Wireless LAN Array Configuring the Xirrus Array This chapter covers configuration and management tasks using the product’s embedded Web Management Interface (WMI). It also includes a procedure for logging in to the XS-3900/XS-3700/XS-3500 with your Web browser. Section headings for this chapter include: z “Logging In” on page 69 z “Making Configuration Changes to the Array” on page 70 Logging In Use this procedure to log in to the WMI via your Web browser. 1.
Wireless LAN Array Making Configuration Changes to the Array This section has been organized into functional areas that reflect the flow and content of the WMI. Configuration instructions to the Wireless LAN Array require you to input data in one or more of the following formats: z Specifying data (for example, IP addresses, descriptions, etc.). z Making selections from pull-down lists. z Choosing an option by clicking on a radio button (for example, on/off).
Wireless LAN Array The Array Status page is sub-divided into the Network Interface and IAP Interface (radio) sections and provides you with the following information: z All devices: A listing of the available Network Interfaces and IAPs with each item containing a link to the associated configuration page. Linked items are shown UNDERLINED. For example: These items are linked Figure 48. Linked Items z All devices: The current status of each device, whether enabled or disabled.
Wireless LAN Array z z The IP Address column shows the current IP address being used by each network interface device. IAP Interface devices: z The Channel column shows on which channel each IAP (radio) is operating. Channel selections are made on the IAP Settings page from a pull-menu. To avoid co-channel interference, adjacent radios should not be using adjacent channels.
Wireless LAN Array Express Setup This page allows you to establish global configuration settings that will enable basic Array functionality. Any changes you make on this page will affect all radios. When finished, click on the Apply button to apply the new settings to this session, then click on the Save button to save your changes. more ... Figure 51.
Wireless LAN Array ... continued Figure 52. WMI: Express Setup Page (Part 2) Procedure for Performing an Express Setup 74 1. Host Name: Specify a unique host name for this Array. The host name is used to identify the Array on the network. Use a name that will be meaningful within your network environment, up to 64 alphanumeric characters. 2. Location Information: Enter a brief but meaningful description that accurately defines the physical location of the Array.
Wireless LAN Array 7. Configure the Fast Ethernet (10/100 Megabit), Gigabit 1 and Gigabit 2 network interfaces. The fields for each of these interfaces are the same, and include: a. Enable Interface: Choose Yes to enable this network interface, or choose No to disable the interface. b. Allow Management on Interface: Choose Yes to allow management of the Array via this network interface, or choose No to deny all management privileges for this interface. c. 8.
Wireless LAN Array 9. Wireless Security: Select the desired wireless security scheme (Open, WEP or WPA). Make your selection from the choices available in the pulldown list. Open This option offers no data encryption and is not recommended, though you might choose this option if clients are required to use a VPN connection through a secure SSH utility, like PuTTy. WEP (Wired Equivalent Privacy) An optional IEEE 802.11 function that offers frame transmission privacy similar to a wired network.
Wireless LAN Array a. Confirm Admin Password: If you entered a new administration password, confirm the new password here. 12. Adjust Time (hrs:min:sec): Check this box if you want to adjust the current system time. When the box is checked, the time fields become active. Enter the revised time (hours, minutes, seconds, am/pm) in the corresponding fields. If you don’t want to adjust the current time, this box should be left unchecked (default). 13.
Wireless LAN Array 16. Use NTP (IP Address): Check this box if you want to use an NTP (Network Time Protocol) server to synchronize the Array’s clock. This ensures that syslog time-stamping is maintained across all units. Without an NTP server assigned (no universal clock), each Array will use its own internal clock and stamp times accordingly, which may result in discrepancies. When this box is checked, the NTP and NTP 2 IP address fields become active.
Wireless LAN Array Network Interfaces This is a status only page that provides a snapshot of the configuration settings currently established for the 10/100 Fast Ethernet interface and the 10/100/1000 Gigabit 1 and Gigabit 2 interfaces. You must go to the appropriate configuration page to make changes to any of the settings displayed here (configuration changes cannot be made from this page). You can click on any item (underlined) in the Interface column to “jump” to the associated configuration page.
Wireless LAN Array Network Settings This page allows you to establish configuration settings for the 10/100 Fast Ethernet interface and the 10/100/1000 Gigabit 1 and Gigabit 2 interfaces. # Gigabit 2 settings will “mirror” Gigabit 1 settings (except for MAC addresses) and cannot be configured separately. When finished, click on the Apply button to apply the new settings to this session, then click on the Save button to save your changes. more ... Figure 56.
Wireless LAN Array ... continued Figure 57. WMI: Network Settings Page (Part 2) Network Interface Ports The following diagram shows the location of each network interface port on the underside of the Array. Serial Fast Ethernet Gigabit 1 Gigabit 2 Figure 58.
