Chantry Networks APXXX1 HiPATH WIRELESS ACCESS POINT (AP) User Manual

Chantry Networks Inc. (a Siemens Company) HiPATH WIRELESS ACCESS POINT (AP)

UserManual.wiki >

Chantry Networks >

APXXX1 User Manual >

User Manual

P/N 9034530-09Enterasys® WirelessConvergence Software User GuideVersion 8.11DRAFT

iNoticeEnterasys Networks reserves the right to make changes in specifications and other information contained in this document and its web site without prior notice. The reader should in all cases consult Enterasys Networks to determine whether any such changes have been made.The hardware, firmware, or software described in this document is subject to change without notice.IN NO EVENT SHALL ENTERASYS NETWORKS BE LIABLE FOR ANY INCIDENTAL, INDIRECT, SPECIAL, OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING BUT NOT LIMITED TO LOST PROFITS) ARISING OUT OF OR RELATED TO THIS DOCUMENT, WEB SITE, OR THE INFORMATION CONTAINED IN THEM, EVEN IF ENTERASYS NETWORKS HAS BEEN ADVISED OF, KNEW OF, OR SHOULD HAVE KNOWN OF, THE POSSIBILITY OF SUCH DAMAGES.Enterasys Networks, Inc.50 Minuteman RoadAndover, MA 01810© 2012 Enterasys Networks, Inc. All rights reserved.Part Number: 9034530-09 March 2012ENTERASYS, ENTERASYS NETWORKS, ENTERASYS SECURE NETWORKS, DRAGON, ENTERASYS DRAGON, NETSIGHT, ENTERASYS NETSIGHT, and any logos associated therewith, are trademarks or registered trademarks of Enterasys Networks, Inc., in the United States and/or other countries. For a complete list of Enterasys trademarks, see http://www.enterasys.com/company/trademarks.aspx.All other product names mentioned in this manual may be trademarks or registered trademarks of their respective companies.Documentation URL: https://extranet.enterasys.com/downloads/DRAFT

iiEnterasys Networks, Inc. Software License AgreementThis document is an agreement (“Agreement”) between You, the end user, and Enterasys Networks, Inc. on behalf of itself and its Affiliates (“Enterasys”) that sets forth your rights and obligations with respect to the software contained in CD-ROM or other media. “Affiliates” means any person, partnership, corporation, limited liability company, or other form of enterprise that directly or indirectly through one or more intermediaries, controls, or is controlled by, or is under common control with the party specified. BY INSTALLING THE ENCLOSED PRODUCT, YOU ARE AGREEING TO BECOME BOUND BY THE TERMS OF THIS AGREEMENT, WHICH INCLUDES THE LICENSE AND THE LIMITATION OF WARRANTY AND DISCLAIMER OF LIABILITY. IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT, RETURN THE UNOPENED PRODUCT TO ENTERASYS OR YOUR DEALER, IF ANY, WITHIN TEN (10) DAYS FOLLOWING THE DATE OF RECEIPT FOR A FULL REFUND.IF YOU HAVE ANY QUESTIONS ABOUT THIS AGREEMENT, CONTACT ENTERASYS NETWORKS, INC. (978) 684-1000. Attn: Legal Department.Enterasys will grant You a non-transferable, non-exclusive license to use the machine-readable form of software (the “Licensed Software”) and the accompanying documentation (the Licensed Software, the media embodying the Licensed Software, and the documentation are collectively referred to in this Agreement as the “Licensed Materials”) on one single computer if You agree to the following terms and conditions:1. TERM. This Agreement is effective from the date on which You open the package containing the Licensed Materials. You may terminate the Agreement at any time by destroying the Licensed Materials, together with all copies, modifications and merged portions in any form. The Agreement and your license to use the Licensed Materials will also terminate if You fail to comply with any term or condition herein.2. GRANT OF SOFTWARE LICENSE. The license granted to You by Enterasys when You open this sealed package authorizes You to use the Licensed Software on any one, single computer only, or any replacement for that computer, for internal use only. A separate license, under a separate Software License Agreement, is required for any other computer on which You or another individual or employee intend to use the Licensed Software. YOU MAY NOT USE, COPY, OR MODIFY THE LICENSED MATERIALS, IN WHOLE OR IN PART, EXCEPT AS EXPRESSLY PROVIDED IN THIS AGREEMENT.3. RESTRICTION AGAINST COPYING OR MODIFYING LICENSED MATERIALS. Except as expressly permitted in this Agreement, You may not copy or otherwise reproduce the Licensed Materials. In no event does the limited copying or reproduction permitted under this Agreement include the right to decompile, disassemble, electronically transfer, or reverse engineer the Licensed Software, or to translate the Licensed Software into another computer language.The media embodying the Licensed Software may be copied by You, in whole or in part, into printed or machine readable form, in sufficient numbers only for backup or archival purposes, or to replace a worn or defective copy. However, You agree not to have more than two (2) copies of the Licensed Software in whole or in part, including the original media, in your possession for said purposes without Enterasys’ prior written consent, and in no event shall You operate more than one copy of the Licensed Software. You may not copy or reproduce the documentation. You agree to maintain appropriate records of the location of the original media and all copies of the Licensed Software, in whole or in part, made by You. You may modify the machine-readable form of the Licensed Software for (1) your own internal use or (2) to merge the Licensed Software into other program material to form a modular work for your own use, provided that such work remains modular, but on termination of this Agreement, You are required to completely remove the Licensed Software from any such modular work. Any portion of the Licensed Software included in any such modular work shall be used only on a single computer for internal purposes and shall remain subject to all the terms and conditions of this Agreement.You agree to include any copyright or other proprietary notice set forth on the label of the media embodying the Licensed Software on any copy of the Licensed Software in any form, in whole or in part, or on any modification of the Licensed Software or any such modular work containing the Licensed Software or any part thereof.4. TITLE AND PROPRIETARY RIGHTS. (a) The Licensed Materials are copyrighted works and are the sole and exclusive property of Enterasys, any company or a division thereof which Enterasys controls or is controlled by, or which may result from the merger or consolidation with Enterasys (its “Affiliates”), and/or their suppliers. This Agreement conveys a limited right to operate the Licensed Materials and shall not be construed to convey title to the Licensed Materials to You. There are no implied rights. You shall not sell, lease, transfer, sublicense, dispose of, or otherwise make available the Licensed Materials or any portion thereof, to any other party.(b) You further acknowledge that in the event of a breach of this Agreement, Enterasys shall suffer severe and irreparable damages for which monetary compensation alone will be inadequate. You therefore agree that in the event of a breach of this Agreement, Enterasys shall be entitled to monetary damages and its reasonable attorney’s fees and costs in enforcing this Agreement, as well as injunctive relief to restrain such breach, in addition to any other remedies available to Enterasys.DRAFT

iii5. PROTECTION AND SECURITY. In the performance of this Agreement or in contemplation thereof, You and your employees and agents may have access to private or confidential information owned or controlled by Enterasys relating to the Licensed Materials supplied hereunder including, but not limited to, product specifications and schematics, and such information may contain proprietary details and disclosures. All information and data so acquired by You or your employees or agents under this Agreement or in contemplation hereof shall be and shall remain Enterasys’ exclusive property, and You shall use your best efforts (which in any event shall not be less than the efforts You take to ensure the confidentiality of your own proprietary and other confidential information) to keep, and have your employees and agents keep, any and all such information and data confidential, and shall not copy, publish, or disclose it to others, without Enterasys’ prior written approval, and shall return such information and data to Enterasys at its request. Nothing herein shall limit your use or dissemination of information not actually derived from Enterasys or of information which has been or subsequently is made public by Enterasys, or a third party having authority to do so.You agree not to deliver or otherwise make available the Licensed Materials or any part thereof, including without limitation the object or source code (if provided) of the Licensed Software, to any party other than Enterasys or its employees, except for purposes specifically related to your use of the Licensed Software on a single computer as expressly provided in this Agreement, without the prior written consent of Enterasys. You agree to use your best efforts and take all reasonable steps to safeguard the Licensed Materials to ensure that no unauthorized personnel shall have access thereto and that no unauthorized copy, publication, disclosure, or distribution, in whole or in part, in any form shall be made, and You agree to notify Enterasys of any unauthorized use thereof. You acknowledge that the Licensed Materials contain valuable confidential information and trade secrets, and that unauthorized use, copying and/or disclosure thereof are harmful to Enterasys or its Affiliates and/or its/their software suppliers.6. MAINTENANCE AND UPDATES. Updates and certain maintenance and support services, if any, shall be provided to You pursuant to the terms of an Enterasys Service and Maintenance Agreement, if Enterasys and You enter into such an agreement. Except as specifically set forth in such agreement, Enterasys shall not be under any obligation to provide Software Updates, modifications, or enhancements, or Software maintenance and support services to You.7. DEFAULT AND TERMINATION. In the event that You shall fail to keep, observe, or perform any obligation under this Agreement, including a failure to pay any sums due to Enterasys, or in the event that You become insolvent or seek protection, voluntarily or involuntarily, under any bankruptcy law, Enterasys may, in addition to any other remedies it may have under law, terminate the License and any other agreements between Enterasys and You.(a) Immediately after any termination of the Agreement or if You have for any reason discontinued use of Software, You shall return to Enterasys the original and any copies of the Licensed Materials and remove the Licensed Software from any modular works made pursuant to Section 3, and certify in writing that through your best efforts and to the best of your knowledge the original and all copies of the terminated or discontinued Licensed Materials have been returned to Enterasys. (b) Sections 4, 5, 7, 8, 9, 10, 11, and 12 shall survive termination of this Agreement for any reason.8. EXPORT REQUIREMENTS. You understand that Enterasys and its Affiliates are subject to regulation by agencies of the U.S. Government, including the U.S. Department of Commerce, which prohibit export or diversion of certain technical products to certain countries, unless a license to export the product is obtained from the U.S. Government or an exception from obtaining such license may be relied upon by the exporting party.If the Licensed Materials are exported from the United States pursuant to the License Exception CIV under the U.S. Export Administration Regulations, You agree that You are a civil end user of the Licensed Materials and agree that You will use the Licensed Materials for civil end uses only and not for military purposes. If the Licensed Materials are exported from the United States pursuant to the License Exception TSR under the U.S. Export Administration Regulations, in addition to the restriction on transfer set forth in Section 4 of this Agreement, You agree not to (i) reexport or release the Licensed Software, the source code for the Licensed Software or technology to a national of a country in Country Groups D:1 or E:2 (Albania, Armenia, Azerbaijan, Belarus, Cambodia, Cuba, Georgia, Iraq, Kazakhstan, Kyrgyzstan, Laos, Libya, Macau, Moldova, Mongolia, North Korea, the People’s Republic of China, Russia, Tajikistan, Turkmenistan, Ukraine, Uzbekistan, Vietnam, or such other countries as may be designated by the United States Government), (ii) export to Country Groups D:1 or E:2 (as defined herein) the direct product of the Licensed Software or the technology, if such foreign produced direct product is subject to national security controls as identified on the U.S. Commerce Control List, or (iii) if the direct product of the technology is a complete plant o r any major component of a plant, export to Country Groups D:1 or E:2 the direct product of the plant or a major component thereof, if such foreign produced direct product is subject to national security controls as identified on the U.S. Commerce Control List or is subject to State Department controls under the U.S. Munitions List.DRAFT

