authentication ensures that users are who they say they are.
Wireless Array address in the Deny list. The Wireless Array will accept up to 1,000 ACL entries. Certificates and Connecting Securely to the WMI When you point your browser to the Array to connect to the WMI, the Array presents an X.509 security certificate to the browser to establish a secure channel. One significant piece of information in the certificate is the Array’s host name. This ties the certificate to a particular Array and ensures the client that it is connecting to that host.
Wireless Array The Array’s certificate is signed by a Xirrus CA that is customized for your Array and its current host name. By default, browsers will not trust the Array’s certificate. You may import the Xirrus certificate to instruct the browser to trust the Xirrus CA on all future connections to Arrays. The certificate for the Xirrus CA is available on the Array, so that you can import it into your browser’s cache of trusted CAs (right alongside VeriSign, for example).
Wireless Array WMI provides options for creating a Certificate Signing Request that you can send to an external CA, and for uploading the signed certificate to the Array after you obtain it from the CA. This certificate will be tied to the Array’s host name and private key. See “External Certification Authority” on page 227 for more details. Admin Management This window allows you to manage network administrator accounts (create, modify and delete).
Wireless Array 4. Verify: Re-enter the password in this field to verify that you typed the password correctly. If you do not re-enter the correct password, an error message is displayed). 5. Click on the Create button to add this administrator ID to the list. 6. Click Save changes to flash if you wish to make your changes permanent.
Wireless Array Admin Privileges This window provides a detailed level of control over the privileges of Array administrators. Administrators may be assigned one of eight Privilege Levels. You may define the privilege level of each major feature (Configuration Section) that may be configured on the Array. For example, say that you set the privilege level to 4 for Reboot Array, Security, Radius Server, and SNMP, and you leave all other configuration sections at the default privilege level of 1.
Wireless Array Privilege level 0 is read-only. As a minimum, all administrators have permission for read access to all areas of Array configuration. Higher privilege levels may be used to define additional privileges for specific configuration sections. If you are using an Admin RADIUS server to define administrator accounts, please see “RADIUS Vendor Specific Attribute (VSA) for Xirrus” on page 491 to set the privilege level for each administrator. Procedure for Configuring Admin Privileges 1.
Wireless Array Admin RADIUS This window allows you to set up authentication of network administrators via RADIUS. Using RADIUS to control administrator accounts for logging in to Arrays has these benefits: z Centralized control of administrator accounts. z Less effort — you don't have to set up user names and passwords on each Array; just enter them once on the RADIUS server and then all of the Arrays can pull from the RADIUS server. z Enforced policies — you may set password rules (e.g.
Wireless Array Figure 125. Admin RADIUS Procedure for Configuring Admin RADIUS Use this window to enable/disable administrator authentication via RADIUS, and to set up primary and secondary servers to use for authentication of administrators attempting to log in to the Array. 1. Admin RADIUS Settings: a. Enable Admin RADIUS: Click Yes to enable the use of RADIUS to authenticate administrators logging in to the Array. You will need to specify the RADIUS server(s) to be used. b.
Wireless Array c. 2. Timeout (seconds): Define the maximum idle time (in seconds) before the RADIUS server’s session times out. The default is 600 seconds. Admin RADIUS Primary Server: This is the RADIUS server that you intend to use as your primary server. a. Host Name / IP Address: Enter the IP address or domain name of this external RADIUS server. b. Port Number: Enter the port number of this RADIUS server. The default is 1812. c.
Wireless Array Management Control This window allows you to enable or disable the Array management interfaces and set their inactivity time-outs. The supported range is 300 (default) to 100,000 seconds. Figure 126. Management Control Procedure for Configuring Management Control 1. Management Settings: a. Maximum login attempts allowed (1-255): After this number of consecutive failing administrator login attempts via ssh or telnet, the Failed login retry period is enforced. The default is 3.
Wireless Array b. Failed login retry period (0-65535 seconds): After the maximum number (defined above) of consecutive failing administrator login attempts via ssh or telnet, the administrator’s IP address is denied access to the Array for the specified period of time (in seconds). The default is 0. c. Pre-login Banner: Text that you enter here will be displayed above the WMI login prompt. (Figure 127) Figure 127. Pre-login Banner d.
Wireless Array 3. Telnet: a. On/Off: Choose On to enable Array management over a Telnet connection, or Off to disable this feature. SSH offers a more secure connection than Telnet, and is recommended over Telnet. b. Connection Timeout 30-100000 (Seconds): Enter a value in this field to define the timeout (in seconds) before your Telnet connection is disconnected. The value you enter here must be between 30 seconds and 100,000 seconds. c. 4.
Wireless Array d. Connection Timeout 30-100000 (Seconds): Enter a value in this field to define the timeout (in seconds) before your Xircon connection is disconnected. The value you enter here must be between 30 seconds and 100,000 seconds. e. 5. Port: Enter a value in this field to define the port used by Xircon. The default port is 22612. Console a. On/Off: Choose On to enable management of the Array via a serial connection, or choose Off to disable this feature. b.
Wireless Array 7. Management Modes a. Network Assurance: Click the On button to enable this mode. Network assurance checks network connectivity to each server that you configure, such as the NTP server, RADIUS servers, SNMP trap hosts, etc. By proactively identifying network resources that are unavailable, the network manager can be alerted of problems potentially before end-users notice an issue.
Wireless Array 8. , HTTPS (X.509) Certificate # ArrayOS releases 6.5 and above only support 2048-bit certificates, while previous releases only support 1024-bit certificates. The Array saves data related to previous 1024-bit and current 2048-bit certificates separately, thus ArrayOS can be upgraded or downgraded without losing any of this data. When ArrayOS is upgraded to 6.5, a new self-signed certificate will be automatically generated. If you have imported a previous (pre-Release 6.
Wireless Array • Access WMI by using the host name of the Array rather than its IP address. b. HTTPS (X.509) Certificate Signed By: This read-only field shows the signing authority for the current certificate. 9. External Certification Authority This step and Step 10 allow you to obtain a certificate from an external authority and install it on an Array. “Using an External Certificate Authority” on page 213 discusses reasons for using an external CA.
Wireless Array 10. To create a Certificate Signing Request a. Fill in the fields in this section: Common Name, Organization Name, Organizational Unit Name, Locality (City), State or Province, Country Name, and Email Address. Spaces may be used in any of the fields, except for Common Name, Country Name, or Email Address. Click the Create button to create the certificate signing request. See Step 9 above to use this request. 11. Click Save changes to flash if you wish to make your changes permanent.
Wireless Array Figure 128. Access Control List Procedure for Configuring Access Control Lists 1. Access Control List Type: Select Disabled to disable use of the Access Control List, or select the ACL type — either Allow List or Deny List. • Allow List: Only allows the listed MAC addresses to associate to the Array. All others are denied. • Deny List: Denies the listed MAC addresses permission to associate to the Array. All others are allowed.
Wireless Array See Also External Radius Global Settings (IAP) Internal Radius Management Control Security Station Status Windows (list of stations that have been detected by the Array) Global Settings This window allows you to establish the security parameters for your wireless network, including WEP, WPA, WPA2 and RADIUS authentication. When finished, click Save changes to flash if you wish to make your changes permanent.
Wireless Array Procedure for Configuring Network Security 1. RADIUS Server Mode: Choose the RADIUS server mode you want to use, either Internal or External. Parameters for these modes are configured in “External Radius” on page 234 and “Internal Radius” on page 238. WPA Settings These settings are used if the WPA or WPA2 encryption type is selected on the SSIDs >SSID Management window or the Express Setup window (on this window, encryption type is set in the SSID Settings: Wireless Security field). 2.
Wireless Array WEP Settings These settings are used if the WEP encryption type is selected on the SSIDs > SSID Management window or the Express Setup window (on this window, encryption type is set in the SSID Settings: Wireless Security field). Click the Show Cleartext button to make the text that you type in to the Key fields visible. # WEP encryption does not support high throughput rates or features like frame aggregation or block acknowledgments (see Improved MAC Throughput), per the IEEE 802.
Wireless Array 9. Click Save changes to flash if you wish to make your changes permanent. # After configuring network security, the configuration must be applied to an SSID for the new functionality to take effect.
Wireless Array External Radius This window allows you to define the parameters of an external RADIUS server for user authentication. To set up an external RADIUS server, you must choose External as the RADIUS server mode in Global Settings. Refer to “Global Settings” on page 230. Figure 130. External RADIUS Server If you want to include user group membership in the RADIUS account information for users, see “Understanding Groups” on page 269.
Wireless Array About Creating User Accounts on the RADIUS Server A number of attributes of user (wireless client) accounts are controlled by RADIUS Vendor Specific Attributes (VSAs) defined by Xirrus. For example, you would use the VSA named Xirrus-User-VLAN if you wish to set the VLAN for a user account in RADIUS. For more information about the RADIUS VSAs used by Xirrus, see “RADIUS Vendor Specific Attribute (VSA) for Xirrus” on page 491. Procedure for Configuring an External RADIUS Server 1.
Wireless Array 3. Settings (RADIUS Dynamic Authorization): Some RADIUS servers have the ability to contact the Array (referred to as an NAS, see below) to terminate a user with a Disconnect Message (DM). Or RADIUS may send a Change-of-Authorization (CoA) Message to the Array to change a user’s privileges due to changing session authorizations. This implements RFC 5176—Dynamic Authorization Extensions to RADIUS. a.
Wireless Array b. Station MAC Format: Define the format of the Station MAC RADIUS attribute sent from the Array—lower-case or upper-case, hyphenated or not. The default is lower-case, not hyphenated. 5. Accounting Settings: Note that RADIUS accounting start packets sent by the Array will include the client station's Framed-IP-Address attribute. a. Accounting Interval (seconds): Specify how often Interim records are to be sent to the server. The default is 300 seconds. b.
Wireless Array Global Settings (IAP) Internal Radius Access Control List Management Control Security Understanding Groups Internal Radius This window allows you to define the parameters for the Array’s internal RADIUS server for user authentication. However, the internal RADIUS server will only authenticate wireless clients that want to associate to the Array. This can be useful if an external RADIUS server is not available.
Wireless Array # Clients using PEAP may have difficulty authenticating to the Array using the Internal RADIUS server due to invalid security certificate errors. To prevent this problem, the user may disable the Validate Server Certificate option on the station. Do this by displaying the station’s wireless devices and then displaying the properties of the desired wireless interface. In the security properties, disable Validate server certificate.
Wireless Array 4. Verify Password: (Optional) Retype the user password to verify that you typed it correctly. 5. If you want to delete one or more users, click their Delete buttons. 6. Click Save changes to flash if you wish to make your changes permanent.
Wireless Array Rogue Control List This window allows you to set up a control list for rogue APs, based on a type that you define. You may classify rogue APs as blocked, so that the Array will take steps to prevent stations from associating with the blocked AP. See “About Blocking Rogue APs” on page 337. The Array can keep up to 5000 entries in this list. # The RF Monitor > Intrusion Detection window provides an alternate method for classifying rogues.
Wireless Array Rogue Control List contains two entries that match 00:0f:7d:* and 50:60:28:* and apply the classification Known to all Xirrus Arrays. 2. Rogue Control Classification: Enter the classification for the specified rogue AP(s), either Blocked, Known or Approved. 3. Match Only: Select the match criterion to compare the Rogue BSSID/ SSID string against: BSSID, Manufacturer, or SSID. The BSSID field contains the MAC address. 4. Click Create to add this rogue AP to the Rogue Control List. 5.
Wireless Array OAuth 2.0 Management This window displays a list of tokens granted by the Array for access to its RESTful API (see “API Documentation” on page 387 for a description of the features available in the API). OAuth 2.0 is used to provide the tokens. The list will be blank until tokens have been issued as described below. You may revoke (delete) existing tokens from the list, if desired. Xirrus Arrays use the OAuth 2.0 standard’s client credential grant model.
Wireless Array https://[Array hostname or IP address]/oauth/authorize • grant_type: password • username: username of an administrator account on the Array. • client_id: username of an administrator account on the Array (username and client_id must match). • password: password for the same administrator account on the Array The OAuth Authorization API provides a permanent token that the application may use to access the RESTful API.
Wireless Array SSIDs This status-only window allows you to review SSID (Service Set IDentifier) assignments. It includes the SSID name, whether or not an SSID is visible on the network, any security and QoS parameters defined for each SSID, associated VLAN IDs, radio availability, and DHCP pools defined per SSID. Click on an SSID’s name to jump to the edit page for the SSID.
Wireless Array SSIDs are managed with the following windows: z “SSID Management” on page 253 z “Active IAPs” on page 266 z “Per-SSID Access Control List” on page 267 SSIDs are discussed in the following topics: z “Understanding SSIDs” on page 246 z “Understanding QoS Priority on the Wireless Array” on page 247 z “High Density 2.
Wireless Array Using SSIDs The creation of different wireless network names allows system administrators to separate types of users with different requirements. The following policies can be tied to an SSID: z The wireless security mode needed to join this SSID. z The wireless Quality of Service (QoS) desired for this SSID. z The wired VLAN associated with this SSID.
Wireless Array Application Data Voice Data Video Data Background Data Best Effort Data Mapping to Traffic Class Four Transmit Queues Per queue channel access IAP (Transmit) Highest Priority Lowest Priority Figure 135. Four Traffic Classes The Wireless Array’s Quality of Service Priority feature (QoS) allows traffic to be prioritized according to your requirements. For example, you typically assign the highest priority to voice traffic, since this type of traffic requires delay to be under 10 ms.
Wireless Array user priority levels and the Array implements four wireless QoS levels, user priorities are mapped to QoS as described below. Figure 137. Priority Level—DSCP (DiffServ - Layer 3) DSCP (Differentiated Services Code Point or DiffServ) uses 6 bits in the IPv4 or IPv6 packet header, defined in RFC2474 and RFC2475. The DSCP value classifies a Layer 3 packet to determine the Quality of Service (QoS) required. DSCP replaces the outdated Type of Service (TOS) field.
Wireless Array FROM Priority Tag 802.1p (Wired) TO Array QoS (Wireless) Typical Use 2 1 Spare 3 0 Excellent Effort 4 2 Controlled Load 5 2 Video 6 3 Voice - requires delay <10ms 7 (Highest priority) z 3 (Highest priority) Network control Egress: Outgoing wired packets are IEEE 802.1p tagged at the Ethernet port for upstream traffic, thus enabling QoS at the edge of the network. FROM Array QoS (Wireless) TO Priority Tag 802.
Wireless Array z How QoS is set for a packet in case of conflicting values: a. If an SSID has a QoS setting, and an incoming wired packet’s user priority tag is mapped to a higher QoS value, then the higher QoS value is used. b. If a group or filter has a QoS setting, this overrides the QoS value above. See “Groups” on page 269, and “Filters” on page 351. c. Voice packets have the highest priority (see Voice Support, below). d.
Wireless Array High Density 2.4G Enhancement—Honeypot SSID Some situations pose problems for all wireless APs. For example, iPhones will remember every SSID and flood the airwaves with probes, even when the user doesn’t request or desire this behavior. In very high density deployments, these probes can consume a significant amount of the available wireless bandwidth. The Array offers a feature targeting this problem—a “honeypot” SSID.
Wireless Array SSID Management This window allows you to manage SSIDs (create, edit and delete), assign security parameters and VLANs on a per SSID basis, and configure the Web Page Redirect functionality. Create new SSID Configure parameters Set traffic limits / usage schedule Configure encryption/authentication Configure RADIUS server Figure 138.
Wireless Array Procedure for Managing SSIDs 1. New SSID Name: To create a new SSID, enter a new SSID name to the left of the Create button (Figure 138), then click Create. SSID names are case sensitive and may only consist of the characters A-Z, a-z, 0-9, dash, and underscore. You may create up to 16 SSIDs (up to 8 on the XR-500 Series).
Wireless Array compromising the performance of the network. Use this setting in environments where traffic prioritization is not a concern. • 1 — Medium, with QoS prioritization aggregated across all traffic types. • 2 — High, normally used to give priority to video traffic. • 3 — The highest QoS priority setting, normally used to give priority to voice traffic.
