Riverbed Technology XR620 802.11ac 2x2 AP User Manual Xirrus AOS Xirrus

Xirrus, Inc. 802.11ac 2x2 AP Xirrus AOS Xirrus

User Manual

January 11, 2016
Release 7.6
Wireless Access Point
User’s Guide
All rights reserved. This document may not be reproduced or
disclosed in whole or in part by any means without the written
consent of Xirrus, Inc.
Part Number: 800-0022-001
(Revision T)
Wireless Access Points
XR and XD Series
Trademarks
is a registered trademark of Xirrus, Inc. All other trademarks and
brand names are marks of their respective holders.
Please see Legal Notices, Warnings, Compliance Statements, and Warranty and
License Agreements in “Notices (XR-1000 to XR-6000 Indoor Models)” on
page 561.
Xirrus, Inc.
2101 Corporate Center Drive
Thousand Oaks, CA 91320
USA
Tel: 1.805.262.1600
1.800.947.7871 Toll Free in the US
Fax: 1.866.462.3980
www.xirrus.com
Wireless Access Point
i
Table of Contents
List of Figures..................................................................................... xv
Introduction......................................................................................... 1
The Xirrus Family of Products ............................................................................... 1
Nomenclature .................................................................................................... 2
Why Choose the Xirrus Access Point? .................................................................. 3
Wireless Access Point Product Overview ............................................................ 4
XR Wireless AP Product Family ..................................................................... 5
XR-320 Wall Mounted 2-Radio Access Points ....................................... 5
XR-500 Series 2-Radio Access Points ...................................................... 6
XR-600 Series 2-Radio Access Points ...................................................... 7
XR-1000 Series 2-Radio Access Points .................................................... 8
XD4-130 4-Radio High Density Access Points ...................................... 9
XR-2006 Series 2- and 4-Radio High Density Access Points ............. 10
XR-2005 Series 2- and 4-Radio Access Points ...................................... 11
XR-4006 Series 4- to 8-Radio High Density Access Points ................. 12
XR-4000 Series 4- to 8-Radio High Density Access Points (not ending
in “6”) ................................................................................................. 13
XR-6000 Series 8- to 16-Radio High Density Access Points ............... 14
Enterprise Class Security ............................................................................... 14
Deployment Flexibility .................................................................................. 15
Power over Ethernet (POE) .................................................................... 16
Enterprise Class Management ...................................................................... 16
Key Features and Benefits ..................................................................................... 18
High Capacity and High Performance ........................................................ 18
Extended Coverage ......................................................................................... 18
Flexible Coverage Schemes .................................................................... 19
Non-Overlapping Channels .......................................................................... 20
SDMA Optimization ...................................................................................... 20
Fast Roaming ................................................................................................... 20
Ease of Deployment ........................................................................................ 20
Powerful Management ................................................................................... 20
Secure Wireless Access .................................................................................. 20
Wireless Access Point
ii
Applications Enablement .............................................................................. 21
Advanced Feature Sets .......................................................................................... 21
Xirrus Advanced RF Performance Manager (RPM) .................................. 21
Xirrus Advanced RF Security Manager (RSM) .......................................... 22
Xirrus Advanced RF Analysis Manager (RAM) ......................................... 23
Xirrus Application Control ............................................................................ 24
About this User’s Guide ........................................................................................ 25
Organization .................................................................................................... 25
Notes and Cautions ........................................................................................ 27
Screen Images .................................................................................................. 27
Product Specifications ........................................................................................... 27
Installing the Wireless AP............................................................... 29
Installation Prerequisites ...................................................................................... 29
Optional Network Components ................................................................... 31
Client Requirements ....................................................................................... 31
Planning Your Installation .................................................................................... 32
General Deployment Considerations .......................................................... 32
Coverage and Capacity Planning ................................................................. 34
Placement .................................................................................................. 34
RF Patterns ................................................................................................ 35
Capacity and Cell Sizes ........................................................................... 36
Fine Tuning Cell Sizes ............................................................................. 37
Roaming Considerations ........................................................................ 39
Allocating Channels ................................................................................ 39
Other Factors Affecting Throughput .................................................... 41
About IEEE 802.11ac ....................................................................................... 42
Up to Eight Simultaneous Data Streams Spatial Multiplexing ..... 44
MIMO (Multiple-In Multiple-Out) ........................................................ 44
MU-MIMO (Multi-User Multiple-In Multiple-Out) ........................... 45
Higher Precision in the Physical Layer ................................................ 47
80 MHz and 160 MHz Channel Widths (Bonding) ............................ 48
802.11ac Data Rates ................................................................................. 49
ACExpress™ ............................................................................................ 50
802.11ac Deployment Considerations .......................................................... 50
Failover Planning ............................................................................................ 52
Switch Failover Protection ..................................................................... 54
Wireless Access Point
iii
Power Planning ............................................................................................... 55
Power over Ethernet ................................................................................ 55
Security Planning ........................................................................................... 56
Wireless Encryption ................................................................................ 56
Authentication ......................................................................................... 56
Meeting PCI DSS Standards ................................................................... 57
Meeting FIPS Standards ......................................................................... 57
Port Requirements .......................................................................................... 58
Network Management Planning .................................................................. 62
WDS Planning ................................................................................................. 63
Common Deployment Options .................................................................... 66
Installation Workflow ........................................................................................... 67
Installing Your Wireless AP ................................................................................. 69
Choosing a Location ....................................................................................... 69
Wiring Considerations ............................................................................ 69
Mounting and Connecting the AP .............................................................. 72
Dismounting the AP ....................................................................................... 72
Powering Up the Wireless AP .............................................................................. 72
AP LED Operating Sequences ...................................................................... 73
LED Boot Sequence ................................................................................. 73
LED Operation when AP is Running ................................................... 74
Zero-Touch Provisioning and Ongoing Management .................................... 75
XMS-Cloud Next Generation (XMS-9500-CL-x) ................................. 75
XMS-Enterprise ........................................................................................ 75
If you are not using XMS ........................................................................ 76
AP Management Interfaces .................................................................................. 76
User Interfaces ................................................................................................. 76
Using the Serial Port ....................................................................................... 78
Using the Ethernet Ports to Access the AP ................................................. 78
Starting the WMI ............................................................................................. 79
Logging In ........................................................................................................ 79
Licensing ................................................................................................................. 80
Performing the Express Setup Procedure ........................................................... 80
Securing Low Level Access to the AP .......................................................... 81
The Web Management Interface................................................... 85
Managing APs Locally or Using XMS ................................................................ 85
Wireless Access Point
iv
An Overview .......................................................................................................... 86
Structure of the WMI ............................................................................................. 87
User Interface ......................................................................................................... 89
Logging In ............................................................................................................... 92
Applying Configuration Changes ....................................................................... 93
Character Restrictions .................................................................................... 93
Viewing Status on the Wireless AP................................................ 95
Access Point Status Windows .............................................................................. 96
Access Point Summary ................................................................................... 96
Content of the Access Point Summary Window ................................. 97
Access Point Information ............................................................................. 102
Access Point Configuration ......................................................................... 103
Admin History .............................................................................................. 104
Network Status Windows ................................................................................... 104
Network ......................................................................................................... 105
Network Map ................................................................................................ 106
Content of the Network Map Window .............................................. 106
Spanning Tree Status .................................................................................... 109
Routing Table ................................................................................................ 110
ARP Table ...................................................................................................... 110
DHCP Leases ................................................................................................. 111
Connection Tracking/NAT ......................................................................... 111
CDP List ......................................................................................................... 112
LLDP List ....................................................................................................... 113
Network Assurance ...................................................................................... 113
Undefined VLANs ........................................................................................ 114
RF Monitor Windows .......................................................................................... 115
IAP Monitoring ............................................................................................. 116
Spectrum Analyzer .................................................................................... 117
Rogues ........................................................................................................... 120
Channel History ............................................................................................ 122
Radio Assurance ........................................................................................... 124
Station Status Windows ...................................................................................... 126
Stations ........................................................................................................... 127
Location Map ................................................................................................. 129
RSSI ................................................................................................................. 132
Wireless Access Point
v
Signal-to-Noise Ratio (SNR) ........................................................................ 134
Noise Floor ..................................................................................................... 135
Max by IAP .................................................................................................... 137
Station Assurance ......................................................................................... 138
Statistics Windows ............................................................................................... 139
IAP Statistics Summary ................................................................................ 139
Per-IAP Statistics ........................................................................................... 140
Network Statistics ......................................................................................... 142
VLAN Statistics ............................................................................................. 143
WDS Statistics ................................................................................................ 144
IDS Statistics .................................................................................................. 145
Filter Statistics ............................................................................................... 147
Station Statistics ............................................................................................ 147
Per-Station Statistics ..................................................................................... 149
Application Control Windows ........................................................................... 150
About Application Control ......................................................................... 150
Application Control ...................................................................................... 152
Stations (Application Control) .................................................................... 156
System Log Window ........................................................................................... 157
IDS Event Log Window ...................................................................................... 158
Configuring the Wireless AP........................................................ 161
Express Setup ........................................................................................................ 163
Network ................................................................................................................. 169
Interfaces ....................................................................................................... 170
Network Interface Ports ........................................................................ 171
Bonds and Bridging ...................................................................................... 173
DNS Settings .................................................................................................. 180
Cisco Discovery Protocol (CDP) Settings .................................................. 181
LLDP Settings ................................................................................................ 182
Services .................................................................................................................. 185
Time Settings (NTP) ..................................................................................... 186
NetFlow .......................................................................................................... 189
Wi-Fi Tag ....................................................................................................... 190
Location .......................................................................................................... 191
System Log ..................................................................................................... 193
About Using Splunk for Xirrus APs ................................................... 196
Wireless Access Point
vi
SNMP .............................................................................................................. 197
DHCP Server ................................................................................................. 200
Proxy Services ............................................................................................... 202
About Proxy Forwarding ..................................................................... 203
Proxy Forwarding for HTTPS .............................................................. 204
Summary of Proxy Forwarding Behavior on the AP ....................... 205
About Using a Proxy Client for Management Traffic ...................... 210
VLANs ................................................................................................................... 213
Understanding Virtual Tunnels .......................................................... 214
VLAN Pools ............................................................................................ 215
VLAN Management ..................................................................................... 216
Tunnels .................................................................................................................. 220
About Xirrus Tunnels ........................................................................... 220
Tunnel Management .................................................................................... 221
SSID Assignments ......................................................................................... 223
VLAN Assignments ...................................................................................... 224
Security .................................................................................................................. 225
Understanding Security ........................................................................ 226
Certificates and Connecting Securely to the WMI ............................ 229
Using the AP’s Default Certificate ...................................................... 230
Using an External Certificate Authority ............................................. 231
Admin Management .................................................................................... 231
Admin Privileges .......................................................................................... 233
Admin RADIUS ............................................................................................ 235
About Creating Admin Accounts on the RADIUS Server ............. 235
Management Control ................................................................................... 238
Access Control List ....................................................................................... 248
Global Settings .............................................................................................. 250
External Radius ............................................................................................. 254
About Creating User Accounts on the RADIUS Server .................. 255
Internal Radius .............................................................................................. 258
Active Directory ............................................................................................ 260
Rogue Control List ........................................................................................ 264
OAuth 2.0 Management ............................................................................... 265
SSIDs ...................................................................................................................... 268
Understanding SSIDs ............................................................................ 269
Understanding QoS Priority on the Wireless AP ............................. 271
Wireless Access Point
vii
High Density 2.4G Enhancement—Honeypot SSID ......................... 275
SSID Management ........................................................................................ 277
SSID List (top of page) .......................................................................... 278
SSID Limits and Scheduling ................................................................ 284
Web Page Redirect (Captive Portal) Configuration ........................ 287
Whitelist Configuration for Web Page Redirect .............................. 293
Web Page Redirect for Purple WiFi Venues ..................................... 294
WPA Configuration .............................................................................. 297
Authentication Service Configuration ............................................... 297
Active IAPs .................................................................................................... 298
Per-SSID Access Control List ...................................................................... 299
Honeypots ...................................................................................................... 300
Personal Wi-Fi ............................................................................................... 302
Groups ................................................................................................................... 304
Understanding Groups ......................................................................... 304
Using Groups ......................................................................................... 305
Group Management ..................................................................................... 306
Group Limits .......................................................................................... 309
IAPs ........................................................................................................................ 311
Understanding Fast Roaming .............................................................. 312
IAP Settings ................................................................................................... 313
Global Settings ............................................................................................. 319
Beacon Configuration ........................................................................... 321
Station Management ............................................................................. 322
Advanced Traffic Optimization .......................................................... 324
Global Settings .11an .................................................................................... 335
Global Settings .11bgn .................................................................................. 341
Global Settings .11n ...................................................................................... 347
Global Settings .11ac ..................................................................................... 350
Global Settings .11u ...................................................................................... 352
Understanding 802.11u ......................................................................... 352
Advanced RF Settings .................................................................................. 358
About Standby Mode ............................................................................ 358
RF Monitor .............................................................................................. 359
RF Resilience .......................................................................................... 360
RF Power and Sensitivity ..................................................................... 361
RF Spectrum Management ................................................................... 362
Wireless Access Point
viii
Station Assurance .................................................................................. 365
Hotspot 2.0 ..................................................................................................... 367
Understanding Hotspot 2.0 .................................................................. 367
