Users Guide

ManualsBrandsDell ManualsTVs & monitorsW-620

601

602

603

604

605

606

607

608

609

610

Table Of Contents

Dell PowerConnect ArubaOS 5.0
Contents
About this Guide
- Audience
- Fundamentals
  - WebUI
  - CLI
- Related Documents
- Conventions
- Contacting Support
The Basic User-Centric Networks
- Configuring the User-Centric Network
- Deployment and Configuration Tasks
- Configuring the Controller
  - Running the Initial Setup
  - Connecting to the Controller after Initial Setup
- Configuring a VLAN for Network Connection
- Deploying APs
- Additional Configuration
Network Parameters
- Configuring VLANs
  - Creating and Updating VLANs
  - Creating, Updating and Deleting VLAN Pools
- Configuring Ports
- About VLAN Assignments
- Configuring Static Routes
  - Using the WebUI
  - Using CLI
- Configuring the Loopback IP Address
- Configuring the Controller IP Address
  - Using CLI
- Configuring GRE Tunnels
  - Creating a Tunnel Interface
    - Using the WebUI
    - Using CLI
  - Directing Traffic into the Tunnel
RF Plan
- Supported Planning
- Before You Begin
  - Task Overview
  - Planning Requirements
- Launching the RF Plan
- Using the FQLN Mapper in the AP Provision Page
  - Using the WebUI
  - Using CLI
- RF Plan Example
Access Points
- Remote AP vs Campus AP
- Basic Configuration
- AP Names and Groups
- Virtual APs
- Configuring Profiles
- Profile Hierarchy
  - Applying Profiles
    - Excluding a virtual AP profile from an AP in the WebUI
    - Excluding a virtual AP profile from an AP in the CLI
  - Viewing Profile Errors
- Virtual AP Configurations
- Configuring High-throughput on Virtual APs
- Advanced Configuration Options
- Automatic Channel and Transmit Power Selection Using ARM
- APs Over Low-Speed Links
  - Best Practices
- AP Redundancy
  - AP failback
    - Configuring in the WebUI
    - Configuring in the CLI
- AP Maintenance Mode
  - Configuring in the WebUI
  - Configuring in the CLI
- Managing AP LEDs
Adaptive Radio Management (ARM)
- ARM Overview
  - ARM Support for 802.11n
  - Monitoring Your Network with ARM
    - Noise and Error Monitoring
    - Application Awareness
- ARM Profiles
- Assigning an ARM Profile to an AP Group
  - Assigning a Profile via the WebUI
  - Assigning a Profile via the CLI
- Multi-Band ARM and 802.11a/802.11g Traffic
- Band Steering
  - Enabling Band Steering via the WebUI
  - Enabling Band Steering via the CLI
- Traffic Shaping
  - Enabling Traffic Shaping via the WebUI
- Spectrum Load Balancing
- RX Sensitivity Tuning Based Channel Reuse
- Non-802.11 Noise Interference Immunity
- ARM Metrics
- ARM Troubleshooting
Remote Access Points
- Overview
- Configuring the Secure Remote Access Point Service
- Deploying a Branch Office/Home Office Solution
  - Configuring the branch office AP
  - Troubleshooting Remote AP
- Enabling Double Encryption
  - Using the WebUI
  - Using CLI
- Advanced Configuration Options
- Wi-Fi Multimedia
- Uplink Bandwidth Reservation
  - Bandwidth Reservation for Uplink Voice Traffic
  - Configuring Bandwidth Reservation
    - Using the WebUI
    - Using CLI
Secure Enterprise Mesh
- Mesh Access Points
- Mesh Links
  - Link Metrics
  - Optimizing Links
- Mesh Profiles
- Mesh Solutions
- Before You Begin
- Mesh Radio Profiles
  - Managing Mesh Profiles via the WebUI
  - Managing Mesh Profiles using the CLI
- RF Management (802.11a and 802.11g) Profiles
  - Managing 802.11a/802.11g Profiles Via the WebUI
  - Managing 802.11a/802.11g Profiles using the CLI
- Mesh High-Throughput SSID Profiles
  - Managing Profiles via the WebUI
  - Managing high-throughput SSID profiles using the CLI
- Mesh Cluster Profiles
- Ethernet Ports for Mesh
- Provisioning Mesh Nodes
- AP Boot Sequence
- Verifying the Network
- Remote Mesh Portals
Authentication Servers
- Important Points to Remember
- Servers and Server Groups
- Configuring Servers
- Internal Database
- Server Groups
- Assigning Server Groups
- Configuring Authentication Timers
  - Setting an Authentication Timer
    - In the WebUI
    - In the CLI
802.1x Authentication
- Overview of 802.1x Authentication
- Configuring 802.1x Authentication
- Example Configurations
- Advanced Configuration Options for 802.1x
  - Configuring reauthentication with Unicast Key Rotation
    - Using the WebUI
    - Using the CLI
Roles and Policies
- Policies
- User Roles
  - Creating a User Role
    - In the WebUI
    - In the CLI
  - Bandwidth Contracts
- User Role Assignments
- Global Firewall Parameters
Stateful and WISPr Authentication
- Stateful Authentication Overview
- WISPr Authentication Overview
- Important Points to Remember
- Stateful 802.1x Authentication
  - Configure Authentication via the WebUI
  - Configure Authentication via the CLI
- Stateful NTLM Authentication
  - Configure Authentication via the WebUI
  - Configure Authentication via the CLI
- Configuring WISPr Authentication
  - Configure WISPr Authentication via the WebUI
  - Configure WISPr Authentication via the CLI
Captive Portal
- Captive Portal Overview
  - Policy Enforcement Firewall Next Generation (PEFNG) License
  - Controller Server Certificate
- Captive Portal in the Base ArubaOS
  - Configuring Captive Portal via the WebUI
  - Configuring Captive Portal via the CLI
- Captive Portal with the PEFNG License
  - Configuring Captive Portal via the WebUI
  - Configuring Captive Portal via the CLI
- Example Authentication with Captive Portal
- Guest VLANs
  - Configuring the guest VLAN via the WebUI
  - Configuring the guest VLAN via the CLI
- Captive Portal Authentication
- Optional Captive Portal Configurations
- Personalizing the Captive Portal Page
- Securing Client Traffic
- Securing Controller-to-Controller Communication
  - Configuring Controllers for xSec
    - In the WebUI