Wireless Array 11. Encryption: From the pull-down list, choose the encryption that will be required — specific to this SSID — either None, WEP, WPA, WPA2 or WPA-Both. The None option provides no security and is not recommended; WPA2 provides the best practice Wi-Fi security. Each SSID supports only one encryption type at a time (except that WPA and WPA2 are both supported on an SSID if you select WPA-Both). If you need to support other encryption types, you must define additional SSIDs.
Wireless Array Configuration encryption settings have the same parameters as those described in “Procedure for Configuring Network Security” on page 231. The external RADIUS and accounting settings are configured in the same way as for an external RADIUS server (see “Procedure for Configuring an External RADIUS Server” on page 235). Note that external RADIUS servers may be specified using IP addresses or domain names. 13.
Wireless Array clients from associating. Since the Array’s network connectivity has failed, this gives clients a chance to connect to other, operational parts of the wireless network. No changes are made to WDS configuration. See Step a on page 225 for more information on Network Assurance. 16. Mobile Device Management (MDM): If you are an AirWatch customer and wish to have AirWatch manage mobile device access to the wireless network on this SSID, select AirWatch from the drop-down list.
Wireless Array 18. Overall Traffic: Choose Unlimited if you do not want to place a restriction on the traffic for this SSID, or enter a value in the Packets/Sec field to force a traffic restriction. 19. Traffic per Station: Choose Unlimited if you do not want to place a restriction on the traffic per station for this SSID, or enter a value in the Packets/Sec field or the Kbps field to force a traffic restriction. If you set both values, the Array will enforce the limit it reaches first. 20.
Wireless Array 24. To delete SSIDs, click their Delete buttons. 25. Click Save changes to flash if you wish to make your changes permanent. Web Page Redirect Configuration Settings If you enable WPR, the SSID Management window displays additional fields that must be configured. For example configurations and complete examples, please see the Xirrus Web Page Redirect Application Note in the Xirrus Resource Center.
Wireless Array This option displays a login page (residing on the Array) instead of the first user-requested URL. There is an upload function that allows you to replace the default login page, if you wish. Please see “Web Page Redirect” on page 382 for more information. To set up internal login, set Server to Internal Login. Set HTTPS to On for a secure login, or select Off to use HTTP. You may also customize the login page with logo and background images and header and footer text.
Wireless Array the captured URL. If you want the user redirected to a specific landing page instead, enter its address in Landing Page URL. z External Login page This option redirects the user to a login page on an external web server for authentication, instead of the first user-requested URL. Login information (user name and password) must be obtained by that page, and returned to the Array for authentication. Authentication occurs according to your configured RADIUS information.
Wireless Array After the splash page, the user is redirected to the captured URL. If you want the user redirected to a specific landing page instead, enter its address in Landing Page URL. z Landing Page Only This option redirects the user to a specific landing page. If you select this option, enter the desired address in Landing Page URL.
Wireless Array z Logo Image — specify an optional jpg, gif, or png file to display at the top of the page. z Header Text File — specify an optional .txt file to display at the top of the page (beneath the logo, if any). z Footer Text File — specify an optional .txt file to display at the bottom of the page.
Wireless Array Note the following details of the operation of this feature: z The list is configured on a per-SSID basis. You must have WPR enabled for the SSID to see this section of the SSID Management page. z When a station that has not yet passed the WPR login/splash page attempts to access one of the white-listed addresses, it will be allowed access to that site as many times as requested.
Wireless Array See Also DHCP Server External Radius Global Settings (IAP) Internal Radius Security Planning SSIDs Understanding QoS Priority on the Wireless Array AirWatch Active IAPs By default, when a new SSID is created, that SSID is active on all IAPs. This window allows you to specify which IAPs will offer that SSID. Put differently, you can specify which SSIDs are active on each IAP. This feature is useful in conjunction with WDS.
Wireless Array 3. All SSIDs: This button, in the bottom row, may be used to activate all SSIDs on this IAP. Click again to deny all SSIDs on this IAP. 4. Toggle All: This button, on the lower left, may be used to deny all SSIDs on all IAPs. Click again to activate all SSIDs on all IAPs. 5. Click Save changes to flash if you wish to make your changes permanent.
Wireless Array Procedure for Configuring Access Control Lists 1. SSID: Select the SSID whose ACL you wish to manage. 2. Access Control List Type: Select Disabled to disable use of the Access Control List for this SSID, or select the ACL type — either Allow List or Deny List. • Allow List: Only allows the listed MAC addresses to associate to the Array. All others are denied. • Deny List: Denies the listed MAC addresses permission to associate to the Array. All others are allowed.
Wireless Array Groups This is a status-only window that allows you to review user (i.e., wireless client) Group assignments. It includes the group name, Radius ID, Device ID, VLAN IDs and QoS parameters and roaming layer defined for each group, and DHCP pools and web page redirect information defined for the group. You may click on a group’s name to jump to the edit page for the group.
Wireless Array A group allows you to define a set of parameter values to be applied to selected users. For example, you might define the user group Students, and set its VLAN, security parameters, web page redirect (WPR), and traffic limits. When a new user is created, you can apply all of these settings just by making the user a member of the group. The group allows you to apply a uniform configuration to a set of users in one step.
Wireless Array Radius ID to the Array. This will allow the Array to identify the group to which the user belongs. See Also External Radius Internal Radius SSIDs Understanding QoS Priority on the Wireless Array Web Page Redirect Configuration Settings Understanding Fast Roaming Group Management This window allows you to manage groups (create, edit and delete), assign usage limits and other parameters on a per group basis, and configure the Web Page Redirect functionality. Figure 146.
Wireless Array Procedure for Managing Groups 1. New Group Name: To create a new group, enter a new group name next to the Create button, then click Create. You may create up to 16 groups (up to 8 on the XR-500 Series). To configure and enable this group, proceed with the following steps. 272 2. Group: This column lists currently defined groups. When you create a new group, the group name appears in this list. Click on any group to select it, and then proceed to modify it as desired. 3.
Wireless Array 7. VLAN ID: (Optional) From the pull-down list, select a VLAN for this user’s traffic to use. Select numeric and enter the number of a previously defined VLAN (see “VLANs” on page 199). This user group’s VLAN settings supersede Dynamic VLAN settings (which are passed to the Array by the Radius server). To avoid confusion, we recommend that you avoid specifying the VLAN for a user in two places. 8.
Wireless Array 12. WPR (Web Page Redirect): (Optional) Check this box if you wish to enable the Web Page Redirect functionality. This will open a Web Page Redirect details section in the window, where your WPR parameters may be entered. This feature may be used to display a splash screen when a user first associates to the wireless network. After that, it can (optionally) redirect the user to an alternate URL. See “Web Page Redirect Configuration Settings” on page 260 for details of WPR configuration.
Wireless Array 13. Stations: Enter the maximum number of stations allowed on this group. The default is 1536. 14. Overall Traffic: Check the Unlimited checkbox if you do not want to place a restriction on the traffic for this group, or enter a value in the Packets/Sec field and make sure that the Unlimited box is unchecked to force a traffic restriction. 15.
Wireless Array IAPs This status-only window summarizes the status of the Integrated Access Points (radios). For each IAP, it shows whether it is up or down, the channel and wireless mode, the antenna that it is currently using, its cell size and transmit and receive power, how many users (stations) are currently associated to it, whether it is part of a WDS link, and its MAC address. Figure 147.
Wireless Array Figure 148. Source of Channel Setting Arrays have a fast roaming feature, allowing them to maintain sessions for applications such as voice, even while users cross boundaries between Arrays. Fast roaming is set up in the Global Settings (IAP) window and is discussed in: z “Understanding Fast Roaming” on page 278 IAPs are configured using the following windows: z “IAP Settings” on page 279 z “Global Settings (IAP)” on page 285 z “Global Settings .
Wireless Array z “Roaming Assist” on page 342 See Also IAP Statistics Summary Understanding Fast Roaming To maintain sessions for real-time data traffic, such as voice and video, users must be able to maintain the same IP address through the entire session. With traditional networks, if a user crosses VLAN or subnet boundaries (i.e., roaming between domains), a new IP address must be obtained.
Wireless Array IAP Settings This window allows you to enable/disable IAPs, define the wireless mode for each IAP, specify the channel to be used and the cell size for each IAP, lock the channel selection, establish transmit/receive parameters, select antennas, and reset channels. Buttons at the bottom of the list allow you to Reset Channels, Enable All IAPs, or Disable All IAPs. When finished, click Save changes to flash if you wish to make your changes permanent. Figure 149.
Wireless Array z For all 802.11ac settings, go to “Global Settings .11ac” on page 312. Procedure for Manually Configuring IAPs 1. In the Enabled column, check the box for an IAP to enable it, or uncheck the box if you want to disable the IAP. 2. In the Band column, select the wireless band for this IAP from the choices available in the pull-down menu, either 2.4GHz or 5 GHz. Choosing the 5GHz band will automatically select an adjacent channel for bonding.
Wireless Array 802.11n stations only on selected radios in your network, the rest of your 802.11ac IAPs will have greatly improved performance. Take care to ensure that your network provides adequate coverage for the types of stations that you need to support. 4. In the Channel column, select the channel you want this IAP to use from the channels available in the pull-down list. The list shows the channels available for the IAP selected (depending on which band the IAP is using).
Wireless Array • Channel number — If a channel number appears, then this channel is already bonded to the listed channel. • Off — Do not bond his channel to another channel. • On — Bond this channel to an adjacent channel. The bonded channel is selected automatically by the Array based on the Channel (Step 4). The choice of banded channel is static — fixed once the selection is made. • +1 — Bond this channel to the next higher channel number. Auto Channel bonding does not apply.
Wireless Array goes offline, an adjacent Array can increase its cell size to help compensate. The number of users and their applications are major drivers of bandwidth requirements. The network architect must account for the number of users within the Array’s cell diameter. In a large office, or if multiple Arrays are in use, you may choose Small cells to achieve a higher data rate, since walls and other objects will not define the cells naturally.
Wireless Array 11. You may reset all of the enabled IAPs by clicking the Reset Channels button at the bottom of the list. A message will inform you that all enabled radios have been taken down and brought back up. 12. Buttons at the bottom of the list allow you to Enable All IAPs or Disable All IAPs. 13. Click Save changes to flash if you wish to make your changes permanent. See Also Coverage and Capacity Planning Global Settings (IAP) Global Settings .11an Global Settings .11bgn Global Settings .
Wireless Array Global Settings (IAP) Figure 150.
Wireless Array This window allows you to establish global IAP settings. Global IAP settings include enabling or disabling all IAPs (regardless of their operating mode), and changing settings for beacons, station management, and advanced traffic optimization — including multicast processing, load balancing, and roaming. Changes you make on this page are applied to all IAPs, without exception. Procedure for Configuring Global IAP Settings 1. Country: This is a display-only value.
Wireless Array Beacon Configuration 6. Beacon Interval: When the Array sends a beacon, it includes with it a beacon interval, which specifies the period of time before it will send the beacon again. Enter the desired value in the Beacon Interval field, between 20 and 1000 Kusecs. A Kusec is 1000 microseconds = 1 millisecond. The value you enter here is applied to all IAPs. 7.
Wireless Array load and channel conditions. If the network is not congested, it accepts the request and grants the client the medium time for its traffic stream. Otherwise, it rejects the request. This enables the Array to maintain QoS when the WLAN becomes congested after a connection has already been established.
Wireless Array exceeded, so entering unlimited, in practice, will stop at the per-IAP limit. If you have an unlicensed Array, this value is set to 1, which simply allows you to test the ability to connect to the Array. 16. Max Station Association per IAP: This defines how many station associations are allowed per IAP. The maximum is 240 (up to 120 on the XR-500 Series). Note that the SSIDs > SSID Management window also has a station limit option — Station Limit, and the windows for Global Settings .
Wireless Array • for compatibility with ordinary operation, i.e., there is no optimization or modification of multicast traffic. • if you have an application where many subscribers need to see the multicast—a large enough number that it would be less efficient to convert to unicast and better just to send out multicast even though it must be sent out at the speed of the slowest connected station.
Wireless Array (mDNS) are in use. For example, Apple Bonjour finds local network devices such as printers or other computers using mDNS. By default, the list contains the IPv4 multicast address for Apple Bonjour mDNS: 224.0.0.251. To add a new IP address to the list, type it in the top field and click the Add button to its right. You may only enter IP addresses—host names are not allowed. This is because mDNS is a link local multicast address, and does not require IGMP to the gateway.
Wireless Array • In MDNS Filter, specify the mDNS service types that are allowed to be forwarded. • If you leave this field blank, then there is no filter, and mDNS packets for all service types are passed. • If you enter service types, then this acts as an allow filter, and mDNS packets are passed only for the listed service types. Note that mDNS filtering may be used to filter the mDNS packet types that are forwarded within the same VLAN.
Wireless Array select it in the list and click Delete. To remove all entries from the list, click Reset. 22. Multicast VLAN Forwarding: This is a list of VLANs that participate in the multicast forwarding. Please see the description of multicast forwarding in Step 21 above. # The VLANs you enter must be explicitly defined (see “VLANs” on page 199) in order to participate in multicast forwarding. In fact, the Array discards packets from undefined VLANs.
Wireless Array 23. MDNS Filter: There are many different types of services that may be specified in multicast query and response packets. The mDNS filters let you restrict forwarding, so that multicast packets are forwarded only for the services that you explicitly specify. This list may be used to restrict the amount of Apple Bonjour multicast traffic forwarding. For example, you may restrict forwarding to just AppleTV and printing services.
Wireless Array performance possible. The benefit is dramatic. Consider a properly designed network (having -70db or better everywhere), where virtually every client should have a 54Mbps connection. In this case, broadcasts and multicasts will all go out at 54Mbps vs. the standard rate. Thus, with broadcast rate optimization on, broadcasts and multicasts use between 2% and 10% of the bandwidth that they would in Standard mode.
Wireless Array • Off: ARP filtering is disabled. ARP requests are broadcast to radios that have stations associated to them. • Pass-thru: The Array forwards the ARP request. It passes along only ARP messages that target the stations that are associated to it. This is the default value. • Proxy: The Array replies on behalf of the stations that are associated to it. The ARP request is not broadcast to the stations.
Wireless Array • Tunneled — in this Layer 3 technique, fast roaming target Arrays must be explicitly specified. To enable fast roaming, choose Broadcast or Tunneled, and set additional fast roaming attributes (Step 30). To disable fast roaming, choose Off. If you enable Fast Roaming, the following ports cannot be blocked: • Port 22610 — reserved for Layer 2 roaming using UDP to share PMK information between Arrays. • Ports 15000 to 17999 — reserved for Layer 3 roaming (tunneling between subnets). 30.
Wireless Array Global Settings .11an This window allows you to establish global 802.11a IAP settings. These settings include defining which 802.11a data rates are supported, enabling or disabling all 802.11an IAPs, auto-configuration of channel allocations for all 802.11an IAPs, and specifying the fragmentation and RTS thresholds for all 802.11an IAPs. Figure 151. Global Settings .11an Procedure for Configuring Global 802.11an IAP Settings 1. 298 802.
Wireless Array 2. Data Rate Presets: The Wireless Array can optimize your 802.11a data rates automatically, based on range or throughput. Click Optimize Range to optimize data rates based on range, or click Optimize Throughput to optimize data rates based on throughput. The Restore Defaults button will take you back to the factory default rate settings. 3. 802.11a IAP Control: Click Enable 802.11a IAPs to enable all 802.11an IAPs for this Array, or click Disable 802.11a IAPs to disable all 802.11an IAPs.
Wireless Array • Non-Radar: give preference to channels that are not required to use dynamic frequency selection (DFS) to avoid communicating in the same frequency range as some radar (also see Step 8 on page 287).
Wireless Array For an overview of RF power and cell size settings, please see “RF Power & Sensitivity” on page 323, “Capacity and Cell Sizes” on page 32, and “Fine Tuning Cell Sizes” on page 33. 6. Auto Cell Period (seconds): You may set up auto-configuration to run periodically, readjusting optimal cell sizes for the current conditions. Enter a number of seconds to specify how often auto-configuration will run. If you select None, then auto-configuration of cell sizing will not be run periodically.
Wireless Array Smaller fragmentation numbers can help to “squeeze” packets through in noisy environments. Enter the desired Fragmentation Threshold value in this field, between 256 and 2346. 12. RTS Threshold: The RTS (Request To Send) Threshold specifies the packet size. Packets larger than the RTS threshold will use CTS/RTS prior to transmitting the packet — useful for larger packets to help ensure the success of their transmission. Enter a value between 1 and 2347. 13.