iv9. UNITED STATES GOVERNMENT RESTRICTED RIGHTS. The Licensed Materials (i) were developed solely at private expense; (ii) contains “restricted computer software” submitted with restricted rights in accordance with section 52.227-19 (a) through (d) of the Commercial Computer Software-Restricted Rights Clause and its successors, and (iii) in all respects is proprietary data belonging to Enterasys and/or its suppliers. For Department of Defense units, the Licensed Materials are considered commercial computer software in accordance with DFARS section 227.7202-3 and its successors, and use, duplication, or disclosure by the U.S. Government is subject to restrictions set forth herein. 10. LIMITED WARRANTY AND LIMITATION OF LIABILITY. The only warranty Enterasys makes to You in connection with this license of the Licensed Materials is that if the media on which the Licensed Software is recorded is defective, it will be replaced without charge, if Enterasys in good faith determines that the media and proof of payment of the license fee are returned to Enterasys or the dealer from whom it was obtained within ninety (90) days of the date of payment of the license fee.NEITHER ENTERASYS NOR ITS AFFILIATES MAKE ANY OTHER WARRANTY OR REPRESENTATION, EXPRESS OR IMPLIED, WITH RESPECT TO THE LICENSED MATERIALS, WHICH ARE LICENSED "AS IS". THE LIMITED WARRANTY AND REMEDY PROVIDED ABOVE ARE EXCLUSIVE AND IN LIEU OF ALL OTHER WARRANTIES, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, WHICH ARE EXPRESSLY DISCLAIMED, AND STATEMENTS OR REPRESENTATIONS MADE BY ANY OTHER PERSON OR FIRM ARE VOID. ONLY TO THE EXTENT SUCH EXCLUSION OF ANY IMPLIED WARRANTY IS NOT PERMITTED BY LAW, THE DURATION OF SUCH IMPLIED WARRANTY IS LIMITED TO THE DURATION OF THE LIMITED WARRANTY SET FORTH ABOVE. YOU ASSUME ALL RISK AS TO THE QUALITY, FUNCTION AND PERFORMANCE OF THE LICENSED MATERIALS. IN NO EVENT WILL ENTERASYS OR ANY OTHER PARTY WHO HAS BEEN INVOLVED IN THE CREATION, PRODUCTION OR DELIVERY OF THE LICENSED MATERIALS BE LIABLE FOR SPECIAL, DIRECT, INDIRECT, RELIANCE, INCIDENTAL OR CONSEQUENTIAL DAMAGES, INCLUDING LOSS OF DATA OR PROFITS OR FOR INABILITY TO USE THE LICENSED MATERIALS, TO ANY PARTY EVEN IF ENTERASYS OR SUCH OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO EVENT SHALL ENTERASYS OR SUCH OTHER PARTY'S LIABILITY FOR ANY DAMAGES OR LOSS TO YOU OR ANY OTHER PARTY EXCEED THE LICENSE FEE YOU PAID FOR THE LICENSED MATERIALS.Some states do not allow limitations on how long an implied warranty lasts and some states do not allow the exclusion or limitation of incidental or consequential damages, so the above limitation and exclusion may not apply to You. This limited warranty gives You specific legal rights, and You may also have other rights which vary from state to state.11. JURISDICTION. The rights and obligations of the parties to this Agreement shall be governed and construed in accordance with the laws and in the State and Federal courts of the Commonwealth of Massachusetts, without regard to its rules with respect to choice of law. You waive any objections to the personal jurisdiction and venue of such courts. None of the 1980 United Nations Convention on the Limitation Period in the International Sale of Goods, and the Uniform Computer Information Transactions Act shall apply to this Agreement.12. GENERAL.(a) This Agreement is the entire agreement between Enterasys and You regarding the Licensed Materials, and all prior agreements, representations, statements, and undertakings, oral or written, are hereby expressly superseded and canceled.(b) This Agreement may not be changed or amended except in writing signed by both parties hereto.(c) You represent that You have full right and/or authorization to enter into this Agreement.(d) This Agreement shall not be assignable by You without the express written consent of Enterasys, The rights of Enterasys and Your obligations under this Agreement shall inure to the benefit of Enterasys’ assignees, licensors, and licensees.(e) Section headings are for convenience only and shall not be considered in the interpretation of this Agreement.(f) The provisions of the Agreement are severable and if any one or more of the provisions hereof are judicially determined to be illegal or otherwise unenforceable, in whole or in part, the remaining provisions of this Agreement shall nevertheless be binding on and enforceable by and between the parties hereto.(g) Enterasys’ waiver of any right shall not constitute waiver of that right in future. This Agreement constitutes the entire understanding between the parties with respect to the subject matter hereof, and all prior agreements, representations, statements and undertakings, oral or written, are hereby expressly superseded and canceled. No purchase order shall supersede this Agreement.(h) Should You have any questions regarding this Agreement, You may contact Enterasys at the address set forth below. Any notice or other communication to be sent to Enterasys must be mailed by certified mail to the following address: ENTERASYS NETWORKS, INC., 50 Minuteman Road, Andover, MA 01810 Attn: Manager - Legal Department.DRAFT

vContentsAbout This GuideIntended Audience ............................................................................................................................................xvHow to Use This Guide .....................................................................................................................................xvFormatting Conventions ..................................................................................................................................xviAdditional Documentation ............................................................................................................................... xviiGetting Help .................................................................................................................................................... xviiSafety Information ......................................................................................................................................... xviiiSicherheitshinweise .........................................................................................................................................xixConsignes De Sécurité .....................................................................................................................................xxChapter 1: Overview of the Enterasys Wireless Convergence Software SolutionIntroduction ..................................................................................................................................................... 1-1The Enterasys Wireless System .............................................................................................................. 1-1Conventional Wireless LANs .......................................................................................................................... 1-2Elements of the Enterasys Wireless Convergence Software Solution ........................................................... 1-3Enterasys NetSight Suite Integration ....................................................................................................... 1-6Enterasys Wireless Convergence Software and Your Network ..................................................................... 1-7Network Traffic Flow ................................................................................................................................ 1-8Network Security ...................................................................................................................................... 1-9Virtual Network Services ........................................................................................................................ 1-11VNS Components .................................................................................................................................. 1-14Routing ................................................................................................................................................... 1-16Mobility and Roaming ............................................................................................................................. 1-16Network Availability ................................................................................................................................ 1-17Quality of Service (QoS) ........................................................................................................................ 1-17Enterasys Wireless Controller Product Family ............................................................................................. 1-17Chapter 2: Configuring the Enterasys Wireless ControllerSystem Configuration Overview ..................................................................................................................... 2-1Logging on to the Enterasys Wireless Controller ........................................................................................... 2-4Wireless Assistant Home Screen ................................................................................................................... 2-4Working with the Basic Installation Wizard ..................................................................................................... 2-7Configuring the Enterasys Wireless Controller for the First Time ................................................................. 2-12Changing the Administrator Password ................................................................................................... 2-13Applying Product License Keys .............................................................................................................. 2-13Setting Up the Data Ports ...................................................................................................................... 2-16Setting Up Internal VLAN ID and Multicast Support ............................................................................... 2-22Setting Up Static Routes ........................................................................................................................ 2-23Setting Up OSPF Routing ...................................................................................................................... 2-24Configuring Filtering at the Interface Level ............................................................................................ 2-27Protecting the Controller’s Interfaces and Internal Captive Portal Page ................................................ 2-30Configuring the Login Authentication Mode ........................................................................................... 2-35Configuring SNMP ................................................................................................................................. 2-45Configuring Network Time ...................................................................................................................... 2-48Configuring Secure Connections ........................................................................................................... 2-51Configuring DNS Servers for Resolving Host Names of NTP and RADIUS Servers ............................. 2-52Using an AeroScout/Ekahau Location-Based Solution ................................................................................ 2-53Additional Ongoing Operations of the System .............................................................................................. 2-56DRAFT

vi Chapter 3: Configuring the Wireless APWireless AP Overview .................................................................................................................................... 3-1Enterasys Standard Wireless AP ............................................................................................................. 3-2Enterasys Wireless Outdoor APs ............................................................................................................. 3-4Enterasys Wireless 802.11n AP ............................................................................................................... 3-5Wireless AP International Licensing ......................................................................................................... 3-9Wireless AP Default IP Address and First-time Configuration ................................................................. 3-9Assigning a Static IP Address to the Wireless AP ................................................................................. 3-10Discovery and Registration Overview ........................................................................................................... 3-10Wireless AP Discovery ........................................................................................................................... 3-10Registration After Discovery ................................................................................................................... 3-11Understanding the Wireless AP LED Status .......................................................................................... 3-12Configuring the Wireless APs for the First Time .................................................................................... 3-25Defining Properties for the Discovery Process ....................................................................................... 3-26Connecting and Initiating the Wireless AP Discovery and Registration Process ................................... 3-28Adding and Registering a Wireless AP Manually ......................................................................................... 3-28Configuring Wireless AP Settings ................................................................................................................. 3-29Modifying a Wireless AP’s Status .......................................................................................................... 3-30Configuring a Wireless AP’s Properties ................................................................................................. 3-31AP Properties Tab Configuration ........................................................................................................... 3-31Assigning Wireless AP Radios to a VNS ............................................................................................... 3-35Configuring Wireless AP Radio Properties ............................................................................................ 3-36Setting Up the Wireless AP Using Static Configuration ......................................................................... 3-61Configuring Telnet/SSH Access ............................................................................................................. 3-64Configuring VLAN Tags for Wireless APs .................................................................................................... 3-65Setting Up 802.1x Authentication for a Wireless AP .............................................................................. 3-66Setting Up 802.1x Authentication for Wireless APs Using Multi-edit ..................................................... 3-73Configuring the Default Wireless AP Settings ........................................................................................ 3-76Modifying a Wireless AP’s Properties Based on a Default AP Configuration ............................................. 3-107Modifying the Wireless AP’s Default Setting Using the Copy to Defaults Feature ..................................... 3-108Configuring Multiple Wireless APs Simultaneously .................................................................................... 3-108Configuring Co-located APs in Load Balance Groups ................................................................................ 3-111How Availability Affects Load Balancing .............................................................................................. 3-116Load Balance Group Statistics ............................................................................................................. 3-116Configuring an AP Cluster .......................................................................................................................... 3-117Converting the Wireless AP to Standalone Mode ...................................................................................... 3-118Configuring an AP as a Sensor .................................................................................................................. 3-119Performing Wireless AP Software Maintenance ......................................................................................... 3-121Chapter 4: Configuring TopologiesTopology Overview ......................................................................................................................................... 4-1Configuring a Basic Topology ......................................................................................................................... 4-2Enabling Management Traffic ......................................................................................................................... 4-3Layer 3 Configuration ..................................................................................................................................... 4-4IP Address Configuration ......................................................................................................................... 4-4DHCP Configuration ................................................................................................................................. 4-6Defining a Next Hop Route and OSPF Advertisement ............................................................................. 4-8Exception Filtering .......................................................................................................................................... 4-9Multicast Filtering .......................................................................................................................................... 4-13Chapter 5: Configuring PoliciesPolicy Overview .............................................................................................................................................. 5-1Configuring VLAN and Class of Service for a Policy ...................................................................................... 5-1Filtering Rules ................................................................................................................................................. 5-3Filtering Rules for a Non-Authenticated Filter .......................................................................................... 5-3DRAFT

viiNon-authenticated Filter Examples .......................................................................................................... 5-4Authenticated Filter Examples ................................................................................................................. 5-5ICMP Type Enforcement .......................................................................................................................... 5-5Filtering Rules for a Default Filter ............................................................................................................. 5-5Defining Filter Rules for Wireless APs ..................................................................................................... 5-6Configuring Filter Rules ............................................................................................................................ 5-7Chapter 6: Configuring WLAN ServicesWLAN Services Overview .............................................................................................................................. 6-1Third-party AP WLAN Service Type ............................................................................................................... 6-2Configuring a Basic WLAN Service ................................................................................................................ 6-2Configuring Privacy ........................................................................................................................................ 6-8About Wi-Fi Protected Access (WPA V1 and WPA V2) ........................................................................... 6-9Wireless 802.11n APs and WPA Authentication ....................................................................................6-10WPA Key Management Options ............................................................................................................ 6-11Configuring WLAN Service Privacy ........................................................................................................ 6-11Configuring Accounting and Authentication .................................................................................................. 6-14Vendor Specific Attributes ...................................................................................................................... 6-14Defining Accounting Methods for a WLAN Service ................................................................................ 6-15Configuring Authentication for a WLAN Service .................................................................................... 6-17MAC-Based Authentication for a WLAN Service ................................................................................... 6-18Assigning RADIUS Servers for Authentication ....................................................................................... 6-18Defining the RADIUS Server Priority for RADIUS Redundancy ............................................................. 6-20Configuring Assigned RADIUS Servers ................................................................................................. 6-20Defining a WLAN Service with No Authentication .................................................................................. 6-23Configuring Captive Portal for Internal or External Authentication ......................................................... 6-24Configuring the QoS Policy .......................................................................................................................... 6-34Defining Priority Level and Service Class .............................................................................................. 6-36Defining the Service Class ..................................................................................................................... 6-36Configuring the Priority Override ............................................................................................................ 6-37QoS Modes ............................................................................................................................................ 6-37Chapter 7: Configuring a VNSHigh Level VNS Configuration Flow ............................................................................................................... 7-1Controller Defaults ................................................................................................................................... 7-2VNS Global Settings ....................................................................................................................................... 7-3Defining RADIUS Servers and MAC Address Format ............................................................................. 7-4Configuring Dynamic Authorization Server Support ................................................................................. 7-8Defining Wireless QoS Admission Control Thresholds ............................................................................ 7-9Working with Bandwidth Control Profiles ............................................................................................... 7-11Configuring the Global Default Policy .................................................................................................... 7-12Configuring Egress Filtering Mode ......................................................................................................... 7-14Using the Sync Summary ....................................................................................................................... 7-16Methods for Configuring a VNS .................................................................................................................... 7-17Manually Creating a VNS ............................................................................................................................. 7-18Creating a VNS Using the Wizard ................................................................................................................ 7-19Creating a NAC VNS Using the VNS Wizard ......................................................................................... 7-19Creating a Voice VNS Using the VNS Wizard ....................................................................................... 7-22Creating a Data VNS Using the VNS Wizard ......................................................................................... 7-25Creating a Captive Portal VNS Using the VNS Wizard .......................................................................... 7-30Enabling and Disabling a VNS ..................................................................................................................... 7-47Renaming a VNS .......................................................................................................................................... 7-48Deleting a VNS ............................................................................................................................................. 7-48DRAFT