NAI Realms .................................................................................................... 370
Understanding NAI Realm Authentication ....................................... 370
NAI EAP ......................................................................................................... 371
Intrusion Detection ....................................................................................... 373
DoS Attacks ............................................................................................ 374
Impersonation Attacks .......................................................................... 375
About Blocking Rogue APs .................................................................. 376
RF Intrusion Detection and Auto Block Mode .................................. 377
DoS Attack Detection Settings ............................................................. 379
Impersonation Detection Settings ....................................................... 379
LED Settings .................................................................................................. 380
DSCP Mappings ............................................................................................ 381
Roaming Assist .............................................................................................. 382
WDS ....................................................................................................................... 385
About Configuring WDS Links .................................................................. 385
Long Distance Links ..................................................................................... 387
WDS Client Links ......................................................................................... 387
Filters ..................................................................................................................... 391
Filter Lists ...................................................................................................... 392
Filter Management ....................................................................................... 395
Clusters .................................................................................................................. 401
Cluster Management ................................................................................... 401
Mobile .................................................................................................................... 406
AirWatch ........................................................................................................ 406
User Procedure for Wireless Access ................................................... 408
Using Tools on the Wireless AP................................................... 411
System Tools ......................................................................................................... 412
About Licensing and Upgrades ........................................................... 412
System ..................................................................................................... 414
Remote Boot Services ............................................................................ 416
Configuration Management ................................................................. 417
Diagnostics ............................................................................................. 421
Application Control Signature File Management ............................. 422
Wireless Access Point
ix
Web Page Redirect (Captive Portal) ................................................... 423
Network Tools ........................................................................................ 424
Progress Bar and Status Frame ............................................................ 426
CLI ......................................................................................................................... 426
API Documentation ............................................................................................. 428
Status/Settings ....................................................................................... 429
GET Requests ......................................................................................... 429
Trying a GET Request ........................................................................... 430
API Documentation Toolbar ................................................................ 432
Options .................................................................................................................. 433
Logout .................................................................................................................... 434
The Command Line Interface...................................................... 435
Establishing a Secure Shell (SSH) Connection ................................................. 435
Getting Started with the CLI .............................................................................. 437
Entering Commands .................................................................................... 437
Getting Help .................................................................................................. 437
Top Level Commands ......................................................................................... 440
Root Command Prompt ............................................................................... 440
configure Commands ................................................................................... 441
show Commands .......................................................................................... 445
statistics Commands ..................................................................................... 450
Configuration Commands .................................................................................. 452
acl .................................................................................................................... 452
admin .............................................................................................................. 453
auth ................................................................................................................. 454
cdp ................................................................................................................... 454
clear ................................................................................................................. 456
cluster ............................................................................................................. 458
contact-info .................................................................................................... 459
date-time ........................................................................................................ 460
dhcp-server .................................................................................................... 461
dns ................................................................................................................... 462
file .................................................................................................................... 463
filter ................................................................................................................. 467
Air Cleaner ............................................................................................. 468
group .............................................................................................................. 471
Wireless Access Point
x
hostname ........................................................................................................ 471
interface .......................................................................................................... 472
load ................................................................................................................. 473
location ........................................................................................................... 473
location-reporting ......................................................................................... 474
management .................................................................................................. 475
mdm ................................................................................................................ 477
more ................................................................................................................ 478
netflow ............................................................................................................ 479
no ..................................................................................................................... 480
quick-config ................................................................................................... 481
quit .................................................................................................................. 482
authentication-server ................................................................................... 482
reboot .............................................................................................................. 484
reset ................................................................................................................. 484
restore ............................................................................................................. 485
roaming-assist ............................................................................................... 486
run-tests .......................................................................................................... 487
security ........................................................................................................... 489
snmp ............................................................................................................... 490
ssid .................................................................................................................. 491
syslog .............................................................................................................. 492
tunnel .............................................................................................................. 493
uptime ............................................................................................................. 494
vlan .................................................................................................................. 494
wifi-tag ........................................................................................................... 495
Sample Configuration Tasks .............................................................................. 497
Configuring a Simple Open Global SSID .................................................. 498
Configuring a Global SSID using WPA-PEAP ......................................... 499
Configuring an SSID-Specific SSID using WPA-PEAP ........................... 500
Enabling Global IAPs ................................................................................... 501
Disabling Global IAPs .................................................................................. 502
Enabling a Specific IAP ................................................................................ 503
Disabling a Specific IAP ............................................................................... 504
Setting Cell Size Auto-Configuration for All IAPs .................................. 505
Setting the Cell Size for All IAPs ................................................................ 506
Setting the Cell Size for a Specific IAP ....................................................... 507
Wireless Access Point
xi
Configuring VLANs on an Open SSID ...................................................... 508
Configuring Radio Assurance Mode (Loopback Tests) .......................... 509
Appendices..................................................................................... 511
Appendix A: Quick Reference Guide ...........................................513
Factory Default Settings ...................................................................................... 513
Host Name ..................................................................................................... 513
Network Interfaces ....................................................................................... 513
Serial ........................................................................................................ 513
Gigabit 1 and Gigabit 2 ......................................................................... 514
Server Settings ............................................................................................... 514
NTP .......................................................................................................... 514
Syslog ...................................................................................................... 514
SNMP ...................................................................................................... 515
DHCP .............................................................................................................. 515
Default SSID .................................................................................................. 516
Security .......................................................................................................... 516
Global Settings - Encryption ............................................................... 516
External RADIUS (Global) .................................................................. 517
Internal RADIUS .................................................................................... 518
Administrator Account and Password ...................................................... 518
Management .................................................................................................. 518
Keyboard Shortcuts ............................................................................................. 519
Appendix B: FAQ and Special Topics ..........................................521
General Hints and Tips ....................................................................................... 521
Frequently Asked Questions .............................................................................. 522
Multiple SSIDs ............................................................................................... 522
Security ........................................................................................................... 524
VLAN Support .............................................................................................. 527
AP Monitor and Radio Assurance Capabilities ............................................... 529
Enabling Monitoring on the AP .......................................................... 529
How Monitoring Works ............................................................................... 529
Radio Assurance ........................................................................................... 530
Radio Assurance Options ..................................................................... 531
RADIUS Vendor Specific Attribute (VSA) for Xirrus ..................................... 532
Location Service Data Formats .......................................................................... 533
Wireless Access Point
xii
Euclid Location Server ................................................................................. 533
Non-Euclid Location Server ........................................................................ 533
Upgrading the AP Using the Boot Loader ....................................................... 537
Sample Output for the Upgrade Procedure: ............................................. 539
Appendix C: Notices (XD and XR500/600 Series Only) ..........543
Notices ................................................................................................................... 543
EU Directive 1999/5/EC Compliance Information ........................................ 549
Compliance Information (Non-EU) ................................................................... 556
Safety Warnings ................................................................................................... 557
Translated Safety Warnings ............................................................................... 558
Software License and Product Warranty Agreement ..................................... 559
Hardware Warranty Agreement ....................................................................... 559
Appendix D: Notices (XR-1000 to XR-6000 Indoor Models) ...561
Notices ................................................................................................................... 561
EU Directive 1999/5/EC Compliance Information ........................................ 566
Compliance Information (Non-EU) ................................................................... 573
Safety Warnings ................................................................................................... 575
Translated Safety Warnings ............................................................................... 576
Software License and Product Warranty Agreement ..................................... 578
Hardware Warranty Agreement ....................................................................... 578
Appendix E: Medical Usage Notices ...........................................579
Appendix F: Auditing PCI DSS ....................................................585
Payment Card Industry Data Security Standard Overview .......................... 585
PCI DSS and Wireless .......................................................................................... 586
The Xirrus AP PCI Compliance Configuration ............................................... 587
The pci-audit Command ..................................................................................... 588
Additional Resources .......................................................................................... 589
Appendix G: Implementing FIPS Security ..................................591
Securing the AP Physically ................................................................................. 591
Operator Required Actions .................................................................. 591
Applying Tamper Evident Seals ......................................................... 592
To implement FIPS 140-2, Level 2 using WMI ................................................. 593
To implement FIPS 140-2, Level 2 using CLI: .................................................. 596
To check if AP is in FIPS mode: ......................................................................... 596
Wireless Access Point
xiii
About FIPS Configuration .................................................................................. 597
Glossary of Terms.......................................................................... 599
Index................................................................................................ 611
Wireless Access Point
xiv
Wireless Access Point
List of Figures xv
List of Figures
Figure 1. Xirrus AP ..................................................................................................... 1
Figure 2. Wireless AP (XR Series) ............................................................................ 4
Figure 3. Wireless Coverage Patterns .................................................................... 15
Figure 4. XP8 - Power over Ethernet Usage .......................................................... 16
Figure 5. WMI: AP Status......................................................................................... 17
Figure 6. Layout of IAPs (XR-7630)........................................................................ 18
Figure 7. Coverage Schemes (XR-7230 shown)..................................................... 19
Figure 8. Wall Thickness Considerations .............................................................. 33
Figure 9. Unit Placement.......................................................................................... 34
Figure 10. Full (Normal) Coverage........................................................................... 35
Figure 11. Adjusting RF Patterns.............................................................................. 35
Figure 12. Custom Coverage ..................................................................................... 36
Figure 13. Connection Rate vs. Distance.................................................................. 36
Figure 14. Transmit Power......................................................................................... 37
Figure 15. Auto Cell Size Options............................................................................. 38
Figure 16. Overlapping Cells..................................................................................... 39
Figure 17. Allocating Channels Manually............................................................... 40
Figure 18. Spatial Multiplexing................................................................................. 44
Figure 19. MIMO Signal Processing......................................................................... 45
Figure 20. MU-MIMO with Four Antennas ............................................................ 46
Figure 21. Physical Layer Data Encoding................................................................ 47
Figure 22. Channel Bonding (Channels 36-64 shown)........................................... 49
Figure 23. Maximum 802.11ac Data Rates............................................................... 49
Figure 24. Port Failover Protection........................................................................... 52
Figure 25. Switch Failover Protection ..................................................................... 54
Figure 26. Port Requirements for XMS .................................................................... 58
Figure 27. WDS Link................................................................................................... 63
Figure 28. A Multiple Hop WDS Connection ......................................................... 64
Figure 29. WDS Failover Protection ......................................................................... 64
Figure 30. Installation Workflow .............................................................................. 67
Figure 31. AP Placement ............................................................................................ 69
Figure 32. LED Locations........................................................................................... 72
Figure 33. Network Interface Ports—XR-520 (left); XR-1000 Series (right) ........ 76
Figure 34. Network Interface Ports—XR-600 Series ............................................. 77
Wireless Access Point
xvi List of Figures
Figure 35. Network Interfaces—XR-2000 Series (left); XR-2005/2006 (right) .... 77
Figure 36. Network Interface Ports—XR-4000 Series ............................................ 77
Figure 37. Network Interface Ports—XR-6000 Series ............................................ 77
Figure 38. Web Management Interface .................................................................... 86
Figure 39. WMI: Frames............................................................................................. 89
Figure 40. WMI Header.............................................................................................. 90
Figure 41. WMI Command Log ................................................................................ 91
Figure 42. WMI: Utility Buttons................................................................................ 91
Figure 43. Logging In to the Wireless AP................................................................ 92
Figure 44. AP Summary ............................................................................................. 96
Figure 45. Disabled IAP (Partial View).................................................................... 99
Figure 46. IAP Cells .................................................................................................... 99
Figure 47. Network Assurance and Operating Status......................................... 100
Figure 48. AP Information ....................................................................................... 102
Figure 49. Show Configuration ............................................................................... 103
Figure 50. Admin Login History............................................................................. 104
Figure 51. Network Settings .................................................................................... 105
Figure 52. Network Map.......................................................................................... 106
Figure 53. Spanning Tree Status.............................................................................. 109
Figure 54. Routing Table.......................................................................................... 110
Figure 55. ARP Table ................................................................................................ 110
Figure 56. DHCP Leases........................................................................................... 111
Figure 57. Connection Tracking.............................................................................. 111
Figure 58. CDP List ................................................................................................... 112
Figure 59. LLDP List................................................................................................. 113
Figure 60. Network Assurance................................................................................ 113
Figure 61. Undefined VLANs.................................................................................. 114
Figure 62. RF Monitor IAPs ................................................................................. 116
Figure 63. RF Monitor IAPs ................................................................................. 116
Figure 64. RF Spectrum Analyzer........................................................................... 118
Figure 65. Intrusion Detection/Rogue AP List..................................................... 120
Figure 66. RF Monitor Channel History............................................................. 122
Figure 67. RF Monitor Channel History (Rotated) ........................................... 123
Figure 68. RF Monitor Channel History (Text) ................................................. 123
Figure 69. Radio Assurance..................................................................................... 124
Figure 70. Stations..................................................................................................... 127
Figure 71. Location Map........................................................................................... 129
Wireless Access Point
List of Figures xvii
Figure 72. Controls for Location Map .................................................................... 130
Figure 73. Station RSSI Values ................................................................................ 132