Wireless Array Global Settings .11bgn This window allows you to establish global 802.11b/g IAP settings. These settings include defining which 802.11b and 802.11g data rates are supported, enabling or disabling all 802.11b/g IAPs, auto-configuring 802.11b/g IAP channel allocations, and specifying the fragmentation and RTS thresholds for all 802.11b/g IAPs. Figure 152. Global Settings .
Wireless Array Procedure for Configuring Global 802.11b/g IAP Settings 1. 802.11g Data Rates: The Array allows you to define which data rates are supported for all 802.11g radios. Select (or deselect) 11g data rates by clicking in the corresponding Supported and Basic data rate check boxes. • Basic Rate — a wireless station (client) must support this rate in order to associate. • Supported Rate — data rates that can be used to transmit to clients. 2. 802.
Wireless Array data about its RF environment. In this case, it will pick a set of compatible channel assignments at random. # On the XR-500 and XR-1000 Series Arrays, the Factory Defaults button will not restore iap1 to monitor mode. You will need to restore this setting manually. Also, you may need to set Timeshare Mode again - see “RF Monitor” on page 321. The following options may be selected for auto configuration: # • Negotiate: negotiate air-time with other Arrays before performing a full scan.
Wireless Array 7. Auto Cell Period (seconds): You may set up auto-configuration to run periodically, readjusting optimal cell sizes for the current conditions. Enter a number of seconds to specify how often auto-configuration will run. If you select None, then auto-configuration of cell sizing will not be run periodically. You do not need to run Auto Cell often unless there are a lot of changes in the environment.
Wireless Array older, slower 802.11b stations. Protection avoids collisions by preventing 802.11b and 802.11g stations from transmitting simultaneously. When Auto CTS or Auto RTS is enabled and any 802.11b station is associated to the IAP, additional frames are sent to gain access to the wireless network. • Auto CTS requires 802.11g stations to send a slow Clear To Send frame that locks out other stations. Automatic protection reduces 802.11g throughput when 802.
Wireless Array 17. RTS Threshold: The RTS (Request To Send) Threshold specifies the packet size. Packets larger than the RTS threshold will use CTS/RTS prior to transmitting the packet — useful for larger packets to help ensure the success of their transmission. Enter a value between 1 and 2347. 18. Max Stations: This defines how many station associations are allowed per 802.11bgn IAP.
Wireless Array Global Settings .11n This window allows you to establish global 802.11n IAP settings. These settings include enabling or disabling 802.11n mode for the entire Array, specifying the number of transmit and receive chains (data stream) used for spatial multiplexing, setting a short or standard guard interval, auto-configuring channel bonding, and specifying whether auto-configured channel bonding will be static or dynamic. Before changing your settings for 802.
Wireless Array Procedure for Configuring Global 802.11n IAP Settings 1. 2. 802.11n Data Rates: The Array allows you to define which data rates are supported for all 802.11n radios. Select (or deselect) 11n data rates by clicking in the corresponding Supported and Basic data rate check boxes. • Basic Rate — a wireless station (client) must support this rate in order to associate. • Supported Rate — data rates that can be used to transmit to clients. 802.
Wireless Array 7. 5 GHz channel bonding: Select Dynamic to have auto-configuration for bonded 5 GHz channels be automatically updated as conditions change. For example, if there are too many clients to be supported by a bonded channel, dynamic mode will automatically break the bonded channel into two channels. Select Static to have the bonded channels remain the same once they are selected. The Dynamic option is only available when Auto bond 5 GHz channels is enabled. The default is Dynamic.
Wireless Array Global Settings .11ac This window allows you to establish global 802.11ac IAP settings. These settings include enabling or disabling 802.11ac mode for the entire Array, specifying the number of data streams used in spatial multiplexing, and setting a short or long guard interval. Before changing your settings for 802.11ac, please read the discussion in “IEEE 802.11n Deployment Considerations” on page 37. Figure 154. Global Settings .
Wireless Array Procedure for Configuring Global 802.11n IAP Settings 1. 802.11ac Mode: Select Enabled to allow the Array to operate in 802.11ac mode. If you select Disabled, then 802.11ac operation is disabled on the Array. 2. 80 MHz Guard interval: This is the length of the interval between transmission of symbols (the smallest unit of data transfer) when you are using 80MHz bonded channels.
Wireless Array Global Settings .11u Understanding 802.11u As the number of access points available in public venues increases, mobile devices users have a harder time distinguishing usable SSIDs from the tens, if not hundreds of access points visible. Using the 802.11u protocol, access points may broadcast information about the services and access that they offer and to respond to queries for additional information related to the facilities that the downstream service network provides.
Wireless Array z Cellular Networks. The service network may have arrangements with one or more cellular service providers who can transparently provide wireless and Internet connectivity. Figure 155. 802.11u Global Settings Procedure for Configuring 802.11u Settings Use this window to establish the 802.11u configuration. 1. 802.11u Internetworking. Click On to enable 802.11u protocol operation. 2. Access Network Type: This indicates the type of network supported by the access point.
Wireless Array a. Chargeable public network b. Emergency services only network c. Free public network d. Personal device network 316 e. Private network with guest access f. Test or experimental network g. Wildcard—all of the networks above are supported. 3. Internet Connectivity. Click Provided if Internet connectivity is available through the access point from the back end provider to which the mobile user ends up belonging.
Wireless Array 8. IPv4 Availability. Select the type of IPv4 addressing that will be assigned by the network upon connection. NATed addresses are IP addresses that have been changed by mapping the IP address and port number to IP addresses and new port numbers routable by other networks. Double NATed addresses go through two levels of NATing. Port restricted IPv4 addresses refer to specific UDP and TCP port numbers associated with standard Internet services; for example, port 80 for web pages.
Wireless Array and click Add. The OI will appear in the list. An OI may be deleted by selecting it in the list and clicking Delete. All OIs may be deleted by clicking Reset. 11. Domain Names. Use this control to build up a list of domain names. Enter the name in the Add field and click Add, and it will appear in the list. A name may be deleted by selecting it in the list and clicking Delete. All names may be deleted by clicking Reset. 12. Cell Network.
Wireless Array 14. Venue Names. The list of names associated with the venue are specified here. A venue name may be added to the list in English or Chinese. Enter the name in the appropriate field and click Add. The name will appear in the list. A name may be deleted by selecting it in the list and clicking Delete. All names may be deleted by clicking Reset.
Wireless Array Advanced RF Settings This window allows you to establish RF settings, including automatically configuring channel allocation and cell size, and configuring radio assurance and standby modes. Changes you make on this page are applied to all IAPs, without exception. Figure 156.
Wireless Array About Standby Mode Standby Mode supports the Array-to-Array fail-over capability. When you enable Standby Mode, the Array functions as a backup unit, and it enables its radios if it detects that its designated target Array has failed. The use of redundant Arrays to provide this fail-over capability allows Arrays to be used in mission-critical applications. In Standby Mode, an Array monitors beacons from the target Array.
Wireless Array RF Resilience 2. Radio Assurance Mode: When this mode is enabled, the monitor radio performs loopback tests on the Array. This mode requires RF Monitor Mode to be enabled (Step 1) to enable self-monitoring functions. It also requires a radio to be set to monitoring mode (see “Enabling Monitoring on the Array” on page 488). Operation of Radio Assurance mode is described in detail in “Array Monitor and Radio Assurance Capabilities” on page 488.
Wireless Array RF Power & Sensitivity For an overview of RF power and cell size settings, please see “Capacity and Cell Sizes” on page 32 and “Fine Tuning Cell Sizes” on page 33. # To use the Auto Cell Size feature, the following additional settings are required: RF Monitor Mode must be turned On. See “RF Monitor” on page 321. One of the radios must be in monitor mode, and all other IAPs that will use Auto Cell must have Cell Size set to auto. See “Procedure for Manually Configuring IAPs” on page 280. 5.
Wireless Array 10. Auto Cell Configuration: Click this button to instruct the Array to determine and set the best cell size for each enabled IAP whose Cell Size is auto on the IAP Settings window, based on changes in the environment. This is the recommended method for setting cell size. You may look at the Tx and Rx values on the IAP Settings window to view the cell size settings that were applied. 11.
Wireless Array Auto band runs separately from auto channel configuration. If the band is changed for an IAP, associated stations will be disconnected and will then reconnect. 14. Channel Configuration: Automatic channel configuration is the recommended method for channel allocation.
Wireless Array Click Factory Defaults if you wish to instruct the Array to return all IAPs to their factory preset channels. As of release 6.3, Arrays no longer all use the same factory preset values for channel assignments.
Wireless Array 18. Auto Channel List: Use All Channels selects all available channels (this does not include locked channels). Use Defaults sets the auto channel list back to the defaults. This omits newer channels (100-140) — many wireless NICs don’t support these channels. Station Assurance Station assurance monitors the quality of the connections that users are experiencing on the wireless network. You can quickly detect stations that are having problems and take steps to correct them.
Wireless Array below and will display associated information on the Station Assurance Status page. When a threshold is reached, an event is triggered, a trap is generated, and a Syslog message is logged. 20. Period: In seconds, the period of time for a threshold to be reached. For example, the Array will check whether Max Authentication Failures has been reached in this number of seconds. 21.
Wireless Array Global Settings .11n IAPs IAP Settings Radio Assurance Hotspot 2.0 Understanding Hotspot 2.0 Hotspot 2.0 is a part of the Wi-Fi Alliance’s Passpoint certification program. It specifies additional information above and beyond that found in 802.11u, which allows mobile clients to automatically discover, select, and connect to networks based on preferences and network optimization. Mobile clients that support Hotspot 2.0 are informed of an access point’s support via its beacon message.
Wireless Array Figure 158. Hotspot 2.0 Settings 5. English/Chinese Operator Friendly Name. Enter an English or Chinese name into one of the fields. An incorrectly entered name can be deleted by clicking the corresponding Delete. 6. Connection Capabilities. A Hotspot 2.0 access point limits the particular protocols that clients may use. The set of default protocols is shown initially. This table specifies the protocols in terms of: a. A common Name, such as FTP or HTTP. b. A Protocol number.
Wireless Array d. Status: one of open, closed or unknown. Any of the entries may be deleted by clicking the corresponding Delete button. New entries may be created by entering the name of the protocol in the box beside the Create button, and then clicking Create. The new protocol will be added to the list with zeros in the protocol fields and unknown for the status. Enter the appropriate Protocol and Port values before setting the Status field to open.
Wireless Array 1. Enter the realm name. Enter the name of a realm in the box to the left of the Create button and click Create. The realm will be added to the NAI Realms list. Any of the realms may be deleted by clicking the corresponding Delete button. 2. Enter Authentication Information. The NAI EAP page is used to specify authentication for a realm. Click on the name of a realm to go to the NAI EAP page for that realm. See “NAI EAP” on page 332.
Wireless Array 3. • EAP-FAST • EAP-MSCHAP-V2 • EAP-SIM • EAP-TLS • EAP-TTLS • GTC • MD5-Challenge • None • PEAP Specify Authentication Parameters. Each of the authentication methods may specify up to five authentication parameters. To specify the parameters click on the number corresponding to the authentication method; i.e. 1, 2, 3, 4, or 5. This displays the EAP n Auth Parameter Configuration below the list of EAP Methods.
Wireless Array Intrusion Detection The Xirrus Array employs a number of IDS/IPS (Intrusion Detection System/ Intrusion Prevention System) strategies to detect and prevent malicious attacks on the wireless network. Use this window to adjust intrusion detection settings. Figure 161.
Wireless Array The Array provides a suite of intrusion detection and prevention options to improve network security. You can separately enable detection of the following types of problems: z Rogue Access Point Detection and Blocking Unknown APs are detected, and may be automatically blocked based on a number of criteria. See “About Blocking Rogue APs” on page 337.
Wireless Array Type of Attack Description Disassociation Flood Flooding the Array with forged Disassociation packets. Deauthentication Flood Flooding the Array with forged Deauthenticates. EAP Handshake Flood Flooding an AP with EAP-Start messages to consume resources or crash the target. Null Probe Response Answering a station probe-request frame with a null SSID. Many types of popular NIC cards cannot handle this situation, and will freeze up.
Wireless Array Type of Attack Description Sequence number anomaly A sender may use an Add Block Address request (ADDBA - part of the Block ACK mechanism) to specify a sequence number range for packets that the receiver can accept. An attacker spoofs an ADDBA request, asking the receiver to reset its sequence number window to a new range. This causes the receiver to drop legitimate frames, since their sequence numbers will not fall in that range.
Wireless Array Procedure for Configuring Intrusion Detection RF Intrusion Detection and Auto Block Mode 1. • Standard — enables the monitor radio to collect Rogue AP information. • Off — intrusion detection is disabled. 2. Auto Block Unknown Rogue APs: Enable or disable auto blocking (see “About Blocking Rogue APs” on page 337). Note that in order to set Auto Block RSSI and Auto Block Level, you must set Auto Block Unknown Rogue APs to On. Then the remaining Auto Block fields will be active. 3.
Wireless Array without a controlling Access Point, also called an Independent Basic Service Set — IBSS). • 6. ESS/Infrastructure only — only consider auto blocking rogue APs if they are in infrastructure mode rather than ad hoc mode. Auto Block Whitelist: Use this list to specify channels to be excluded from automatic blocking. If you have enabled Auto Block, it will not be applied to rogues detected on the whitelisted channels.
Wireless Array 8. Duration Attack NAV (ms): For the duration attack, you may also modify the default duration value that is used to determine whether a packet may be part of an attack. If the number of packets having at least this duration value exceeds the Threshold number in the specified Period, an attack is detected. Impersonation Detection Settings 9. Attack/Event: The types of impersonation attack that you may detect are described in Impersonation Attacks on page 336.
Wireless Array also choose Disabled to keep the LEDs from being lit. The LEDs will still light during the boot sequence, then turn off. 2. LED Blink Behavior: This option allows you to select when the IAP LEDs blink, based on the activities you check here. From the choices available, select one or more activities to trigger when the LEDs blink. For default behavior, see “Array LED Operating Sequences” on page 65. 3. Click Save changes to flash if you wish to make your changes permanent.
Wireless Array Figure 163. DSCP Mappings Procedure for Configuring DSCP Mappings 1. DSCP to QoS Mapping Mode: Use the On and Off buttons to enable or disable the use of the DSCP mapping table to determine the QoS level applied to each packet. 2. DSCP to QoS Mapping: The radio buttons in this table show all DSCP values (0 to 63), and the QoS level to which each is mapped. To change the QoS level applied to a DSCP value, click the desired QoS level (0 to 3) underneath it.
Wireless Array threshold and the stronger neighbor radio’s RSSI, then we “assist” the client. For example: Threshold = -5 RSSI of neighbor Array = -65 RSSI of client = -75 -75 < (-5 + -65) : Client will roam Another example: Threshold = -15 RSSI of neighbor Array = -60 RSSI of station = -70 -70 > (-15 + -60) : Client will not roam Procedure for Configuring Roaming Assist 1. Enable Roaming Assist: Use the Yes and No buttons to enable or disable this feature. 2.
Wireless Array Figure 164. Roaming Assist 344 4. Minimum Data Rate: If the station’s data rate (either Tx or Rx) falls below this rate, it will trigger a deauthentication. 5. Device Classes and Device Types: You can configure the device classes or types that will be assisted in roaming.
Wireless Array WDS This is a status-only window that provides an overview of all WDS links that have been defined. WDS (Wireless Distribution System) is a system that enables the interconnection of access points wirelessly, allowing your wireless network to be expanded using multiple access points without the need for a wired backbone to link them. The Summary of WDS Client Links shows the WDS links that you have defined on this Array and identifies the target Array for each by its base MAC address.
Wireless Array and the maximum number of IAPs in the link. Then you will select the IAPs to be used in the link. When the client link is created, each member IAP will associate to an IAP on the host Array. You may wish to consider configuring the WDS link IAPs so that only the WDS link SSIDs are active on them. See “Active IAPs” on page 266. Client Link CLIENT a2(52) a10(52) a3(149) a9(149) a4(40) a8(40) Wired LAN HOST Figure 166.