Wireless LAN Array Procedure for Configuring the Network Interfaces 1. Configure the Fast Ethernet, Gigabit 1 and Gigabit 2 network interfaces. The fields for each of these interfaces are the same, and include: a. Enable Interface: Choose Yes to enable this network interface (Fast Ethernet, Gigabit 1 or Gigabit 2), or choose No to disable the interface. b.
Wireless LAN Array e. Configuration Server Protocol: Choose DHCP to instruct the Array to use DHCP when assigning IP addresses to the Array, or choose Static IP if you intend to enter IP addresses manually. z IP Address: If you selected the Static IP option, enter a valid IP address for the Array. To use any of the remote connections (Web, SNMP, or SSH), a valid IP address must be established.
Wireless LAN Array Network Statistics This is a status only page that allows you to review statistical data associated with each network interface and its activity. You can Refresh the data (update the page with the latest information) or Clear the data (reset all content to zero and begin counting again) at any time by clicking on the appropriate button. If you are experiencing problems, you may also want to print this page for your records. Figure 59.
Wireless LAN Array DHCP Settings This page allows you to enable/disable DHCP (Dynamic Host Configuration Protocol) server functionality. DHCP allows the Array to provide wireless clients with IP addresses and other networking information. The DHCP server will not provide DHCP services to the wired side of the network. If you enable the DHCP server, you need to define the DHCP lease time (default and maximum) and establish the IP address range that the DHCP server can use.
Wireless LAN Array Procedure for Configuring the DHCP Server 86 1. Enable DHCP Server: Choose Yes to enable DHCP services, or choose No to disable DHCP services. 2. Default Lease (seconds): This field defines the default DHCP lease time (in seconds). The factory default is 300 seconds, but you can change the default at any time. 3. Maximum Lease (seconds): Enter a value (in seconds) to define the maximum allowable DHCP lease time. The default is 300 seconds. 4.
Wireless LAN Array DNS Settings This page allows you to establish your DNS (Domain Name System) settings. At least one DNS server must be set up if you want to offer clients associating with the Array the ability to use meaningful host names instead of numerical IP addresses. When finished, click on the Apply button to apply the new settings to this session, then click on the Save button to save your changes. Figure 61.
Wireless LAN Array Procedure for Configuring DNS Servers 88 1. DNS Host Name: Enter a valid DNS host name. 2. DNS Domain: Enter the DNS domain name. 3. DNS Server 1: Enter the IP address of the primary DNS server. 4. DNS Server 2: Enter the IP address of the secondary DNS server. 5. DNS Server 3: Enter the IP address of the tertiary DNS server. 6. Click on the Apply button to apply the new settings to this session. 7.
Wireless LAN Array IAP Interfaces This is a status only page that allows you to review configuration data associated with each Integrated Access Point (radio). It includes a list of which IAP radios are enabled, the channel that each radio is currently using, cell sizes, and how many users are currently associated with each radio.
Wireless LAN Array IAP Settings This page allows you to enable/disable Integrated Access Points (radios), define the wireless mode for each radio, specify the channel to be used and the cell size for each radio, establish transmit/receive parameters, and select antennas. When finished, click on the Apply button to apply the new settings to this session, then click on the Save button to save your changes. To see a diagram of the layout and naming of radios, go to Figure 6 on page 10. Figure 63.
Wireless LAN Array Procedure for Auto Configuring IAPs (Radios) You can auto-configure radios by clicking on the Auto Configure button on the relevant WMI page (auto configuration only applies to enabled radios): z For all radios, go to the “Global Settings” on page 93. z For all 802.11a radios, go to the “Global Settings .11a” on page 96. z For all 802.11b/g radios, go to the “Global Settings .11bg” on page 99. Procedure for Manually Configuring IAPs (Radios) 1.
Wireless LAN Array In a large office, or if multiple Arrays are in use, you should choose Small cells to achieve a higher data rate, since walls and other objects will not define the cells naturally. For additional information about cell sizes, go to “Coverage and Capacity Planning” on page 25. 5. In the Antenna Select column, choose the antenna you want this radio to use from the pull-down list.
Wireless LAN Array Global Settings This page allows you to establish global IAP (radio) settings. Global IAP settings include enabling or disabling all radios (regardless of their operating mode), autoconfiguring channel allocations, enabling or disabling the Beacon World Mode and EDCF, specifying the short and long retry limits, and defining the beacon interval and DTIM period. Changes you make on this page are applied to all IAPs (radios), without exception. Figure 64.
Wireless LAN Array Procedure for Configuring Global IAP Settings 94 1. IAP Status: Click on the Enable All IAPs button to enable all radios for this Array, or click on the Disable All IAPs button to disable all radios. 2. Channel Configuration: Click on the Auto Configure button to instruct the Array to determine the best channel allocation settings for each radio and select the channel automatically, based on changes in the environment. This is the recommended method for channel allocations. 3.