Figure 74. Station RSSI Values Colorized Graphical View ............................. 133
Figure 75. Station Signal-to-Noise Ratio Values................................................... 134
Figure 76. Station SNR Values Colorized Graphical View.............................. 134
Figure 77. Station Noise Floor Values.................................................................... 135
Figure 78. Station Noise Floor Values Colorized Graphical View................. 136
Figure 79. Max by IAP.............................................................................................. 137
Figure 80. Station Assurance ................................................................................... 138
Figure 81. IAP Statistics Summary Page................................................................ 139
Figure 82. Individual IAP Statistics Page .............................................................. 141
Figure 83. Network Statistics................................................................................... 142
Figure 84. VLAN Statistics....................................................................................... 143
Figure 85. WDS Statistics ......................................................................................... 144
Figure 86. IDS Statistics Page .................................................................................. 145
Figure 87. Filtered IDS Statistics ............................................................................. 146
Figure 88. Filter Statistics ......................................................................................... 147
Figure 89. Station Statistics ...................................................................................... 147
Figure 90. Individual Station Statistics Page......................................................... 149
Figure 91. Application Control ............................................................................... 152
Figure 92. Application Control (Pie Charts).......................................................... 154
Figure 93. Application Control (Station Traffic)................................................... 155
Figure 94. Stations (Application Control).............................................................. 156
Figure 95. System Log (Alert Level Highlighted) ................................................ 157
Figure 96. IDS Event Log ......................................................................................... 158
Figure 97. WMI: Express Setup............................................................................... 163
Figure 98. LEDs are Switched On........................................................................... 168
Figure 99. Network Interfaces................................................................................. 169
Figure 100. Network Settings .................................................................................... 170
Figure 101. Network Bonds and Bridging............................................................... 173
Figure 102. Bridging Traffic....................................................................................... 174
Figure 103. Port Modes (a, b)..................................................................................... 176
Figure 104. Port Modes (c, d)..................................................................................... 177
Figure 105. Mirroring Traffic..................................................................................... 179
Figure 106. DNS Settings............................................................................................ 180
Figure 107. CDP Settings............................................................................................ 181
Figure 108. LLDP Settings ......................................................................................... 182
Wireless Access Point
xviii List of Figures
Figure 109. Services..................................................................................................... 185
Figure 110. Time Settings (Manual Time)................................................................ 186
Figure 111. Time Settings (NTP Time Enabled)...................................................... 187
Figure 112. NetFlow.................................................................................................... 189
Figure 113. Wi-Fi Tag.................................................................................................. 190
Figure 114. Location.................................................................................................... 191
Figure 115. System Log .............................................................................................. 193
Figure 116. SNMP ....................................................................................................... 197
Figure 117. DHCP Management............................................................................... 200
Figure 118. Proxy Forwarding Example.................................................................. 203
Figure 119. Set up a Proxy Server on each Client (Windows) .............................. 206
Figure 120. Specify Proxy Servers (Windows)........................................................ 207
Figure 121. Set up a Proxy Server on each Client (Apple) .................................... 208
Figure 122. Specify Proxy Servers (Apple).............................................................. 209
Figure 123. Proxy Forwarding................................................................................... 210
Figure 124. Proxy Client for Management Traffic.................................................. 211
Figure 125. VLANs...................................................................................................... 213
Figure 126. VLAN Management............................................................................... 216
Figure 127. Tunnel Summary.................................................................................... 220
Figure 128. Tunnel Management .............................................................................. 221
Figure 129. Tunnel SSID Assignments..................................................................... 223
Figure 130. Tunnel VLAN Assignments.................................................................. 224
Figure 131. Security..................................................................................................... 225
Figure 132. Import Xirrus Certificate Authority..................................................... 230
Figure 133. Admin Management .............................................................................. 231
Figure 134. Admin Privileges.................................................................................... 233
Figure 135. Admin RADIUS...................................................................................... 236
Figure 136. Management Control ............................................................................. 238
Figure 137. Pre-login Banner ..................................................................................... 239
Figure 138. Management Transports........................................................................ 240
Figure 139. Management Modes............................................................................... 242
Figure 140. HTTPS (X.509) Certificate...................................................................... 245
Figure 141. External Certificate Authority .............................................................. 246
Figure 142. Access Control List................................................................................. 248
Figure 143. Global Settings (Security) ...................................................................... 250
Figure 144. External RADIUS Server ....................................................................... 254
Figure 145. Internal RADIUS Server ........................................................................ 258
Wireless Access Point
List of Figures xix
Figure 146. Active Directory Server ......................................................................... 261
Figure 147. Finding the Domain Name from Active Directory............................ 262
Figure 148. Rogue Control List ................................................................................. 264
Figure 149. OAuth 2.0 Management - Token List .................................................. 266
Figure 150. SSIDs......................................................................................................... 268
Figure 151. Four Traffic Classes................................................................................ 271
Figure 152. Priority Level—IEEE 802.1p (Layer 2)................................................. 272
Figure 153. Priority Level—DSCP (DiffServ - Layer 3) ......................................... 272
Figure 154. SSID Management.................................................................................. 277
Figure 155. SSID Management—Encryption, Authentication, Accounting ...... 281
Figure 156. WPR Internal Splash Page Fields (SSID Management)..................... 287
Figure 157. Customizing an Internal Login or Splash Page.................................. 292
Figure 158. Whitelist Configuration for WPR......................................................... 293
Figure 159. Purple WiFi Guest Access ..................................................................... 294
Figure 160. Setting Active IAPs per SSID ................................................................ 298
Figure 161. Per-SSID Access Control List................................................................ 299
Figure 162. Honeypot Whitelist ................................................................................ 301
Figure 163. Personal Wi-Fi......................................................................................... 302
Figure 164. Groups...................................................................................................... 304
Figure 165. Group Management ............................................................................... 306
Figure 166. IAPs........................................................................................................... 311
Figure 167. Source of Channel Setting ..................................................................... 311
Figure 168. IAP Settings ............................................................................................. 313
Figure 169. Global Settings (IAPs)............................................................................ 319
Figure 170. Multicast Processing .............................................................................. 324
Figure 171. Additional Optimization Settings........................................................ 330
Figure 172. Global Settings .11an.............................................................................. 335
Figure 173. Global Settings .11bgn ........................................................................... 341
Figure 174. Global Settings .11n................................................................................ 347
Figure 175. Global Settings .11ac .............................................................................. 350
Figure 176. 802.11u Global Settings.......................................................................... 353
Figure 177. Advanced RF Settings............................................................................ 358
Figure 178. Station Assurance (Advanced RF Settings) ........................................ 366
Figure 179. Hotspot 2.0 Settings................................................................................ 369
Figure 180. NAI Realms ............................................................................................. 370
Figure 181. NAI EAP .................................................................................................. 371
Figure 182. Intrusion Detection Settings.................................................................. 373
Wireless Access Point
xx List of Figures
Figure 183. LED Settings............................................................................................ 380
Figure 184. DSCP Mappings...................................................................................... 381
Figure 185. Roaming Assist ....................................................................................... 383
Figure 186. WDS.......................................................................................................... 385
Figure 187. Configuring a WDS Link....................................................................... 386
Figure 188. WDS Client Links ................................................................................... 387
Figure 189. Filters........................................................................................................ 391
Figure 190. Filter Lists ................................................................................................ 392
Figure 191. Filter Management ................................................................................. 395
Figure 192. Filter Category or Application.............................................................. 399
Figure 193. Clusters .................................................................................................... 401
Figure 194. Cluster Management.............................................................................. 402
Figure 195. Viewing Statistics in Cluster Mode...................................................... 404
Figure 196. AirWatch Settings................................................................................... 406
Figure 197. System Tools............................................................................................ 412
Figure 198. Remote Boot Services............................................................................. 416
Figure 199. Configuration Management.................................................................. 417
Figure 200. Saving the Diagnostic Log..................................................................... 421
Figure 201. Managing Application Control Signature files .................................. 422
Figure 202. Managing WPR Splash/Login page files............................................ 423
Figure 203. System Command (Ping)....................................................................... 424
Figure 204. Radius Ping Output................................................................................ 425
Figure 205. CLI Window............................................................................................ 426
Figure 206. API Documentation................................................................................ 428
Figure 207. API — GET Request Details ................................................................. 429
Figure 208. API — GET Request Response ............................................................. 431
Figure 209. API Documentation Toolbar................................................................. 432
Figure 210. WMI Display Options............................................................................ 433
Figure 211. Login Window ........................................................................................ 434
Figure 212. Logging In................................................................................................ 436
Figure 213. Help Window.......................................................................................... 438
Figure 214. Full Help .................................................................................................. 438
Figure 215. Partial Help.............................................................................................. 439
Figure 216. Air Cleaner Filter Rules ......................................................................... 469
Figure 217. Configuring a Simple Open Global SSID............................................ 498
Figure 218. Configuring a Global SSID using WPA-PEAP................................... 499
Figure 219. Configuring an SSID-Specific SSID using WPA-PEAP..................... 500
Wireless Access Point
List of Figures xxi
Figure 220. Enabling Global IAPs............................................................................. 501
Figure 221. Disabling Global IAPs............................................................................ 502
Figure 222. Enabling a Specific IAP.......................................................................... 503
Figure 223. Disabling a Specific IAP......................................................................... 504
Figure 224. Setting Cell Size Auto-Configuration for All IAPs............................ 505
Figure 225. Setting the Cell Size for All IAPs.......................................................... 506
Figure 226. Setting the Cell Size for a Specific IAP ................................................ 507
Figure 227. Configuring VLANs on an Open SSID................................................ 508
Figure 228. Configuring Radio Assurance Mode (Loopback Testing)................ 510
Figure 229. Sample output of pci-audit command................................................. 589
Figure 230. Tamper Evident Seal Application for Indoor Enclosure .................. 592
Figure 231. Tamper Evident Seal Application Close-up ....................................... 593
Figure 232. AP Information ....................................................................................... 594
Figure 233. Security - Management Control Window.......................................... 595
Wireless Access Point
xxii List of Figures
Wireless Access Point
Introduction 1
Introduction
This chapter introduces the Xirrus Family of Products, with an overview of its key
features and benefits.
z
“The Xirrus Family of Products” on page 1.
z
“Why Choose the Xirrus Access Point?” on page 3.
z
“Wireless Access Point Product Overview” on page 4.
z
“Key Features and Benefits” on page 18.
z
“Advanced Feature Sets” on page 21.
z
“About this Users Guide” on page 25.
The Xirrus Family of Products
Figure 1. Xirrus AP
The Xirrus family of products includes the following:
z
Xirrus High Density Wireless Access Points
Xirrus APs are designed to provide distributed intelligence, integrated
switching capacity, application-level intelligence, increased bandwidth,
and smaller size. The radios support IEEE802.11 ac, a, b, g, and n clients,
and feature the capacity and performance needed to replace switched
Ethernet to the desktop. Modular radios allow you to increase the
number of radios, upgrade to more powerful radios, or even upgrade
later to future technologies like 802.11ac and 802.11ad as they are
introduced.
Wireless Access Point
2 Introduction
z
Xirrus Management System (XMS)
XMS is used for managing large wireless deployments from a centralized
Web-based interface. Xirrus offers XMS-Cloud—a software as a service
option for XMS, providing zero-touch provisioning and initial startup for
new AP deployments. XMS is capable of managing large numbers of APs,
including automated software and firmware upgrades for the network.
Another option is XMS, hosted on your own server. It manages all aspects
of your Xirrus wireless network. For customers using the XMS-9000-CL-x
Cloud-hosted version, all AP management is performed via the cloud.
For detailed information, refer to the XMS Users Guide.
z
Xirrus-supplied Power over Ethernet (POE) Injectors and POE+
Switches
Xirrus offers 24- and 48-port enterprise-class L2+ gigabit managed access
switches with IEEE802.3at PoE+, four 1G/10G SFP+ ports, and stacking.
One-, two-, and eight-port POE injectors are also available for a range of
AP power requirements.
Nomenclature
Throughout this Users Guide, Xirrus Wireless Access Points are referred to as
simply APs or APs. In some instances, the terms product and unit are also used.
When discussing specific products from the Xirrus family, the product name is
used (for example, XR-4830). The Wireless AP’s operating system is referred to as
the ArrayOS (AOS). The Web Management Interface for browser-based
management of the AP is referred to as WMI.
APs have very flexible radio capabilities each of the radios may be
independently configured to support IEEE802.11a, 11b, 11g, or 11n clients or a
combination of client types. On APs featuring 802.11ac, this option is also
included. One radio may be assigned as the RF monitor radio, supporting
intrusion detection and prevention, self-monitoring, and other services. Radios
support both 2.4GHz and 5 GHz, and are named iap1, iap2, ... iapn.
The Xirrus Management System is referred to as XMS. The Power over Ethernet
system may be referred to as POE.
Wireless Access Point
Introduction 3
Why Choose the Xirrus Access Point?
The deployment of wireless is a necessity as businesses strive for greater
flexibility in the workplace and the need for employee mobility rises. The user
community is placing spiraling and often unanticipated demands on the wireless
network, with the rapid proliferation of devices such as iPads and wireless
enabled phones. Xirrus High Density APs have the capability to support the large
number of user devices present in today’s environments, with superior range and
coverage.
Wireless has come a long way in the past few years and now offers the
performance, reliability and security that Enterprise customers have come to
expect from their networks. The technology is being driven by these major IEEE
standards:
z
802.11ac
Operates in the 5 GHz range, using a number of advanced techniques to
achieve a maximum speed of 1.3 Gbps. These techniques include
improvements on the methods used for 802.11n, below.
z
802.11n
Uses multiple antennas per radio to boost transmission speed as high as
450Mbps, increasing throughput, range, and maximum number of users.
802.11n is backwards compatible with 802.11a/b/g.
z
802.11a
Operates in the 5 GHz range with a maximum speed of 54 Mbps.
z
802.11b
Operates in the 2.4 GHz range with a maximum speed of 11 Mbps.
z
802.11g
Supports a higher transmission speed of 54 Mbps in the 2.4 GHz range
and is backwards compatible with 802.11b.
Whether you have just a few users or many users, the Xirrus AP has the
scalability and flexibility to serve your needs.
Wireless Access Point
4 Introduction
See Also
Key Features and Benefits
Wireless Access Point Product Overview
The Xirrus Family of Products
Wireless Access Point Product Overview
The Wireless AP is a high capacity, multi-mode device designed with up to four
times the coverage and eight times the bandwidth and user density compared
with legacy thin access point wireless products. Its distributed intelligence
eliminates the use of separate controllers and their accompanying bottlenecks.
Each radio, with its directional high-gain antennas, can achieve up to 1.3 Gbps
throughput.
Figure 2. Wireless AP (XR Series)
The Wireless AP (regardless of the product model) is Wi-Fi® compliant and
simultaneously supports 802.11ac (on .11ac models), 802.11a, 802.11b, 802.11g, and
802.11n clients. The multi-state design allows you to assign radios to 2.4 GHz and
5 GHz bands (or both) in any desired arrangement. Integrated switching and
active enterprise class features such as VLAN support and multiple SSID
capability enable robust network compatibility and a high level of scalability and
system control. The Xirrus Management System (XMS) allows global
management of hundreds of APs from a central location.
Multiple versions of the AP with different numbers of IAPs support a variety of
deployment applications.
Wireless Access Point
Introduction 5
XR Wireless AP Product Family
XR-320 Wall Mounted 2-Radio Access Points
The XR-320 is a high performance Gigabit Wi-Fi wall access point with integrated
wired Gigabit switch designed for in-room connectivity. This AP, built to support
the latest 802.11ac Wi-Fi standards, is designed for multi-device wired and
wireless connectivity in hotel rooms, dormitories, hospital rooms, offices, and
similar locations. Using existing in-wall cabling, the XR-320 can deliver Wi-Fi
access, connectivity to multiple wired devices and pass through access for legacy
devices like POTS.
These models have omni-directional antennas rather than directional antennas.
The XR-320 runs a different operating system than ArrayOS, and the WMI and
CLI described in this book do not apply to the XR-320. This model should be
managed using XMS-Cloud.
Feature XR-320
No. radios: 802.11
a/b/g/n/ac/Monitor 2
Radio type 2x2
Integrated antennas 4
Integrated wireless switch ports 2
Gigabit Uplink Port 1
Wireless bandwidth 1.1 Gbps
Users supported 256
Wireless Access Point
6 Introduction
XR-500 Series 2-Radio Access Points
These Access Points have one Gigabit Ethernet port and two multi-state radios
(2.4GHz or 5GHz). They support 600Mbps total, connecting up to 240 users at one
time.
The Access Point provides flexibility for delivering wireless service in low-to-
medium user density scenarios, in challenging deployments in areas with high RF
attenuation, and in isolated or physically separated locations.
These models have an integrated controller, firewall, threat sensor, and spectrum
analyzer. Indoor units have omni-directional antennas rather than directional
antennas.
Feature XR-520
No. radios: 802.11
a/b/g/n/monitor 2
Radio type 2x2
Integrated omni-directional
antennas 4
Integrated wireless switch ports 2
Integrated RF spectrum analyzer,
threat sensors Yes
Gigabit Uplink Port 1
Wireless bandwidth 600 Mbps
Users supported 240
Wireless Access Point
Introduction 7
XR-600 Series 2-Radio Access Points
These Access Points provide robust wireless service in low-to-medium user
density scenarios. They have two Gigabit Ethernet ports and two multi-state
radios (2.4GHz or 5GHz), so that as more of your clients migrate to 802.11ac, you
can increase the number of radios operating at 5 GHz. Each of the XR-630’s two
3x3 802.11ac radios supports 1.3Gbps, connecting up to 240 users at one time with
2.6Gbps total Wi-Fi bandwidth.
These models have an integrated controller, firewall, threat sensor spectrum
analyzer, and application-level intelligence. They have omni-directional antennas
rather than directional antennas.
The XR-630 supports a unique feature that optimizes wireless performance by
automatically segmenting faster 802.11ac clients from slower Wi-Fi clients. Since
Wi-Fi is a shared medium, this separation ensures slower 802.11a/b/g/n clients
do not slow down 802.11ac clients and prevent them from achieving high
performance.
Note that the XH2-120 is an outdoor AP that is similar to the XR-620, except that it
uses customer-provided external antennas rather than integrated antennas. See
the Xirrus XH2-120 Quick Installation Guide for more information.
Feature XR-620 XR-630
No. radios: 802.11
ac/a/b/g/n/monitor 22
Radio type 2x2 3x3
Integrated omni-directional
antennas 46
Integrated wireless switch ports 2 2
Integrated RF spectrum analyzer,
threat sensors Yes Yes
Gigabit Uplink Ports 2 2
Wireless bandwidth 1.7 Gbps 2.6 Gbps
Users supported 240 240
Wireless Access Point
8 Introduction
XR-1000 Series 2-Radio Access Points
These APs include models with one Gigabit Ethernet port and two multi-state
radios (2.4GHz or 5GHz) that can support 300Mbps or 450Mbps, connecting up to
480 users at one time.