Wireless Array Long Distance Links If you are using WDS to provide backhaul over an extended distance, use the WDS Dist. (Miles) setting to prevent timeout problems associated with long transmission times. (See “IAP Settings” on page 279) Set the approximate distance in miles between this IAP and the connected Array in the WDS Dist. (Miles) column. This will increase the wait time for frame transmission accordingly.
Wireless Array Procedure for Setting Up WDS Client Links WDS Client Link Settings: 1. # 2. # 348 Host Link Stations: Check the Allow checkbox to instruct the Array to allow stations to associate to IAPs on a host Array that participates in a WDS link. The WDS host IAP will send beacons announcing its availability to wireless clients. This is disabled by default. Once an IAP has been selected to act as a WDS client link, no other association will be allowed on that IAP.
Wireless Array The higher the weight, the lower the influence of a new RSSI reading. This is not exactly a percentage, but a factor in the formula for computing the current RSSI value based on new readings: StoredRSSI = (StoredRSSI * RoamingAvgWeight + NewRSSIReading * (100 - RoamingAvgWeight)) / 100 This prevents erroneous or out-of-line RSSI readings from causing the WDS link to jump to a new Array. Such readings can result from temporary obstructions, external interference, etc. 5.
Wireless Array Links. To allow any Xirrus Array to be accepted as a WDS target, enter the Xirrus OUI: 00:0f:7d:00:00:00 or 50:60:28:00:00:00 (this is useful for roaming in a mobile deployment, as described in Step 3 on page 348). 11. Target SSID: Enter the SSID that the target Array is using. 12. Username: Enter a username for this WDS link. A username and password is required if the SSID is using PEAP for WDS authentication from the internal RADIUS server. 13. Password: Enter a password for this WDS link.
Wireless Array Filters The Wireless Array’s integrated firewall uses stateful inspection to speed the decision of whether to allow or deny traffic. Filters are used to define the rules used for blocking or passing traffic. Filters can also set the VLAN and QoS level for selected traffic. # The air cleaner feature offers a number of predetermined filter rules that eliminate a great deal of unnecessary wireless traffic. See “Air Cleaner” on page 426.
Wireless Array Filters are organized in groups, called Filter Lists. A filter list allows you to apply a uniform set of filters to SSIDs or Groups very easily. The read-only Filters window provides you with an overview of all filter lists that have been defined for this Array, and the filters that have been created in each list. Filters are listed in the left side column by name under the filter list to which they belong.
Wireless Array Procedure for Managing Filter Lists 1. Stateful Filtering: Stateful operation of the integrated firewall can be Enabled or Disabled. If you have a large number of filters and you don’t want to apply them in a stateful manner, you may use this option to turn the firewall off. 2. Application Control: Operation of the Application Control feature may be Enabled or Disabled. See “Application Control Windows” on page 147.
Wireless Array 10. Click a filter list to go to the Filter Management window to create and manage the filters that belong to this list. Filter Management This window allows you to create and manage filters that belong to a selected filter list, based on the filter criteria you specify. Filters are an especially powerful feature when combined with the intelligence provided by the “Application Control Windows” on page 147. Filters are applied in order, from top to bottom. Click here to change the order.
Wireless Array z Traffic for mission-critical applications like VoIP and WebEx may be given higher priority (QoS). z Non- critical traffic from applications like YouTube may be given lower priority (QoS) or bandwidth allowed may be capped per station or for all stations. z Traffic flows for specific applications may be controlled by sending them into VLANs that are designated for that type of traffic. z Filters may be applied at specified times—for example, no games allowed from 8 AM to 6 PM.
Wireless Array 5. On: Use this field to enable or disable this filter. 6. Log: Log usage of this filter to Syslog. 7. Type: Choose whether this filter will be an Allow filter or a Deny filter. If you define the filter as an Allow filter, then any associations that meet the filter criteria will be allowed. If you define the filter as a Deny filter, any associations that meet the filter criteria will be denied. 8. Layer: Select network layer 2 or 3 for operation of this filter. 9.
Wireless Array has the lowest priority; level 3 has the highest priority. By default, this field is blank and the filter does not modify QoS level. See “Understanding QoS Priority on the Wireless Array” on page 247. 14. VLAN/Number: (Optional) Set packets that match the filter criteria to this VLAN. Select a VLAN from the pull-down list, or select numeric and enter the number of a previously defined VLAN (see “VLANs” on page 199). 15.
Wireless Array days—one to deny Games Mon-Fri 8:00 to 18:00, and another to deny them on Sat. from 8:00 to 12:00. 20. Source Address: Define a source address to match as a filter criterion. Click the radio button for the desired type of address (or other attribute) to match. Then specify the value to match in the field to the right of the button. Choose Any to use any source address. Check Not to match any address except for the specified address. 21.
Wireless Array 24. Click Save changes to flash if you wish to make your changes permanent.
Wireless Array Clusters # An XR-500 or XR-1000 Series Array cannot act as the Cluster controller. It will operate correctly as a member of a cluster. Clusters allow you to configure multiple Arrays at the same time. Using WMI (or CLI), you may define a set of Arrays that are members of the cluster. Then you may enter Cluster mode for a selected cluster, which sends all successive configuration commands issued via CLI or WMI to all of the member Arrays.
Wireless Array Cluster Definition # An XR-500 or XR-1000 Series Array cannot act as the Cluster controller. It will operate correctly as a member of a cluster. This window allows you to create clusters. All existing clusters are shown, along with the number of Arrays currently in each. Up to 16 clusters may be created, with up to 50 Arrays in each. Figure 173. Cluster Definition Procedure for Managing Cluster Definition 1.
Wireless Array Cluster Management # An XR-500 or XR-1000 Series Array cannot act as the Cluster controller. It will operate correctly as a member of a cluster. This window allows you to add Arrays to or delete them from a selected cluster. A cluster may include a maximum of 50 Arrays. Note that the Array on which you are currently running WMI is not automatically a member of the cluster. If you would like it to be a member, you must add it explicitly. Figure 174.
Wireless Array Cluster Operation This window puts WMI into Cluster Mode. In this mode, all configuration operations that you execute in WMI or CLI are performed on the members of the cluster. They are not performed on the Array where you are running WMI, unless it is a member of the cluster. # An XR-500 or XR-1000 Series Array cannot act as the Cluster controller. It will operate correctly as a member of a cluster.
Wireless Array 3. Proceed to any additional pages where you wish to make changes. 4. Some Status and Statistics windows will present information for all Arrays in the cluster. 5. Click the Save button when done if you wish to save changes on the cluster member Arrays. 6. Exit: Click the Exit button to the right of the operating cluster to terminate Cluster Mode. The WMI returns to normal operation — managing only the Array to which it is connected.
Wireless Array You have the option to show aggregate information for the cluster members, or click the Group by Array check box to separate it out for each Array. You may terminate cluster mode operation by clicking the Exit button to the right of the Group by Array check box.
Wireless Array Mobile Mobile Device Management (MDM) servers enable you to manage large-scale deployments of mobile devices. They may include capabilities to handle tasks such as enrolling devices in your environment, configuring and updating device settings over-the-air, enforcing security policies and compliance, securing mobile access to your resources, and remotely locking and wiping managed devices.
Wireless Array The Array settings entered on this page are mostly taken from AirWatch. Once you have entered these settings, your users will be constrained to follow a set of steps to access the wireless network, as described in “User Procedure for Wireless Access” on page 368.
Wireless Array 8. Redirect URL: Obtain this from your AirWatch server. Go to the System / Advanced / Site URLs page, and copy the Enrollment URL string into this field. When a mobile device that is not currently enrolled with AirWatch attempts to connect to the Array, the device displays a page directing the user to install the AirWatch agent and go to the AirWatch enrollment page. Note that Android devices will need another form of network access (i.e.
Wireless Array 5. If the device is not enrolled, all user traffic will be blocked, except that HTTP traffic is redirected to an intermediate page on the Array that tells the user to download and install the AirWatch agent. The page displays a link to the AirWatch-provided device enrollment URL. This link is a passthough that allows the user to go through the enrollment process. The user will need to enter your organization’s AirWatch Group ID and individual account credentials when requested.
Wireless Array contacted at this time and advises the user to contact the network administrator. If this field is set to Allow, then the device will be allowed network access.
Wireless Array Using Tools on the Wireless Array # If you are a Cloud XMS customer, then Arrays are managed via the cloud, and local Array management interfaces are inaccessible. If the Array is being managed by your own server for XMS Release 6.5 or above, and if the Array has been assigned to a named network in XMS, you will be restricted to read-only Array access. See “XMS-Managed Arrays Restrict Local Management” on page 78.
Wireless Array System Tools Progress is shown here Status is shown here Figure 179.
Wireless Array This window allows you to manage files for software images, configuration, and Web Page Redirect (WPR), manage the system’s configuration parameters, reboot the system, and use diagnostic tools. About Licensing and Upgrades The Array’s license determines some of the features that are available on the Array. For example, the Application Control feature is an option that must be separately licensed. To check the features supported by your license, see “Array Information” on page 98.
Wireless Array z Diagnostics z Web Page Redirect z Network Tools z Progress and Status Frames System 1. Save & Reboot or Reboot: Use Save & Reboot to save the current configuration and then reboot the Array. The LEDs on the Array indicate the progress of the reboot, as described in “Powering Up the Wireless Array” on page 64. Alternatively, use the Reboot button to discard any configuration changes which have not been saved since the last reboot.
Wireless Array # If you have difficulty upgrading the Array using the WMI, see “Upgrading the Array via CLI” on page 494 for a lower-level procedure you may use. Software Upgrade always uploads the file in binary mode. If you transfer any image file to your computer to have it available for the Software Upgrade command, it is critical to remember to transfer it (ftp, tftp) in binary mode! 3.
Wireless Array # Trial licenses: If you enter a trial license to try new premium features, then when the trial expires the perpetual license will be restored automatically without requiring a reboot. When the trial expires, the current Array configuration will not be lost. Automatic Updates from Remote Image or Configuration File The Array software image or configuration file can be downloaded from an external server.
Wireless Array # 6. The Remote Boot Image or Remote Configuration update happens every time that the Array reboots. If you only want to fetch the remote image or configuration file one time, be sure to turn off the remote option (blank out the field on the System Tools page) after the initial download. When a remote boot image is used, the image is transferred directly into memory and is never written to the compact flash.
Wireless Array • history/saved-yyyymmdd-pre-update.conf: history/saved-yyyymmdd-post-update.conf: Two files are automatically saved for a software upgrade or for a license change (including the setting values from just before the upgrade/change was performed, and the initial values afterward. The filename includes the date. • history/saved-yyyymmdd-auto.conf: Each time you use the Save changes to flash button, an “auto” file is saved with the settings current at that time.
Wireless Array • Click Set Restore Point to save a copy of the current configuration, basing the file name on the current date and time. For example: history/saved-20100318-1842.conf Note that the configuration is automatically saved to a file in a few situations, as described in Step 8 above.
Wireless Array Diagnostics 12. Diagnostic Log: Click the Create button to save a snapshot of Array information for use by Xirrus Customer Support personnel. The Progress and Status Frames show the progress of this operation. When the process is complete, the filename xs_diagnostic.log will be displayed in blue and provides a link to the newly created log file. Click the link to download this file. You will be asked to specify the location for saving the file.
Wireless Array whatsoever. When a health log exists, the filename xs_health.log.bz2 is displayed in blue and provides a link to the log file. Click the link to download this file or to open it with your choice of application. This file is normally only used at the request of Customer Support. Application Control Signature File Management Application Control recognizes applications using a file containing the signatures of hundreds of applications.
Wireless Array Web Page Redirect The Array uses a Perl script and a cascading style sheet to define the default splash/login Web page that the Array delivers for WPR. You may replace these files with files for one or more custom pages of your own. See Step 17 below to view the default files. See Step 14 on page 257 for more information about WPR and how the splash/login page is used. Each SSID that has WPR enabled may have its own page. Custom files for a specific SSID must be named based on the SSID name.
Wireless Array 16. Remove File: Enter the name of the WPR file you want to remove, then click on the Delete button. You can use the List Files button to show you a list of files that have been saved on the Array for WPR. The list is displayed in the Status section at the bottom of the WMI window. You must reboot to make your changes take effect. 17. Download Sample Files: Click on a link to access the corresponding sample WPR files: • wpr.pl — a sample Perl script. • hs.
Wireless Array accessing the network, you can quickly determine if there is a basic RADIUS problem by using the RADIUS Ping tool. For example, in Figure 184 (A), RADIUS Ping is unable to contact the server. In Figure 184 (B), RADIUS Ping verifies that the host information and secret for a RADIUS server are correct, but that the user account information is not. Select RADIUS allows you to select a RADIUS server that you have already configured.
Wireless Array 21. Execute System Command: Click Execute to start the specified command. Progress of command execution is displayed in the Progress frame. Results are displayed in the Status frame. Progress and Status Frames The Progress frame displays a progress bar for commands such as Software Upgrade and Ping. The Status frame presents the output from system commands (Ping and Trace Route), as well as other information, such as the results of software upgrade. 22.
Wireless Array To enter a command, simply type it in. The command is echoed and output is shown in the normal way — that is, the same way it would be if you were using the CLI directly. You may use the extra scroll bar inside the right edge of the window to scroll through your output. If output runs past the right edge of the screen, there is also a horizontal scroll bar at the bottom of the page.
Wireless Array API Documentation Arrays provide an API interface conforming to the RESTful API model. Developers may use this read-only API to read status, statistics, and settings from the Array. The interactive API Documentation page provides documentation for the API. You may use the Array’s API for purposes such as integrating with third party applications or creating your own applications for network monitoring and analysis.
Wireless Array Status/Settings The RESTful API on the Array is broken into these two main headings: status and settings. Each is a node that may be clicked to expand or collapse the list of corresponding API requests available on the Array. Since this is a read-only API, the list consists exclusively of GET operations. The figure below shows part of the list displayed by clicking /settings. Click again to collapse (hide) the list. Figure 187.
Wireless Array GET Requests Each request name in the list is a link. Click it to see more information and to try the API and see its output. The figure below shows the GET request for ethernet-stats{name}. Click again to collapse (hide) the API details. he Figure 188. API — GET Request Details High-level details are shown, including the Response Class name and the Response Content Type (limited to JSON at this time).
Wireless Array and statistics for a particular Ethernet port, while GET /ethernet-stats/ returns information for all Ethernet ports. Figure 189. API — GET Request Response The figure above shows the response for ethernet-stats{name}. The response is produced in the human-readable JSON format. The status and statistics data shown are as described in “Viewing Status on the Wireless Array” on page 91. Click Hide Response if you wish to hide the output.
Wireless Array The Response Code and the Response Header are standard for HTTP(S). API Documentation Toolbar Figure 190. API Documentation Toolbar The Status and Settings sections each have a toolbar as shown above, offering the following options. z Show/Hide—expands or collapses this list of GET requests. Hiding and then showing again displays the requests as they were before, i.e., expanded GET requests will still be expanded when displayed again. z List Operations—expands this list of GET requests.
Wireless Array Options This window allows you to customize the behavior and appearance of the WMI. By default, the Array uses the New style option, shown below. Figure 191. WMI Display Options Procedure for Configuring Options 1. Style: This option allows you to change the appearance and operation of the user interface. Select one of the available styles from the drop-down list. Click the Apply button to view the WMI with the selected style.
Wireless Array Figure 192. iPhone Style Option For example, the iPhone style option (Figure 192) has a more compact display, suitable for use on smart phones. It shows the main menu in the orange bar at the top, rather than as a tree in its own frame on the left. Clicking one of the menu choices at the top in Figure 192 will display a drop-down menu with the options for that menu choice. Menus may be toggled on and off by clicking on the headers (Status, Configuration, etc.). 2.
Wireless Array 394 3. Close Menu Section when Deselected: When you click a main section such as SSIDs in the left frame of the WMI (the navigation tree), the section is expanded to show submenu choices. Click Yes to automatically close any open submenus when you select a different section. If you click No, all menu sections will remain expanded once opened. No is the default.
Wireless Array Logout Click on the Logout button to terminate your session. When the session is terminated, you are presented with the Array’s login window. Figure 193.
Wireless Array 396 Using Tools on the Wireless Array
Wireless Array The Command Line Interface # If you are a Cloud XMS customer, then Arrays are managed via the cloud, and local Array management interfaces are inaccessible. If the Array is being managed by your own server for XMS Release 6.5 or above, and if the Array has been assigned to a named network in XMS, you will be restricted to read-only Array access. See “XMS-Managed Arrays Restrict Local Management” on page 78.