viii Chapter 8: Configuring Classes of ServiceClasses of Service Overview .......................................................................................................................... 8-1Configuring Classes of Service ...................................................................................................................... 8-1CoS Rule Classification .................................................................................................................................. 8-4Priority and ToS/DSCP Marking ..................................................................................................................... 8-5Configuring ToS/DSCP Marking .............................................................................................................. 8-5Rate Limiting ................................................................................................................................................... 8-6Chapter 9: Working with a Mesh NetworkAbout Mesh .................................................................................................................................................... 9-1Simple Mesh Configuration ............................................................................................................................ 9-2Wireless Repeater Configuration .................................................................................................................... 9-2Wireless Bridge Configuration ........................................................................................................................ 9-3Examples of Deployment ................................................................................................................................ 9-4Mesh WLAN Services ..................................................................................................................................... 9-4Mesh Setup with a Single Mesh WLAN Service ...................................................................................... 9-5Mesh Setup with Multiple Mesh WLAN Services ..................................................................................... 9-6Key Features of Mesh .................................................................................................................................... 9-7Self-Healing Network ............................................................................................................................... 9-7Tree-like Topology ................................................................................................................................... 9-8Radio Channels ........................................................................................................................................ 9-9Multi-Root Mesh Topology ....................................................................................................................... 9-9Link Security ............................................................................................................................................. 9-9Deploying the Mesh System ......................................................................................................................... 9-10Planning the Mesh Topology .................................................................................................................. 9-10Provisioning the Mesh Wireless APs ..................................................................................................... 9-10Mesh Deployment Overview .................................................................................................................. 9-10Connecting the Mesh Wireless APs to the Enterprise Network for Discovery and Registration ............ 9-11Configuring the Mesh Wireless APs Through the Enterasys Wireless Controller .................................. 9-11Connecting the Mesh Wireless APs to the Enterprise Network for Provisioning ................................... 9-15Moving the Mesh Wireless APs to the Target Location ......................................................................... 9-15Changing the Pre-shared Key in a Mesh WLAN Service .............................................................................9-15Chapter 10: Working with a Wireless Distribution SystemAbout WDS ................................................................................................................................................... 10-1Simple WDS Configuration ........................................................................................................................... 10-2Wireless Repeater Configuration .................................................................................................................. 10-2Wireless Bridge Configuration ...................................................................................................................... 10-3Examples of Deployment .............................................................................................................................. 10-4WDS WLAN Services ................................................................................................................................... 10-4WDS Setup with a Single WDS WLAN Service ..................................................................................... 10-5WDS Setup with Multiple WDS WLAN Services .................................................................................... 10-6Key Features of WDS ................................................................................................................................... 10-7Tree-like Topology ................................................................................................................................. 10-7Radio Channels ...................................................................................................................................... 10-9Multi-Root WDS Topology ...................................................................................................................... 10-9Automatic Discovery of Parent and Backup Parent Wireless APs ....................................................... 10-10Link Security ......................................................................................................................................... 10-10Deploying the WDS System ....................................................................................................................... 10-11Planning the WDS Topology ................................................................................................................ 10-11Provisioning the WDS Wireless APs .................................................................................................... 10-11WDS Deployment Overview ................................................................................................................. 10-11Connecting the WDS Wireless APs to the Enterprise Network for Discovery and Registration .......... 10-12Configuring the WDS Wireless APs Through the Enterasys Wireless Controller ................................ 10-12Assigning the Satellite Wireless APs’ Radios to the Network WLAN Services .................................... 10-17DRAFT

ixConnecting the WDS Wireless APs to the Enterprise Network for Provisioning .................................. 10-18Moving the WDS Wireless APs to the Target Location ........................................................................ 10-18Changing the Pre-shared Key in a WDS WLAN Service ............................................................................ 10-19Chapter 11: Availability and Session AvailabilityAvailability ..................................................................................................................................................... 11-1Events and Actions in Availability ........................................................................................................... 11-2Availability Prerequisites ........................................................................................................................ 11-3Configuring Availability Using the Availability Wizard ............................................................................ 11-3Configuring Availability Manually ........................................................................................................... 11-5Session Availability ....................................................................................................................................... 11-9Events and Actions in Session Availability ........................................................................................... 11-11Enabling Session Availability ............................................................................................................... 11-11Viewing the Wireless AP Availability Display .............................................................................................. 11-17Viewing SLP Activity ................................................................................................................................... 11-18Chapter 12: Configuring MobilityMobility Overview ......................................................................................................................................... 12-1Mobility Domain Topologies ......................................................................................................................... 12-3Configuring Mobility Domain ......................................................................................................................... 12-4Designating a Mobility Manager ............................................................................................................. 12-4Designating a Mobility Agent .................................................................................................................. 12-5Chapter 13: Working with Third-party APsDefine Authentication by Captive Portal for the Third-party AP WLAN Service ........................................... 13-1Define the Third-party APs List ..................................................................................................................... 13-1Define Filtering Rules for the Third-party APs .............................................................................................. 13-2Chapter 14: Working with the MitigatorMitigator Overview ........................................................................................................................................ 14-1Analysis Engine Overview ............................................................................................................................ 14-2Enabling the Analysis and Data Collector Engines ...................................................................................... 14-2Viewing the Mitigator Logs ........................................................................................................................... 14-4Running Mitigator Scans .............................................................................................................................. 14-5Working with Mitigator Scan Results ............................................................................................................ 14-7Viewing Mitigator Scan Results .............................................................................................................. 14-7Adding an AP from the Scan Results to the List of Friendly APs ........................................................... 14-9Deleting an AP from the Scan Results ................................................................................................... 14-9Working with Friendly APs .......................................................................................................................... 14-10Viewing Friendly APs ........................................................................................................................... 14-10Adding Friendly APs Manually ............................................................................................................. 14-10Deleting Friendly APs ........................................................................................................................... 14-11Modifying Friendly APs ........................................................................................................................ 14-11Maintaining the Mitigator List of APs .......................................................................................................... 14-11Viewing the Scanner Status Report ............................................................................................................ 14-12Chapter 15: Working with Reports and DisplaysAvailable Reports and Displays .................................................................................................................... 15-1Viewing Reports and Displays ...................................................................................................................... 15-2Viewing the Wireless AP Availability Display ................................................................................................ 15-3Viewing Statistics for Wireless APs .............................................................................................................. 15-4Viewing Load Balance Group Statistics ........................................................................................................ 15-8About Radio Preference/Load Control Statistics .................................................................................... 15-8DRAFT

x About Client Balancing Statistics Reports .............................................................................................. 15-9Viewing the System Information and Manufacturing Information Displays ................................................. 15-10Viewing Displays for the Mobility Manager ................................................................................................. 15-12Viewing Reports ......................................................................................................................................... 15-14Call Detail Records (CDRs) ........................................................................................................................ 15-17CDR File Naming Convention .............................................................................................................. 15-18CDR File Types .................................................................................................................................... 15-18CDR File Format .................................................................................................................................. 15-18Viewing CDRs ...................................................................................................................................... 15-20Backing Up and Copying CDR Files to a Remote Server .................................................................... 15-20Chapter 16: Performing System AdministrationPerforming Wireless AP Client Management ............................................................................................... 16-1Disassociating a Client ........................................................................................................................... 16-1Blacklisting a Client ................................................................................................................................ 16-2Defining Enterasys Wireless Assistant Administrators and Login Groups ................................................... 16-5Chapter 17: Logs, Traces, Audits and DHCP MessagesEnterasys Wireless Controller Messages ..................................................................................................... 17-1Working with Logs ........................................................................................................................................ 17-1Log Severity Levels ................................................................................................................................ 17-2Viewing the Enterasys Wireless Controller Logs ................................................................................... 17-2Viewing Wireless AP Logs ..................................................................................................................... 17-4Viewing Login Logs ................................................................................................................................ 17-5Working with a Tech Support File .......................................................................................................... 17-6Viewing Wireless AP Traces ........................................................................................................................ 17-8Viewing the Wireless 802.11n AP Traces .............................................................................................. 17-9Viewing Audit Messages .............................................................................................................................. 17-9Viewing the DHCP Messages .................................................................................................................... 17-10Viewing the NTP Messages ....................................................................................................................... 17-11Viewing Software Upgrade Messages ........................................................................................................ 17-12Viewing Configuration Restore/Import Messages ...................................................................................... 17-13Chapter 18: Working with GuestPortal AdministrationAbout GuestPortals ...................................................................................................................................... 18-1Adding New Guest Accounts ........................................................................................................................ 18-2Enabling or Disabling Guest Accounts ......................................................................................................... 18-4Editing Guest Accounts ................................................................................................................................ 18-5Removing Guest Accounts ........................................................................................................................... 18-6Importing and Exporting a Guest File ........................................................................................................... 18-7Viewing and Printing a GuestPortal Account Ticket ..................................................................................... 18-9Working with the GuestPortal Ticket Page ................................................................................................. 18-11Working with a Custom GuestPortal Ticket Page ................................................................................ 18-11Activating a GuestPortal Ticket Page ................................................................................................... 18-12Uploading a Custom GuestPortal Ticket Page .....................................................................................18-12Deleting a Custom GuestPortal Ticket Page ........................................................................................ 18-12Configuring Web Session Timeouts ........................................................................................................... 18-12Appendix A: GlossaryNetworking Terms and Abbreviations .............................................................................................................A-1Wireless Controller Terms and Abbreviations ..............................................................................................A-15Appendix B: Regulatory InformationEnterasys Wireless Controller C25/C20/C4110/C5110 ..................................................................................B-2DRAFT

xiRack Mounting Your System ....................................................................................................................B-2Wireless APs 26XX, 36XX, and 37XX ............................................................................................................B-3Wi-Fi Certification .....................................................................................................................................B-3AP2620 External Antenna AP ..................................................................................................................B-4AP3620 External Antenna AP ..................................................................................................................B-4United States ............................................................................................................................................B-4Canada .....................................................................................................................................................B-7European Community ..............................................................................................................................B-8Certifications of Other Countries ............................................................................................................B-14AP2620 Approved External Antennas ....................................................................................................B-14AP3620 Approved External Antennas ....................................................................................................B-15Certified 3rd Party Antennas ..................................................................................................................B-16Appendix C: Default GuestPortal Source CodeTicket Page .....................................................................................................................................................C-1Placeholders Used in the Default GuestPortal Ticket Page .....................................................................C-1Default GuestPortal Ticket Page Source Code ........................................................................................C-2GuestPortal Sample Header Page .................................................................................................................C-4GuestPortal Sample Footer Page ...................................................................................................................C-5Tables1-1 WLAN and NAC Integration Steps ................................................................................................... 1-131-2 Enterasys Wireless Controller Product Families .............................................................................. 1-182-1 Wireless Assistant Home Screen Headings ....................................................................................... 2-62-2 Platform Type / Wireless APs Allowed by Permanent Activation Key .............................................. 2-142-3 Supported Certificate and CA Formats............................................................................................. 2-312-4 Topologies Page: Certificates Tab Fields and Buttons..................................................................... 2-332-5 Generate Certificate Signing Request Page - Fields and Buttons.................................................... 2-353-1 Enterasys Standard Wireless AP Models........................................................................................... 3-23-2 Available Antennas for the AP4102/4102C ........................................................................................ 3-43-3 Center LED and Wireless AP’s Status ............................................................................................. 3-133-4 Left LED and Wireless AP’s High-level State ................................................................................... 3-133-5 Left and Right LEDs and Wireless AP’s Detailed State.................................................................... 3-133-6 Composite View of Three LED Lights............................................................................................... 3-143-7 AP2610 and AP2620 LEDs Indicating Signal Strength .................................................................... 3-153-8 AP3660 LED Status Indicators ......................................................................................................... 3-163-9 Enterasys Wireless Outdoor AP LED Status.................................................................................... 3-173-10 AP2650 and AP2660 LEDs Indicating Signal Strength .................................................................... 3-183-11 LED Color Codes.............................................................................................................................. 3-193-12 LED L1 and Wireless AP’s Status .................................................................................................... 3-193-13 LEDs L3, L4 and L1, and Wireless 802.11n AP’s Detailed State ..................................................... 3-203-14 LEDs L3 and L4, and Corresponding Radio State ........................................................................... 3-213-15 LED L2 and Ethernet Port’s Status................................................................................................... 3-213-16 AP3610 and AP3620 LEDs Indicating Signal Strength .................................................................... 3-213-17 AP4102 and AP2605 Status Indicators ............................................................................................ 3-223-18 AP4102 and AP2605 Initialization and Discovery Indicators............................................................ 3-223-19 AP4102 and AP2605 Composite View of LEDs ............................................................................... 3-233-20 AP4102 and AP2605 LEDs Indicating Signal Strength .................................................................... 3-233-21 LED Operational Modes ................................................................................................................... 3-243-22 Connecting and Powering a Wireless AP......................................................................................... 3-283-23 Add Wireless AP window.................................................................................................................. 3-293-24 Static Configuration .......................................................................................................................... 3-633-25 Maximum Number of Load Balance Groups .................................................................................. 3-1124-1 Exception Filters page - Fields and Buttons ..................................................................................... 4-11DRAFT

xii 5-1 VLAN & Class of Service Tab - Fields and Buttons............................................................................ 5-25-2 Filter Types......................................................................................................................................... 5-35-3 Non-authenticated Filter Example A................................................................................................... 5-45-4 Non-authenticated Filter Example B................................................................................................... 5-45-5 Filtering Rules Example A .................................................................................................................. 5-55-6 Filtering Rules Example B .................................................................................................................. 5-55-7 Default Filter Example A..................................................................................................................... 5-65-8 Default Filter Example B..................................................................................................................... 5-65-9 Rules Between Two Wireless Devices ............................................................................................... 5-65-10 HWC and AP Filters tabs - Fields and Buttons................................................................................... 5-96-1 WLAN Services Configuration Page................................................................................................... 6-46-2 Advanced WLAN Service Configuration Page ................................................................................... 6-76-3 WLAN Services Privacy Tab - Fields and Buttons ........................................................................... 6-126-4 Vendor Specific Attributes ................................................................................................................ 6-156-5 Configure Internal Captive Portal Page - Fields and Buttons ........................................................... 6-276-6 External Captive Portal Page - Fields and Buttons .......................................................................... 6-286-7 Message Configuration page - Fields and Buttons........................................................................... 6-306-8 Captive Portal Editor Fields and Buttons.......................................................................................... 6-326-9 DSCP Code-Points........................................................................................................................... 6-356-10 Service classes................................................................................................................................. 6-366-11 Relationship between service class and 802.1D UP ........................................................................ 6-376-12 QoS mode combinations .................................................................................................................. 6-386-13 Queues............................................................................................................................................. 6-386-14 Traffic Prioritization........................................................................................................................... 6-397-1 Enterasys Wireless Controller Active and Defined VNS Support ..................................................... 7-478-1 General Tab - Fields and Buttons....................................................................................................... 8-310-1 Wireless APs and Their Roles........................................................................................................ 10-1515-1 AP Inventory Report Columns ........................................................................................................ 15-1515-2 CDR Records and Their Description .............................................................................................. 15-1818-1 Guest Account Import and Export .csv File Values .......................................................................... 18-7A-1 Networking Terms and Abbreviations.................................................................................................A-1A-2 Wireless Controller Terms and Abbreviations ..................................................................................A-15B-1 Wireless AP Wi-Fi Certification ID ......................................................................................................B-3B-2 European Spectrum Usage Rules ....................................................................................................B-12B-3 List of FCC/IC/ETSI Approved Antennas — AP2620 .......................................................................B-15B-4 List of FCC/IC/ETSI Approved Antennas — AP3620 .......................................................................B-16B-5 Certified 3rd Party Antennas for Use with AP2620, AP260-1, AP3620 and AP3620-1 Models .......B-16C-1 Default GuestPortal Ticket Page Template Placeholders ..................................................................C-1Figures1-1 Standard Wireless Network Solution Example ...................................................................................1-21-2 Enterasys Wireless Controller Solution .............................................................................................. 1-41-3 Traffic Flow Diagram .......................................................................................................................... 1-91-4 VNS as a Binding of Reusable Components.................................................................................... 1-111-5 WLAN and NAC Integration with External Captive Portal Authentication......................................... 1-132-1 Wireless Assistant Top Menu Bar ...................................................................................................... 2-52-2 Wireless Assistant Home Screen ....................................................................................................... 2-52-3 Generate Certificate Signing Request Window ................................................................................ 2-353-1 Enterasys Standard Wireless APs Baseband .................................................................................... 3-33-2 MIMO in Enterasys Wireless 802.11n AP .......................................................................................... 3-63-3 Enterasys Wireless 802.11n AP’s Baseband .....................................................................................3-83-4 Enterasys Wireless AP LEDs ........................................................................................................... 3-123-5 AP3660 Bottom View........................................................................................................................ 3-163-6 Enterasys Wireless Outdoor AP LEDs ............................................................................................. 3-173-7 Enterasys Wireless 802.11n AP LEDs ............................................................................................. 3-19DRAFT