The Xirrus XR-1000 Series Wireless AP is a two slot chassis available in a two
multi-state (2.4GHz or 5GHz) radio configuration with up to 900Mbps of
bandwidth (up to 450 Mbps per radio). The XR-1000 provides flexibility for
delivering wireless service in low user density scenarios, challenging
deployments in areas with high RF attenuation, and in isolated or physically
separated locations. The elliptical-shaped coverage pattern produced by its
directional antennas is ideal for covering facilities with central hallways and
adjacent rooms commonly found in office buildings, hotels, and dormitories.
Like larger APs, these models integrate multi-state radios with high gain
directional antennas, an onboard multi-gigabit switch, controller, firewall, threat
sensor and spectrum analyzer, built on a modular chassis for future extensibility.
Feature XR-1220 XR-1230
No. radios: 802.11
a/b/g/n/monitor 22
Radio type 2x2 3x3
Integrated antennas 4 6
Integrated wireless
switch ports 22
Integrated RF spectrum
analyzer, threat sensors Yes Yes
Gigabit Uplink Port 1 1
Wireless bandwidth 600 Mbps 900 Mbps
Users supported 480 480
Wireless Access Point
Introduction 9
XD4-130 4-Radio High Density Access Points
These APs have two Gigabit Ethernet ports and four multi-state radios (2.4GHz or
5GHz) supporting 802.11ac and 802.11a/b/g/n. Each of the four 3x3 802.11ac
radios supports 1.3Gbps, connecting up to 780 users at one time with up to 5.2
Gbps total Wi-Fi bandwidth.
The Xirrus XD4-130 AP supports high-performance for medium density needs. It
integrates multi-state radios with high gain directional antennas, an onboard
multi-gigabit switch, controller, firewall, threat sensor and spectrum analyzer.
A unique feature optimizes wireless performance by automatically segmenting
faster 802.11ac clients from slower Wi-Fi clients. Since Wi-Fi is a shared medium,
this separation ensures slower 802.11a/b/g/n clients do not slow down 802.11ac
clients and prevent them from achieving high performance.
Feature XD4-130
No. radios: 802.11
ac/a/b/g/n/monitor 4
Radio type 3x3
Integrated antennas 12
Integrated wireless switch ports 4
Integrated RF spectrum analyzer,
threat sensors Yes
Gigabit Uplink Ports 2
Wireless bandwidth 5.2 Gbps
Users supported 780
Wireless Access Point
10 Introduction
XR-2006 Series 2- and 4-Radio High Density Access Points
These APs have two Gigabit Ethernet ports and two or four multi-state radios
(2.4GHz or 5GHz) supporting 802.11ac and 802.11a/b/g/n. Each of the XR-2436’s
four 3x3 802.11ac radios supports 1.3Gbps, connecting up to 512 users at one time
with up to 5.2 Gbps total Wi-Fi bandwidth.
The Xirrus XR-2006 Series has a four-slot chassis that allows you to purchase a
two-radio model and add more radios later as your needs grow. These models
support high-performance for medium to high density needs. Like larger XR APs,
these models integrate multi-state radios with high gain directional antennas, an
onboard multi-gigabit switch, controller, firewall, threat sensor and spectrum
analyzer on a modular chassis designed for extensibility.
A unique feature optimizes wireless performance by automatically segmenting
faster 802.11ac clients from slower Wi-Fi clients. Since Wi-Fi is a shared medium,
this separation ensures slower 802.11a/b/g/n clients do not slow down 802.11ac
clients and prevent them from achieving high performance.
Feature XR-2226 XR-2236 XR-2426 XR-2436
No. radios: 802.11
ac/a/b/g/n/monitor 2244
Radio type 2x2 3x3 2x2 3x3
Integrated antennas 4 6 8 12
Integrated wireless
switch ports 4444
Integrated RF spectrum
analyzer, threat sensors Yes Yes Yes Yes
Gigabit Uplink Ports 2222
Wireless bandwidth 1.7 Gbps 2.6 Gbps 3.4 Gbps 5.2 Gbps
Users supported 256 256 512 512
Wireless Access Point
Introduction 11
XR-2005 Series 2- and 4-Radio Access Points
These APs include models with one or two Gigabit Ethernet ports and two or four
multi-state radios (2.4GHz or 5GHz) that can support 300Mbps or 450Mbps,
connecting up to 960 users at one time.
The Xirrus XR-2005 Series Wireless AP has a four slot chassis available in a multi-
state (2.4GHz or 5GHz) radio configuration supporting up to 1.8Gbps of
bandwidth. These models support a range of low to high-performance
applications, including offices, hospitals, campuses and classrooms, and hotels.
Like larger XR APs, these models integrate multi-state radios with high gain
directional antennas, an onboard multi-gigabit switch, controller, firewall, threat
sensor and spectrum analyzer on a modular chassis designed for extensibility.
XR-2005 Series APs have no console port, but have two Gigabit ports, one of
which accepts POE+ power supplied by a Xirrus-supplied power injector or an
IEEE802.3at powered switch. Note that older XR-2000 Series APs ending in “0”
have one Gigabit POE port and a Console port.
Feature XR-2225 XR-2235 XR-2425 XR-2435
No. radios: 802.11
a/b/g/n/monitor 2244
Radio type 2x2 3x3 2x2 3x3
Integrated antennas 4 6 8 12
Integrated wireless
switch ports 4444
Integrated RF spectrum
analyzer, threat sensors Yes Yes Yes Yes
Gigabit Uplink Ports 2222
Wireless bandwidth 600 Mbps 900 Mbps 1.2 Gbps 1.8 Gbps
Users supported 480 480 960 960
Wireless Access Point
12 Introduction
XR-4006 Series 4- to 8-Radio High Density Access Points
These APs include models with two Gigabit Ethernet ports and four or eight
multi-state radios (2.4GHz or 5GHz) supporting 802.11ac and 802.11a/b/g/n.
Each of the XR-4836’s eight 3x3 802.11ac radios supports 1.3Gbps, connecting up
to 1024 users at one time with up to 10.4 Gbps total Wi-Fi bandwidth.
The Xirrus XR-4006 Series Wireless AP has an eight-slot chassis that allows you to
purchase a four-radio model and add more radios later as your needs grow. These
models support high-performance for high density needs, integrating multi-state
radios with high gain directional antennas, an onboard multi-gigabit switch,
controller, firewall, threat sensor and spectrum analyzer on a modular chassis
designed for extensibility.
A unique feature optimizes wireless performance by automatically segmenting
faster 802.11ac clients from slower Wi-Fi clients. Since Wi-Fi is a shared medium,
this separation ensures slower 802.11a/b/g/n clients do not slow down 802.11ac
clients and prevent them from achieving high performance.
Feature XR-4426 XR-4436 XR-4826 XR-4836
No. of radios: 802.11
ac/a/b/g/n/monitor 4488
Radio type 2x2 3x3 2x2 3x3
Integrated antennas 8 12 16 24
Integrated wireless switch
ports 8888
Integrated RF spectrum
analyzer, threat sensors Yes Yes Yes Yes
1 Gigabit Uplink Ports 2 2 2 2
Wireless bandwidth 3.5 Gbps 5.2 Gbps 6.9 Gbps 10.4 Gbps
Users supported 512 512 1024 1024
Wireless Access Point
Introduction 13
XR-4000 Series 4- to 8-Radio High Density Access Points (not ending in “6”)
These APs include models with two Gigabit Ethernet ports and four or eight
radios (IAPs), connecting up to 1920 users at one time and offering a maximum
wireless bandwidth of 3.6 Gbps (up to 450 Mbps per radio). Smaller models may
be upgraded to eight radios later when your needs change.
Feature XR-4420 XR-4430 XR-4820 XR-4830
Number of radios:
802.11a/b/g/n/monitor 4488
Radio type 2x2 3x3 2x2 3x3
Integrated antennas 8 12 16 24
Integrated wireless
switch ports 8888
Integrated RF spectrum
analyzer, threat sensors Yes Yes Yes Yes
1 Gigabit Uplink Ports 2 2 2 2
Wireless bandwidth 1.2 Gbps 1.8 Gbps 2.4 Gbps 3.6 Gbps
Users supported 960 960 1920 1920
Wireless Access Point
14 Introduction
XR-6000 Series 8- to 16-Radio High Density Access Points
These APs include models with four Gigabit Ethernet ports and up to sixteen
radios, connecting up to 3840 users at one time and offering a maximum wireless
bandwidth of 7.2 Gbps (up to 450 Mbps per radio). Smaller models may be
upgraded to sixteen radios later when your needs change. A 10 Gigabit modular
Ethernet expansion port (DVI connector) is available to meet high traffic
demands. It is used only with an optional Xirrus 10 Gig fiber optics adapter.
Enterprise Class Security
The latest and most effective wireless encryption security standards, including
Wireless Protected Access (WPA) and WPA2 with 802.11i Advanced Encryption
Standard (AES) are available on the Wireless AP. In addition, the use of an
embedded RADIUS server (or 802.1x with an external RADIUS server) ensures
user authentication multiple APs can authenticate to the XMS, ensuring only
authorized APs become part of the wireless network. With the Xirrus Advanced
Feature XR-6820 XR-6830 XR-7620 XR-7630
Number of radios:
802.11a/b/g/n/monitor 881616
Radio type 2x2 3x3 2x2 3x3
Number of
integrated antennas 16 24 32 48
Integrated wireless switch
ports 16 16 16 16
Integrated RF spectrum
analyzer, threat sensors Yes Yes Yes Yes
1 Gigabit Uplink Ports 4 4 4 4
External 10 Gigabit Modular
Expansion Port 1111
Wireless bandwidth (Gbps) 2.4 3.6 4.8 7.2
Users supported 1920 1920 3840 3840
Wireless Access Point
Introduction 15
Feature Sets, intrusion detection and prevention, site monitoring, and RF
spectrum analysis are performed in the background by the AP automatically.
Deployment Flexibility
Xirrus’ unique multi-radio architecture (on all APs except the XR-500 Series)
generates 360 degrees of sectored high-gain 802.11a/b/g/n coverage that
provides extended range and the highest possible data rates for a large volume of
clients. Each sector can be adjusted automatically or manually, creating a pattern
of wireless coverage perfectly tailored to individual customer needs. For example:
Figure 3. Wireless Coverage Patterns
Figure 3 depicts the following two scenarios:
z
Full pattern coverage
All radios are activated with coverage spanning 360 degrees. If within
range, clients will always receive coverage regardless of their geographic
position relative to the AP. Radios may be assigned to 2.4 GHz and/or 5.0
GHz bands in any desired pattern.
z
Partial pattern coverage
If desired, the Wireless AP can be deployed close to an exterior wall. In
this case, half of all available radios have been deactivated to prevent
redundant signals from “bleeding” beyond the site’s perimeter wall. This
configuration may also be used in those cases where you want to restrict
wireless coverage to selected areas of the building’s interior.
outside wall
Wireless Access Point
16 Introduction
Power over Ethernet (POE)
Some smaller APs (XR-2000 models ending in “5” or “6”, and XR-500/600 Series)
are compatible with IEEE802.3af and/or IEEE802.3at PoE+, and may be
connected to appropriate powered switches. For example, the Xirrus XT-5024 and
XT-5048 are 24-and 48-port 802.3at POE+ managed switches. See the Installation
Guide for the AP for compatible injectors or powered switches.
POE modules provide power to APs over the same Cat 5e or Cat 6 cable used for
data. Managed modules provide the ability to control power using XMS.
Figure 4. XP8 - Power over Ethernet Usage
Specific models of the AP are compatible with specific POE modules.
Enterprise Class Management
The Wireless AP can be used with its default settings, or it can be initially
configured using zero touch cloud-based automated provisioning. Settings may
also be customized using the AP’s embedded WMI. The WMI enables easy
Wireless Access Point
Introduction 17
configuration and control from a graphical console, plus a full complement of
troubleshooting tools and statistics.
Figure 5. WMI: AP Status
In addition, a fully featured Command Line Interface (CLI) offers IT professionals
a familiar management and control environment. Simple Network Management
Protocol (SNMP) is also supported to allow management from an SNMP
compliant management tool, such as the optional XMS.
#For deployments of more than five APs, we recommend that you use the
cloud-based or enterprise version of XMS. XMS offers a rich set of features
for fine control over large deployments.
Wireless Access Point
18 Introduction
Key Features and Benefits
This section describes some of the key product features and the benefits you can
expect when deploying the Wireless AP (the XR-7630 product is used as an
example in this section).
High Capacity and High Performance
Figure 6. Layout of IAPs (XR-7630)
The XR-7630 version of the Wireless AP (Figure 6) enables wireless connectivity
and easily handles time-sensitive traffic such as voice. This model includes four
Gigabit uplink ports for connection to the wired network. Its sixteen IAPs (radios)
provide a maximum wireless capacity of 7.2 Gbps, which offers ample reserves
for the high demands of current and future applications. Of the sixteen IAPs,
fifteen operate as radios which may be set up to serve your choice of client
types any or all of 802.11a/b/g/n (5 GHz or 2.4 GHz bands), providing
backwards compatibility with 802.11b and 802.11g.
In the recommended configuration, one IAP is configured in RF monitoring and
intrusion detection/prevention mode.
Extended Coverage
One XR-7630 solution enables you to replace fifteen access points (including one
omni-directional IAP for monitoring the network). Fifteen IAP radios with
integrated directional antennas provide increased wireless range and enhanced
Wireless Access Point
Introduction 19
data rates in all directions. With a Wireless AP deployed, far fewer access points
are needed and wired-like resiliency is delivered throughout your wireless
network. Your Wireless AP deployment ensures:
z
Continuous connectivity if an IAP (radio) fails.
z
Continuous connectivity if an AP fails.
z
Continuous connectivity if a WDS link or switch fails.
z
Continuous connectivity if a Gigabit uplink or switch fails.
Flexible Coverage Schemes
Figure 7. Coverage Schemes (XR-7230 shown)
z
802.11a/n
Delivers 60° wireless coverage per IAP, with 6 dBi of gain.
z
802.11b/g/n
Delivers 180° wireless coverage, with 3 dBi of gain.
Wireless Access Point
20 Introduction
z
802.11a/b/g/n (monitor only)
Delivers 360° wireless coverage, with 2 dBi of gain.
Non-Overlapping Channels
Complete use of non-overlapping channels limits interference and delivers
maximum capacity. On the XR-7630, up to 16 non-overlapping channels are fully
utilized across the 5GHz and 2.4GHz spectrums.
SDMA Optimization
SDMA (Spatial Division Multiple Access) technology provides full 360° coverage
while allowing independent channel and power output customization. Also
supports fast inter-zone handoffs for time-sensitive applications and roaming.
Fast Roaming
Fast roaming utilizes the Xirrus Roaming Protocol ensuring fast and seamless
roaming capabilities between IAPs or APs at both Layer 2 and Layer 3.