Wireless LAN Array 8. DTIM Period: A DTIM (Delivery Traffic Indication Message) is a signal sent as part of a beacon by the Array to a client device in sleep mode, alerting the device to a packet awaiting delivery. Enter the desired value in the DTIM Period field, between 1 and 255. The value you enter here is applied to all radios. 9. Station Re-Authentication Period: This option allows you to specify a time (in seconds) for the duration of station reauthentications. 10.
Wireless LAN Array Global Settings .11a This page allows you to establish global 802.11a IAP (radio) settings. These settings include defining which 802.11a data rates are supported, enabling or disabling all 802.11a radios, auto-configuration of channel allocations for all 802.11a radios, and specifying the fragmentation and RTS thresholds for all 802.11a radios. Figure 65. WMI: Global Settings .
Wireless LAN Array Procedure for Configuring Global 802.11a IAP Settings 1. 802.11a Data Rates: The Array allows you to define which data rates are supported for all 802.11a radios. Figure 66. Specifying 802.11a Data Rates Select (or deselect) data rates by clicking in the corresponding Supported and Basic data rate check boxes. z Basic Rate—a wireless station (client) must support this rate in order to associate. z Supported Rate—the Array will use this data rate for transmissions to clients. 2.
Wireless LAN Array 98 5. Fragmentation Threshold: This is the maximum size for directed data packets transmitted over the 802.11a radio. Larger frames fragment into several packets, their maximum size defined by the value you enter here. Smaller fragmentation numbers can hellp to “squeeze” packets through in noisy environments. Enter the desired Fragmentation Threshold value in this field, between 256 and 2346). 6. RTS Threshold: The RTS (Request To Send) Threshold specifies the packet size.
Wireless LAN Array Global Settings .11bg This page allows you to establish global 802.11b/g IAP (radio) settings. These settings include defining which 802.11b and 802.11g data rates are supported, enabling or disabling all 802.11b/g radios, auto-configuration of channel allocations for all 802.11b/g radios, and specifying the fragmentation and RTS thresholds for all 802.11b/g radios. Figure 67. WMI: Global Settings .
Wireless LAN Array Procedure for Configuring Global 802.11b/g IAP Settings 1. 802.11g Data Rates: The Array allows you to define which data rates are supported for all 802.11g radios. Figure 68. Specifying 802.11g Data Rates Select (or deselect) data rates by clicking in the corresponding Supported and Basic data rate check boxes. 2. z Basic Rate—a wireless station (client) must support this rate in order to associate. z Supported Rate—the Array will use this data rate for transmissions to clients.
Wireless LAN Array 4. 802.11bg IAP Status: Click on the Enable 802.11b/g IAPs button to enable all 802.11b/g radios for this Array, or click on the Disable 802.11b/g IAPs button to disable all 802.11b/g radios. 5. Channel Configuration: Click on the Auto Configure button to instruct the Array to determine the best channel allocation settings for each 802.11b/g radio and select the channel automatically, based on changes in the environment. This is the recommended method for 802.11b/g channel allocations.
Wireless LAN Array 11. RTS Threshold: The RTS (Request To Send) Threshold specifies the packet size. Packets larger than the RTS threshold will use CTS/RTS prior to transmitting the packet—useful for larger packets to help ensure the success of their transmission. Enter a value between 1 and 2347. 12. Click on the Apply button to apply the new settings to this session. 13. Click on the Save button to save your changes (otherwise your new settings will not take effect).
Wireless LAN Array Procedure for Configuring the IAP LEDs 1. LED State: This option determines which event triggers the LEDs, either when a radio is enabled or when a radio first associates with the network. Choose On Radio Enabled or On First Association, as desired. 2. LED Blink Behavior: This option allows you to select when the IAP LEDs blink, based on the activities you check here. From the choices available, select one or more activities to trigger when the LEDs blink. 3.
Wireless LAN Array Statistics This is a status only page that provides an overview of the statistical data associated with individual radios. For more detailed information about a specific radio, simply click on any radio in the left column, or go to the statistics page for the desired radio (for example, Statistics IAP abg4). You can Refresh or Clear the data on this page at any time by clicking on the appropriate button. Figure 71.
Wireless LAN Array Statistics (for specific radios) These pages provide a detailed statistical summary of each radio’s performance, displayed either numerically or by percentage (your choice). The following image shows an example from the XS-3700 product of the Statistics IAP a4 page (for the a4 radio). The default Statistics Type is NUMERIC, but you can change this to PERCENTAGE from the pull-down menu at the top of the page.