Wireless Array Establishing a Secure Shell (SSH) Connection Use this procedure to initialize the system and log in to the Command Line Interface (CLI) via a Secure Shell (SSH) utility, such as PuTTY. When connecting to the unit’s Command Line Interface over a network connection, you must use a Secure SHell version 2 (SSH-2) utility. Make sure that your SSH utility is set up to use SSH-2. 1. 2. Start your SSH session and communicate with the Array via its IP address.
Wireless Array Getting Started with the CLI The root command prompt (Root Command Prompt) is the first prompt you see after logging in to the CLI. If you are at a level other than the root command prompt you can return to this prompt at any time by using the exit command to step back through each command prompt level. The root command prompt you see in the CLI window is determined by the host name you assigned to your Array.
Wireless Array z ? Command This command is available at any prompt and provides either FULL or PARTIAL help. Using the ? (question mark) command when you are ready to enter an argument will display all the possible arguments (full help). Partial help is provided when you enter an abbreviated argument and you want to know what arguments will match your input. Figure 196.
Wireless Array Top Level Commands This section offers an at-a-glance view of all top level commands — organized alphabetically. Top level commands are defined here as commands that are directly accessible from the root command prompt (Xirrus_Wi-Fi_Array#). The root command prompt is based on the host name assigned to your Array. When inputting commands, be aware that all commands are case-sensitive.
Wireless Array Command show Description Display information about the selected item. See “show Commands” on page 405. statistics Display statistical data about the Array. See “statistics Commands” on page 408. uptime Display the elapsed time since the last boot. xms-override Override XMS managed mode and allow local configuration changes according to your user privileges. See “XMS-Managed Arrays Restrict Local Management” on page 78.
Wireless Array Command Description end Exit the configuration mode. exit Go UP one mode level. file Manage the file system. filter Define protocol filter parameters. group Define user groups with parameter settings help Description of the interactive Help system. history List history of commands that have been executed. hostname Host name for this Array. interface Select the interface to configure.
Wireless Array Command reboot Reboot the Array. reset Reset all settings to their factory default values and reboot. restore Reset all settings to their factory default values and reboot. revert Revert to saved configuration after specified delay in seconds if configuration not saved. roaming-assist run-tests save search security Set parameters for roaming assistance. Run selective tests. Save the running configuration to FLASH. Search for pattern in show command output.
Wireless Array show Commands The following table shows the second level commands that are available with the top level show command [Xirrus_Wi-Fi_Array# show]. Command acl admin Description Display the Access Control List. Display the administrator list or login information. array-info Display system information. associatedstations Display stations that have associated to the Array. boot-env capabilities cdp channel-list Display Boot loader environment variables.
Wireless Array Command error-numbers ethernet Display the detailed error number in error messages. Display Ethernet interface summary information. external-radius Display summary information for the external RADIUS server settings. factory-config Display the Array factory configuration information. filters iap Display filter information. Display IAP configuration information. internal-radius Display the users defined for the embedded RADIUS server.
Wireless Array Command spanning-tree spectrumanalyzer ssid Description Display spanning tree information. Display spectrum analyzer measurements. Display SSID summary information. stations Display station information. statistics Display statistics. syslog Display the system log. syslog-settings Display the system log (Syslog) settings. temperature Display the current board temperatures. unassociatedstations Display unassociated station information. vlan Display VLAN information.
Wireless Array statistics Commands The following table shows the second level commands that are available with the top level statistics command [Xirrus_Wi-Fi_Array# statistics]. Command ethernet Ethernet Name eth0, gig1, gig2 filter filter-list iap 408 Description Display statistical data for all Ethernet interfaces. Display statistical data for the defined Ethernet interface (either eth0, gig1 or gig2). FORMAT: statistics gig1 Display statistics for defined filters (if any).
Wireless Array Command Description wds Display statistical data for the defined active WDS (Wireless Distribution System) links. FORMAT: statistics wds 1 Display configuration or status information.
Wireless Array Configuration Commands All configuration commands are accessed by using the configure command at the root command prompt (Xirrus_Wi-Fi_Array#). This section provides a brief description of each command and presents sample formats where deemed necessary. The commands are organized alphabetically. When inputting commands, be aware that all commands are case-sensitive.
Wireless Array admin The admin command [Xirrus_Wi-Fi_Array(config-admin)#] is used to configure the Administrator List. Command Description add Add a user to the Administrator List. FORMAT: admin add [userID] del Delete a user to the Administrator List. FORMAT: admin del [userID] edit Modify user in the Administrator List. FORMAT: admin edit [userID] radius reset Define a RADIUS server to be used for authenticating administrators.
Wireless Array auth The auth command [Xirrus_Wi-Fi_Array(config)# auth] is used to configure Oauth tokens. See also, “OAuth 2.0 Management” on page 243. Command Description add Add an Oauth token. FORMAT: auth add client grant expiration code type [agent ] [scope ] del Delete an Oauth token. FORMAT: auth del reset Delete all Oauth tokens.
Wireless Array Command Description hold-time Select CDP message hold time before messages received from neighbors expire. FORMAT: cdp hold-time [# seconds] interval The Array sends out CDP announcements at this interval.
Wireless Array clear The clear command [Xirrus_Wi-Fi_Array(config)# clear] is used to clear requested elements. Command arp authentication 414 Description Clear the arp table entry for a requested IP address, or clear all entries if no IP address is entered. FORMAT: clear arp [ipaddress] Deauthenticate a station (specified by MAC address, hostname, or IP address). If you specify the permanent option, then the station is deauthenticated and put on the access control list.
Wireless Array Command Description syslog Clear all Syslog messages, but continue to log new messages.
Wireless Array cluster The cluster command [Xirrus_Wi-Fi_Array(config)# cluster] is used to create and operate clusters. Clusters allow you to configure multiple Arrays at the same time. Using CLI (or WMI), you may define a set of Arrays that are members of the cluster. Then you may switch the Array to Cluster operating mode for a selected cluster, which sends all successive configuration commands issued via CLI or WMI to all of the member Arrays.
Wireless Array Command operate reset Description Enter Cluster operation mode. All configuration commands are applied to all of the selected cluster’s member Arrays until you give the end command (see above). FORMAT: cluster operate [cluster-name] Delete all clusters. FORMAT: cluster reset contact-info The contact-info command [Xirrus_Wi-Fi_Array(config)# contact-info] is used for managing administrator contact information.
Wireless Array date-time The date-time command [Xirrus_Wi-Fi_Array(config-date-time)#] is used to configure the date and time parameters. Your Array supports the Network Time Protocol (NTP) in order to ensure that the Array’s internal time is accurate. NTP is set to UTC time by default; however, you can set the time zone so that your Array will display local time. This is done by defining an offset from the UTC value.
Wireless Array dhcp-server The dhcp-server command [Xirrus_Wi-Fi_Array(config-dhcp-server)#] is used to add, delete and modify DHCP pools. Command Description add Add a DHCP pool. FORMAT: dhcp-server add [dhcp pool] del Delete a DHCP pool. FORMAT: dhcp-server del [dhcp pool] edit Edit a DHCP pool FORMAT: dhcp-server edit [dhcp pool] reset Delete all DHCP pools.
Wireless Array dns The dns command [Xirrus_Wi-Fi_Array(config-dns)#] is used to configure your DNS parameters. Command 420 Description domain Enter your domain name. FORMAT: dns domain [www.mydomain.com] server1 Enter the IP address of the primary DNS server. FORMAT: dns server1 [1.2.3.4] server2 Enter the IP address of the secondary DNS server. FORMAT: dns server1 [2.3.4.5] server3 Enter the IP address of the tertiary DNS server. FORMAT: dns server1 [3.4.5.
Wireless Array file The file command [Xirrus_Wi-Fi_Array(config-file)#] is used to manage files. Command active-image backup-image check-image chkdsk copy cp dir erase format ftp Description Validate and commit a new array software image. Validate and commit a new backup software image. Validate a new array software image. Check flash file system. Copy a file to another file. FORMAT: file copy [sourcefile destinationfile] List the contents of a directory.
Wireless Array Command Description http-get Perform an HTTP file download. This is the preferred method of downloading files for XMS Cloud. FORMAT: http-get [no-cert-check] [] no-cert-check causes the array to download the file even if the SSL certificate is invalid, expired, or not signed by a recognized CA is a standard HTTP URL, e.g. https:// file.example.com:8080/mydir/myfile.ext.
Wireless Array Command Description remote-config When the Array boots up, it fetches the specified configuration file from the TFTP server defined in the file remote-server command, and uses this configuration. This must be an Array configuration file with a .conf extension. A partial configuration file may be used. For instance, if you wish to use a single configuration file for all of your Arrays but don't want to have the same IP address for each Array, you may remove the ipaddr line from the file.
Wireless Array Command 424 Description scp Copy a file to or from a remote system. You may specify the port to use. tftp Open a TFTP connection with a remote server. FORMAT: file tftp host { |} [port ] [user {anonymous | password } ] { put [] | get [] } Note: Any time you transfer any kind of software image file for the Array, it must be transferred in binary mode, or the file may be corrupted.
Wireless Array filter The filter command [Xirrus_Wi-Fi_Array(config-filter)#] is used to manage protocol filters and filter lists. Command add add-list del del-list edit Description Add a filter. Details about the air cleaner feature are after the end of this table. FORMAT: filter add [air-cleaner |name] Add a filter list. FORMAT: filter add-list [name] Delete a filter. FORMAT: filter del [name] Delete a filter list. FORMAT: filter del-list [name] Edit a filter.
Wireless Array Command Description off Disable a filter list. FORMAT: filter off on Enable a filter list. FORMAT: filter on reset stateful Delete all protocol filters and filter lists. FORMAT: filter reset Enable or disable stateful filtering (firewall). FORMAT: Stateful [enable | disable | on |off] Air Cleaner The air cleaner feature offers a number of predetermined filter rules that eliminate a great deal of unnecessary wireless traffic, resulting in improved performance.
Wireless Array operation. If you find that there is a particular type of multicast or broadcast traffic that you want to allow, just add a specific allow filter for it before the deny filter in this list that would normally block it. Add or delete any of the Multicast rules as necessary for a specific site. Remember that the order of the rules is important. Figure 198. Air Cleaner Filter Rules Explanations of some sample rules are below. z Air-cleaner-Arp.
Wireless Array 428 z Air-cleaner-Mcast.1 drops all multicast traffic with a destination MAC address starting with 01. This filters out a lot of IP multicast traffic that starts with 224. z Air-cleaner-Mcast.2 drops all multicast traffic with a destination MAC address starting with 33. A lot of IPv6 traffic and other multicast traffic is blocked by this filter. z Air-cleaner-Mcast.3 drops all multicast traffic with a destination MAC address starting with 09.
Wireless Array group The group command [Xirrus_Wi-Fi_Array(config)# group] is used to create and configure user groups. User groups allow administrators to assign specific network parameters to users through RADIUS privileges rather than having to map users to a specific SSID. Groups provide flexible control over user privileges without the need to create large numbers of SSIDs. For more information, see “Groups” on page 269. Command Description add Create a new user group.
Wireless Array interface The interface command [Xirrus_Wi-Fi_Array(config)# interface] is used to select the interface that you want to configure. To see a listing of the commands that are available for each interface, use the ? command at the selected interface prompt. For example, using the ? command at the Xirrus_Wi-Fi_Array(config-gig1}# prompt displays a listing of all commands for the gig1 interface. Command console Description Select the console interface.
Wireless Array Command Description lastboot.conf Load the configuration file from the last boot-up. FORMAT: load [lastboot.conf] [myfile].conf If you have saved a configuration, enter its name to load it. FORMAT: load [myfile.conf] saved.conf Load the configuration file with the last saved settings. FORMAT: load [saved.conf] location The location command [Xirrus_Wi-Fi_Array(config)# location] is used to set the location descriptive string for the Array.
Wireless Array location-reporting The location-reporting command [Xirrus_Wi-Fi_Array(config)# locationreporting] is used to configure Location Server settings. See also, “Location” on page 186. Command cust-key Set Location Server customer key. FORMAT: location-reporting cust-key enc disable Disable location-reporting. FORMAT: location-reporting disable enable Enable location-reporting. FORMAT: location-reporting enable period Set Location Server reporting period (seconds).
Wireless Array management The management command [Xirrus_Wi-Fi_Array(config)# management] enters management mode, where you may configure management parameters. Command Description Enter management mode.
Wireless Array mdm The mdm command [Xirrus_Wi-Fi_Array(config)# mdm] is used to configure Mobile Device Management Server settings. See also, “Mobile” on page 366. Command Description airwatch api Set Location Server customer key.
Wireless Array more The more command [Xirrus_Wi-Fi_Array(config)# more] is used to turn terminal pagination ON or OFF. Command Description off Turn OFF terminal pagination. FORMAT: more off on Turn ON terminal pagination.
Wireless Array netflow The netflow command [Xirrus_Wi-Fi_Array(config-netflow)#] is used to enable or disable, or configure sending IP flow information (traffic statistics) to the collector you specify. Command disable Disable netflow. FORMAT: netflow disable enable Enable netflow. FORMAT: netflow enable off Disable netflow. FORMAT: netflow off on Enable netflow. FORMAT: netflow on collector 436 Description Set the netflow collector IP address or fully qualified domain name (host.domain).
Wireless Array no The no command [Xirrus_Wi-Fi_Array(config)# no] is used to disable a selected element or set the element to its default value. Command acl dot11a dot11bg https Description Disable the Access Control List. FORMAT: no acl Disable all 802.11an IAPs (radios). FORMAT: no dot11a Disable all 802.11bgn IAPs (radios). FORMAT: no dot11bg Disable https access. FORMAT: no https intrude-detect Disable intrusion detection.
Wireless Array Command snmp ssh Disable SNMP features. FORMAT: no snmp Disable ssh access. FORMAT: no ssh syslog Disable the Syslog services. FORMAT: no syslog telnet Disable Telnet access. FORMAT: no telnet ETH-NAME 438 Description Disable the selected Ethernet interface (eth0, gig1 or gig2). You cannot disable the console interface. with this command.
Wireless Array quick-config The quick-config command is used to apply configuration templates to the Array for typical deployment scenarios. Command Description Classroom Configure Array for classroom deployment. FORMAT: quick-config Classroom Configures the array for use in classroom settings (K-12 schools, Higher education, etc.) High-density Configure Array for high density deployment.
Wireless Array quit The quit command [Xirrus_Wi-Fi_Array(config)# quit] is used to exit the Command Line Interface. Command Description Exit the Command Line Interface. FORMAT: quit If you have made any configuration changes and your changes have not been saved, you are prompted to save your changes to Flash. At the prompt, answer Yes to save your changes, or answer No to discard your changes.
Wireless Array reboot The reboot command [Xirrus_Wi-Fi_Array(config)# reboot] is used to reboot the Array. If you have unsaved changes, the command will notify you and give you a chance to cancel the reboot. Command Description Reboot the Array. FORMAT: reboot delay Reboot the Array after a delay of 1 to 60 seconds. FORMAT: reboot delay [n] reset The reset command [Xirrus_Wi-Fi_Array(config)# reset] is used to reset all settings to their default values then reboot the Array.
Wireless Array restore The restore command [Xirrus_Wi-Fi_Array(config)# restore] is used to restore configuration to a version that was previously saved locally. 442 Command Description ? Use this to display the list of available config files. FORMAT: restore ? Enter the name of the locally saved configuration to restore.
Wireless Array roaming-assist The roaming-assist command [Xirrus_Wi-Fi_Array(config)# roaming-assist] is used to configure roaming assistance settings. See also, “Roaming Assist” on page 342. Command Description data-rate Set minimum packet data rate before roaming, in Mbps. FORMAT: roaming-assist data-rate <1-99> devices Set device types or classes to assist. FORMAT: roaming-assist devices all | unidentified | DEVICE-CLASS | DEVICE-TYPE disable Disable roaming assist.