Ease of Deployment
Xirrus XMS simplifies and speeds deployment of the wireless network by
automatically setting up each AP’s license, software image, and initial
configuration. When the AP is installed and has Internet connectivity, it contacts
Xirrus, which performs these initialization tasks.
Powerful Management
The XMS offers real time monitoring and management capabilities for the
wireless network.
Secure Wireless Access
Multiple layers of authentication and encryption ensure secure data
transmissions. The Wireless AP is 802.11i compliant with line-rate encryption
support for 40 and 128 bit WEP, WPA and WPA2 with TKIP and AES encryption.
Authentication is provided via 802.1x, including PEAP, EAP-TLS, EAP-TTLS,
EAP-SIM, EAP-GTC, EAP-AKA, EAP-AKA-Prime, and Lightweight Extensible
Authentication Protocol (LEAP) passthrough. Intrusion detection and prevention
provide proactive monitoring of the environment for threats.
Wireless Access Point
Introduction 21
Applications Enablement
The Wireless AP’s Quality of Service (QoS) functionality combined with true
switch capabilities enable high density video and Voice over Wireless LAN
deployments. Compliant with 802.1p and 802.1Q standards.
See Also
Wireless Access Point Product Overview
Power over Ethernet (POE)
Why Choose the Xirrus Access Point?
Advanced Feature Sets
The Wireless AP offers a family of powerful functionality packages, including the
RF Performance Manager (RPM), RF Security Manager (RSM), RF Analysis
Manager (RAM), and Application Control. These four packages are separately
licensed for operation on your AP. RPM, RSM, and RAM are automatically
included as part of all APs. Application Control is an optional feature.
Xirrus Advanced RF Performance Manager (RPM)
The Xirrus RPM optimizes the bandwidth usage and station performance of
wireless networks. Leveraging the multiple integrated access point (multi-radio)
design of the Xirrus Wireless AP, RPM manages the allocation of wireless
bandwidth to wireless stations across multiple RF channels. The result maximizes
overall network performance with superior flexibility and capacity.
Today's wireless infrastructure is faced with ever increasing numbers and
variations of wireless enabled clients, whether in the form of notebooks, tablets,
smart phones, IP phones, printers, projectors, cameras, RFID tags, etc. The advent
of higher speed wireless and its increased use of the 5GHz spectrum adds to the
number of variables today's wireless networks must accommodate. Backwards
compatibility with older clients is crucial, however their operation in a wireless
network can significantly hinder the performance of faster clients. As an example,
802.11b wireless stations communicate more than 10 times slower than 802.11n
stations.
Wireless Access Point
22 Introduction
With each of the AP’s multiple radios operating on a different channel, RPM
selects the ideal radio for each station. High-speed stations are grouped together
on radios with other high speed stations, while lower speed stations are combined
with other lower speed stations. This ensures optimal performance for high-speed
802.11ac stations without compromise.
The complete feature set of the RPM package includes:
z
Wireless Distribution System (WDS) for point-to-point communication
z
Wireless Mode per IAP
z
Sharp Cell technology
z
Wireless Data Rate Optimization
z
Wireless Traffic Shaping
z
Wireless Voice Call Admission Control
z
Fast Layer 2 and 3 Roaming
z
Standby Mode
Xirrus Advanced RF Security Manager (RSM)
The Xirrus RSM improves security and minimizes the risk in deploying 802.11
wireless networks. Leveraging an integrated 24/7 threat sensor and hardware-
based encryption/decryption in each AP, RSM secures the wireless network from
multiple types of threats. The result delivers uncompromised overall network
security with superior flexibility and performance.
Wireless networks face a number of potential security threats in the form of rogue
access points, ad-hoc clients, unauthorized clients, wireless-based attacks,
eavesdropping, etc. As “bring your own device” (BYOD) becomes ubiquitous in
enterprise networks, defending against these threats becomes more critical. With
the AP’s threat sensor radio scanning all channels in the 2.4GHz and 5GHz
spectrums, RSM searches for security threats and automatically mitigates them.
High performance encryption/decryption in the enterprise wireless network is a
must. The wireless network needs to support each client using the highest level of
encryption (WPA2 Enterprise/128 bit AES) and without degrading the overall
performance of the network. Xirrus incorporates hardware-based encryption/
Wireless Access Point
Introduction 23
decryption into each AP, delivering line-rate encryption at the edge of the
network instead of at a choke point within a centralized controller.
The complete feature set of the RSM package includes:
z
Wireless IDS/IPS (Intrusion Detection/Prevention System)
z
Wireless stateful firewall
z
User group policies
z
Authenticated guest access gateway
z
NAC integration
Xirrus Advanced RF Analysis Manager (RAM)
The RF Advanced Analysis Manager (RAM) tests and troubleshoots wireless
networks. The deployment of 802.11ac presents a set of unique challenges based
on technology differences with legacy 802.11a/b/g/n networks, both on the
wireless infrastructure and client side. Xirrus RAM equips each Wireless AP with
a powerful set of tools and features to optimally tune and verify an 802.11ac
installation, as well as give IT administrators the ability to troubleshoot issues
that may occur within the wireless environment.
802.11ac deployment will continue to evolve over the next several years with
additional performance and optional functions, along with an ongoing stream of
IEEE 802.11 amendments. This changing wireless landscape mandates that
appropriate tools are available to the user to analyze, optimize, and troubleshoot
their changing environments.
The distributed architecture of the AP enables the execution of powerful wireless
and networking analysis at the edge of the network where packets traverse the
wireless-to-wired boundary. The AP includes an embedded wireless controller
with the necessary computing and memory resources to provide these functions
securely at the network's edge.
The key elements of the RAM package include:
z
RF Analysis – An embedded Spectrum Analyzer leverages the dedicated
threat sensor radio in each Wireless AP to provide a continual view of
utilization, interference, and errors across all available wireless channels.
Wireless Access Point
24 Introduction
z
Packet Analysis – Integrated packet capture provides filterable views of
all traffic traversing on the wired and wireless interfaces of the AP.
z
Performance Analysis – Embedded traffic generation enables the
throughput of the AP’s wireless or wired interfaces to be analyzed.
z
Failure Recovery – Radio Assurance provides an automatic self-test and
self healing mechanism that ensures continuous system operation.
z
Netflow Support
z
Network Tools: ping, RADIUS ping, traceroute
Xirrus Application Control
The Application Control feature is available on APs to provide real-time visibility
of application usage by users across the wireless network. Network usage has
changed enormously in the last few years, with the increase in smart phone and
tablet usage stressing networks.
The AP uses Deep Packet Inspection (DPI) to determine what applications are
being used and by whom, and how much bandwidth they are consuming. These
applications are rated by their degree of risk and productiveness. The results are
presented to you both graphically and in tables. Filters can be used to implement
per-application policies that keep network usage focused on productive uses,
eliminating risky and non-business-oriented applications such as BitTorrent. You
can increase the priority of mission-critical applications like VoIP and WebEx. See
“Application Control Windows” on page 150 for more information.
Wireless Access Point
Introduction 25
About this User’s Guide
This User’s Guide provides detailed information and procedures that will enable
wireless network administrators to install, configure and manage the Wireless AP
so that end users can take full advantage of the product’s features and
functionality without technical assistance.
Organization
Topics and procedures are organized by function under the following chapter
headings:
z
Introduction
Provides a brief introduction to wireless technology, an overview of the
product, including its key features and benefits, and presents the product
specifications.
z
Installing the Wireless AP
Defines prerequisites for deploying and installing the AP and provides
instructions to help you plan and complete a successful installation.
z
The Web Management Interface
Offers an overview of the product’s embedded Web Management
Interface, including its content and structure. It emphasizes what you
need to do to ensure that any configuration changes you make are
applied, and provides a list of restricted characters. It also includes
instructions for logging in to the AP with your Web browser.
z
Viewing Status on the Wireless AP
Describes the status and statistics displays available on the AP using its
embedded Web Management Interface.
z
Configuring the Wireless AP
Contains procedures for configuring the AP using its embedded Web
Management Interface.
z
Using Tools on the Wireless AP
Contains procedures for using utility tools provided in the Web
Management Interface. It includes procedures for upgrading the system
Wireless Access Point
26 Introduction
firmware, uploading and downloading configurations and other files,
using diagnostic tools, and resetting the AP to its factory defaults.
z
The Command Line Interface
Includes the commands and the command structure used by the Wireless
AP’s Command Line Interface (CLI), and provides a procedure for
establishing a Telnet connection to the AP. This chapter also includes
some sample key configuration tasks using the CLI.
z
Appendix A: Quick Reference Guide
Contains the product’s factory default settings.
z
Appendix B: FAQ and Special Topics
Offers guidance to resolve technical issues, including general hints and
tips to enhance your product experience, and a procedure for isolating
problems within an AP-enabled wireless network. Also includes
Frequently Asked Questions (FAQs) and Xirrus contact information.
z
Appendix D: Notices (XR-1000 to XR-6000 Indoor Models)
Contains the legal notices and compliance statements for the AP. Please
read this section carefully.
z
Appendix C: Notices (XD and XR500/600 Series Only)
Contains the legal notices and compliance statements for the XD and
XR500 Series Access Points. Please read this section carefully if you are
using these models.
z
Appendix E: Medical Usage Notices
Provides compliance information for Xirrus devices with respect to the
requirements of IEC 60601-1-2.
z
Appendix F: Auditing PCI DSS
Discusses using AP features to assist in meeting security standards for
PCI DSS audits.
z
Appendix G: Implementing FIPS Security
Discusses meeting FIPS security standards with Xirrus devices.
Wireless Access Point
Introduction 27
z
Glossary of Terms
Provides an explanation of terms directly related to Xirrus product
technology, organized alphabetically.
z
Index
The index is a valuable information search tool. Use the index to locate
specific topics discussed in this User’s Guide. Simply click on any page
number in the index to jump to the referenced topic.
Notes and Cautions
The following symbols are used throughout this User’s Guide:
Screen Images
Some screen images of the Web Management Interface have been modified for
clarity. For example, an image may have been cropped to highlight a specific area
of the screen, and/or sample data may be included in some fields.
Product Specifications
Please refer to the Xirrus web site for the latest specifications for these APs—
www.xirrus.com.
#This symbol is used for general notes that provide useful supplemental
information.
!This symbol is used for cautions. Cautions provide critical information that
may adversely affect the performance of the product.
Wireless Access Point
28 Introduction
Wireless Access Point
Installing the Wireless AP 29
Installing the Wireless AP
The instructions for planning and completing a successful installation include the
following topics:
z
“Installation Prerequisites” on page 29.
z
“Planning Your Installation” on page 32.
z
“Installation Workflow” on page 67.
z
“Installing Your Wireless AP” on page 69.
z
“Powering Up the Wireless AP” on page 72.
z
“Zero-Touch Provisioning and Ongoing Management” on page 75.
z
“Performing the Express Setup Procedure” on page 80.
Installation Prerequisites
Wireless AP deployment requires the presence of hardware and services in the
host wired/wireless network, including:
z
Power Source
Xirrus APs are powered via Xirrus-supplied Power over Ethernet. POE
supplies power over the same Cat 5e or Cat 6 cable used for data, thus
reducing cabling and installation effort. POE power injector modules are
available in 1-, 2-, and 8-port configurations and are typically placed near
your Gigabit Ethernet switch. An AC outlet is required for each injector
module.
Some smaller APs are compatible with IEEE802.3af and/or IEEE802.3at,
and may be connected to appropriate powered switches. For example, the
Xirrus XT-5024 is a 24-port 802.3at PoE+ managed switch. See the
Installation Guide for the AP for compatible injectors or powered
switches.
z
Ethernet ports
You need at least one 100/1000 BaseT port to establish wired Gigabit
Ethernet connectivity. XR Series APs have different numbers of ports,
Wireless Access Point
30 Installing the Wireless AP
depending on the model (see “XR Wireless AP Product Family” on
page 5).
z
Secure Shell (SSH) utility
To establish secure remote command line access to the AP, you need a
Secure Shell (SSH) utility, such as PuTTY. The utility must be configured
to use SSH-2, since the AP will only allow SSH-2 connections.
z
Secure Web browser
Xirrus supports the latest version of the following Browsers: Internet
Explorer, Mozilla Firefox, Chrome, or Safari. A secure Web browser is
required for Web-based management of the AP. The browser must be on
the same subnet as the AP, or you must set a static route for management
as described in the warning above.
z
Serial connection capability
A serial port (console) is present on most XR-2000 models and all larger
XR series models. The Xircon utility can be used in place of a console
port—see the Xircon Users Guide. To connect directly to the console port
on the AP, your computer must be equipped with a male 9-pin serial port
and terminal emulation software (for example, HyperTerminal). The
Xirrus AP only supports serial cable lengths up to 25’ per the RS-232
specification.
Use the following settings when establishing a serial connection:
!The AP’s Ethernet ports should be connected to an Ethernet switch, not an
Ethernet hub if a hub is used, we recommend that you do not bond-pair
Ethernet ports.
Bits per second 115,200
Data bits 8
Parity None
Stop bits 1
Flow control None
Wireless Access Point
Installing the Wireless AP 31
Optional Network Components
The following network components are optional.
z
Xirrus Management System (XMS)
The optional XMS offers powerful management features for small or large
Wireless AP deployments.
Client Requirements
The Wireless AP should only be used with Wi-Fi certified client devices.
See Also
Coverage and Capacity Planning
Failover Planning
Planning Your Installation
Wireless Access Point
32 Installing the Wireless AP
Planning Your Installation
This section provides guidelines and examples to help you plan your Xirrus
Wireless AP deployment to achieve the best overall coverage and performance.
We recommend you conduct a site survey to determine the best location and
settings for each AP you install.
z
“General Deployment Considerations” on page 32
z
“Coverage and Capacity Planning” on page 34
z
“About IEEE 802.11ac” on page 42
z
“Failover Planning” on page 52
z
“Power Planning” on page 55
z
“Security Planning” on page 56
z
“Port Requirements” on page 58
z
“Network Management Planning” on page 62
z
“WDS Planning” on page 63
z
“Common Deployment Options” on page 66
General Deployment Considerations
The Array’s unique multi-radio architecture generates 360 degrees of sectored
high-gain 802.11a/b/g/n/ac coverage that provides extended range. (Note that
XR-500/600 Series radios are omni-directional rather than sectored.) The number,
thickness and location of walls, ceilings or other objects that the wireless signals
must pass through may affect the range. Typical ranges vary depending on the
types of materials and background RF (radio frequency) noise at your location. To
maximize wireless range, follow these basic guidelines:
1. Keep the number of walls and ceilings between the AP and your
receiving devices to a minimum each wall or ceiling can reduce the
wireless range from between 3 and 90 feet (1 to 30 meters). Position your
devices so that the number of walls or ceilings is minimized.
#For optimal placement of APs, we recommend that a site survey be
performed by a qualified Xirrus partner.
Wireless Access Point
Installing the Wireless AP 33
2. Be aware of the direct line between each device. For example, a wall that
is 1.5 feet thick (half a meter) at 90° is actually almost 3 feet thick (or 1
meter) when viewed at a 45° angle. At an acute 2° degree angle the same
wall is over 42 feet (or 14 meters) thick. For best reception, try to ensure
that your wireless devices are positioned so that signals will travel
straight through a wall or ceiling.