xiii5-1 VLAN & Class of Service Tab............................................................................................................. 5-25-2 Filter Rules Page - HWC Filters Tab .................................................................................................. 5-85-3 Filter Rules Page - AP Filters Tab ...................................................................................................... 5-86-1 Captive Portal Page Configuration Page for Internal and Guest Splash Modes .............................. 6-266-2 Captive Portal Page for External and 802.1x Modes........................................................................ 6-266-3 Captive Portal Page for Guest Portal Mode ..................................................................................... 6-277-1 VNS Configuration Flow ..................................................................................................................... 7-18-1 Rate Limiter Example ......................................................................................................................... 8-69-1 Simple Mesh Configuration ................................................................................................................ 9-29-2 Wireless Repeater Configuration........................................................................................................ 9-39-3 Wireless Bridge Configuration ............................................................................................................ 9-39-4 Examples of Mesh Deployment.......................................................................................................... 9-49-5 Deployment Example ......................................................................................................................... 9-59-6 Mesh Setup with a Single Mesh WLAN Service................................................................................. 9-69-7 Mesh Setup with Multiple Mesh WLAN Services................................................................................ 9-79-8 Parent-Child Relationship Between Wireless APs in Mesh Configuration ......................................... 9-89-9 Multiple-Root Mesh Topology............................................................................................................. 9-99-10 Mesh Deployment............................................................................................................................. 9-1210-1 Simple WDS Configuration............................................................................................................... 10-210-2 Wireless Repeater Configuration...................................................................................................... 10-310-3 Wireless Bridge Configuration .......................................................................................................... 10-310-4 Examples of WDS Deployment ........................................................................................................ 10-410-5 Deployment Example ....................................................................................................................... 10-510-6 WDS Setup with a Single WDS WLAN Service................................................................................ 10-610-7 WDS Setup with Multiple WDS WLAN Services .............................................................................. 10-710-8 Parent-Child Relationship Between Wireless APs in WDS Configuration........................................ 10-810-9 Multiple-root WDS Topology........................................................................................................... 10-1010-10 WDS Deployment ........................................................................................................................... 10-1311-1 AP Fail Over to 2ndary Controller When Primary Goes Down ......................................................... 11-911-2 AP Fail Over to 2ndary Controller When Connectivity to Primary Fails............................................ 11-911-3 Session Availability Mode............................................................................................................... 11-1012-1 Mobility Domain with Fast Failover and Session Availability Features............................................. 12-315-1 Sample .dat File.............................................................................................................................. 15-22DRAFT

User Guide, V8.01 xvAbout This GuideThisguidedescribeshowtoinstall,configure,andmanagetheEnterasysWirelessConvergenceSoftwaresystem.Thisguideisalsoavailableasanonlinehelpsystem.To Access the Online Help System:1. IntheEnterasysWirelessAssistantTopMenubar,clickHelp.2. Theonlinehelpsystemislaunched.Intended AudienceThisguideisareferenceforsystemadministratorswhoinstallandmanagetheEnterasysWirelesssystem.Anyadministratorperformingtasksdescribedinthisguidemusthaveanaccountwithadministrativeprivileges.How to Use This GuideThisprefaceprovidesanoverviewofthisguideandabriefsummaryofeachchapter,definestheconventionsusedinthisdocument;andinstructshowtoobtaintechnicalsupportfromEnterasysNetworks.Tolocateinformationaboutvarioussubjectsinthisguide,refertothefollowingtable.For... Refer to...An overview of the product, its features and functionality. Chapter 1, Overview of the Enterasys Wireless Convergence Software SolutionInformation about how to perform the installation, first time setup and configuration of the Enterasys Wireless Controller, as well as configuring the data ports and defining routing.Chapter 2, Configuring the Enterasys Wireless ControllerInformation on how to install the Wireless AP, how it discovers and registers with the Enterasys Wireless Controller, and how to view and modify radio configuration.Chapter 3, Configuring the Wireless APAn overview of topologies and provides detailed information about how to configure them.Chapter 4, Configuring TopologiesAn overview of policies and provides detailed information about how to configure them.Chapter 5, Configuring PoliciesAn overview of WLAN services and provides detailed information about how to configure them.Chapter 6, Configuring WLAN ServicesAn overview of Virtual Network Services (VNS), provides detailed instructions in how to configure a VNS, either using the Wizards or by manually creating the component parts of a VNS.Chapter 7, Configuring a VNSDRAFT

Formatting Conventionsxvi About This GuideFormatting ConventionsTheEnterasysWirelessConvergenceSoftwaredocumentationusesthefollowingformattingconventionstomakeiteasiertofindinformationandfollowprocedures:•Boldtextisusedtoidentifycomponentsofthemanagementinterface,suchasmenuitemsandsectionofpages,aswellasthenamesofbuttonsandtextboxes.Forexample:ClickLogout.Information about configuring Classes of Service (CoS) which are a configuration entity containing QoS Marking (802.1p and ToS/DSCP), Inbound/Outbound Rate Limiting and Transmit Queue Assignments. Chapter 8, Configuring Classes of ServiceAn overview of Mesh networks and provides detailed information about how to create a Mesh network.Chapter 9, Working with a Mesh NetworkAn overview of a Wireless Distribution System (WDS) network configuration and provides detailed information about how to create a Mesh network.Chapter 10, Working with a Wireless Distribution SystemInformation on how to set up the features that maintain service availability in the event of a Enterasys Wireless Controller failover.Chapter 11, Availability and Session AvailabilityInformation on how to set up the mobility domain that provides mobility for a wireless device user when the user roams from one Wireless AP to another in the mobility domain.Chapter 12, Configuring MobilityInformation on how to use the Enterasys Wireless Convergence Software features with third-party wireless access points.Chapter 13, Working with Third-party APsInformation on the security tool that scans for, detects, and reports on rogue APs.Chapter 14, Working with the MitigatorInformation on the various reports and displays available in the Enterasys Wireless Convergence Software system.Chapter 15, Working with Reports and DisplaysInformation on system administration activities, such as performing Wireless AP client management, defining management users, configuring the network time, and configuring Web session timeouts.Chapter 16, Performing System AdministrationInformation on how to view and interpret the logs, traces, audits and DHCP messages.Chapter 17, Logs, Traces, Audits and DHCP MessagesInformation on how to configure GuestPortal accounts using the Enterasys Wireless Convergence Software.Chapter 18, Working with GuestPortal AdministrationA list of terms and definitions for the Enterasys Wireless Controller and the Wireless AP as well as standard industry terms used in this guide.Appendix A, GlossaryRegulatory information for the Enterasys Wireless Controller and the Enterasys Wireless Access Points (APs).Appendix B, Regulatory InformationThe default GuestPortal ticket page source code. Appendix C, Default GuestPortal Source CodeFor... Refer to...DRAFT

Additional DocumentationUser Guide, V8.01 xvii•Monospace fontisusedincodeexamplesandtoindicatetextthatyoutype.Forexample:Typehttps://<hwc-address>[:mgmt-port]•Thefollowingnotesareusedtodrawyourattentiontoadditionalinformation:Additional DocumentationToaccessrelatedinformation,seetheEnterasysWirelessConvergenceSoftwareUserGuide.EnterasysWirelessControllerdocumentationisavailableat:https://extranet.enterasys.com/downloadswww.siemens.com/automation/service&supportGetting HelpForadditionalsupportrelatedtotheproductorthisdocument,contactEnterasysNetworksusingoneofthefollowingmethods:BeforecontactingEnterasysNetworksfortechnicalsupport,havethefollowinginformationready:•YourEnterasysNetworksservicecontractnumber•Adescriptionofthefailure•Adescriptionofanyaction(s)alreadytakentoresolvetheproblem(forexample,changingmodeswitchesorrebootingtheunit)•TheserialandrevisionnumbersofallinvolvedEnterasysNetworksproductsinthenetwork•Adescriptionofyournetworkenvironment(suchaslayout,cabletype,otherrelevantenvironmentalinformation)•Networkloadandframesizeatthetimeoftrouble(ifknown)Note: Notes identify useful information, such as reminders, tips, or other ways to perform a task.Caution: Cautionary notes identify essential information, which if ignored can adversely affect the operation of your equipment or software.Warning: Warning notes identify essential information, which if ignored can lead to personal injury or harm.World Wide Web www.enterasys.com/supportPhone 1-800-872-8440 (toll-free in U.S. and Canada) or 1-978-684-1000To find the Enterasys Networks Support toll-free number in your country: www.enterasys.com/supportInternet mail support@enterasys.comTo expedite your message, type Enterasys Wireless in the subject lineTo send comments concerning this document to the Technical Publications Department:techpubs@www.enterasys.comPlease include the document part number in your email message.DRAFT

Safety Informationxviii About This Guide•Thedevicehistory(forexample,whetheryouhavereturnedthedevicebefore,orwhetherthisisarecurringproblem)•AnypreviousReturnMaterialAuthorization(RMA)numbersSafety InformationDangers•Replacethepowercableimmediatelyifitshowsanysignofdamage.•Replaceanydamagedsafetyequipment(covers,labelsandprotectivecables)immediately.•Useonlyoriginalaccessoriesorcomponentsapprovedforthesystem.FailuretoobservetheseinstructionsmaydamagetheequipmentorevenviolatesafetyandEMCregulations.•OnlyauthorizedEnterasysservicepersonnelarepermittedtoservicethesystem.Warnings•ThisdevicemustnotbeconnectedtoaLANsegmentwithoutdoorwiring.•Ensurethatallcablesareruncorrectlytoavoidstrain.•Replacethepowersupplyadapterimmediatelyifitshowsanysignofdamage.• Disconnectallpowerbeforeworkingnearpowersuppliesunlessotherwiseinstructedbyamaintenanceprocedure.•ExercisecautionwhenservicinghotswappableEnterasysWirelessControllercomponents:powersuppliesorfans.Rotatingfanscancauseseriouspersonalinjury.•Thisunitmayhavemorethanonepowersupplycord.Toavoidelectricalshock,disconnectallpowersupplycordsbeforeservicing.Inthecaseofunitfailureofoneofthepowersupplymodules,themodulecanbereplacedwithoutinterruptionofpowertotheEnterasysWirelessController.However,thisproceduremustbecarriedoutwithcaution.Wearglovestoavoidcontactwiththemodule,whichwillbeextremelyhot.•Thereisariskofexplosionifalithiumbatteryisnotcorrectlyreplaced.Thelithiumbatterymustbereplacedonlybyanidenticalbatteryoronerecommendedbythemanufacturer.•Alwaysdisposeoflithiumbatteriesproperly.•Donotattempttoliftobjectsthatyouthinkaretooheavyforyou.Cautions•Checkthenominalvoltagesetfortheequipment(operatinginstructionsandtypeplate).Highvoltagescapableofcausingshockareusedinthisequipment.Exercisecautionwhenmeasuringhighvoltagesandwhenservicingcards,panels,andboardswhilethesystemispoweredon.•Onlyusetoolsandequipmentthatareinperfectcondition.Donotuseequipmentwithvisibledamage.•Toprotectelectrostaticsensitivedevices(ESD),wearawristbandbeforecarryingoutanyworkonhardware.•Laycablessoastopreventanyriskofthembeingdamagedorcausingaccidents,suchastripping.DRAFT