    - In the CLI
- Configuring the Odyssey Client on Client Machines
  - Installing the Odyssey Client
Advanced Security
Virtual Intranet Access
- VIA
- Configuring the VIA Controller
- VPN Configuration
  - VPN authentication
  - Supported VPN AAA Deployments
- Remote Access VPN for L2TP IPsec
- Remote Access VPNs for XAuth
- Remote Access VPN for PPTP
  - Configuring a VPN with PPTP via the WebUI
  - Configuring a VPN with PPTP via the CLI
- Site-to-Site VPNs
- Dell Dialer
Virtual Private Networks
- Configuring MAC-Based Authentication
  - Configuring the MAC Authentication Profile
    - Using the WebUI to configure a MAC authentication profile
    - Using the CLI to configure a MAC authentication profile
- Configuring Clients
  - Using the WebUI to configure clients in the internal database
  - Using the CLI to configure clients in the internal database
MAC-based Authentication
Control Plane Security
- Control Plane Security Overview
- Configuring Control Plane Security
- Whitelists on Master and Local Controllers
  - Campus AP Whitelist Synchronization
  - Viewing and Managing the Master or Local controller Whitelists
- Environments with Multiple Master Controllers
  - Configuring Networks with a Backup Master Controller
  - Configuring Networks with Clusters of Master Controllers
- Replacing a Controller on a Multi-Controller Network
  - Replacing Controllers in a Single Master Network
  - Replacing Controllers in a Multi-Master Network
- Troubleshooting Control Plane Security
Adding Local Controllers
- Moving to a Multi-Controller Environment
- Configuring Local Controllers
IP Mobility
- Dell Mobility Architecture
- Configuring Mobility Domains
- Tracking Mobile Users
- Advanced Mobility Functions
- Mobility Multicast
  - Proxy IGMP and Proxy Remote Subscription
  - Inter-controller Mobility
VRRP
- Redundancy Parameters
RSTP
- Migration and Interoperability
- Rapid Convergence
  - Edge Port and Point-to-Point
- Configuring RSTP
- Troubleshooting
W-600 Series Controller
- Important Points to Remember
- Internal Access Point (AP)
- USB Cellular Modems
- Configuring a Supported USB Modem
- Configuring a New USB Modem
- NAS (Network-Attached Storage)
- Print Server
  - Printer Setup
- Sample Topology and Configuration
OSPFv2
- Important Points to Remember
- WLAN Scenario
  - WLAN Topology
  - WLAN Routing Table
- Branch Office Scenario
  - Branch Office Topology
  - Branch Office Routing Table
- Configuring OSPF
- Deployment Best Practices
- Sample Topology and Configuration
Wireless Intrusion Prevention
- IDS Features
- IDS Configuration
- WLAN Management System
- Client Blacklisting
Link Aggregation Control Protocol
- Important Points to Remember
- Configuring LACP
  - In the CLI
  - In the WebUI
- Best Practices
- Sample Configuration
Management Access
- Certificate Authentication for WebUI Access
  - Configuring Certificate Authentication for WebUI Access
    - In the WebUI
    - In the CLI
- Public Key Authentication for SSH Access
  - In the WebUI
  - In the CLI
- Radius Server Authentication
- Management Password Policy
  - Defining a Management Password Policy
    - In the WebUI
- Managed RFprotect Sensors
- Managing Certificates
- Configuring SNMP
  - SNMP Parameters for the Controller
    - In the WebUI
    - In the CLI
- Configuring Logging
  - In the WebUI
  - In the CLI
- Guest Provisioning
- Managing Files on the Controller
- Setting the System Clock
  - Manually Setting the Clock
    - In the WebUI
    - In the CLI
  - Configuring an NTP Server
    - In the WebUI
    - In the CLI
Software Licenses
- Terminology
- Licenses
  - License Types
- Multi-Controller Network
- License Usage
- Interaction
- Best Practices
- Installing a License
- Deleting a License
- Moving Licenses
- Resetting the Controller
IPv6 Client Support
- About IPv6
- Support for IPv6
  - Supported Network Configuration
  - Network Connection for Windows IPv6 Clients
- Features that Support IPv6
- IPv6 User Addresses
  - Viewing or Deleting User Entries
  - Viewing Datapath Statistics for IPv6 Sessions
- Important Points to Remember
Voice and Video
- License Requirements
- Configuring Voice
- Configuring Video
- QoS
External Services Interface
- Understanding ESI
- Understanding the ESI Syslog Parser
- ESI Configuration Overview
- Example Route-mode ESI Topology
- Example NAT-mode ESI Topology
- Basic Regular Expression Syntax
DHCP with Vendor-Specific Options
- Overview
- Windows-Based DHCP Server
  - Configuring Option 60
    - To configure option 60 on the Windows DHCP server
  - Configuring Option 43
    - To configure option 43 on the Windows DHCP server:
- Linux DHCP Servers
External Firewall Configuration
- Communication Between Dell Devices
- Network Management Access
- Other Communications
Behavior and Defaults
- Mode Support
- Basic System Defaults
- Default Management User Roles
- Default Open Ports
802.1x Configuration for IAS and Windows Clients
- Configuring Microsoft IAS
- Configure Management Authentication using IAS
  - Configure the Controller to use IAS Management Authentication
  - Verify Communication between the Controller and the RADIUS Server
- Window XP Wireless Client Example Configuration
Internal Captive Portal
- Creating a New Internal Web Page
  - Basic HTML Example
- Installing a New Captive Portal Page
- Displaying Authentication Error Message
- Reverting to the Default Captive Portal
- Language Customization
- Customizing the Welcome Page
- Customizing the Pop-Up box
- Customizing the Logged Out Box
VIA End User Instructions
- Pre-requisites
- Downloading VIA
- Installing VIA
- Using VIA
Provisioning RAP at Home
- Provision the RAP using a Static IP Address
- Provision the RAP on a PPPoE Connection
- Using 3G/EVDO USB Modem
Index