Figure 8. Wall Thickness Considerations
3. Try to position wireless client devices so that the signal passes through
drywall (between studs) or open doorways and not other materials that
can adversely affect the wireless signal.
See Also
Coverage and Capacity Planning
Common Deployment Options
Installation Prerequisites
90° 45°
1.5 feet/
.5 m ~ 3 feet/
1 m
> 42 feet\
14 m
Wireless Access Point
34 Installing the Wireless AP
Coverage and Capacity Planning
This section considers coverage and capacity for your deployment(s), including
placement options, RF patterns and cell sizes, area calculations, roaming
considerations, and channel allocations.
Placement
Use the following guidelines when considering placement options:
1. The best placement option for the AP is ceiling-mounted within an open
plan environment (cubicles rather than fixed walls).
2. Keep the AP away from electrical devices or appliances that generate RF
noise. Because the AP is generally mounted on ceilings, be aware of its
position relative to lighting (especially fluorescent lighting) we
recommend maintaining a distance of at least 3 to 6 feet (1 to 2 meters).
Figure 9. Unit Placement
3. If using multiple APs in the same area, maintain a distance of at least
100ft/30m between APs if there is direct line-of-sight between units, or at
least 50ft/15m if a wall or other barrier exists between units.
#XR-500/600 Series Integrated Access Points are omni-directional rather than
directional (sectored), and discussions involving sectored radios are not
applicable to these APs.
100 ft/ 30 m
100 ft/ 30 m
100 ft/
30 m
Wireless Access Point
Installing the Wireless AP 35
RF Patterns
The Wireless AP allows you to control — automatically or manually — the pattern
of wireless coverage that best suits your deployment needs. You can choose to
operate with full coverage, half coverage, or custom coverage (by enabling or
disabling individual sectors).
Full (Normal) Coverage
In normal operation, the AP provides a full 360 degrees of coverage.
Figure 10. Full (Normal) Coverage
Half Coverage
Figure 11. Adjusting RF Patterns
If installing a unit close to an exterior wall, you can deactivate half of the radios to
prevent redundant signals from “bleeding” beyond the wall and extending
service into public areas. The same principle applies if you want to restrict service
to an adjacent room within the site.
outside wall
Wireless Access Point
36 Installing the Wireless AP
Custom Coverage
Where there are highly reflective objects in proximity to the AP, you can turn off
specific radios to avoid interference and feedback.
Figure 12. Custom Coverage
Capacity and Cell Sizes
Cell sizes should be estimated based on the number of users, the applications
being used (for example, data/video/voice), and the number of APs available at
the location. The capacity of a cell is defined as the minimum data rate desired for
each sector multiplied by the total number of sectors being used.
Figure 13. Connection Rate vs. Distance
Figure 13 shows relative connection rates for 802.11n vs. 802.11a/g and 802.11b,
and the effect of distance on the connection rates. 802.11ac rates behave like
802.11n over distance—see Figure 23 for 802.11ac data rates). Wireless
environments can vary greatly so the actual rates may be different depending on
the specific network deployment.
object
reflective
Wireless Access Point
Installing the Wireless AP 37
Fine Tuning Cell Sizes
Adjusting the transmit power allows you to fine tune cell sizes. There are four
standard sizes Small, Medium, Large, or Max (the default is Max). There is also
an Auto setting that automatically determines the best cell size, and a Manual
setting that allows you to choose your power settings directly.
Figure 14. Transmit Power
Auto Cell Size is an automatic, self-tuning mechanism that balances cell size
between APs to guarantee coverage while limiting the RF energy that could
extend beyond the organizational boundary. Auto Cell uses communication
between APs to dynamically set radio power so that complete coverage is
provided to all areas, yet at the minimum power level required. This helps to
minimize potential interference with neighboring networks. Additionally, APs
running Auto Cell automatically detect and compensate for coverage gaps caused
by system interruptions. To enable the Auto Cell Size feature, go to “RF Power
and Sensitivity” on page 361.
There are two ways of performing Auto Cell Size—by band (Multichannel Auto
Cell) or by channel (this is the default version). Auto Cell by channel adjusts the
size of two or more neighboring AP radios that are on the same channel (Figure 15
A and B). Multichannel Auto Cell adjusts cell sizes of neighboring radios on the
same band (2.4GHz or 5GHz) even if they are on different channels. A potential
application of Autocell by Band is depicted in Figure 15 B and C. In this example,
Large
Medium
Small
Wireless Access Point
38 Installing the Wireless AP
cell sizes are to be adjusted so that they are contained in each room. The goal is for
stations to associate to the AP located in the same room with them.
Figure 15. Auto Cell Size Options
Multichannel Auto Cell is configured by turning off Auto Cell by Channel in
“Procedure for Configuring Global 802.11an IAP Settings” on page 335 for the
5GHz band, and in “Procedure for Configuring Global 802.11b/g IAP Settings”
on page 342 for the 2.4GHz band. Note that Multichannel Auto Cell is run
separately for each band. Thus, to optimize cell size of both 2.4G and 5G, the
Auto Cell function should be run once for each of these pages. APs must be at
least 15 feet apart for Auto Cell to work properly.
If you are installing many units in proximity to each other, we recommend that
you use Auto Cell Size; otherwise, reduce the transmit power using manual
settings to avoid excessive interference with other APs or installed APs. See also,
“Coverage and Capacity Planning” on page 34.
Sharp Cell
This patented Xirrus RF management option automatically creates more
intelligently defined cells and improves performance by creating smaller, high-
throughput cells. By dynamically limiting each cell to a defined boundary (cell
size), the trailing edge bleed of RF energy is reduced, thus minimizing
interference between neighboring Wireless APs or other Access Points. To enable
the Sharp Cell feature, go to “RF Power and Sensitivity” on page 361.
ABC
Wireless Access Point
Installing the Wireless AP 39
Roaming Considerations
Cells should overlap approximately 10 - 15% to accommodate client roaming.
Figure 16. Overlapping Cells
Allocating Channels
Because the Wireless AP is a multi-channel device, allocating the best channels to
radios is important if peak performance is to be maintained.
Automatic Channel Selection
In the automatic mode, channels are allocated dynamically, driven by changes in
the environment. Auto Channel assignment is performed by scanning the
surrounding area for RF activity on all channels, then automatically selecting and
setting channels on the AP to the best channels available. This function is
typically executed when initially installing APs in a new location and may
optionally be configured to execute periodically to account for changes in the RF
environment over time. Auto Channel selection has significant advantages,
including:
#Note that Auto Channel normally assigns individual channels. However, if
you select Auto bond 5GHz channels on the Global Settings .11n page,
and have 40MHz channels set up prior to running Auto Channel, those
bonds will be preserved. 80MHz bonds will not be preserved.
ROAMING
10 - 15% overlap
Wireless Access Point
40 Installing the Wireless AP
z
Allows the AP to come up for the first time and not interfere with existing
equipment that may be already running, thereby limiting co-channel
interference.
z
More accurately tunes the RF characteristics of a wireless installation than
manual configuration since the radios themselves are scanning the
environment from their physical location.
z
May be configured to run periodically.
To set up the automatic channel selection feature, go to “Advanced RF Settings”
on page 358.
Manual Channel Selection
You can manually assign channels on a per radio basis, though manual selection
is not recommended (and not necessary).
Figure 17. Allocating Channels Manually
#To avoid co-channel interference, do not select adjacent channels for radios
that are physically next to each other.
Maintain channel separation
Wireless Access Point
Installing the Wireless AP 41
Other Factors Affecting Throughput
Throughput of the AP can be affected by many factors such as distance, number
of stations, obstacles, construction materials used at the site, etc. In addition,
features applied to traffic may have an effect. Performance may decrease as you
add increasing numbers of SSIDs, VLANs, and features such as Application
Control, encryption, management via XMS-Cloud, etc. XR-500/1000 Series
models are more prone to performance degradation since they have less memory
than other models.
See Also
Failover Planning
Installation Prerequisites
Wireless Access Point
42 Installing the Wireless AP
About IEEE 802.11ac
802.11ac is a continuation of the IEEE 802.11 standard. It multiplies the maximum
data rate—eventually, up to ten times the 802.11n maximum. Along with
increased data rates, it offers simultaneous transmission to multiple clients.
802.11ac will be rolled out in two phases. Wave 1 products currently available
support 80MHz channels and up to 3 data streams for a maximum data rate of 1.3
Gbps. Wave 2 and future products will add 160MHz channels and up to 8
streams, for a maximum data rate of 6.93Gbps.
Xirrus currently supports up to three streams (in units with 3x3 radios) and 80
MHz channels. Xirrus models that offer 802.11ac support this technology on all
IAPs, not just on one. IAPs are individually configurable to different modes or
groups of modes (such as 802.11a, 11b, 11g, and 11n). Xirrus optimizes 802.11ac
performance with ACExpress™, an innovation that intelligently separates fast
and slow devices on separate IAPs to maximize system performance.
The major advantages of 802.11ac are:
z
Faster speeds than 802.11n over the same coverage area, operating at up
to 1.3 Gbps in Wave 1 implementations. While the maximum distance
that a Wi-Fi signal can reach is unchanged with 802.11ac, multiple
antennas increase the data rate at every distance.
z
Operates only in the less congested 5 GHz spectrum, which offers
“cleaner” air and supports much greater capacity than the 2.4 GHz
spectrum still used by 802.11n.
z
Supports simultaneous communications to multiple clients on a single
channel with multi-user MIMO in future Wave 2 products.
z
Extends the techniques pioneered in 802.11n: more antennas, more spatial
streams and wider channels to improve throughput.
The techniques that 802.11ac uses to realize these performance improvements and
the expected results are discussed in:
z
“Up to Eight Simultaneous Data Streams Spatial Multiplexing” on
page 44
z
“MIMO (Multiple-In Multiple-Out)” on page 44
Wireless Access Point
Installing the Wireless AP 43
z
“MU-MIMO (Multi-User Multiple-In Multiple-Out)” on page 45
z
“Higher Precision in the Physical Layer” on page 47
z
“80 MHz and 160 MHz Channel Widths (Bonding)” on page 48
z
“802.11ac Data Rates” on page 49
z
“ACExpress™” on page 50
It is important to consider 80 MHz and 160 MHz Channel Widths (Bonding) when
planning your deployment, since it contributes greatly to 802.11ac’s speed
improvements and because it is configured separately for each IAP. Your
selection of channel width in IAP Settings—40 MHz or 80 MHz or 20 MHz (if
bonding is turned off)—has a major effect on your channel planning. A global
setting is provided to enable or disable 802.11ac mode. See “Global Settings .11ac”
on page 350 to configure operation.
There are other factors to keep in mind when planning a roll-out of 802.11ac.
Please see “802.11ac Deployment Considerations” on page 50.
Wireless Access Point
44 Installing the Wireless AP
Up to Eight Simultaneous Data Streams Spatial Multiplexing
Spatial Multiplexing transmits completely separate data streams on different
antennas (in the same channel) that are recombined to produce new 802.11ac data
rates. Previously used for 802.11n, the maximum number of streams for 802.11ac
has been increased to eight. Higher data rates are achieved by splitting the
original data stream into separate data streams. Each separate stream is
transmitted on a different antenna (using its own RF chain). MIMO signal
processing at the receiver can detect and recover each stream. Streams are then
recombined, yielding higher data rates.
Figure 18. Spatial Multiplexing
The date rate increases directly with the number of transmit antennas used. Note
that mobile devices in the near future will support up to three or four streams at
most, with many supporting less.
MIMO (Multiple-In Multiple-Out)
MIMO (Multiple-In Multiple-Out) signal processing is one of the core
technologies of 802.11n and 802.11ac. It mitigates interference and maintains
broadband performance even with weak signals.
Prior to 802.11n, a data stream was transmitted via one antenna. At the receiving
end, the antenna with the best signal was selected to receive data. MIMO signal
processing uses multiple antennas to send and receive data. It takes advantage of
multipath reflections to improve signal coherence and greatly increase receiver
sensitivity (Figure 19). Multipath signals were considered to be interference by
Wireless Access Point
Installing the Wireless AP 45
802.11a/b/g radios, and degraded performance. In 802.11n and 802.11ac, these
signals are used to enhance performance.
Figure 19. MIMO Signal Processing
802.11ac increases the number of antennas and spatial streams from a maximum
of four in 802.11n to a maximum of eight, contributing to much higher maximum
data rates (up to 6.93Gbit/s). The spatial streams can be concurrently allocated to
more than one receiving device when the AP operates in multi-user MIMO mode
(MU-MIMO, see the next section).
MU-MIMO (Multi-User Multiple-In Multiple-Out)
MU-MIMO (multi-user multiple-in/multiple-out) signal processing uses multiple
antennas on the transmitter and receiver operating on the same channel. With
spatial multiplexing in 802.11ac, up to 8 data streams may be concurrently
transmitted. MU-MIMO’s innovation allows the streams to be split between
multiple devices at once.
With 802.11n, whenever the IAP transmitted data, all of the traffic at any instant of
time was directed to a single client. As a consequence, if a set of devices included
a mix of fast and slow client clients, the fast traffic was often substantially delayed
by the transmission to slower clients. 802.11ac MU-MIMO works by directing
some of the spatial streams to one client and other spatial streams to other clients,
up to four at a time
For example, in the figure below, the transmitter has four antennas. Three are
transmitting to an 802.11ac laptop that has three antennas, while the remaining
Frequency Across Subcarriers
Attenuation
Antenna 1 Signal
MIMO Processed Signal
Antenna 2 Signal
Antenna 3 Signal
Receiver
Wireless Access Point
46 Installing the Wireless AP
one is directed to a mobile phone. When a transmission is complete, the antennas
are reallocated.
Figure 20. MU-MIMO with Four Antennas
The table below illustrates how data streams might be allocated to multiple users
on an 802.11ac transmitter with multiple antennas.
# of AP Antennas Possible Combinations of Receiver Antennas
2 1 station w/ 2 antennas -or-
2 stations w/ 1 antenna
3 1 station w/ 3 antennas -or-
1 station w/ 2 antennas + 1 station w/ 1 antenna -or-
3 stations w/ 1 antenna
4 1 station w/4 antennas -or-
2 stations w/2 antennas -or-
1 station w/2 antennas + 2 stations w/1 antenna -or-
4 stations w/ 1 antenna
8 1 station w/ 8 antennas -or-
2 stations w/ 4 antennas -or-
1 station w/ 4 antennas + 2 stations w/ 2 antennas -or-
2 stations w/ 2 antennas + 4 stations w/1 antenna -or-
… many other combinations …
Spatial Streams
Rx 1
Rx 1
Rx 3
Data Stream
Data Stream
Data Stream
Tx 1
Tx 3
Rx 2Tx 2
Tx 4
Transmitter
(Access
Point)
Wireless Access Point
Installing the Wireless AP 47
Higher Precision in the Physical Layer
Wi-Fi utilizes several digital modulation techniques and automatically switches
between them to optimize for throughput or range. The basic unit of data
transmitted is called a symbol. The number of points in the modulation
constellation determines the number of bits of data conveyed with each symbol.