SicherheitshinweiseUser Guide, V8.01 xixSicherheitshinweiseGefahrenhinweise•SolltedasNetzkabelAnzeichenvonBeschädigungenaufweisen,tauschenSieessofortaus.•TauschenSiebeschädigteSicherheitsausrüstungen(Abdeckungen,TypenschilderundSchutzkabel)sofortaus.•VerwendenSieausschließlichOriginalzubehörodersystemspezifischzugelasseneKomponenten.DieNichtbeachtungdieserHinweisekannzurBeschädigungderAusrüstungoderzurVerletzungvonSicherheits‐undEMV‐Vorschriftenführen.•DasSystemdarfnurvonautorisiertemEnterasys‐Servicepersonalgewartetwerden.Warnhinweise•DiesesGerätdarfnichtüberAußenverdrahtunganeinLAN‐Segmentangeschlossenwerden.•StellenSiesicher,dassalleKabelkorrektgeführtwerden,umZugbelastungzuvermeiden.•SolltedasNetzteilAnzeichenvonBeschädigungaufweisen,tauschenSieessofortaus.• TrennenSiealleStromverbindungen,bevorSieArbeitenimBereichderStromversorgungvornehmen,soferndiesnichtfüreineWartungsprozedurandersverlangtwird.•GehenSievorsichtigvor,wennSieanHotswap‐fähigenWirelessController‐Komponenten(StromversorgungenoderLüftern)Servicearbeitendurchführen.RotierendeLüfterkönnenernsthafteVerletzungenverursachen.•DiesesGerätistmöglicherweiseübermehralseinNetzkabelangeschlossen.UmdieGefahreineselektrischenSchlageszuvermeiden,solltenSievorDurchführungvonServicearbeitenalleNetzkabeltrennen.FallseinesderStromversorgungsmoduleausfällt,kannesausgetauschtwerden,ohnedieStromversorgungzumWirelessControllerzuunterbrechen.BeidieserProzeduristjedochmitVorsichtvorzugehen.DasModulkannextremheißsein.TragenSieHandschuhe,umVerbrennungenzuvermeiden.•BeiunsachgemäßemAustauschderLithium‐BatteriebestehtExplosionsgefahr.DieLithium‐BatteriedarfnurdurchidentischeodervomHändlerempfohleneTypenersetztwerden.•AchtenSiebeiLithium‐BatterienaufdieordnungsgemäßeEntsorgung.• VersuchenSieniemals,ohneHilfeschwereGegenständezuheben.Vorsichtshinweise• ÜberprüfenSiediefürdieAusrüstungfestgelegteNennspannung(BedienungsanleitungundTypenschild).DieseAusrüstungarbeitetmitHochspannung,diemitderGefahreineselektrischenSchlagesverbundenist.GehenSiemitgroßerVorsichtvor,wennSiebeieingeschaltetemSystemHochspannungenmessenoderKarten,SchalttafelnundBaugruppenwarten.•VerwendenSienurWerkzeugeundAusrüstungineinwandfreiemZustand.VerwendenSiekeineAusrüstungmitsichtbarenBeschädigungen.•TragenSiebeiArbeitenanHardwarekomponenteneinArmband,umelektrostatischgefährdeteBauelemente(EGB)vorBeschädigungenzuschützen.•VerlegenSieLeitungenso,dasssiekeineUnfallquelle(Stolpergefahr)bildenundnichtbeschädigtwerden.DRAFT

Consignes De Sécuritéxx About This GuideConsignes De SécuritéDangers•Silecordonderaccordementausecteurestendommagé,remplacez‐leimmédiatement.• Remplacezsansdélaileséquipementsdesécuritéendommagés(caches,étiquettesetconducteursdeprotection).•Utilisezuniquementlesaccessoiresdʹorigineoulesmodulesagréésspécifiquesausystème.Danslecascontraire,vousrisquezdʹendommagerlʹinstallationoudʹenfreindrelesconsignesenmatièredesécuritéetdecompatibilitéélectromagnétique.•SeullepersonneldeserviceEnterasysestautoriséàmaintenir/réparerlesystème.Avertissements•CetappareilnedoitpasêtreconnectéàunsegmentdeLANàlʹaidedʹuncâblageextérieur.• Vérifiezquetouslescâblesfonctionnentcorrectementpouréviterunecontrainteexcessive.•Silʹadaptateurdʹalimentationprésentedesdommages,remplacez‐leimmédiatement.•Coupeztoujourslʹalimentationavantdetravaillersurlesalimentationsélectriques,saufsilaprocéduredemaintenancementionnelecontraire.•Preneztouteslesprécautionsnécessaireslorsdelʹentretien/réparationsdesmodulesduWirelessControllerpouvantêtrebranchésàchaud:alimentationsélectriquesouventilateurs.Lesventilateursrotatifspeuventprovoquerdesblessuresgraves.• Cetteunitépeutavoirplusieurscordonsdʹalimentation.Pourévitertoutchocélectrique,débrancheztouslescordonsdʹalimentationavantdeprocéderàlamaintenance.Encasdepannedʹundesmodulesdʹalimentation,lemoduledéfectueuxpeutêtrechangésanséteindreleWirelessController.Toutefois,ceremplacementdoitêtreeffectuéavecprécautions.Portezdesgantspouréviterdetoucherlemodulequipeutêtretrèschaud.•Leremplacementnonconformedelabatterieaulithiumpeutprovoqueruneexplosion.Remplacezlabatterieaulithiumparunmodèleidentiqueouparunmodèlerecommandéparlerevendeur.•Samiseaurebutdoitêtreconformeauxprescriptionsenvigueur.•Nʹessayezjamaisdesouleverdesobjetsquirisquentdʹêtretroplourdspourvous.Précautions• Contrôlezlatensionnominaleparamétréesurlʹinstallation(voirlemodedʹemploietlaplaquesignalétique).Destensionsélevéespouvantentraînerdeschocsélectriquessontutiliséesdanscetéquipement.Lorsquelesystèmeestsoustension,preneztouteslesprécautionsnécessaireslorsdelamesuredeshautestensionsetdelʹentretien/réparationdescartes,despanneaux,desplaques.•Nʹutilisezquedesappareilsetdesoutilsenparfaitétat.Nemettezjamaisenservicedesappareilsprésentantdesdommagesvisibles.•Pourprotégerlesdispositifssensiblesàlʹélectricitéstatique,portezunbraceletantistatiquelorsdutravailsurlematériel.•Acheminezlescâblesdemanièreàcequʹilsnepuissentpasêtreendommagésetquʹilsneconstituentpasunesourcededanger(parexemple,enprovoquantlachutedepersonnes).DRAFT

User Guide, V8.01 1-11Overview of the Enterasys Wireless ConvergenceSoftware SolutionThischapterdescribesEnterasysWirelessConvergenceSoftwareconcepts,including:IntroductionThenextgenerationofEnterasyswirelessnetworkingdevicesprovidesatrulyscalableWLANsolution.EnterasysWirelessAPsarefitaccesspointscontrolledthroughasophisticatednetworkdevice,theEnterasysWirelessController.Thissolutionprovidesthesecurityandmanageabilityrequiredbyenterprisesandserviceproviders.TheEnterasysWirelesssystemisahighlyscalableWirelessLocalAreaNetwork(WLAN)solution.BasedonathirdgenerationWLANtopology,theEnterasysWirelesssystemmakeswirelesspracticalforserviceprovidersaswellasmediumandlarge‐scaleenterprises.TheEnterasysWirelesssystemprovidesasecure,highlyscalable,cost‐effectivesolutionbasedontheIEEE802.11standard.Thesystemisintendedforenterprisenetworksoperatingonmultiplefloorsinmorethanonebuilding,andisidealforpublicenvironments,suchasairportsandconventioncentersthatrequiremultipleaccesspoints.ThischapterprovidesanoverviewofthefundamentalprinciplesoftheEnterasysWirelesssystem.The Enterasys Wireless SystemTheEnterasysWirelessControllerisanetworkdevicedesignedtointegratewithanexistingwiredLocalAreaNetwork(LAN).Therack‐mountableEnterasysWirelessControllerprovidescentralizedmanagement,networkaccess,androutingtowirelessdevicesthatuseWirelessAPstoaccessthenetwork.Itcanalsobeconfiguredtohandledatatrafficfromthird‐partyaccesspoints.TheEnterasysWirelessControllerprovidesthefollowingfunctionality:• ControlsandconfiguresWirelessAPs,providingcentralizedmanagement• AuthenticateswirelessdevicesthatcontactaWirelessAPFor information about... Refer to page...Introduction 1-1Conventional Wireless LANs 1-2Elements of the Enterasys Wireless Convergence Software Solution 1-3Enterasys Wireless Convergence Software and Your Network 1-7Enterasys Wireless Controller Product Family 1-17DRAFT

Conventional Wireless LANs1-2 Overview of the Enterasys Wireless Convergence Software Solution• AssignseachwirelessdevicetoaVNSwhenitconnects•Routestrafficfromwirelessdevices,usingVNS,tothewirednetwork•Appliesfilteringpoliciestothewirelessdevicesession•ProvidessessionloggingandaccountingcapabilityConventional Wireless LANsWirelesscommunicationbetweenmultiplecomputersrequiresthateachcomputerbeequippedwithareceiver/transmitter—aWLANNetworkInterfaceCard(NIC)—capableofexchangingdigitalinformationoveracommonradiofrequency.Thisiscalledanadhocnetworkconfiguration.Anadhocnetworkconfigurationallowswirelessdevicestocommunicatetogether.Thissetupisdefinedasanindependentbasicserviceset(IBSS).Analternativetotheadhocconfigurationistheuseofanaccesspoint.Thismaybeadedicatedhardwarebridgeoracomputerrunningspecialsoftware.Computersandotherwirelessdevicescommunicatewitheachotherthroughthisaccesspoint.The802.11standarddefinesaccesspointcommunicationsasdevicesthatallowwirelessdevicestocommunicatewithadistributionsystem.Thissetupisdefinedasabasicserviceset(BSS)orinfrastructurenetwork.Toallowthewirelessdevicestocommunicatewithcomputersonawirednetwork,theaccesspointsmustbeconnectedtothewirednetworkprovidingaccesstothenetworkedcomputers.Thistopologyiscalledbridging.Withbridging,securityandmanagementscalabilityisoftenaconcern.Figure 1-1 Standard Wireless Network Solution ExampleDHCP ServerRADIUS Authentication ServerEthernet Router/SwitchWireless APWireless APEthernetWireless Devices Wireless DevicesDRAFT

Elements of the Enterasys Wireless Convergence Software SolutionUser Guide, V8.01 1-3Thewirelessdevicesandthewirednetworkscommunicatewitheachotherusingstandardnetworkingprotocolsandaddressingschemes.Mostcommonly,InternetProtocol(IP)addressingisused.Elements of the Enterasys Wireless Convergence Software SolutionTheEnterasysWirelessConvergenceSoftwaresolutionconsistsoftwodevices:•EnterasysWirelessController•WirelessAPsThisarchitectureallowsasingleEnterasysWirelessControllertocontrolmanyWirelessAPs,makingtheadministrationandmanagementoflargenetworksmucheasier.TherecanbeseveralEnterasysWirelessControllersinthenetwork,eachwithasetofregisteredWirelessAPs.TheEnterasysWirelessControllerscanalsoactasbackupstoeachother,providingstablenetworkavailability.InadditiontotheEnterasysWirelessControllersandWirelessAPs,thesolutionrequiresthreeothercomponents,allofwhicharestandardforenterpriseandserviceprovidernetworks:•RADIUSServer(RemoteAccessDial‐InUserService)orotherauthenticationserver•DHCPServer(DynamicHostConfigurationProtocol).IfyoudonothaveaDHCPServeronyournetwork,youcanenablethelocalDHCPServerontheEnterasysWirelessController.ThelocalDHCPServerisusefulasageneralpurposeDHCPServerforsmallsubnets.Formoreinformation,seeStep 11of“SettingUptheDataPorts”onpage 2‐16.•SLP(ServiceLocationProtocol)DRAFT

Elements of the Enterasys Wireless Convergence Software Solution1-4 Overview of the Enterasys Wireless Convergence Software SolutionFigure 1-2 Enterasys Wireless Controller SolutionAsillustratedinFigure 1‐2,theEnterasysWirelessControllerappearstotheexistingnetworkasifitwereanaccesspoint,butinfactoneEnterasysWirelessControllercontrolsmanyWirelessAPs.TheEnterasysWirelessControllerhasbuilt‐incapabilitiestorecognizeandmanagetheWirelessAPs.TheEnterasysWirelessController:•ActivatestheWirelessAPs•EnablesWirelessAPstoreceivewirelesstrafficfromwirelessdevices•ProcessesthedatatrafficfromtheWirelessAPs•Forwardsorroutestheprocesseddatatrafficouttothenetwork• AuthenticatesrequestsandappliesaccesspoliciesSimplifyingtheWirelessAPsmakesthemcost‐effective,easytomanage,andeasytodeploy.PuttingcontrolonanintelligentcentralizedEnterasysWirelessControllerenables:• Centralizedconfiguration,management,reporting,andmaintenance•Highsecurity•Flexibilitytosuitenterprise•ScalableandresilientdeploymentswithafewEnterasysWirelessControllerscontrollinghundredsofWirelessAPsDHCP ServerRADIUS Authentication ServerEthernetRouter/SwitchWireless APWireless APEthernetWireless DevicesWireless DevicesWireless ControllerDRAFT