Wireless Array run-tests The run-tests command [Xirrus_Wi-Fi_Array(run-tests)#] is used to enter runtests mode, which allows you to perform a range of tests on the Array. Command Description Enter run-tests mode. FORMAT: run-tests iperf Execute iperf utility. FORMAT: run-tests iperf kill-beacons Turn off beacons for selected single IAP. FORMAT: run-tests kill-beacons [off | iap-name] kill-proberesponses led Turn off probe responses for selected single IAP.
Wireless Array Command radius-ping Description Special ping utility to test the connection to a RADIUS server.
Wireless Array Command telnet Description Execute telnet utility. FORMAT: run-tests telnet [hostname | ip-addr] [command-line-switches (optional)] traceroute Execute traceroute utility. FORMAT: run-tests traceroute [host-name | ip-addr] security The security command [Xirrus_Wi-Fi_Array(config-security)#] is used to establish the security parameters for the Array. Command 446 Description wep Set the WEP encryption parameters. FORMAT: security wep wpa Set the WEP encryption parameters.
Wireless Array snmp The snmp command [Xirrus_Wi-Fi_Array(config-snmp)#] is used to enable, disable, or configure SNMP. Command Description v2 Enable SNMP v2. FORMAT: snmp v2 v3 Enable SNMP v3. FORMAT: snmp v3 trap Configure traps for SNMP. Up to four trap destinations may be configured, and you may specify whether to send traps for authentication failure.
Wireless Array ssid The ssid command [Xirrus_Wi-Fi_Array(config-ssid)#] is used to establish your SSID parameters. Command 448 Description add Add an SSID. FORMAT: ssid add [newssid] del Delete an SSID. FORMAT: ssid del [oldssid] edit Edit an existing SSID. FORMAT: ssid edit [existingssid] reset Delete all SSIDs and restore the default SSID.
Wireless Array syslog The syslog command [Xirrus_Wi-Fi_Array(config-syslog)#] is used to enable, disable, or configure the Syslog server. Command Description console Enable or disable the display of Syslog messages on the console, and set the level to be displayed. All messages at this level and lower (i.e., more severe) will be displayed. FORMAT: syslog console [on/off] level [0-7] disable Disable the Syslog server. FORMAT: syslog disable email Disable the Syslog server.
Wireless Array Command Description off Disable the Syslog server. FORMAT: syslog off on Enable the Syslog server. FORMAT: syslog on primary secondary Set the IP address of the primary Syslog server and/or the severity level of messages to be logged. FORMAT: syslog primary [1.2.3.4] level [0-7] Set the IP address of the secondary (backup) Syslog server and/or the severity level of messages to be logged. FORMAT: syslog primary [1.2.3.
Wireless Array Command Description edit Modify an existing tunnel. FORMAT: tunnel edit [existingtunnel] reset Delete all existing tunnels. FORMAT: tunnel reset uptime The uptime command [Xirrus_Wi-Fi_Array(config)# uptime] is used to display the elapsed time since you last rebooted the Array. Command Description Display time since last reboot. FORMAT: uptime vlan The vlan command [Xirrus_Wi-Fi_Array(config-vlan)#] is used to establish your VLAN parameters.
Wireless Array Command delete edit native-vlan Description Delete a VLAN. FORMAT: vlan delete [oldvlan] Modify an existing VLAN. FORMAT: vlan edit [existingvlan] Assign a native VLAN (traffic is untagged). FORMAT: vlan native-vlan [nativevlan] no Disable the selected feature. FORMAT: vlan no [feature] reset Delete all existing VLANs. FORMAT: vlan reset wifi-tag The wifi-tag command [Xirrus_Wi-Fi_Array(config-wifi-tag)#] is used to enable or disable Wi-Fi tag capabilities.
Wireless Array Command Description off Disable wifi-tag. FORMAT: wifi-tag off on Enable wifi-tag. FORMAT: wifi-tag on tag-channel-bg Set an 802.11b or g channel for listening for tags. FORMAT: wifi-tag tag-channel-bg <1-255> udp-port Set the UDP port which a tagging server will use to query the Array for tagging information.
Wireless Array Sample Configuration Tasks This section provides examples of some of the common configuration tasks used with the Wireless Array, including: z “Configuring a Simple Open Global SSID” on page 455. z “Configuring a Global SSID using WPA-PEAP” on page 456. z “Configuring an SSID-Specific SSID using WPA-PEAP” on page 457. z “Enabling Global IAPs” on page 458. z “Disabling Global IAPs” on page 459. z “Enabling a Specific IAP” on page 460. z “Disabling a Specific IAP” on page 461.
Wireless Array Configuring a Simple Open Global SSID This example shows you how to configure a simple open global SSID. Figure 199.
Wireless Array Configuring a Global SSID using WPA-PEAP This example shows you how to configure a global SSID using WPA-PEAP encryption in conjunction with the Array’s Internal RADIUS server. Figure 200.
Wireless Array Configuring an SSID-Specific SSID using WPA-PEAP This example shows you how to configure an SSID-specific SSID using WPAPEAP encryption in conjunction with the Array’s Internal RADIUS server. Figure 201.
Wireless Array Enabling Global IAPs This example shows you how to enable all IAPs (radios), regardless of the wireless technology they use. Figure 202.
Wireless Array Disabling Global IAPs This example shows you how to disable all IAPs (radios), regardless of the wireless technology they use. Figure 203.
Wireless Array Enabling a Specific IAP This example shows you how to enable a specific IAP (radio). In this example, the IAP that is being enabled is a1 (the first IAP in the summary list). Figure 204.
Wireless Array Disabling a Specific IAP This example shows you how to disable a specific IAP (radio). In this example, the IAP that is being disabled is a2 (the second IAP in the summary list). Figure 205.
Wireless Array Setting Cell Size Auto-Configuration for All IAPs This example shows how to set the cell size for all enabled IAPs to be autoconfigured (auto). (See “Fine Tuning Cell Sizes” on page 33.) The auto_cell option may be used with global_settings, global_a_settings, or global_bg_settings. It sets the cell size of the specified IAPs to auto, and it launches an autoconfiguration to adjust the sizes.
Wireless Array Setting the Cell Size for All IAPs This example shows you how to establish the cell size for all IAPs (radios), regardless of the wireless technology they use. Be aware that if the intrude-detect feature is enabled on the monitor radio the cell size cannot be set globally — you must first disable the intrude-detect feature on the monitor radio. In this example, the cell size is being set to small for all IAPs. You have the option of setting IAP cell sizes to small, medium, large, or max.
Wireless Array Setting the Cell Size for a Specific IAP This example shows you how to establish the cell size for a specific IAP (radio). In this example, the cell size for a2 is being set to medium. You have the option of setting IAP cell sizes to small, medium, large, or max (the default is max). See also, “Fine Tuning Cell Sizes” on page 33. Figure 208.
Wireless Array Configuring VLANs on an Open SSID This example shows you how to configure VLANs on an Open SSID. # Setting the default route enables the Array to send management traffic, such as Syslog messages and SNMP information to a destination behind a router. Figure 209.
Wireless Array Configuring Radio Assurance Mode (Loopback Tests) The Array uses its built-in monitor radio to monitor other radios in the Array. Tests include sending probes on all channels and checking for a response, and checking whether beacons are received from the other radio. If a problem is detected, corrective actions are taken to recover. Loopback mode operation is described in detail in “Array Monitor and Radio Assurance Capabilities” on page 488.
Wireless Array Figure 210.
Wireless Array 468 The Command Line Interface
Wireless Array Appendices Appendices 469
Wireless Array Page is intentionally blank 470 Appendices
Wireless Array Appendix A: Quick Reference Guide This section contains product reference information. Use this section to locate the information you need quickly and efficiently. Topics include: z “Factory Default Settings” on page 471. z “Keyboard Shortcuts” on page 477. Factory Default Settings The following tables show the Wireless Array’s factory default settings. Host Name Setting Host name Default Value Serial Number (e.g.
Wireless Array Gigabit 1 and Gigabit 2 Setting Default Value Enabled Yes DHCP Yes Default IP Address 10.0.2.1 Default IP Mask 255.255.255.0 Default Gateway None Auto Negotiate On Duplex Full Speed 1000 Mbps MTU Size 1500 Management Enabled Yes Server Settings NTP Setting Default Value Enabled No Primary time.nist.gov Secondary pool.ntp.
Wireless Array Setting Local Syslog Level Maximum Internal Records Primary Server Default Value Information 500 None Primary Syslog Level Secondary Server Secondary Syslog Level Information None Information SNMP Setting Enabled Default Value Yes Read-Only Community String xirrus_read_only Read-Write Community String xirrus Trap Host null (no setting) Trap Port 162 Authorization Fail Port On DHCP Setting Enabled Default Value No Maximum Lease Time 300 minutes Default Lease Time 300 min
Wireless Array Setting NAT Default Value Disabled IP Gateway None DNS Domain None DNS Server (1 to 3) None Default SSID Setting Default Value ID xirrus VLAN None Encryption Off Encryption Type QoS None 2 Enabled Yes Broadcast On Security Global Settings - Encryption Setting Enabled Yes WEP Keys null (all 4 keys) WEP Key Length null (all 4 keys) Default Key ID 474 Default Value 1
Wireless Array Setting Default Value WPA Enabled No TKIP Enabled Yes AES Enabled Yes EAP Enabled Yes PSK Enabled No Pass Phrase null Group Rekey Disabled External RADIUS (Global) Setting Enabled Default Value Yes Primary Server None Primary Port 1812 Primary Secret xirrus Secondary Server Secondary Port Secondary Secret Time Out (before primary server is retired) Accounting Interval null (no IP address) 1812 null (no secret) 600 seconds Disabled 300 seconds Primary Server None
Wireless Array Setting Primary Secret Default Value null (no secret) Secondary Server None Secondary Port 1813 Secondary Secret null (no secret) Internal RADIUS Setting Enabled Default Value No The user database is cleared upon reset to the factory defaults. For the Internal RADIUS Server you have a maximum of 1,000 entries.
Wireless Array Setting Serial Default Value On Serial timeout 300 seconds Management over IAPs http timeout Off 300 seconds Keyboard Shortcuts The following table shows the most common keyboard shortcuts used by the Command Line Interface. Action Shortcut Cut selected data and place it on the clipboard. Ctrl + X Copy selected data to the clipboard. Ctrl + C Paste data from the clipboard into a document (at the insertion point). Ctrl + V Go to top of screen.
Wireless Array 478
Wireless Array Appendix B: FAQ and Special Topics This appendix provides valuable support information that can help you resolve technical difficulties. Before contacting Xirrus, review all topics below and try to determine if your problem resides with the Wireless Array or your network infrastructure.
Wireless Array z The Wireless Array should only be used with Wi-Fi certified client devices. See Also Contact Information Multiple SSIDs Security VLAN Support Frequently Asked Questions This section answers some of the most frequently asked questions, organized by functional area. Multiple SSIDs Q. What Are BSSIDs and SSIDs? A. BSSID (Basic Service Set Identifier) refers to an individual access point radio and its associated clients.
Wireless Array Q. What would I use SSIDs for? A. The creation of different wireless network names allows system administrators to separate types of users with different requirements. The following policies can be tied to an SSID: z Minimum security required to join this SSID. z The wireless Quality of Service (QoS) desired for this SSID. z The wired VLAN associated with this SSID.
Wireless Array 6. If desired (optional), you can select which radios this SSID will not be available on — the default is to make this SSID available on all radios. 7. Click on the Save changes to flash if you wish to make your changes permanent. 8. If you need to edit any of the SSID settings, you can do so from the SSID Management page. See Also Contact Information General Hints and Tips Security SSIDs SSID Management VLAN Support Security Q. How do I know my management session is secure? A.
Wireless Array z Configuration auditing Do not change approved configuration settings. The optional Xirrus Management System (XMS) offers powerful management features for small or large Wireless Array deployments, and can audit your configuration settings automatically. In addition, using the XMS eliminates the need for an FTP server. Q. Which wireless data encryption method should I use? A. Wireless data encryption prevents eavesdropping on data being transmitted or received over the airwaves.
Wireless Array older wireless clients). Because AES is the strongest encryption standard currently available, it is highly recommended for Enterprise networks. Any of the above encryption modes can be used (and can be used at the same time). # TKIP encryption does not support high throughput rates, per the IEEE 802.11n. Q. Which user authentication method should I use? A. User authentication ensures that users are who they say they are.
Wireless Array number of users — in this case, enter the MAC addresses of each user in the Allow list. In the event of a lost or stolen MAC adapter, enter the affected MAC address in the Deny list. Q. Why do I need to authenticate my Wireless Array units? A. When deploying multiple Wireless Arrays, you may need to define which units are part of which wireless network (for example, if you are establishing more than one network).
Wireless Array VLANs are defined and implemented using the wired network switches that are VLAN capable. Packets are tagged for transmission on a particular VLAN according to the IEEE 802.1Q standard, with VLAN switches processing packets according to the tag. Q. What would I use VLANs for? A. Logically separating different types of users, systems, applications, or other logical division aids in performance and management of different network devices.
Wireless Array Contact Information General Hints and Tips Multiple SSIDs Security 487
Wireless Array Array Monitor and Radio Assurance Capabilities All models of the Wireless Array have integrated monitoring capabilities to check that the Array’s radios are functioning correctly, and act as a threat sensor to detect and prevent intrusion from rogue access points. Enabling Monitoring on the Array Any radio may be set to monitor the Array or to be a normal IAP radio.
Wireless Array Radio Assurance The Array is capable of performing continuous, comprehensive tests on its radios to assure that they are operating properly. Testing is enabled using the Radio Assurance Mode setting on the Advanced RF Settings window (Step 2 in “Advanced RF Settings” on page 320). When this mode is enabled, the monitor radio performs loopback tests on the Array. Radio Assurance Mode requires Intrusion Detection to be set to Standard (See Step 1 in “Advanced RF Settings” on page 320).
Wireless Array Radio Assurance Options If the monitor detects a problem with an Array radio as described above, it will take action according to the preference that you have specified in the Radio Assurance Mode setting on the Advanced RF Settings window (see Step 2 page 322): 490 z Failure alerts only — The Array will issue alerts in the Syslog, but will not initiate repairs or reboots.
Wireless Array RADIUS Vendor Specific Attribute (VSA) for Xirrus A RADIUS VSA is defined for Xirrus Arrays to control administrator privileges settings for user accounts. The RADIUS VSA is used by Arrays to define the following attribute for administrator accounts: z Array administrators — the Xirrus-Admin-Role attribute sets the privilege level for this account. Set the value to the string defined in Privilege Level Name as described in “About Creating Admin Accounts on the RADIUS Server” on page 218.
Wireless Array Location Service Data Formats Xirrus Arrays are able to capture and upload visitor analytics data, acting as a sensor network in addition to providing wireless connectivity. This data is sent to the location server in different formats, based on the type of server. The Location Server URL, Location Customer Key, and Location Period for reporting data are configured under Location settings. See “Location” on page 186 for details.
Wireless Array Field Name Description ap AP Flag 1=AP, 0=Station cn Count Count of frames heard from device during this window ot Origin Time Timestamp of first frame in this window (Unix time in seconds) ct Current Time Timestamp of last frame in this window (Unix time in seconds) cf Current Frequency Frequency (MHz) last frame was heard on il Interval Low Minimum interval between frames (within 24 hr period) ih Interval High Maximum interval between frames (within 24 hr period) sl
Wireless Array Upgrading the Array via CLI If you are experiencing difficulties communicating with the Array using the Web Management Interface, the Array provides lower-level facilities that may be used to accomplish an upgrade via the CLI and the Xirrus Boot Loader (XBL). 1. Download the latest software update from the Xirrus FTP site using your Enhanced Care FTP username and password. If you do not have an FTP username and password, contact Xirrus Customer Service for assistance (support@xirrus.com).
Wireless Array Boot your Array and watch the progress messages. When Press space bar to exit to bootloader: is displayed, press the space bar. The rest of this procedure is performed using the bootloader. The following steps assume that you are running DHCP on your local network. 5. Type dhcp and hit return. This instructs the Array to obtain a DHCP address and use it during this boot in the bootloader environment. 6. Type dir and hit return to see what's currently in the compact flash. 7.