Figure 21. Physical Layer Data Encoding
802.11n uses 16 Quadrature Amplitude Modulation (QAM), which conveys
log2(16) = 4 bits per symbol and 64 QAM, which conveys 6 bits per symbol.
802.11ac adds 256 QAM which conveys 8 bits per symbol for a 33% increase in
throughput vs. the highest 802.11n data rate.
You may select the highest Modulation and Coding Scheme (MCS) level allowed
with 1, 2, or 3 Spatial Streams (see the Max MCS setting in “Procedure for
Configuring Global 802.11ac IAP Settings” on page 351). You may limit the
highest level of modulation to 64-QAM, or allow 256-QAM. It also determines the
coding scheme used for error correction. Higher MCS levels allocate fewer bits to
error correction, and thus more bits are used for data. The default value is MCS9,
the highest level.
256-QAM
I
Q
64-QAM
Q
+1
-1 +1 +3 +5 +7-3-5-7
+3
+5
+7
I
-7
-5
-3
-1
I
Q
Phase˚
Amplitude
Wireless Access Point
48 Installing the Wireless AP
The higher the MCS value, the higher the data rate, as shown in the table below.
Xirrus APs support MCS7 -MCS9. Higher MCS levels require higher signal-to-
noise ratios (i.e., a less noisy environment) and shorter transmission distances.
80 MHz and 160 MHz Channel Widths (Bonding)
Channel bonding increases data rates by combining two, four, or eight adjacent 20
MHz channels into one channel. This increases the data rate proportional to the
width of the bond.
Bonding is specified on the IAP Settings page for each IAP in terms of the primary
channel and the width of the bond. Be aware that Channel Bonding impacts
channel planning, since you are using multiple channels per IAP.
802.11ac allows creation of 20, 40, 80, or 160 MHz wide channels. The 160MHz
channel can also be a combination of two non-contiguous 80MHz channels
(80+80). Although channel bonding increases bandwidth, wider channels are
more susceptible to signal interference which may lead to reduced range and
poorer signal quality. Figure 22 is an example showing how Channels 36-64 may
MCS index value Modulation Code rate (R)
0BPSK1/2
1QPSK1/2
2QPSK3/4
3 16-QAM 1/2
4 16-QAM 3/4
5 64-QAM 2/3
6 64-QAM 3/4
7 64-QAM 5/6
8 256-QAM 3/4
9 256-QAM 5/6
Wireless Access Point
Installing the Wireless AP 49
be used: as eight 20 MHz channels; four 40 MHz channels; two 80 MHz channels;
or one 160 MHz channel. Xirrus currently supports channels up to 80 MHz wide.
Figure 22. Channel Bonding (Channels 36-64 shown)
802.11ac Data Rates
Figure 23. Maximum 802.11ac Data Rates
Frequency
Channel
Number 36
5150MHz
Channel Bandwidth
5250MHz
5350MHz
40 44 48 52 60
56 64
20MHz
40MHz
80MHz
160MHz
2-20MHz
bonded channels
2-40MHz
bonded channels
2-80MHz
bonded channels
UNII-1 UNII-2
Phase 1
Phase 2+
Maximum # Transmit Bandwidth #
Data Rate Antennas (MHz) Streams Modulation
293Mbps 1 40 1 64QAM
433Mbps 1 80 1 256QAM
867Mbps 2 80 2 256QAM
1.299Gbps 3 80 3 256QAM
1.730Gbps 4 80 4 256QAM
3.470Gbps 8 80 8 256QAM
867Mbps 1 160 1 256QAM
1.730Gbps 2 160 2 256QAM
3.470Gbps 8 160 4 256QAM
6.930Gbps 8 160 8 256QAM
Wireless Access Point
50 Installing the Wireless AP
IEEE 802.11ac data rates are dependent on the number of spatial streams obtained
through the use of MU-MIMO, 80 vs. 160MHz channel widths, the number of
transmit antennas, and the type of modulation. Figure 23 shows the maximum
data rate achievable at each level, with many additional lower rates occurring at
each level dependent on signal level, signal to noise ratio in the environment, etc.
Phase 1 802.11ac, first available in consumer products in 2012 and enterprise
products in 2013, supports up to 80MHz channels and up to 3 spatial streams for a
maximum data rate of 1.3Gbps.
Phase 2 and beyond products, expected starting in 2014, will add 160MHz
channels and up to 8 spatial streams for a maximum data rate of 6.9Gbps.
ACExpress™
Xirrus 802.11ac IAPs use ACExpress™ to optimize wireless performance by
automatically separating faster 802.11ac clients from slower Wi-Fi clients. Since
Wi-Fi is a shared medium, this separation ensures that slower 802.11a/b/g/n
clients do not starve the performance of 802.11ac clients. For example, the data
rate of an 802.11n client is less than 25% of the rate of an 802.11ac client, and thus
will take four times as much air time for a given amount of data. This takes
available bandwidth away from faster clients, reducing their performance
significantly. ACExpress intelligently separates clients by type onto different
radios, grouping fast clients separately from slow clients, thereby maximizing
performance for all. ACExpress is supported on all Xirrus 802.11ac products, and
may be enabled or disabled as part of the Load Balancing feature. See Step 26 on
page 331.
802.11ac Deployment Considerations
The theoretical data rates shown are just that, theoretical. For 802.11ac
deployments, numerous factors affect real-world performance. These are some
important considerations in the deployment of networks that include 802.11ac:
z
Wireless networks are not wired networks. Wired network users who
share a Gigabit network can expect to see bursts of up to 900Mbps,
depending on their hardware. Maximum Wi-Fi data rates are reduced by
signaling overhead and media contention. Most 802.11ac users will see
Wireless Access Point
Installing the Wireless AP 51
data rates less than 100Mbps as the effective bandwidth is shared among
all devices connecting to a given radio.
z
Migration to 802.11ac will take time. Older Wi-Fi technologies will
continue to be with us for years. In order for 802.11ac to provide
maximum data rates, it is important to keep interference from earlier Wi-
Fi standards at a minimum. For example, 802.11n devices operating in the
5GHz band can slow down 802.11ac devices to 300Mbps or 450Mbps
depending on the 2x2 or 3x3 MIMO technology used.
z
Infrastructures must be upgraded as well. The bandwidth required out
of 802.11ac APs will certainly exceed 1Gbps and may reach 10Gbps. The
links from the APs to the core network must keep pace with this need.
Centralized firewalls, LAN controllers, and authentication servers may
also reach their limits. Migration to a decentralized architecture, with
intelligence at the edge of the network may be a more scalable solution,
avoiding single points of failure.
z
More power. Multi-antenna APs handling 802.11ac speeds will likely
require more power. Power planning for your access switches should be
carefully considered.
z
A new site survey may be needed. Wireless networks established as
recently as a few years ago were probably designed for coverage and not
capacity. APs were placed so that there were no dead zones, without
considering future capacity needs. With the increasing use of mobile
devices, new site surveys that ensure enough bandwidth for anticipated
usage should precede deployment of 802.11ac APs.
z
Manage application usage. With 802.11ac, a range of applications are
now practical on mobile devices that were previously only used over
wired networks or on laptops. Uncontrolled use of Wi-Fi bandwidth can
cause wireless networks to quickly degrade. Network control elements
must control use of applications and prioritize critical applications.
z
Upgrading with 802.11ac radio modules. Xirrus offers modular APs that
enable you to evolve the capacity of your Arrays as your needs grow.
XI Series 802.11ac Wireless Access Points (APs) are offered in two models:
867 Mbps (2X2 MIMO) or 1300 Mbps (3X3 MIMO).
Wireless Access Point
52 Installing the Wireless AP
When you add IAPs to an AP or replace 802.11n IAPs with 802.11ac
modules, the Access Point determines its model number based on the
count and types of radios. For example, if you add four 1300 Mbps (3X3
MIMO) IAPs to an XR-4420, the AP will display its model number as XR-
4836 because it now has eight 3x3 IAPs including 802.11ac radios.
Failover Planning
This section discusses failover protection at the unit and port levels. To ensure
that service is continued in the event of a port failure, you can utilize two Gigabit
Ethernet ports simultaneously as a bonded pair (on APs with two or more Gigabit
ports).
Figure 24. Port Failover Protection
# Xirrus highly recommends that the upgraded Array have a radio count that
matches one of our standard Arrays (e.g., XR-4000 with 4 or 8 radios, XR-
2000 with 2 or 4). The Array may have more of one type of radio than
another. For example, an upgraded XR-4830 may have six 802.11n radios
and two 802.11ac radios, or vice versa.
Ethernet switch
Multiple port connections
Wireless Access Point
Installing the Wireless AP 53
In addition, the AP has full failover protection between the bonded-pair Gigabit
ports (see following table).
The Wireless AP Gigabit Ethernet ports actually support a number of modes:
z
802.3ad Link Aggregation
z
Load Balancing
z
Broadcast
z
Link Backup
z
Mirrored
For more details on Gigabit port modes and their configuration, please see
“Bonds and Bridging” on page 173.
Interface Bridges
Data?
Bridges
Management Traffic?
Fails Over
To: IP address
Gigabit port Yes Yes Bonded
port DHCP or static
Bonded
Gigabit port Yes Yes Bonded
port Same
Wireless Access Point
54 Installing the Wireless AP
Switch Failover Protection
To ensure that service is continued in the event of a switch failure, you can
connect APs having multiple Gigabit ports to more than one Ethernet switch (not
a hub).
Figure 25. Switch Failover Protection
See Also
Coverage and Capacity Planning
Installation Prerequisites
Network Management Planning
Planning Your Installation
Power Planning
Security Planning
#Gigabit Ethernet connections must be on the same subnet.
Ethernet switch Backup switch
Ethernet connections
Wireless Access Point
Installing the Wireless AP 55
Power Planning
All AP models support Power over Ethernet (POE) with an integrated splitter.
Power over Ethernet
To deliver power to the AP, you must use Xirrus-supplied Power over Ethernet
(POE) modules or powered switches that are compatible with your AP. They
provide power over Cat 5e or Cat 6 cables to the AP without running power
cables — see Figure 4 on page 16.
Specific models of the AP are compatible with specific PoGE modules. For details,
please see the Power over Gigabit Ethernet Installation and User Guide.
See Also
Coverage and Capacity Planning
Failover Planning
Network Management Planning
Security Planning
#When using Cat 5e or Cat 6 cable, power can be provided up to a distance of
100m.
Certain models (XR-500/600 Series and some XR-2000 models) also accept
IEEE802.3af and/or IEEE802.3at powered switch ports.
Wireless Access Point
56 Installing the Wireless AP
Security Planning
This section offers some useful guidelines for defining your preferred encryption
and authentication method. For additional information, see “Understanding
Security” on page 226 and the Security section of “Frequently Asked Questions”
on page 522.
Wireless Encryption
Encryption ensures that no user can decipher another user’s data transmitted
over the airwaves. There are three encryption options available to you, including:
z
WEP-40bit or WEP-128bit
Because WEP is vulnerable to cracks, we recommend that you only use
this for legacy devices that cannot support a stronger encryption type.
z
Wi-Fi Protected Access (WPA)
This is much more secure than WEP and uses TKIP for encryption.
z
Wi-Fi Protected Access (WPA2) with AES
This is government-grade encryption available on most new client
adapters and uses the AES–CCM encryption mode (Advanced
Encryption Standard–Counter Mode).
Authentication
Authentication ensures users are who they say they are. Users are authenticated
when they attempt to connect to the wireless network and periodically thereafter.
The following authentication methods are available with the Wireless AP:
z
RADIUS 802.1x
802.1x uses a remote RADIUS server to authenticate large numbers of
clients, and can handle different authentication methods (EAP-TLS, EAP-
TTLS, EAP-PEAP, and EAP-LEAP Passthrough). Administrators may
also be authenticated via RADIUS when preferred, or to meet particular
security standards.
z
Xirrus Internal RADIUS server
Recommended for smaller numbers of users (about 100 or less). Supports
EAP-PEAP only
Wireless Access Point
Installing the Wireless AP 57
z
Pre-Shared Key
Uses a pass-phrase or key that is manually distributed to all authorized
users. The same passphrase is given to client devices and entered into
each AP.
z
MAC Access Control Lists (ACLs)
MAC access control lists provide a list of client adapter MAC addresses
that are allowed or denied access to the wireless network, and can be
used in addition to any of the above authentication methods. ACLs are
good for embedded devices, like printers and bar-code scanners (though
MAC addresses can be spoofed). The AP supports 1,000 global ACL
entries. You may also define per-SSID access control lists, with up to 1000
entries each.
Meeting PCI DSS Standards
The Payment Card Industry (PCI) Data Security Standard (DSS) was developed
by major credit card companies. It lays out a set of requirements that must be met
in order to provide adequate security for sensitive data. The AP may be
configured to assist in satisfying PCI DSS standards. For details, please see
“Auditing PCI DSS” on page 585. Note that the license installed on the AP must
include the Advanced RF Security Manager (RSM) to support the PCI audit
command.
Meeting FIPS Standards
The Federal Information Processing Standard (FIPS) Publication 140-2 establishes
a computer security standard used to accredit cryptographic modules. The
standard is a joint effort by the U.S. and Canadian governments. To implement
Level 2 security requirements of FIPS Level 2 on the Wi-Fi AP, see “Implementing
FIPS Security” on page 591.
See Also
Failover Planning
Network Management Planning
Power Planning
Wireless Access Point
58 Installing the Wireless AP
Port Requirements
A number of ports are used by various AP features and by the Xirrus
Management System (XMS). The Port Requirements table on page 59 lists ports
and the features that require them (XMS port requirements are included in the
table for your convenience). If you are using a feature, please make sure that the
ports that it requires are not blocked by firewalls or other policies, and that they
do not conflict with any other port assignments.
As an example, XMS port requirements are illustrated in Figure 26. XMS requires
ports 161, 162, and 443 to be passed between APs and the XMS server. Similarly,
port 9443 is required for communication between the XMS server and XMS
clients, and port 25 is typically used by the XMS server to access an SMTP server
to send email notifications.
Figure 26. Port Requirements for XMS
Firewall
XMS Server XMS Client*
L2 Switching
Infrastructure
SMTP Server*
Internal
Resources
External Network /
Internet
Ports:
9090, 9091
Ports:
161, 162, 443
SSID Traffic on
VLANs A, B, etc.
Management over
Native VLAN
Traffic from Arrays
VLAN B
Traffic from Arrays
VLAN A
Trunked 802.1q
VLAN Connection
Ports:
25
* XMS Client and SMTP Server may be internal or external resources.
Wireless Access Point
Installing the Wireless AP 59
The following table lists port requirements for the AP and for XMS, how the ports
are used, and whether they may be changed.
Port Application Peer Configurable
AP
icmp Ping XMS Server No
20 tcp
21 tcp FTP Client Yes
22 tcp SSH Client Yes
23 tcp Telnet Client Yes
25 tcp SMTP Mail Server No
69 udp TFTP TFTP Server No
123 udp NTP NTP Server No
161 udp SNMP XMS Server No
162 udp
SNMP Traphost Note -
Up to four Traphosts
may be configured.