Elements of the Enterasys Wireless Convergence Software SolutionUser Guide, V8.01 1-5TheEnterasysWirelesssystem:•ScalesuptoEnterprisecapacity—EnterasysWirelessControllersarescalable:– C5110—Upto525APs– C4110—Upto250APs–C20—Upto32APs–C25—Upto48APs– V2110—Upto120APsInturn,eachWirelessAPcanhandleupto254wirelessdevices,witheachradiosupportingamaximumof127.WithadditionalEnterasysWirelessControllers,thenumberofwirelessdevicesthesolutioncansupportcanreachintothethousands.•Integrateswithexistingnetwork—AEnterasysWirelessControllercanbeaddedtoanexistingenterprisenetworkasanewnetworkdevice,greatlyenhancingitscapabilitywithoutinterferingwithexistingfunctionality.IntegrationoftheEnterasysWirelessControllersandWirelessAPsdoesnotrequireanyre‐configurationoftheexistinginfrastructure(forexample,VLANs).•IntegrateswiththeEnterasysNetSightSuiteofproducts.Formoreinformation,see“EnterasysNetSightSuiteIntegration”onpage 1‐6.Plug‐inapplicationsinclude:–AutomatedSecurityManager–InventoryManager–NACManager–PolicyControlConsole–PolicyManager•Offerscentralizedmanagementandcontrol—AnadministratoraccessestheEnterasysWirelessControllerinitscentralizedlocationtomonitorandadministertheentirewirelessnetwork.FromtheEnterasysWirelessControllertheadministratorcanrecognize,configure,andmanagetheWirelessAPsanddistributenewsoftwarereleases.•ProvideseasydeploymentofWirelessAPs—TheinitialconfigurationoftheWirelessAPsonthecentralizedEnterasysWirelessControllercanbedonewithanautomatic“discovery”technique.•Providessecurityviauserauthentication—Usesexistingauthentication(AAA)serverstoauthenticateandauthorizeusers.•Providessecurityviafiltersandprivileges—Usesvirtualnetworkingtechniquestocreateseparatevirtualnetworkswithdefinedauthenticationandbillingservices,accesspolicies,andprivileges.•Supportsseamlessmobilityandroaming—SupportsseamlessroamingofawirelessdevicefromoneWirelessAPtoanotheronthesameEnterasysWirelessControlleroronadifferentEnterasysWirelessController.•Integratesthird‐partyaccesspoints—Usesacombinationofnetworkroutingandauthenticationtechniques.•Preventsroguedevices—UnauthorizedaccesspointsaredetectedandidentifiedaseitherharmlessordangerousrogueAPs.•Providesaccountingservices—Logswirelessusersessions,usergroupactivity,andotheractivityreporting,enablingthegenerationofconsolidatedbillingrecords.DRAFT

Elements of the Enterasys Wireless Convergence Software Solution1-6 Overview of the Enterasys Wireless Convergence Software Solution•Offerstroubleshootingcapability—Logssystemandsessionactivityandprovidesreportstoaidintroubleshootinganalysis.•OffersdynamicRFmanagement—AutomaticallyselectschannelsandadjustsRadioFrequency(RF)signalpropagationandpowerlevelswithoutuserintervention.Enterasys NetSight Suite IntegrationTheEnterasysWirelessConvergenceSoftwaresolutionnowintegrateswiththeEnterasysNetSightSuiteofproducts.TheEnterasysNetSightSuiteofproductsprovidesacollectionoftoolstohelpyoumanagenetworks.Itsclient/serverarchitectureletsyoumanageyournetworkfromasingleworkstationor,fornetworksofgreatercomplexity,fromoneormoreclientworkstations.Itisdesignedtofacilitatespecificnetworkmanagementtaskswhilesharingdataandprovidingcommoncontrolsandaconsistentuserinterface.Formoreinformation,seehttp://www.enterasys.com/products/visibility‐control/index.aspxTheNetSightSuiteisafamilyofproductscomprisedofNetSightConsoleandasuiteofplug‐inapplications,including:•AutomatedSecurityManager—AutomatedSecurityManagerisauniquethreatresponsesolutionthattranslatessecurityintelligenceintosecurityenforcement.Itprovidessophisticatedidentificationandmanagementofthreatsandvulnerabilities.ForinformationonhowtheEnterasysWirelessConvergenceSoftwaresolutionintegrateswiththeAutomatedSecurityManagerapplication,seetheEnterasysWirelessConvergenceSoftwareMaintenanceGuide.•InventoryManager—InventoryManagerisatoolforefficientlydocumentingandupdatingthedetailsoftheever‐changingnetwork.ForinformationonhowtheEnterasysWirelessConvergenceSoftwaresolutionintegrateswiththeAutomatedSecurityManagerapplication,seetheEnterasysWirelessConvergenceSoftwareMaintenanceGuide.•NACManager—NACManagerisaleading‐edgeNACsolutiontoensureonlytherightusershaveaccesstotherightinformationfromtherightplaceattherighttime.TheEnterasysNACsolutionperformsmulti‐user,multi‐methodauthentication,vulnerabilityassessmentandassistedremediation.ForinformationonhowtheEnterasysWirelessConvergenceSoftwaresolutionintegrateswiththeEnterasysNACsolution,see“NACintegrationwithEnterasysWirelessWLAN”onpage 1‐12.•PolicyManager—PolicyManagerrecognizestheEnterasysWirelessControllersuiteaspolicycapabledevicesthatacceptpartialconfigurationfromPolicyManager.CurrentlythisintegrationispartialinthesensethatNetSightisunabletocreateWLANservicesdirectly;TheWLANservicesneedtobedirectlyprovisionedonthecontrollerandarerepresentedtoPolicyManageraslogicalports.TheEnterasysWirelessControllerallowsPolicyManagerto:– AttachTopologies(assignVLANtoport)totheEnterasysWirelessControllerphysicalports(Console).– Attachpolicytothelogicalports(WLANService/SSID),– AssignaDefaultRole/PolicytoaWLANService,thuscreatingtheVNS.–Performauthenticationoperationswhichcanthenreferencedefinedpoliciesforstation‐specificpolicyenforcement.Thiscanbeseenasathreestepprocess:a. Deploythecontrollerandperformlocalconfiguration‐TheEnterasysWirelessControllershipswithadefaultSSID,attachedbydefaulttoallAPradios,whenenabled.DRAFT

Enterasys Wireless Convergence Software and Your NetworkUser Guide, V8.01 1-7‐UsethebasicinstallationwizardtocompletetheEnterasysWirelessControllerconfiguration.b. UsePolicyManagerto:‐PushtheVLANlisttotheEnterasysWirelessController(Topologies)‐AttachVLANstoEnterasysWirelessControllerphysicalports(Console‐CompleteTopologydefinition)‐PushRADIUSserverconfigurationtotheEnterasysWirelessController‐PushpolicydefinitionstotheEnterasysWirelessController‐AttachthedefaultpolicytocreateaVNSc. Finetunecontrollersettings.Forexample,configuringfilteringatAPsandEnterasysWirelessControllerforabridgedatcontrollerorroutedtopologiesandassociatedVNSs.Enterasys Wireless Convergence Software and Your NetworkThissectionisasummaryofthecomponentsoftheEnterasysWirelessConvergenceSoftwaresolutiononyourenterprisenetwork.Thefollowingaredescribedindetailinthisguide,unlessotherwisestated:•EnterasysWirelessController—Arack‐mountablenetworkdevicethatprovidescentralizedcontroloverallaccesspointsandmanagesthenetworkassignmentofwirelessdeviceclientsassociatingthroughaccesspoints.•WirelessAP—AwirelessLANfitaccesspointthatcommunicateswithaEnterasysWirelessController.•RADIUSServer(RemoteAccessDial‐InUserService)(RFC2865),orotherauthenticationserver—AnauthenticationserverthatassignsandmanagesIDandPasswordprotectionthroughoutthenetwork.Usedforauthenticationofthewirelessusersineither802.1xorCaptivePortalsecuritymodes.TheRADIUSServersystemcanbesetupforcertainstandardattributes,suchasfilterID,andfortheVendorSpecificAttributes(VSAs).Inaddition,RADIUSDisconnect(RFC3576)whichpermitsdynamicadjustmentofuserpolicy(userdisconnect)issupported.•DHCPServer(DynamicHostConfigurationProtocol)(RFC2131)—AserverthatassignsdynamicallyIPaddresses,gateways,andsubnetmasks.IPaddressassignmentforclientscanbedonebytheDHCPserverinternaltotheEnterasysWirelessController,orbyexistingserversusingDHCPrelay.ItisalsousedbytheWirelessAPstodiscoverthelocationoftheEnterasysWirelessControllerduringtheinitialregistrationprocessusingOptions43,60,andOption78.Options43and60specifythevendorclassidentifier(VCI)andvendorspecificinformation.Option78specifiesthelocationofoneormoreSLPDirectoryAgents.ForSLP,DHCPshouldhaveOption78enabled.•ServiceLocationProtocol(SLP)(SLPRFC2608)—ClientapplicationsareUserAgentsandservicesthatareadvertisedbyaServiceAgent.Inlargerinstallations,aDirectoryAgentcollectsinformationfromServiceAgentsandcreatesacentralrepository.TheEnterasyssolutionreliesonregistering“Enterasys”asanSLPServiceAgent.•DomainNameServer(DNS)—Aserverusedasanalternatemechanism(ifpresentontheenterprisenetwork)fortheautomaticdiscoveryprocess.EnterasysWirelessController,AccessPointsandConvergenceSoftwarereliesontheDNSforLayer3deploymentsandforNote: Complete information about integration with Policy Manager is outside the scope of this document.DRAFT

Enterasys Wireless Convergence Software and Your Network1-8 Overview of the Enterasys Wireless Convergence Software SolutionstaticconfigurationofWirelessAPs.ThecontrollercanberegisteredinDNS,toprovideDNSassistedAPdiscovery.Inaddition,DNScanalsobeusedforresolvingRADIUSserverhostnames.•WebAuthenticationServer—AserverthatcanbeusedforexternalCaptivePortalandexternalauthentication.TheEnterasysWirelessControllerhasaninternalCaptiveportalpresentationpage,whichallowsWebauthentication(Webredirection)totakeplacewithouttheneedforanexternalCaptivePortalserver.•RADIUSAccountingServer(RemoteAccessDial‐InUserService)(RFC2866)—AserverthatisrequiredifRADIUSAccountingisenabled.•SimpleNetworkManagementProtocol(SNMP)—AManagerServerthatisrequiredifforwardingSNMPmessagesisenabled.•Networkinfrastructure—TheEthernetswitchesandroutersmustbeconfiguredtoallowroutingbetweenthevariousservicesnotedabove.RoutingmustalsobeenabledbetweenmultipleEnterasysWirelessControllersforthefollowingfeaturestooperatesuccessfully:– Availability– Mobility– MitigatorfordetectionofrogueaccesspointsSomefeaturesalsorequirethedefinitionofstaticroutes.•WebBrowser—AbrowserprovidesaccesstotheEnterasysWirelessControllerManagementuserinterfacetoconfiguretheEnterasysWirelessConvergenceSoftware.•SSHEnabledDevice—AdevicethatsupportsSecureShell(SSH)isusedforremote(IP)shellaccesstothesystem.•ZoneIntegrity—TheZoneintegrityserverenhancesnetworksecuritybyensuringclientsaccessingyournetworkarecompliantwithyoursecuritypoliciesbeforegainingaccess.ZoneIntegrityRelease5issupported.Network Traffic FlowFigure 1‐3illustratesasimpleconfigurationwithasingleEnterasysWirelessControllerandtwoWirelessAPs,eachsupportingawirelessdevice.ARADIUSserveronthenetworkprovidesauthentication,andaDHCPserverisusedbytheWirelessAPstodiscoverthelocationoftheEnterasysWirelessControllerduringtheinitialregistrationprocess.Networkinter‐connectivityisprovidedbytheinfrastructureroutingandswitchingdevices.DRAFT

Enterasys Wireless Convergence Software and Your NetworkUser Guide, V8.01 1-9Figure 1-3 Traffic Flow DiagramEachwirelessdevicesendsIPpacketsinthe802.11standardtotheWirelessAP.TheWirelessAPusesaUDP(UserDatagramProtocol)basedtunnellingprotocol.Intunneledmodeofoperation,itencapsulatesthepacketsandforwardsthemtotheEnterasysWirelessController.TheEnterasysWirelessControllerdecapsulatesthepacketsandroutesthesetodestinationsonthenetwork.Inatypicalconfiguration,accesspointscanbeconfiguredtolocallybridgetraffic(toaconfiguredVLAN)directlyattheirnetworkpointofattachment.TheEnterasysWirelessControllerfunctionslikeastandardL3routerorL2switch.Itisconfiguredtoroutethenetworktrafficassociatedwithwirelessconnectedusers.TheEnterasysWirelessControllercanalsobeconfiguredtosimplyforwardtraffictoadefaultorstaticrouteifdynamicroutingisnotpreferredoravailable.Network SecurityTheEnterasysWirelessConvergenceSoftwaresystemprovidesfeaturesandfunctionalitytocontrolnetworkaccess.Thesearebasedonstandardwirelessnetworksecuritypractices.Currentwirelessnetworksecuritymethodsprovideprotection.Thesemethodsinclude:•SharedKeyauthenticationthatreliesonWiredEquivalentPrivacy(WEP)keys Packet transmissionControl and Routing> HWC authenticates wireless user> HWC forwards IP packet to wired networkTunnelling> AP sends data traffic to HWC through UDP tunnel called WASSP> HWC controls Wireless AP through WASSP tunnel> Using WASSP tunnels, HWC allows wireless clients to roam to Wireless APs on different HWCs802.11 packet transmission802.11 beacon and probe, wireless device associates with a Wireless AP by its SSIDWireless DevicesRouter/SwitchWireless ControllerRADIUS Authentication Server External CP ServerExternal Web Authentication ServerWireless APsDHCP ServerDRAFT