Wireless Array L1 cache | Data: 32 KB Inst: 32 KB Status : Enabled Watchdog | Enabled (5 secs) I2C Bus | 400 KHz DTT | CPU:34C RF0:34C RF1:34C RF2:27C RF3:29C RTC | Wed 2007-Nov-05 6:43:14 GMT System DDR | 256 MB, Unbuffered Non-ECC (2T) L2 cache | 256 KB, Enabled FLASH | 4 MB, CRC: OK FPGA | 2 Devices programmed Packet DDR | 256 MB, Unbuffered Non-ECC, Enabled Network | Mot FEC Mot TSEC1 [Primary] Mot TSEC2 IDE Bus 0 | OK CFCard | 122 MB, Model: Hitachi XXM2.3.
Wireless Array XBL>del * [CFCard] Delete : 2 file(s) deleted XBL>update server 192.168.39.102 xs-3.0-0425.bin [TFTP ] Device : Mot TSEC1 1000BT Full Duplex [TFTP ] Client : 192.168.39.195 [TFTP ] Server : 192.168.39.102 [TFTP ] File : xs-3.0-0425.bin [TFTP ] Address : 0x1000000 [TFTP ] Loading : ################################################## [TFTP ] Loading : ################################################## [TFTP ] Loading : ###### done [TFTP ] Complete: 12.9 sec, 2.
Wireless Array L2 cache | 256 KB, Enabled FLASH | 4 MB, CRC: OK FPGA | 2 Devices programmed Packet DDR | 256 MB, Unbuffered Non-ECC, Enabled Network | Mot FEC Mot TSEC1 [Primary] Mot TSEC2 IDE Bus 0 | OK CFCard | 122 MB, Model: Hitachi XXM2.3.0 Environment| 4 KB, Initialized In: serial Out: serial Err: serial Press space bar to exit to bootloader: [CFCard] File : xs*.bin [CFCard] Address : 0x1000000 [CFCard] Loading : ############################################### done [CFCard] Complete: 26.9 sec, 1.
Wireless Array Contact Information Xirrus, Inc. is located in Thousand Oaks, California, just 55 minutes northwest of downtown Los Angeles and 40 minutes southeast of Santa Barbara. Xirrus, Inc. 2101 Corporate Center Drive Thousand Oaks, CA 91320 USA Tel: Fax: 1.805.262.1600 1.800.947.7871 Toll Free in the US 1.866.462.3980 www.xirrus.com support.xirrus.
Wireless Array 500
Wireless Array Appendix C: Notices (Arrays except XR-500/600 and Models Ending in H) # This Appendix contains Notices, Warnings, and Compliance information for all Array models except for the following: For the XR-500/600 Series, please see “Appendix D: Notices (XR500/600 Series Only)” on page 523. For models ending in H (such as the XR-520H), please see the Quick Installation Guide for that model.
Wireless Array This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate RF energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.
Wireless Array Battery Warning ! Caution! The Array contains a battery which is not to be replaced by the customer. Danger of Explosion exists if the battery is incorrectly replaced. Replace only with the same or equivalent type recommended by the manufacturer. Dispose of used batteries according to the manufacturer's instructions. UL Statement Use only with listed ITE product.
Wireless Array Conformément à la réglementation d'Industrie Canada, le présent émetteur radio peut fonctionner avec une antenne d'un type et d'un gain maximal (ou inférieur) approuvé pour l'émetteur par Industrie Canada. Dans le but de réduire les risques de brouillage radioélectrique à l'intention des autres utilisateurs, il faut choisir le type d'antenne et son gain de sorte que la puissance isotrope rayonnée équivalente (p.i.r.e.
Wireless Array EU Directive 1999/5/EC Compliance Information # This Appendix contains Notices, Warnings, and Compliance information for all Array models except for the XR-500/600 Series and models ending in H. For Notices, Warnings, and Compliance information for those models, see the notes at the beginning of this chapter. This section contains compliance information for the Xirrus Wireless Array family of products.
Wireless Array Français [French] Cet appareil est conforme aux exigences essentielles et aux autres dispositions pertinentes de la Directive 1999/5/EC. slenska [Icelandic] Þetta tæki er samkvæmt grunnkröfum og öðrum viðeigandi ákvæðum Tilskipunar 1999/5/EC. Italiano [Italian] Questo apparato é conforme ai requisiti essenziali ed agli altri principi sanciti dalla Direttiva 1999/5/CE. Latviski [Latvian] Š! iek"rta atbilst Direkt!vas 1999/5/EK b#tiskaj" pras!b"m un citiem ar to saist!tajiem noteikumiem.
Wireless Array Slovensko [Slovenian] Ta naprava je skladna z bistvenimi zahtevami in ostalimi relevantnimi popoji Direktive 1999/5/EC. Slovensky [Slovak] Toto zariadenie je v zhode so základnými požadavkami a inými prislušnými nariadeniami direktiv: 1999/5/EC. Suomi [Finnish] Tämä laite täyttää direktiivin 1999/5//EY olennaiset vaatimukset ja on siinä asetettujen muiden laitetta koskevien määräysten mukainen.
Wireless Array WEEE Compliance 508 z Natural resources were used in the production of this equipment. z This equipment may contain hazardous substances that could impact the health of the environment. z In order to avoid harm to the environment and consumption of natural resources, we encourage you to use appropriate take-back systems when disposing of this equipment.
Wireless Array National Restrictions In the majority of the EU and other European countries, the 2.4 GHz and 5 GHz bands have been made available for the use of Wireless LANs. The following table provides an overview of the regulatory requirements in general that are applicable for the 2.4 GHz and 5 GHz bands. Frequency Band (MHz) Max Power Level (EIRP) (mW) Indoor Outdoor 2400–2483.
Wireless Array Les liasons sans fil pour une utilisation en extérieur d’une distance supérieure à 300 mèters doivent être notifiées à l’Institut Belge des services Postaux et des Télécommunications (IBPT). Visitez www.bipt.be pour de plus amples détails. Greece A license from EETT is required for the outdoor operation in the 5470 MHz to 5725 MHz band. Xirrus recommends checking www.eett.gr for more details.
Wireless Array Antennas The Xirrus Wireless Array employs integrated antennas that cannot be removed and which are not user accessible. Nevertheless, as regulatory limits are not the same throughout the EU, users may need to adjust the conducted power setting for the radio to meet the EIRP limits applicable in their country or region. Adjustments can be made from the product’s management interface — either Web Management Interface (WMI) or Command Line Interface (CLI).
Wireless Array Compliance Information (Non-EU) # This Appendix contains Notices, Warnings, and Compliance information for all Array models except for the XR-500/600 Series and models ending in H. For Notices, Warnings, and Compliance information for those models, see the notes at the beginning of this chapter. This section contains compliance information for the Xirrus Wireless Array family of products.
Wireless Array Safety Warnings # This Appendix contains Notices, Warnings, and Compliance information for all Array models except for the XR-500/600 Series and models ending in H. For Notices, Warnings, and Compliance information for those models, see the notes at the beginning of this chapter. ! Safety Warnings ! Explosive Device Proximity Warning ! Lightning Activity Warning ! Circuit Breaker Warning Read all user documentation before powering this device.
Wireless Array Translated Safety Warnings # This Appendix contains Notices, Warnings, and Compliance information for all Array models except for the XR-500/600 Series and models ending in H. For Notices, Warnings, and Compliance information for those models, see the notes at the beginning of this chapter. Avertissements de Sécurité 514 ! Sécurité ! Proximité d'appareils explosifs ! Foudre ! Disjoncteur Lisez l'ensemble de la documentation utilisateur avant de mettre cet appareil sous tension.
Wireless Array Software License and Product Warranty Agreement THIS SOFTWARE LICENSE AGREEMENT (THE “AGREEMENT”) IS A LEGAL AGREEMENT BETWEEN YOU (“CUSTOMER”) AND LICENSOR (AS DEFINED BELOW) AND GOVERNS THE USE OF THE SOFTWARE INSTALLED ON THE PRODUCT (AS DEFINED BELOW).
Wireless Array the Product in accordance with the accompanying Documentation and for no other purpose. 2.2 Ownership. The license granted under Sections 2.1 above with respect to the Software does not constitute a transfer or sale of Licensor's or its suppliers' ownership interest in or to the Software, which is solely licensed to Customer. The Software is protected by both national and international intellectual property laws and treaties.
Wireless Array 3.0 LIMITED WARRANTY AND LIMITATION OF LIABILITY 3.1 Limited Warranty & Exclusions. Licensor warrants that the Software will perform in substantial accordance with the specifications therefore set forth in the Documentation for a period of ninety [90] days after Customer's acceptance of the terms of this Agreement with respect to the Software (“Warranty Period”).
Wireless Array 3.4 Limitation of Liability. (a) TOTAL LIABILITY. NOTWITHSTANDING ANYTHING ELSE HEREIN, ALL LIABILITY OF LICENSOR AND ITS SUPPLIERS UNDER THIS AGREEMENT SHALL BE LIMITED TO THE AMOUNT PAID BY CUSTOMER FOR THE RELEVANT SOFTWARE, OR PORTION THEREOF, THAT GAVE RISE TO SUCH LIABILITY OR ONE HUNDRED UNITED STATES DOLLARS (US$100), WHICHEVER IS GREATER. THE LIABILITY OF LICENSOR AND ITS SUPPLIERS UNDER THIS SECTION SHALL BE CUMULATIVE AND NOT PER INCIDENT. (b) DAMAGES.
Wireless Array protective of a party's right in such Confidential Information as those set forth herein. 4.2 Return of Materials. Customer agrees to (i) destroy all Confidential Information (including deleting any and all copies contained on any of Customer's Designated Hardware or the Product) within fifteen (15) days of the date of termination of this Agreement or (ii) if requested by Licensor, return, any Confidential Information to Licensor within thirty (30) days of Licensor's written request. 5.
Wireless Array 6. MISCELLANEOUS If Customer is a corporation, partnership or similar entity, then the license to the Software and Documentation that is granted under this Agreement is expressly conditioned upon and Customer represents and warrants to Licensor that the person accepting the terms of this Agreement is authorized to bind such entity to the terms and conditions herein.
Wireless Array Hardware Warranty Agreement PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THIS PRODUCT BY USING THIS PRODUCT, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD ALL THE TERMS AND CONDITIONS OF THIS AGREEMENT AND THAT YOU ARE CONSENTING TO BE BOUND BY THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, RETURN THE UNUSED PRODUCT TO THE PLACE OF PURCHASE FOR A FULL REFUND. LIMITED WARRANTY.
Wireless Array whether in contract, tort (including negligence), or otherwise, exceed the price paid by Customer. The foregoing limitations shall apply even if the above-stated warranty fails of its essential purpose. SOME STATES DO NOT ALLOW LIMITATION OR EXCLUSION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES. The above warranty DOES NOT apply to any evaluation Equipment made available for testing or demonstration purposes. All such Equipment is provided AS IS without any warranty whatsoever.
Wireless Array Appendix D: Notices (XR500/600 Series Only) # This Appendix contains Notices, Warnings, and Compliance information for the XR500/600 Series only. For Notices, Warnings, and Compliance information for models ending in H (such as the XR-520H), please see the Quick Installation Guide for that product. For Notices, Warnings, and Compliance information for all other Arrays, please see “Appendix C: Notices (Arrays except XR-500/600 and Models Ending in H)” on page 501.
Wireless Array (2) this device must accept any interference received, including interference that may cause unwanted operation. This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
Wireless Array Non-Modification Statement Unauthorized changes or modifications to the device are not permitted. Use only the supplied internal antenna, or external antennas supplied by the manufacturer. Modifications to the device will void the warranty and may violate FCC regulations.
Wireless Array interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. Ce dispositif est conforme à la norme CNR-210 d'Industrie Canada applicable aux appareils radio exempts de licence.
Wireless Array EU Directive 1999/5/EC Compliance Information # This Appendix contains Notices, Warnings, and Compliance information for the XR500/600 Series only. For other models, see the notes under “Appendix C: Notices (Arrays except XR-500/600 and Models Ending in H)” on page 501. This section contains compliance information for the Xirrus Wireless Array family of products.
Wireless Array Français [French] Cet appareil est conforme aux exigences essentielles et aux autres dispositions pertinentes de la Directive 1999/5/EC. slenska [Icelandic] Þetta tæki er samkvæmt grunnkröfum og öðrum viðeigandi ákvæðum Tilskipunar 1999/5/EC. Italiano [Italian] Questo apparato é conforme ai requisiti essenziali ed agli altri principi sanciti dalla Direttiva 1999/5/CE. Latviski [Latvian] Š! iek"rta atbilst Direkt!vas 1999/5/EK b#tiskaj" pras!b"m un citiem ar to saist!tajiem noteikumiem.
Wireless Array Slovensko [Slovenian] Ta naprava je skladna z bistvenimi zahtevami in ostalimi relevantnimi popoji Direktive 1999/5/EC. Slovensky [Slovak] Toto zariadenie je v zhode so základnými požadavkami a inými prislušnými nariadeniami direktiv: 1999/5/EC. Suomi [Finnish] Tämä laite täyttää direktiivin 1999/5//EY olennaiset vaatimukset ja on siinä asetettujen muiden laitetta koskevien määräysten mukainen.
Wireless Array WEEE Compliance 530 z Natural resources were used in the production of this equipment. z This equipment may contain hazardous substances that could impact the health of the environment. z In order to avoid harm to the environment and consumption of natural resources, we encourage you to use appropriate take-back systems when disposing of this equipment.
Wireless Array National Restrictions In the majority of the EU and other European countries, the 2.4 GHz and 5 GHz bands have been made available for the use of Wireless LANs. The following table provides an overview of the regulatory requirements in general that are applicable for the 2.4 GHz and 5 GHz bands. Frequency Band (MHz) Max Power Level (EIRP) (mW) Indoor Outdoor 2400–2483.
Wireless Array Les liasons sans fil pour une utilisation en extérieur d’une distance supérieure à 300 mèters doivent être notifiées à l’Institut Belge des services Postaux et des Télécommunications (IBPT). Visitez www.bipt.be pour de plus amples détails. Greece A license from EETT is required for the outdoor operation in the 5470 MHz to 5725 MHz band. Xirrus recommends checking www.eett.gr for more details.
Wireless Array Antennas The Xirrus Wireless Array employs integrated antennas that cannot be removed and which are not user accessible. Nevertheless, as regulatory limits are not the same throughout the EU, users may need to adjust the conducted power setting for the radio to meet the EIRP limits applicable in their country or region. Adjustments can be made from the product’s management interface — either Web Management Interface (WMI) or Command Line Interface (CLI).
Wireless Array Compliance Information (Non-EU) # This Appendix contains Notices, Warnings, and Compliance information for the XR500/600 Series only. For other models, see the notes under “Appendix C: Notices (Arrays except XR-500/600 and Models Ending in H)” on page 501. This section contains compliance information for the Xirrus Wireless Array family of products.
Wireless Array Safety Warnings # This Appendix contains Notices, Warnings, and Compliance information for the XR500/600 Series only. For other models, see the notes under “Appendix C: Notices (Arrays except XR-500/600 and Models Ending in H)” on page 501. ! Safety Warnings ! Explosive Device Proximity Warning ! Lightning Activity Warning ! Circuit Breaker Warning Read all user documentation before powering this device. All Xirrus interconnected equipment should be contained indoors.
Wireless Array Translated Safety Warnings # This Appendix contains Notices, Warnings, and Compliance information for the XR500/600 Series only. For other models, see the notes under “Appendix C: Notices (Arrays except XR-500/600 and Models Ending in H)” on page 501. Avertissements de Sécurité 536 ! Sécurité ! Proximité d'appareils explosifs ! Foudre ! Disjoncteur Lisez l'ensemble de la documentation utilisateur avant de mettre cet appareil sous tension.
Wireless Array Software License and Product Warranty Agreement THIS SOFTWARE LICENSE AGREEMENT (THE “AGREEMENT”) IS A LEGAL AGREEMENT BETWEEN YOU (“CUSTOMER”) AND LICENSOR (AS DEFINED BELOW) AND GOVERNS THE USE OF THE SOFTWARE INSTALLED ON THE PRODUCT (AS DEFINED BELOW).
Wireless Array the Product in accordance with the accompanying Documentation and for no other purpose. 2.2 Ownership. The license granted under Sections 2.1 above with respect to the Software does not constitute a transfer or sale of Licensor's or its suppliers' ownership interest in or to the Software, which is solely licensed to Customer. The Software is protected by both national and international intellectual property laws and treaties.