Dell PowerConnect ArubaOS 5.0 | User Guide Behavior and Defaults | 609

user-role default-vpn-role

session-acl allowall

ipv6 session-acl v6-allowall

This is the default role used for VPN-connected clients. It is referenced

in the default "aaa authentication vpn" profile.

user-role voice

session-acl sip-acl

session-acl noe-acl

session-acl svp-acl

session-acl vocera-acl

session-acl skinny-acl

session-acl h323-acl

session-acl dhcp-acl

session-acl tftp-acl

session-acl dns-acl

session-acl icmp-acl

This role can be applied to voice devices in order to automatically

permit and prioritize all VoIP protocols.

user-role guest

session-acl http-acl

session-acl https-acl

session-acl dhcp-acl

session-acl icmp-acl

session-acl dns-acl

ipv6 session-acl v6-http-acl

ipv6 session-acl v6-https-acl

ipv6 session-acl v6-dhcp-acl

ipv6 session-acl v6-icmp-acl

ipv6 session-acl v6-dns-acl

This is a default role for guest users. It permits only HTTP, HTTPS,

DHCP, ICMP, and DNS for the guest user. To increase security, a "deny"

rule for internal network destinations could be added at the beginning.

user-role guest-logon

captive-portal default

session-acl logon-control

session-acl captiveportal

This role is used as the pre-authentication role for guest SSIDs. It

allows control traffic such as DNS, DHCP, and ICMP, and also enables

captive portal.

user-role <ssid>-guest-logon

captive-portal default

session-acl logon-control

session-acl captiveportal

This role is only generated when creating a new WLAN using the

WLAN Wizard. The WLAN Wizard creates this role when captive portal

is enabled. This is the initial role that a guest will be placed in prior to

captive portal authentication. By using a different guest logon role for

each SSID, it is possible to enable multiple captive portal profiles with

different customization.

user-role stateful-dot1x This is an internal role used for Stateful 802.1x. It should not be edited.

user-role authenticated

session-acl allowall

ipv6 session-acl v6-allowall

This is a default role that can be used for authenticated users. It

permits all IPv4 and IPv6 traffic for users who are part of this role.

user-role logon

session-acl logon-control

session-acl captiveportal

session-acl vpnlogon

ipv6 session-acl v6-logon-control

This is a system role that is normally applied to a user prior to

authentication. This applies to wired users and non-802.1x wireless

users.

The role allows certain control protocols such as DNS, DHCP, and

ICMP, and also enables captive portal and VPN termination/pass

through. The logon role should be edited to provide only the required

services to a pre-authenticated user. For example, VPN pass through

should be disabled if it is not needed.

Table 133 Predefined Roles (Continued)

Predefined Role Description