Enterasys Wireless Convergence Software and Your Network1-10 Overview of the Enterasys Wireless Convergence Software Solution•OpenSystemthatreliesonServiceSetIdentifiers(SSIDs)• 802.1xthatiscompliantwithWi‐FiProtectedAccess(WPA)•CaptivePortalbasedonSecureSocketsLayer(SSL)protocolTheEnterasysWirelessConvergenceSoftwaresystemprovidesthecentralizedmechanismbywhichthecorrespondingsecurityparametersareconfiguredforagroupofusers.•WiredEquivalentPrivacy(WEP)isasecurityprotocolforwirelesslocalareanetworksdefinedinthe802.11bstandard•Wi‐FiProtectedAccessversion1(WPA1™)withTemporalKeyIntegrityProtocol(TKIP)•Wi‐FiProtectedAccessversion2(WPA2™)withAdvancedEncryptionStandard(AES)andCounterModewithCipherBlockChainingMessageAuthenticationCode(CCMP)AuthenticationTheEnterasysWirelessControllerreliesonaRADIUSserver,orauthenticationserver,ontheenterprisenetworktoprovidetheauthenticationinformation(whethertheuseristobeallowedordeniedaccesstothenetwork).ARADIUSclientisimplementedtointeractwithinfrastructureRADIUSservers.TheEnterasysWirelessControllerprovidesauthenticationusing:•CaptivePortal—abrowser‐basedmechanismthatforcesuserstoaWebpage•RADIUS(usingIEEE802.1x)The802.1xmechanismisastandardforauthenticationdevelopedwithinthe802.11standard.Thismechanismisimplementedatthewirelessport,blockingalldatatrafficbetweenthewirelessdeviceandthenetworkuntilauthenticationiscomplete.Authenticationby802.1xstandardusesExtensibleAuthenticationProtocol(EAP)forthemessageexchangebetweentheEnterasysWirelessControllerandtheRADIUSserver.When802.1xisusedforauthentication,theEnterasysWirelessControllerprovidesthecapabilitytodynamicallyassignper‐wireless‐deviceWEPkeys(calledpersessionWEPkeysin802.11).InthecaseofWPA,theEnterasysWirelessControllerisnotinvolvedinkeyassignment.Instead,thecontrollerisinvolvedintheinformationexchangebetweenRADIUSserverandtheuser’swirelessdevicetonegotiatetheappropriatesetofkeys.WithWPA2thematerialexchangeproducesaPairwiseMasterKeywhichisusedbytheAPandtheusertoderivetheirtemporalkeys.(Thekeyschangeovertime.)TheEnterasysWirelessConvergenceSoftwaresolutionprovideaRADIUSredundancyfeaturethatenablesyoutodefineafailoverRADIUSserverintheeventthattheactiveRADIUSserverbecomesunresponsive.PrivacyPrivacyisamechanismthatprotectsdataoverwirelessandwirednetworks,usuallybyencryptiontechniques.EnterasysWirelessConvergenceSoftwaresupportstheWiredEquivalentPrivacy(WEP)standardcommontoconventionalaccesspoints.ItalsoprovidesWi‐FiProtectedAccessversion1(WPAv.1)encryption,basedonPairwiseMasterKey(PMK)andTemporalKeyIntegrityProtocol(TKIP).ThemostsecureencryptionmechanismisWPAversion2,usingAdvancedEncryptionStandard(AES).DRAFT

Enterasys Wireless Convergence Software and Your NetworkUser Guide, V8.01 1-11Virtual Network ServicesVirtualNetworkServices(VNS)provideaversatilemethodofmappingwirelessnetworkstothetopologyofanexistingwirednetwork.InreleasespriortoV7.0,aVNSwasacollectionofoperationalentities.StartingwithReleaseV7.0,aVNSbecomesthebindingofreusablecomponents:•WLANServicecomponentsthatdefinetheradioattributes,privacyandauthenticationsettings,andQoSattributesoftheVNS•Policycomponentsthatdefinethetopology(typicallyaVLAN),filterrules,andClassofServiceappliedtothetrafficofastation.Figure 1‐4illustratesthetransitionoftheconceptofaVNStoabindingofreusablecomponents.Figure 1-4 VNS as a Binding of Reusable ComponentsWLANServicecomponentsandPolicycomponentscanbeconfiguredseparatelyandassociatedwithaVNSwhentheVNSiscreatedormodified.Alternatively,theycanbeconfiguredduringtheprocessofcreatingaVNS.Additionally,PoliciescanbecreatedusingtheEnterasysNetSightPolicyManagerorNetSightWirelessManagerandpushedtotheEnterasysWirelessController.PolicyassignmentensuresthatthecorrecttopologyandtrafficbehaviorareappliedtoauserregardlessofWLANserviceusedorVNSassignment.WhenVNScomponentsaresetupontheEnterasysWirelessController,amongotherthings,arangeofIPaddressesissetasidefortheEnterasysWirelessController’sDHCPservertoassigntowirelessdevices.IftheOSPFroutingprotocolisenabled,theEnterasysWirelessControlleradvertisestheroutedtopologiesasreachablesegmentstothewirednetworkinfrastructure.Thecontrollerroutestrafficbetweenthewirelessdevicesandthewirednetwork.DRAFT

Enterasys Wireless Convergence Software and Your Network1-12 Overview of the Enterasys Wireless Convergence Software SolutionTheEnterasysWirelessControlleralsosupportsVLAN‐bridgedassignmentforVNSs.ThisallowsthecontrollertodirectlybridgethesetofwirelessdevicesassociatedwithaWLANservicedirectlytoaspecifiedcoreVLAN.EachEnterasysWirelessControllermodelcansupportaspecifiednumberofactiveVNSs,aslistedbelow:• C5110—Upto128VNSs• C4110—Upto64VNSs•C20—Upto8VNSs•C25—Upto16VNSs• V2110—Upto48VNSsTheWirelessAPradioscanbeassignedtoeachoftheconfiguredWLANservicesand,therefore,VNSsinasystem.EachWirelessAPcanbethesubjectof16serviceassignments—8assignmentsperradio—whichcorrespondstothenumberofSSIDsitcansupport.Oncearadiohasall8slotsassigned,itisnolongereligibleforfurtherassignment.NAC integration with Enterasys Wireless WLANEnterasysWirelessWLANsupportsintegrationwithaNAC(NetworkAdmissionControl)Gateway.TheNACGatewaycanprovideyournetworkwithauthentication,registration,assessment,remediation,andaccesscontrolformobileusers.NACGatewayintegrationwithEnterasysWirelessWLANsupportsSSIDVNSswhenusedinconjunctionwithMAC‐basedexternalcaptiveportalauthentication.Figure 1‐5andTable 1‐1depictthetopologyandworkflowrelationshipbetweenEnterasysWirelessWLANthatisconfiguredforexternalcaptiveportalandaNACGateway.Withthisconfiguration,theNACGatewayactslikeaRADIUSproxyserver.AnalternativeistoconfiguretheNACGatewaytoperformMAC‐basedauthenticationitself,usingitsowndatabaseofMACaddressesandpermissions.Formoreinformation,see“CreatingaNACVNSUsingtheVNSWizard”onpage 7‐19.DRAFT

Enterasys Wireless Convergence Software and Your NetworkUser Guide, V8.01 1-13Figure 1-5 WLAN and NAC Integration with External Captive Portal AuthenticationTable 1-1 WLAN and NAC Integration StepsStep Description1 The client laptop connects to the Wireless AP.The Wireless AP determines that authentication is required, and sends an association request to the Enterasys Wireless Controller.2 The Enterasys Wireless Controller forwards to the NAC Gateway an access-request message for the client laptop, which is identified by its MAC address.The NAC Gateway forwards the access-request to the RADIUS server. The NAC Gateway acts like a RADIUS proxy server.3 The RADIUS server evaluates the access-request and sends an Access-Accept message back to the NAC.The NAC receives the access-accept packet. Using its local database, the NAC determines the correct policy to apply to this client laptop and updates the access-accept packet with the policy assignment. The updated Access-Accept message is forwarded to the Enterasys Wireless Controller and Wireless AP. 4 The Enterasys Wireless Controller and Wireless AP apply policy against the client laptop accordingly. The Enterasys Wireless Controller assigns a set of filters to the client laptop’s session and the Wireless AP allows the client laptop access to the network.5 The client laptop interacts with a DHCP server to obtain an IP address.DRAFT

Enterasys Wireless Convergence Software and Your Network1-14 Overview of the Enterasys Wireless Convergence Software SolutionVNS ComponentsThedistinctconstituenthigh‐levelconfigurableumbrellaelementsofaVNSare:• Topology•Policy•ClassesofService•WLANServiceTopologyTopologiesrepresentthenetworkswithwhichtheEnterasysWirelessControlleranditsAPsinteract.Themainconfigurableattributesofatopologyare:•Name‐astringofalphanumericcharactersdesignatedbytheadministrator.•VLANID‐theVLANidentifierasspecifiedintheIEEE802.1Qdefinition.•VLANtaggingoptions.•PortofpresenceforthetopologyontheEnterasysWirelessController.(ThisattributeisnotrequiredforRoutedandBridgedatAPtopologies.)•Interface.ThisattributeistheIP(L3)addressassignedtotheEnterasysWirelessControlleronthenetworkdescribedbythetopology.(Optional.)•Type.Thisattributedescribeshowtrafficisforwardedonthetopology.Optionsare:– “Physical”‐thetopologyisthenativetopologyofadataplaneanditrepresentstheactualEthernetports– “Management”‐thenativetopologyoftheEnterasysWirelessControllermanagementport–“Routed”‐thecontrolleristheroutinggatewayfortheroutedtopology.–“BridgedatController”‐theusertrafficisbridged(intheL2sense)betweenwirelessclientsandthecorenetworkinfrastructure.6 Eventually the client laptop uses its Web browser to access a Website.• The Enterasys Wireless Controller determines that the target Website is blocked and that the client laptop still requires authentication. • The Enterasys Wireless Controller sends an HTTP redirect to the client laptop’s browser. The redirect sends the browser to the Web server on the NAC Gateway.• The NAC displays an appropriate Web page in the client laptop’s browser. The contents of the page depend on the current policy assignment (enterprise, remediation, assessing, quarantine, or unregistered) for the MAC address.7 When the NAC determines that the client laptop is ready for a different policy assignment, it sends a ‘disconnect message’ (RFC 3576) to the Enterasys Wireless Controller. When the Enterasys Wireless Controller receives the ‘disconnect message’ sent by the NAC, the Enterasys Wireless Controller terminates the session for the client laptop. The Enterasys Wireless Controller forwards the command to terminate the client laptop’s session to the Wireless AP, which disconnects the client laptop.Table 1-1 WLAN and NAC Integration Steps (continued)Step DescriptionDRAFT

Enterasys Wireless Convergence Software and Your NetworkUser Guide, V8.01 1-15–“BridgedatAP”‐theusertrafficisbridgedlocallyattheAPwithoutbeingredirectedtotheEnterasysWirelessController.•ExceptionFilters.SpecifieswhichtraffichasaccesstotheEnterasysWirelessControllerfromthewirelessclientsortheinfrastructurenetwork.• Certificates.•Multicastfilters.Definesthemulticastgroupsthatareallowedonaspecifictopologysegment.PolicyAPolicyisacollectionofattributesandrulesthatdetermineactionstakenusertrafficaccessesthewirednetworkthroughtheWLANservice(associatedtotheWLANServiceʹsSSID).Dependinguponitstype,aVNScanhavebetweenoneandthreeAuthorizationPoliciesassociatedwithit:1. Defaultnon‐authorizedpolicy—Thisisamandatorypolicythatcoversalltrafficfromstationsthathavenotauthenticated.Attheadministratorʹsdiscretionthedefaultnon‐authorizedpolicycanbeappliedtothetrafficofauthenticatedstationsaswell.2. Defaultauthorizedpolicy—Thisisamandatorypolicythatappliestothetrafficofauthenticatedstationsforwhichnootherpolicywasexplicitlyspecified.Itcanbethesameasthedefaultnon‐authorizedpolicy.3. ThirdpartyAPpolicy—ThispolicyappliestothelistofMACaddressescorrespondingtothewiredinterfacesofthirdpartyAPsspecificallydefinedbytheadministratortobeprovidingtheRFaccessasanAPWLANService.ThispolicyisonlyrelevantwhenappliedtothirdpartyAPWLANServices.Classes of ServiceIngeneral,ClassofService(CoS)referstoasetofattributesthatdefinetheimportanceofaframewhileitisforwardedthroughthenetworkrelativetootherpackets,andtothemaximumthroughputpertimeunitthatastationorportassignedtoaspecificpolicyispermitted.TheCoSdefinesactionstobetakenwhenratelimitsareexceeded.AllincomingpacketsmayfollowthesestepstodetermineaCoS:• Classification‐identifiesthefirstmatchingrulethatdefinesaCoS.•Marking‐modifiestheL2802.1pand/orL3ToSbasedonCoSdefinition.• Ratelimiting(drop)isset.ThesystemlimitforthenumberofCoSprofilesonacontrollerisidenticaltothenumberofpolicies.Forexample,themaximumnumberofCoSprofilesonaC5110is512.WLAN ServicesAWLANServicerepresentsalltheRF,authenticationandQoSattributesofawirelessaccessserviceofferedbytheEnterasysWirelessControlleranditsAPs.AWLANServicecanbeoneofthefollowingtypes:• Standard—Aconventionalservice.OnlyAPsrunningEnterasysWirelesssoftwarecanbepartofthisWLANService.ThistypeofservicecanbeusedasaBridgedatController,BridgedatAP,orRoutedTopology.Thistypeofserviceprovidesaccessformobilestations.PoliciescanbeassociatedwiththistypeofWLANservicetocreateaVNS.•ThirdPartyAP—AWirelessServiceofferedbythirdpartyAPs.Thistypeofserviceprovidesaccessformobilestations.PoliciescanbeassignedtothistypeofWLANservicetocreateaVNS.DRAFT