Wireless LAN Array Statistics (for all radios) Theis page provides a detailed statistical summary of the performance of all radios, displayed either numerically or by percentage (your choice). The following image shows an example from the XS-3700 product. The default Statistics Type is NUMERIC, but you can change this to PERCENTAGE from the pull-down menu at the top of the page. In addition, you can Refresh or Clear the data on this page at any time by clicking on the appropriate button. Figure 73.
Wireless LAN Array SSID This is a status only page that allows you to review SSID (Service Set IDentifier) assignments. It includes the SSID name, whether or not an SSID is visible on the network, any security and QoS parameters defined for each SSID, associated VLAN IDs, and radio availability per SSID. There are no configuration options available on this page, but if you are experiencing problems or reviewing SSID management parameters, you may want to print this page for your records.
Wireless LAN Array Understanding SSIDs The SSID (Service Set Identifier) is a unique identifier that wireless networking devices use to establish and maintain wireless connectivity. Multiple access points on a network or sub-network can use the same SSIDs. SSIDs are casesensitive and can contain up to 32 alphanumeric characters (do not include spaces when defining SSIDs). Multiple SSIDs A BSSID (Basic SSID) refers to an individual access point radio and its associated clients.
Wireless LAN Array As an example, one SSID named accounting might require the highest level of security, while another SSID named guests might have low security requirements. Another example may define an SSID named voice that supports voice over Wireless LAN phones with the highest possible Quality of Service (QoS) definition. This type of SSID might also forward traffic to specific VLANs on the wired network.
Wireless LAN Array Procedure for Managing SSIDs 1. New SSID: Enter a new SSID definition. 2. Security: From the pull-down list, choose the security that will be required by users for this SSID, either Open, WEP or WPA. The Open option provides no security and is not recommended. For an overview of the security options, go to “Security Planning” on page 35. 3. Qos Priority: From the pull-down list, select a Quality of Service (QoS) setting.
Wireless LAN Array 9. Security: From the pull-down list, choose the security that will be required by users for the selected SSID— either Open, WEP or WPA. The Open option provides no security and is not recommended. For an overview of the security options, go to “Security Planning” on page 35. 10. QoS Priority: From the pull-down list, select a Quality of Service (QoS) setting. The QoS setting you define here will prioritize wireless traffic for the selected SSID over other SSID wireless traffic.
Wireless LAN Array Security This is a status only page that allows you to review the Array’s security parameters. It includes the assigned network administration accounts, Access Control List (ACL) values, WEP and WPA status, and RADIUS configuration settings. There are no configuration options available on this page, but if you are experiencing issues with security, you may want to print this page for your records.
Wireless LAN Array Security Management This page allows you to establish the security parameters for your wireless network, including WEP, WPA and RADIUS authentication. When finished, click on the Apply button to apply the new settings to this session, then click on the Save button to save your changes. For additional information about wireless network security, refer to “Security Planning” on page 35. Figure 77.
Wireless LAN Array Understanding Security The Xirrus Wireless LAN Array incorporates many security features that administrators can configure. After initially installing an Array, always change the default administrator password (the default is admin), and choose a strong replacement password (a strong password contains letters, numbers and special characters). When appropriate, issue read only administrator accounts.
Wireless LAN Array z WPA (Wi-Fi Protected Access)—this is a much stronger encryption mode than WEP and uses TKIP (Temporal Key Integrity Protocol) or AES (Advanced Encryption Standard) to encrypt data. WPA solves security issues with WEP. It also allows you to establish encryption keys on a per-user-basis, with key rotation for added security. In addition, TKIP provides Message Integrity Check (MIC) functionality and prevents active attacks on the wireless network.
Wireless LAN Array z RADIUS 802.1x with EAP—802.1x uses a RADIUS server to authenticate large numbers of clients, and can handle different EAP (Extensible Authentication Protocol) authentication methods, including EAP-TLS, EAP-TTLS and EAP-PEAP. The RADIUS server can be internal (provided by the XS-3900) or external. An external RADIUS server offers more functionality and security, and is recommended for large deployments.
Wireless LAN Array 6. WPA Preshared Key / Verify Key: If you enabled PSK, enter a passphrase here, then re-enter the passphrase to verify that you typed it correctly. 7. EAP Authentication: Choose Yes to enable EAP (Extensible Authentication Protocol) or choose No to disable EAP. # A RADIUS server must be defined to use EAP. 8. WEP Enabled: Choose Yes to enable WEP (Wired Equivalent Privacy) or choose No to disable WEP. 9.
Wireless LAN Array 12. Click on the Save button to save your changes. # After configuring network security, the configuration must be applied to an SSID for the new functionality to take effect. Radius Server This page allows you to set up the Array’s internal RADIUS server, or define the use of an external RADIUS server for user authentication. # The internal RADIUS server will only authenticate wireless clients that want to associate to the Array.