Wireless Array 3.0 LIMITED WARRANTY AND LIMITATION OF LIABILITY 3.1 Limited Warranty & Exclusions. Licensor warrants that the Software will perform in substantial accordance with the specifications therefore set forth in the Documentation for a period of ninety [90] days after Customer's acceptance of the terms of this Agreement with respect to the Software (“Warranty Period”).
Wireless Array 3.4 Limitation of Liability. (a) TOTAL LIABILITY. NOTWITHSTANDING ANYTHING ELSE HEREIN, ALL LIABILITY OF LICENSOR AND ITS SUPPLIERS UNDER THIS AGREEMENT SHALL BE LIMITED TO THE AMOUNT PAID BY CUSTOMER FOR THE RELEVANT SOFTWARE, OR PORTION THEREOF, THAT GAVE RISE TO SUCH LIABILITY OR ONE HUNDRED UNITED STATES DOLLARS (US$100), WHICHEVER IS GREATER. THE LIABILITY OF LICENSOR AND ITS SUPPLIERS UNDER THIS SECTION SHALL BE CUMULATIVE AND NOT PER INCIDENT. (b) DAMAGES.
Wireless Array protective of a party's right in such Confidential Information as those set forth herein. 4.2 Return of Materials. Customer agrees to (i) destroy all Confidential Information (including deleting any and all copies contained on any of Customer's Designated Hardware or the Product) within fifteen (15) days of the date of termination of this Agreement or (ii) if requested by Licensor, return, any Confidential Information to Licensor within thirty (30) days of Licensor's written request. 5.
Wireless Array 6. MISCELLANEOUS If Customer is a corporation, partnership or similar entity, then the license to the Software and Documentation that is granted under this Agreement is expressly conditioned upon and Customer represents and warrants to Licensor that the person accepting the terms of this Agreement is authorized to bind such entity to the terms and conditions herein.
Wireless Array Hardware Warranty Agreement PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THIS PRODUCT BY USING THIS PRODUCT, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD ALL THE TERMS AND CONDITIONS OF THIS AGREEMENT AND THAT YOU ARE CONSENTING TO BE BOUND BY THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, RETURN THE UNUSED PRODUCT TO THE PLACE OF PURCHASE FOR A FULL REFUND. LIMITED WARRANTY.
Wireless Array whether in contract, tort (including negligence), or otherwise, exceed the price paid by Customer. The foregoing limitations shall apply even if the above-stated warranty fails of its essential purpose. SOME STATES DO NOT ALLOW LIMITATION OR EXCLUSION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES. The above warranty DOES NOT apply to any evaluation Equipment made available for testing or demonstration purposes. All such Equipment is provided AS IS without any warranty whatsoever.
Wireless Array Appendix E: Medical Usage Notices Xirrus XR 1000/2000/4000/6000 Series wireless devices have been tested and found to comply with the requirements of IEC 60601 1 2. Section 5.2.1.1 The Xirrus wireless device needs special precautions regarding EMC and must be installed and put into service according to the EMC information provided in this User’s Guide and in the Quick Installation Guide for the Xirrus Array or AP.
Wireless Array Section 5.2.2.1 (f) Table 2 Guidance and manufacturer’s declaration – electromagnetic immunity Xirrus wireless devices are intended for use in the electromagnetic environment specified below. The customer or the user of the Xirrus wireless device should assure that it is used in such an environment.
Wireless Array Section 5.2.2.1 (g) Xirrus Wireless devices have no essential performance per IEC 60601 1 2. Section 5.2.2.2 – Tables 4 and 6 Table 4 for non life supporting equipment Guidance and manufacturer’s declaration – electromagnetic immunity Xirrus wireless devices are intended for use in the electromagnetic environment specified below. The customer or the user of the Xirrus device should assure that it is used in such an environment.
Wireless Array NOTE 1 At 80 MHz and 800 MHz, the higher frequency range applies. NOTE 2 These guidelines may not apply in all situations. Electromagnetic propagation is affected by absorption and reflection from structures, objects and people. a Field strengths from fixed transmitters, such as base stations for radio (cellular/cordless) telephones and land mobile radios, amateur radio, AM and FM radio broadcast and TV broadcast cannot be predicted theoretically with accuracy.
Wireless Array Section 5.2.2.5 RF Channels Supported 2.
Wireless Array 550 Appendix E: Medical Usage Notices
Wireless Array Glossary of Terms 802.11a A supplement to the IEEE 802.11 WLAN specification that describes radio transmissions at a frequency of 5 GHz and data rates of up to 54 Mbps. 802.11b A supplement to the IEEE 802.11 WLAN specification that describes radio transmissions at a frequency of 2.4 GHz and data rates of up to 11 Mbps. 802.11d A supplement to the Media Access Control (MAC) layer in 802.11 to promote worldwide use of 802.11 WLANs.
Wireless Array authentication The process that a station, device, or user employs to announce its identify to the network which validates it. IEEE 802.11 specifies two forms of authentication, open system and shared key. bandwidth Specifies the amount of the frequency spectrum that is usable for data transfer. In other words, it identifies the maximum data rate a signal can attain on the medium without encountering significant attenuation (loss of power).
Wireless Array cell The basic geographical unit of a cellular communications system. Service coverage of a given area is based on an interlocking network of cells, each with a radio base station (transmitter/receiver) at its center. The size of each cell is determined by the terrain and forecasted number of users. channel A specific portion of the radio spectrum — the channels allotted to one of the wireless networking protocols. For example, 802.11b and 802.11g use 14 channels in the 2.
Wireless Array domain The main name/Internet address of a user's Internet site as registered with the InterNIC organization, which handles domain registration on the Internet. For example, the “domain” address for Xirrus is: http://www.xirrus.com, broken down as follows: z http:// represents the Hyper Text Teleprocessing Protocol used by all Web pages. z www is a reference to the World Wide Web. z xirrus refers to the company. z com specifies that the domain belongs to a commercial enterprise.
Wireless Array encryption Any procedure used in cryptography to translate data into a form that can be decrypted and read only by its intended receiver. Fast Ethernet A version of standard Ethernet that runs at 100 Mbps rather than 10 Mbps. FCC (Federal Communications Commission) US wireless regulatory authority. The FCC was established by the Communications Act of 1934 and is charged with regulating Interstate and International communications by radio, television, wire, satellite and cable.
Wireless Array host name The unique name that identifies a computer on a network. On the Internet, the host name is in the form comp.xyz.net. If there is only one Internet site the host name is the same as the domain name. One computer can have more than one host name if it hosts more than one Internet site (for example, home.xyz.net and comp.xyz.net). In this case, comp and home are the host names and xyz.net is the domain name. IPsec A Layer 3 authentication and encryption protocol. Used to secure VPNs.
Wireless Array packet Data sent over a network is broken down into many small pieces — packets — by the Transmission Control Protocol layer of TCP/IP. Each packet contains the address of its destination as well the data. Packets may be sent on any number of routes to their destination, where they are reassembled into the original data. This system is optimal for connectionless networks, such as the Internet, where there are no fixed connections between two locations.
Wireless Array public key In cryptography, one of a pair of keys (one public and one private) that are created with the same algorithm for encrypting and decrypting messages and digital signatures. The public key is made publicly available for encryption and decryption. QoS (Quality of Service) QoS can be used to describe any number of ways in which a network provider prioritizes or guarantees a service's performance.
Wireless Array SSH (Secure SHell) Developed by SSH Communications Security, Secure Shell is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. The Array only allows SSH-2 connections. SSH-2 provides strong authentication and secure communications over insecure channels. SSH-2 protects a network from attacks, such as IP spoofing, IP source routing, and DNS spoofing.
Wireless Array VLAN (Virtual LAN) A group of devices that communicate as a single network, even though they are physically located on different LAN segments. Because VLANs are based on logical rather than physical connections, they are extremely flexible. A device that is moved to another location can remain on the same VLAN without any hardware reconfiguration.
Wireless Array Wi-Fi Alliance A nonprofit international association formed in 1999 to certify interoperability of wireless Local Area Network products based on IEEE 802.11 specification. The goal of the Wi-Fi Alliance's members is to enhance the user experience through product interoperability. Wireless Array A high capacity wireless networking device consisting of multiple radios arranged in a circular array. WPA (Wi-Fi Protected Access) A Wi-Fi Alliance standard that contains a subset of the IEEE 802.
Wireless Array 562 Glossary of Terms
Wireless Array Index Numerics 11ac see 802.11ac 312 802.11a 3, 4, 279, 298 802.11a/b/g 28 802.11a/b/g/n 16 802.11a/n 16, 64, 253 802.11ac WMI page 312 802.11b 3, 4, 303 802.11b/g 279, 303 802.11b/g/n 16, 64, 253 802.11e 17 802.11g 3, 4, 303 802.11i 4, 72, 159 802.11n 4 WMI page 309 802.11p 17 802.11q 17 802.
Wireless Array application control update (signature file) 381 approved setting rogues 117 APs 57, 116, 241, 243, 482 rogues, blocking 337 APs, rogue see rogue APs 320, 338 APs, XR overview 4 ARP filtering 295 ARP table window 106 Array 30, 63, 64, 80, 159, 167 connecting 63 dismounting 63 management 371 mounting 63 powering up 64 securing 63 Web Management Interface 80 ArrayOS upgrade 374 Arrays managing in clusters 360 Arrays, XR 1 overview 4 associated users 30 assurance network server connectivity 109,
Wireless Array BSSID 116, 480 buttons 87 C capacity of 802.11n 43 cascading style sheet sample for web page redirect 383 cdp 412 CDP (Cisco Discovery Protocol) settings 178 cdp CLI command 412 CDP neighbors 108 cell sharp cell 320 cell size 30, 279 auto-configuration 320 cell size configuration 320 certificate about 212, 226 authority 212, 226 error 212, 226 install Xirrus authority 226 X.
Wireless Array dns 420 file 421 filter 425 group 416, 429 hostname 429 interface 430 load 430 location 431 location-reporting 432, 443 management 433 mdm (mobile device management) Airwatch 434 more 435 netflow 436 no 437 quit 440 radius-server 439, 440 reboot 441, 451 reset 441 restore 442 run-tests 444 security 446 show 405 snmp 447 ssid 448 statistics 408 syslog 449 tunnel 450 vlan 451 Community String 473 configuration 157, 482 express setup 159 reset to factory defaults 379 configuration changes applyi
Wireless Array see impersonation attack 340 see impersonation detection 339 see intrusion detection 339, 340 device management see Mobile Device Management 366 DHCP 30, 67, 72, 159, 167, 472 default settings 473 leases window 107 DHCP Server 180 diagnostics log, create file 380 display WMI options 392 DNS 72, 159, 177 DNS domain 177 DNS server 177 Domain Name System 177 DoS attack detection settings 339 DTIM 285 DTIM period 285 duplex 167 dynamic VLAN overridden by group 273 encryption method (encryption m
Wireless Array features 15, 53, 167, 184, 188, 285, 482 and license key 375 feedback 87 filter list 352 filter name 354 filtering IPv6 296 filters 351, 352, 354 stateful filtering, disabling 353 statistics 144 Firefox 26 firewall 351 and port usage 49 stateful filtering, disabling 353 fragmentation threshold 298, 303 frequently asked questions 480 FTP 482 FTP server 27 G General Hints 479 getting started express setup 159 Gigabit 60, 67, 72, 159, 167, 471 global settings 285, 298, 303 glossary of terms 551
Wireless Array MIMO 38 multiple data streams 39 spatial multiplexing 39 WMI page 309 IEEE 802.
Wireless Array location service data formats 492 log diagnostics, create file 380 log messages counters 85 log, IDS(intrusion detection) viewing window 155 log, system (event) viewing window 147, 154 logging in 67, 88 Login 88 login via Console port 218 login page web page redirect 260, 382 web page redirect, customize 263 logout 395 long retry limit 285 loopback see radio assurance 466 loopback testing radio assurance mode 320 M MAC 47, 67, 480, 482 MAC Access Control Lists 47 MAC Access List 228 MAC addr
Wireless Array network assurance 109, 225 network connections 60, 88, 482 network installation 25, 469 network interface ports 67 network interfaces 167, 471 network status ARP table window 106 connection tracking window 107 routing table window 106 viewing leases 107 Network Time Protocol 72, 159, 181 network tools ping, traceroute, RADIUS ping 383 nomenclature 2 non-overlapping channels 16 NTP 72, 159, 181, 472 NTP Server 181 O Oauth CLI command auth 412 Open (encryption method) 210 optimization, VLAN 29
Wireless Array priority 253 SSID 247, 254 about setting QoS 481 default QoS 474 user group 273 quality of user experience 327 Quality of Service 17 see QoS 254, 273 quick reference guide 471 quick start express setup 159 R radio assurance (self-test) 321, 322 radio assurance (loopback testing) 320 radio assurance (loopback) mode 321, 322 radio distribution 15 radios naming 2 RADIUS 4, 25, 47, 57, 208, 228, 267, 472, 482 admin authentication 218 setting admin privileges 218 setting user VSAs 235 Vendor Spec
Wireless Array settings for blocking 335 Rogue AP List 116 rogue APs auto block settings 338 blocking 320 Rogue Control List 241, 243 rogue detection 16 rogues setting as known or approved 117 root command prompt 401 route trace route utility 383 routing table window 106 RPM (RF Performance Manager) 17 RSM (RF Security Manager) 18 RSSI 116 RTS 298, 303 RTS threshold 298, 303 S Safari 26 sample Perl and CSS files for 382 save with reboot 374 Save button 80 saved.
Wireless Array web page redirect, customize 263 SSH 25, 26, 53, 72, 159, 167, 209, 476, 482 SSH-2 209 SSID 4, 72, 80, 116, 159, 241, 243, 253, 474, 480, 485 about usage 481 active IAPs 266 honeypot, whitelist 259 QoS 247, 254 about using 481 QoS, about usage 481 web page redirect settings 257 web page redirect settings, about 260, 265 web page redirect settings, whitelist 264 SSID Access List 267 SSID address 267 SSID Management 253, 474, 480 standby mode 321 stateful filtering disabling 353 static IP 72, 1
Wireless Array timeout 285, 371 Tips 479 TKIP 17, 47, 57, 72, 159, 474, 482 TKIP encryption and XR Arrays 231 token CLI command auth 412 tool ping, trace route, RADIUS ping 383 Tools 371, 482 tools, network 383 tools, system 372 trace route utility 383 traffic filtering 351 limits and interactions 274 transmit power 30 Trap Host 473 trap port 193, 473 tunnel CLI command 450 tunneled fast roaming 296 Tunnels 204 tunnels see VTun 199, 203 U UDP port requirements 49 Unit 63 attaching 63 mounting 63 unknown se
Wireless Array Virtual Tunnel Server 199, 203 VTun specifying tunnel server 199, 203 understanding 199 W wall thickness considerations 28 warning messages 85 WDS 345, 347 about 54 long distance 283, 347 planning 54 statistics 142 timeouts 283, 347 WDS Client Links 347 Web interface structure and navigation 84 web interface 77 Web Management Interface 53, 63, 64, 67, 88, 480 Web Management Interface (WMI) 77 web page redirect 382 also called WPR 382 CHAP (Challenge-Handshake Authentication Protocol) 262 cus
Wireless Array Xirrus certificate authority 226 Xirrus Advanced RF Analysis Manager see RAM 19 Xirrus Advanced RF Performance Manager see RPM 17 Xirrus Advanced RF Security Manager see RSM 18 Xirrus Management System 4, 14, 17, 25, 27, 53, 482 SNMP required 193, 194 Xirrus Management System (XMS) 1 Xirrus PoGE Power Injectors 1 Xirrus Power over Gigabit Ethernet 25 Xirrus Roaming Protocol 16, 103, 296 XMS 4, 14, 17, 27 port requirements 49 setting IP address of 193 SNMP required 193, 194 XP PoGE Power Injec
Wireless Array 578 Index
High Performance Wireless Networks 1.800.947.7871 Toll Free in the US +1.805.262.1600 Sales +1.805.262.1601 Fax 2101 Corporate Center Drive Thousand Oaks, CA 91320, USA © 201 Xirrus, Inc. All Rights Reserved. The Xirrus logo is a registered trademark of Xirrus, Inc. All other trademarks are the property of their respective owners. Content subject to change without notice. To learn more visit: xirrus.com or email info@xirrus.