Enterasys Wireless Convergence Software and Your Network1-16 Overview of the Enterasys Wireless Convergence Software Solution• DynamicMeshandWDS(StaticMesh)—ThisistoconfigureagroupofAPsorganizedintoahierarchyforpurposesofprovidingaWirelessDistributionService.Thistypeofserviceisinessenceawirelesstrunkingserviceratherthanaservicethatprovidesaccessforstations.Assuch,thisservicecannothavepoliciesattachedtoit.•Remote—Aservicethatresidesontheedge(foreign)EnterasysWirelessController.PairingaremoteservicewitharemoteableserviceonthedesignatedhomeEnterasysWirelessControllerallowsyoutoprovisioncentralizedWLANServicesinthemobilitydomain.Thisisknownascentralizedmobility.AsofReleaseV7.0,thecomponentsofaWLANServicemaptothecorrespondingcomponentsofaVNSinpreviousreleases.TheexceptionisthatWLANServicesarenotclassifiedasSSID‐basedorAAA‐based,aswasthecaseinpreviousreleases.Instead,theadministratormakesanexplicitchoiceofthetypeofauthenticationtouseontheWLANService.Ifhischoiceofauthenticationoptionconflictswithanyofhisotherauthenticationorprivacychoices,theWLANServicecannotbeenabled.RoutingRoutingcanbeusedontheEnterasysWirelessControllertosupporttheVNSdefinitions.ThroughtheuserinterfaceyoucanconfigureroutingontheEnterasysWirelessControllertouseoneofthefollowingroutingtechniques:•Staticroutes—UsestaticroutestosetthedefaultrouteofaEnterasysWirelessControllersothatlegitimatewirelessdevicetrafficcanbeforwardedtothedefaultgateway.•OpenShortestPathFirst(OSPF,version2)(RFC2328)—UseOSPFtoallowtheEnterasysWirelessControllertoparticipateindynamicrouteselection.OSPFisaprotocoldesignedformediumandlargeIPnetworkswiththeabilitytosegmentroutesintodifferentareasbyroutinginformationsummarizationandpropagation.StaticRoutedefinitionandOSPFdynamiclearningcanbecombined,andtheprecedenceofastaticroutedefinitionoverdynamicrulescanbeconfiguredbyselectingorclearingtheOverridedynamicroutesoptioncheckbox.•Next‐hoprouting—Usenext‐hoproutingtospecifyauniquegatewaytowhichtrafficonaVNSisforwarded.Defininganext‐hopforaVNSforcesallthetrafficintheVNStobeforwardedtotheindicatednetworkdevice,bypassinganyroutingdefinitionsofthecontrollerʹsroutetable.Mobility and RoamingIntypicalsimpleconfigurations,APsaresetupasbridgesthatbridgewirelesstraffictothelocalsubnet.Inbridgingconfigurations,theuserobtainsanIPaddressfromthesamesubnetastheAP,assumingnoVLANtrunkingfunctionality.IftheuserroamsbetweenAPsonthesamesubnet,itisabletokeepusingthesameIPaddress.However,iftheuserroamstoanotherAPoutsideofthatsubnet,itsIPaddressisnolongervalid.TheuserʹsclientdevicemustrecognizethattheIPaddressithasisnolongervalidandre‐negotiateanewoneonthenewsubnet.Thismechanismdoesnotmandateanyactionontheuser.Therecoveryprocedureisentirelyclientdevicedependent.Someclientsautomaticallyattempttoobtainanewaddressonroam(whichaffectsroaminglatency),whileotherswillholdontotheirIPaddress.ThislossofIPaddresscontinuityseriouslyaffectstheclientʹsexperienceinthenetwork,becauseinsomecasesitcantakeminutesforanewaddresstobenegotiated.TheEnterasysWirelessConvergenceSoftwaresolutioncentralizestheuserʹsnetworkpointofpresence,thereforeabstractinganddecouplingtheuserʹsIPaddressassignmentfromthatoftheAPslocationsubnet.ThatmeansthattheuserisabletoroamacrossanyAPwithoutlosingitsownIPaddress,regardlessofthesubnetonwhichtheservingAPsaredeployed.DRAFT

Enterasys Wireless Controller Product FamilyUser Guide, V8.01 1-17Inaddition,aEnterasysWirelessControllercanlearnaboutotherEnterasysWirelessControllersonthenetworkandthenexchangeclientsessioninformation.ThisenablesawirelessdeviceusertoroamseamlesslybetweendifferentWirelessAPsondifferentEnterasysWirelessControllers.Network AvailabilityTheEnterasysWirelessConvergenceSoftwaresolutionprovidesavailabilityagainstWirelessAPoutages,EnterasysWirelessControlleroutages,andevennetworkoutages.TheEnterasysWirelessControllerinaVLANbridgedtopologycanpotentiallyallowtheusertoretaintheIPaddressinafailoverscenario,iftheVNS/VLANiscommontobothcontrollers.Forexample,availabilityisprovidedbydefiningapairedcontrollerconfigurationbywhicheachpeercanactasthebackupcontrollerfortheotherʹsAPs.APsinonecontrollerareallowedtofailoverandregisterwiththealternatecontroller.IfanEnterasysWirelessControllerfails,allofitsassociatedWirelessAPscanautomaticallyswitchovertoanotherEnterasysWirelessControllerthathasbeendefinedasthesecondaryorbackupEnterasysWirelessController.IftheAPreboots,theoriginalEnterasysWirelessControllerisrestored.TheoriginalEnterasysWirelessControllerisrestoredifitisactive.However,activeAPswillcontinuetobeconnectedtothefailovercontrolleruntiltheadministratorreleasesthembacktotheoriginalhomecontroller.Quality of Service (QoS)EnterasysWirelessConvergenceSoftwaresolutionprovidesadvancedQualityofService(QoS)managementtoprovidebetternetworktrafficflow.Suchtechniquesinclude:•WMM(Wi‐FiMultimedia)—WMMisenabledperWLANservice.TheEnterasysWirelessControllerprovidescentralizedmanagementoftheAPfeatures.FordeviceswithWMMenabled,thestandardprovidesmultimediaenhancementsforaudio,video,andvoiceapplications.WMMshortensthetimebetweentransmittingpacketsforhigherprioritytraffic.WMMispartofthe802.11estandardforQoS.InthecontextoftheEnterasysWirelessSolution,theToS/DSCPfieldisusedforclassificationandproperclassofservicemapping,outputqueueselection,andprioritytagging.•IPToS(TypeofService)orDSCP(DiffservCodepoint)—TheToS/DSCPfieldintheIPheaderofaframeindicatesthepriorityandclassofserviceforeachframe.TheIPTOSand/orDSCPismaintainedandtransportedwithinCTP(CAPWAPTunnelingProtocol)bycopyingtheuserIPQoSinformationtotheCTPheader—thisisreferredtoasAdaptiveQoS.•RateControl—RateControlforusertrafficcanalsobeconsideredasanaspectofQoS.AspartofPolicydefinition,theusercanspecify(default)policythatincludesIngressandEgressratecontrol.IngressratecontrolappliestotrafficgeneratedbywirelessclientsandEgressratecontrolappliestotraffictargetingspecificwirelessclients.Thebit‐ratescanbeconfiguredaspartofgloballyavailableprofileswhichcanbeusedbyanyparticularconfiguration.Aglobaldefaultisalsodefined.QualityofService(QoS)managementisalsoprovidedby:• AssigninghighprioritytoaWLANservice•AdaptiveQoS(automaticandalltimefeature)• SupportforlegacydevicesthatuseSpectraLinkVoiceProtocol(SVP)forprioritizingvoicetraffic(configurable)Enterasys Wireless Controller Product FamilyTheEnterasysWirelessControllerisavailableinthefollowingproductfamilies:DRAFT

Enterasys Wireless Controller Product Family1-18 Overview of the Enterasys Wireless Convergence Software SolutionTable 1-2 Enterasys Wireless Controller Product FamiliesEnterasys Wireless Controller Model Number SpecificationsC5110 • Three data ports supporting up to 525 Wireless APs– 2 fiber optic SR (10Gbps)– 1 Ethernet port GigE• One management port (Ethernet) GigE• One console port (DB9 serial)• Four USB ports — two on each front and back panel (only one port active at a time)• Redundant dual power supply unitC4110 • Four GigE ports supporting up to 250 Wireless APs• One management port (Ethernet) GigE• One console port (DB9 serial)• Four USB ports (only one active at a time)• Redundant dual power supply unitC20 • Two GigE ports supporting up to 32 Wireless APs• One management port GigE• One console port (USB control)• One USB port • Power supply standard (R)C25 • Two GigE ports supporting up to 48 Wireless APs• One management port GigE• One console port (DB9 serial)• One USB port V2110 • Two GigE ports supporting up to 120 Wireless APs• One management port GigE• One console port (DB9 serial)• Four USB ports (only one active at a time)DRAFT

User Guide, V8.01 2-12Configuring the Enterasys Wireless ControllerThischapterdescribesthestepsinvolvedintheinitialconfigurationandsetup,oftheEnterasysWirelessController,including:System Configuration OverviewThefollowingsectionprovidesahigh‐leveloverviewofthestepsinvolvedintheinitialconfigurationofyoursystem:1. Beforeyoubegintheconfigurationprocess,researchthetypeofWLANdeploymentthatisrequired.Forexample,topologyandVLANIDs,SSIDs,securityrequirements,andfilterpolicies.2. Preparethenetworkservers.Ensurethattheexternalservers,suchasDHCPandRADIUSservers(ifapplicable)areavailableandappropriatelyconfigured.3. InstalltheEnterasysWirelessController.Formoreinformation,seethedocumentationforyourEnterasysWirelessController.4. PerformthefirsttimesetupoftheEnterasysWirelessControlleronthephysicalnetwork,whichincludesconfiguringtheIPaddressesoftheinterfacesontheEnterasysWirelessController.– CreateanewphysicaltopologyandprovidetheIPaddresstobetherelevantsubnetpointofattachmenttotheexistingnetwork.–TomanagetheEnterasysWirelessControllerthroughtheinterfaceconfiguredabove,selecttheMgmtcheckboxontheInterfacestab.– ConfigurethedataportinterfacestobeonseparateVLANs,matchingtheVLANsconfiguredinStep3above.Ensurealsothatthetaggedvs.untaggedstateisconsistentwiththeswitchportconfiguration.For information about... Refer to page...System Configuration Overview 2-1Logging on to the Enterasys Wireless Controller 2-4Wireless Assistant Home Screen 2-4Working with the Basic Installation Wizard 2-7Configuring the Enterasys Wireless Controller for the First Time 2-12Using an AeroScout/Ekahau Location-Based Solution 2-53Additional Ongoing Operations of the System 2-56DRAFT

$2-2 Configuring the Enterasys Wireless Controller– Configurethetimezone.BecausechangingthetimezonerequiresrestartingtheEnterasysWirelessController,EnterasysrecommendsthatyouconfigurethetimezoneduringtheinitialinstallationandconfigurationoftheEnterasysWirelessControllertoavoidnetworkinterruptions.Formoreinformation,see“ConfiguringNetworkTime”onpage 2‐48.–Applyanactivationkeyfile.Ifanactivationkeyisnotapplied,theEnterasysWirelessControllerfunctionswithsomefeaturesenabledindemonstrationmode.Notallfeaturesareenabledindemonstrationmode.Forexample,mobilityisnotenabledandcannotbeused.5. ConfiguretheEnterasysWirelessControllerforremoteaccess:–Setupanadministrationstation(laptop)onsubnet192.168.10.0/24.Bydefault,theEnterasysWirelessControllerʹsManagementinterfaceisconfiguredwiththestaticIPaddress192.168.10.1.– ConfiguretheEnterasysWirelessController’smanagementinterface.– Configurethedatainterfaces.–SetuptheEnterasysWirelessControlleronthenetworkbyconfiguringthephysicaldataports.– Configuretheroutingtable.– ConfigurestaticroutesorOSPFparameters,ifappropriatetothenetwork.Formoreinformation,see“ConfiguringtheEnterasysWirelessControllerfortheFirstTime”onpage 2‐12.6. Configurethetraffictopologiesyournetworkmustsupport.TopologiesrepresenttheController’spointsofnetworkattachment,andthereforeVLANsandportassignmentsneedtobecoordinatedwiththecorrespondingnetworkswitchports.Formoreinformation,see“ConfiguringaBasicTopology”onpage 4‐2.7. Configurepolicies.Policiesaretypicallyboundtotopologies.Policyapplicationassignsusertraffictothecorrespondingnetworkpoint.– Policiesdefineuseraccessrights(filteringorACL)–Policesreferenceuserʹsratecontrolprofile.Formoreinformation,see“ConfiguringPolicies”onpage 5‐1.8. ConfigureWLANservices.–DefineSSIDandprivacysettingsforthewirelesslink.–SelectthesetofAPs/Radiosonwhichtheserviceispresent.– Configurethemethodofcredentialauthenticationforwirelessusers(None,InternalCP,ExternalCP,GuestPortal,802.1x[EAP])Formoreinformation,see“ConfiguringWLANServices”onpage 6‐1.9. CreatetheVNSs.Caution: Whenever the licensed region changes on the Enterasys Wireless Controller, all Wireless APs are changed to Auto Channel Select to prevent possible infractions to local RF regulatory requirements. If this occurs, all manually configured radio channel settings will be lost.Installing the new license key before upgrading will prevent the Enterasys Wireless Controller from changing the licensed region, and in addition, manually configured channel settings will be maintained. For more information, see the Enterasys Wireless Convergence Software Maintenance Guide.DRAFT$

Chantry Networks APXXX1 HiPATH WIRELESS ACCESS POINT (AP) User Manual

Chantry Networks Inc. (a Siemens Company) HiPATH WIRELESS ACCESS POINT (AP)

Contents

User Manual

Navigation menu

Namespaces

Views

Navigation