XMS Server
Yes - but
required by
XMS
443 tcp HTTPS (WMI,WPR) Client Yes
514 udp Syslog Syslog Server No
1812, 1645
udp
RADIUS (some
servers use 1645) RADIUS Server Yes
1813, 1646
udp
RADIUS Accounting
(some servers still use
1646)
RADIUS Accounting
Server Yes
2055 udp Netflow Client Yes
5000 tcp Virtual Tunnel VTUN Server Yes
22610 udp Xirrus Roaming APs Yes
22612 udp Xircon (Console Utility) Admin Workstation Yes
Wireless Access Point
60 Installing the Wireless AP
XMS
icmp Ping APs No
22 tcp SSH APs Yes
25 tcp SMTP Mail Server Yes
123 udp NTP NTP Server No
161 udp SNMP APs No
162 udp SNMP Traphost 1 APs Via XMS
config file
443 tcp HTTPS APs No
514 udp Resident Syslog server Internal* Via XMS
config file
1099 tcp RMI Registry Internal* No
2000 tcp XMS Back-end Server Internal* No
3306 tcp MySQL Database Internal* No
8001 tcp Status Viewer Internal* No
8007 tcp Tomcat Shutdown Internal* During
installation
8009 tcp Web Container Internal* During
installation
9090 tcp XMS Webserver XMS client During
installation
9091 tcp XMS Client Server XMS client Via XMS
config file
9092 tcp XMS Client Server XMS client Via XMS
config file
9443 tcp XMS WMI SSL XMS web client Yes
* Internal to XMS Server, no ports need to be unblocked on other network devices
Port Application Peer Configurable
Wireless Access Point
Installing the Wireless AP 61
See Also
Management Control
External Radius
Services
VLAN Management
Wireless Access Point
62 Installing the Wireless AP
Network Management Planning
Network management can be performed using any of the following methods:
z
Centralized Web-based management, using the optional Xirrus
Management System (XMS). XMS-Cloud provides zero-touch
provisioning and ongoing management. XMS is hosted on a dedicated
Xirrus appliance or your own server. XMS manages large Wireless AP
deployments from a centralized Web-based interface and offers the
following features:
Globally manage large numbers of APs
Seamless view of the entire wireless network
Easily configure large numbers of APs
Rogue AP monitoring
Easily manage system-wide firmware updates
Monitor performance and trends
Aggregation of alerts and alarms
z
The AP’s Command Line Interface, using an SSH (Secure Shell) utility,
like PuTTY. The utility must be set up to use SSH-2, since the AP will only
allow SSH-2 connections.
z
Web-based management, using the AP’s embedded Web Management
Interface (WMI). This method provides configuration and basic
monitoring tools, and is good for small deployments (one or two units).
See Also
Failover Planning
Power Planning
Security Planning
Wireless Access Point
Installing the Wireless AP 63
WDS Planning
WDS (Wireless Distribution System) creates wireless backhaul connections
between APs, allowing your wireless network to be expanded using multiple APs
without the need for a wired backbone to link them (see Figure 27). WDS features
include:
z
One to three IAPs may be used to form a single WDS link, yielding up to
1350 Mbps bandwidth per link. Up to three different WDS links may be
created on a single AP.
z
Automatic IAP load balancing
z
If desired, you may allow clients to associate to a BSS on the same radio
interface used for a WDS Host Link. This will take bandwidth from the
WDS link.
Figure 27. WDS Link
z
Multiple links per AP allow you to configure multi-hop connections.
Wireless Access Point
64 Installing the Wireless AP
Figure 28. A Multiple Hop WDS Connection
z
Multiple WDS links can provide link redundancy (failover capability - see
Figure 29). A network protocol (Spanning Tree Protocol STP) prevents
APs from forming network loops.
Figure 29. WDS Failover Protection
Wireless Access Point
Installing the Wireless AP 65
WDS links have a Host/Client relationship similar to the usual IAP/station
pattern for APs:
z
A WDS Client Link associates/authenticates to a host (target) AP in the
same way that stations associate to IAPs. The client side of the link must
be configured with the root MAC address of the target (host) AP.
z
A WDS Host Link acts like an IAP by allowing one WDS Client Link to
associate to it. An AP may have both client and host links.
WDS configuration is performed only on the client-side AP. See “WDS” on
page 385. Note that both APs must be configured with the same SSID name.
Wireless Access Point
66 Installing the Wireless AP
Common Deployment Options
The following table lists some typical and recommended deployment options for
a number of the features that have been discussed in this chapter.
See Also
Coverage and Capacity Planning
Network Management Planning
Planning Your Installation
Power Planning
Security Planning
Function Number of Wireless APs
One or Two Three or More
Power Power over Ethernet Power over Ethernet
UPS backup
(recommended)
Failover Recommended Highly recommended
VLANs Optional Optional use,
Can be used to put all APs
on one VLAN or map to
existing VLAN scheme
Encryption WPA2 with AES
(recommended)
PSK or 802.1x
WPA2 with AES
(recommended)
802.1x keying
Authentication Internal RADIUS server
EAP-PEAP
Pre-Shared Key
External RADIUS server
Management Cloud XMS or
Internal WMI
Internal CLI (via SSHv2)
Cloud XMS or
XMS (Enterprise-hosted)
Wireless Access Point
Installing the Wireless AP 67
Installation Workflow
This workflow illustrates the steps that are required to install and configure the
AP successfully. Review this flowchart before attempting to install the unit on a
customer’s network. Cloud XMS customers will skip the last two steps.
Figure 30. Installation Workflow
See Also
Coverage and Capacity Planning
Common Deployment Options
Determine the number of Arrays needed
Choose the location(s) for your Wireless Arrays
Install the mounting plate
Connect the cables and turn on the power
Verify that the Ethernet link and radio LEDs are functioning correctly
Review the Array Configuration
Run Ethernet cables for PoE
(<100m total distance from switch)
Log in to WMI
Wireless Access Point
68 Installing the Wireless AP
Failover Planning
Installation Prerequisites
Planning Your Installation
Power Planning
Wireless Access Point Product Overview
Security Planning
Wireless Access Point
Installing the Wireless AP 69
Installing Your Wireless AP
This section provides information about the physical installation of your Xirrus
Wireless AP. For complete instructions, please see the Installation Guide for your
model of AP or Access Point.
Choosing a Location
Based on coverage, capacity and deployment examples previously discussed,
choose a location for the AP that will provide the best results for your needs. The
Wireless AP was designed to be mounted on a ceiling where the unit is
unobtrusive and wireless transmissions can travel unimpeded throughout open
plan areas.
Choose a location that is central to your users (see the following diagram for
correct placement.
Figure 31. AP Placement
Wiring Considerations
Before using the Xirrus-supplied POE to distribute power, see “Power over
Ethernet (POE)” on page 16.
WR
ONG
CORRECT
R
ORRE
R
ORREC
WR
ONG
G
G
O
ON
R
O
R
ON
ON
R
O
R
ON
Wireless Access Point
70 Installing the Wireless AP
Once you have determined the best location for your Wireless AP, you must run
cables to the location for the following services:
Power
No separate power cable is required to the AP—Xirrus wireless APs use
POE (Power over Ethernet). See the Installation Guide for your AP model
for compatible power injectors or switches.
The total of all Cat 5e or Cat 6 cable segments from the Gigabit Ethernet
switch to the power injector and then to an AP POE port must be less
than 100m long. The AP must be connected to POE networks without
routing cabling to the outside plant, to ensure that cabling is not exposed
to lightning strikes or possible high voltage crossover.
Network
APs have at least one POE port to supply power and data over the same
cable. Many models have additional Gigabit ports, or even additional
POE ports. Please see the Installation Guide for your AP model for
detailed information about running cables to the AP and connecting it.
Some models also have a serial (console) port. The Serial cable may be up
to 25 feet long per the RS-232 specification.
#When the unit’s IP address is unknown or a network connection has not
been established, the serial cable is used for connecting directly with the
Command Line Interface (CLI) via HyperTerminal. When a network
connection is established, the AP can be managed from any of the available
network connections, either Gigabit 1 or Gigabit 2.
For models with no console port, such as the XR-500, XR-1000, and some
XR-2000 models, the Xircon utility may be used locally to set up an IP
address if necessary.
Wireless Access Point
Installing the Wireless AP 71
Important Note About Network Connections
See Also
Failover Planning
Installation Prerequisites
Installation Workflow
Mounting and Connecting the AP
Power over Ethernet (POE)
!The AP’s Ethernet ports should be plugged into an Ethernet switch, not an
Ethernet hub if a hub is used, we recommend that you connect only one
Ethernet port.
Wireless Access Point
72 Installing the Wireless AP
Mounting and Connecting the AP
A detailed Installation Guide is available at support.xirrus.com that describes
mounting your AP. Please follow the provided instructions carefully. Data and
power connections to the AP are also detailed in the Installation Guide. Please
follow the cabling and connection instructions carefully.
Dismounting the AP
For all AP models, push up on the AP (i.e., push it against the mounting plate).
Then turn the AP to the left to remove it. This is similar to dismounting a smoke
detector.
Powering Up the Wireless AP
When powering up, the AP follows a specific sequence of LED patterns showing
the boot progress, and following a successful boot will provide extensive status
information.
Figure 32. LED Locations
AP LED settings may be altered or disabled entirely for diagnostic purposes or for
personal preference. Changes are made via the AP’s Command Line Interface or
the Web Management Interface refer to “LED Settings” on page 380.
Ethernet Activity,
Status, and
Radio LEDs
Wireless Access Point
Installing the Wireless AP 73
AP LED Operating Sequences
Use the following tables to review the operating sequences of the AP’s LEDs.
z
“LED Boot Sequence” on page 73
z
“LED Operation when AP is Running” on page 74
LED Boot Sequence
The normal boot LED sequence is as follows:
AP Activity Status LED IAP LEDs
Power ON Blinking GREEN All OFF
Boot loader power ON
self-test
Blinking GREEN All ON
Image load from
compact FLASH
Blinking GREEN Spinning pattern (rotate all
to ON, then all to OFF)
Image load failure Blinking ORANGE All OFF
Hand off to ArrayOS Solid GREEN All OFF
System software
initialization
Solid GREEN Walking pattern (LED
rotating one position per
second)
Up and running Solid GREEN ON for IAPs that are up:
OFF for IAPs that are down.
Green or orange per table on
the next page.
Behavior may be changed
using “LED Settings” on
page 380.
Wireless Access Point
74 Installing the Wireless AP
LED Operation when AP is Running
The normal LED operation when the AP is running is shown in the table below.
Note that behavior may be modified using “LED Settings” on page 380 or via the
CLI.
LED Status Reason
IAP LED is OFF IAP is down
IAP LED is solid ON IAP is up, but no associations and
no traffic
IAP LED heartbeat IAP is up, with stations associated
but no traffic
IAP LED flashing
Flashing at 10 Hz
Flashing at 5 Hz
Flashing at 2.5 Hz
IAP is up, passing traffic
Traffic > 1500 packets/sec
Traffic > 150 packets/sec
Traffic > 1 packet/sec
IAP LED is GREEN IAP is operating in the 2.4 GHz
band
IAP LED is ORANGE IAP is operating in the 5 GHz band
IAP LED flashing ORANGE to
GREEN at 1 Hz
The radio is in monitor mode
(standard intrude detect)
STATUS LED is GREEN *** AP is operational
GIG (Ethernet) LEDs are dual color
Ethernet LED is ORANGE
Ethernet LED is GREEN
Transferring data at 1 Gbps
Transferring data at 10/100 Mbps
*** NOTE: On an XR-2000 Series AP model ending in 5 or 6, there is a
combined GIG2/STS LED. If the GIG2 port is not connected, the LED behaves
as a Status LED. If the GIG2 port is connected, the LED behaves as a GIG2 LED.
Wireless Access Point
Installing the Wireless AP 75
See Also
Installation Prerequisites
Installation Workflow
Installing Your Wireless AP
LED Settings
Zero-Touch Provisioning and Ongoing Management
Most customers employ the Xirrus Management System (XMS) for the initial
setup and continuing management of Xirrus devices. XMS users can readily set
up their new devices for zero touch provisioning and ongoing maintenance via
the following platforms.
XMS-Cloud Next Generation (XMS-9500-CL-x)
XMS in the cloud performs zero touch provisioning as shown in this quick video
guide: www.xirrus.com/TV/Training/XMS-Cloud-Next-Generation. New APs
appear in XMS even before you receive your equipment. When the email arrives
with your login information, use XMS Cloud to specify the initial settings for your
APs. A Guided Tour will walk you through the basic steps of creating a profile
containing configuration settings, including creating SSIDs and firewall/
application control rules. Once a new, unlicensed AP is connected to a network
with DHCP and Internet connectivity, it will automatically contact Xirrus for
cloud-based zero touch provisioning per your settings. It will first install the latest
applicable license, and upgrade the AP to the latest software version as
appropriate.
XMS-Enterprise
(Also available as a cloud-deployed solution: XMS-9000-CL-x) This enterprise-
hosted platform automatically detects and provisions new Xirrus devices
deployed in your network via a zero touch provisioning approach similar to that
described above. Create and configure a default profile for newly added APs—
these new devices will automatically receive the configuration defined in your
default profile.
Wireless Access Point
76 Installing the Wireless AP
If you are not using XMS
If you are not using XMS, please proceed to the rest of this chapter to configure
your AP manually via the Express Setup menu option.
AP Management Interfaces
User Interfaces
With zero-touch setup provided by XMS, your Xirrus network is ready for use a
few minutes after deployment. We recommend that you use the XMS for ongoing
monitoring and fine-tuning of the network. (For XMS-E, you must set up a default
profile and discovery first, to find new APs).
To check the configuration of individual APs locally, AP settings may be viewed
or configured through the Command Line Interface (CLI) using SSH, or on a
browser with the Web Management Interface (WMI). You may use the CLI via the
serial management port (console—on all APs except the XR-500/600/1000 Series
and some XR-2000 models) or any of the Gigabit Ethernet ports. You can use the
WMI via any of the AP’s Ethernet ports.
Figure 33. Network Interface Ports—XR-520 (left); XR-1000 Series (right)
#If you are an XMS customer, we recommend that you manage your APs
completely by XMS. Wait five minutes after powering up the AP or Access
Point, then use XMS to view/manage this unit. If you change settings
directly on the AP, XMS may not sync up with these changes for up to 24
hours.
#Note that the AP must already be running ArrayOS release 6.5 or above to
support zero-touch provisioning.
Gigabit PoE (gig1)
Wireless Access Point
Installing the Wireless AP 77
Figure 34. Network Interface Ports—XR-600 Series
Figure 35. Network Interfaces—XR-2000 Series (left); XR-2005/2006 (right)
Figure 36. Network Interface Ports—XR-4000 Series
Figure 37. Network Interface Ports—XR-6000 Series
Gigabit2 (gig2)
Gigabit1/PoE+ (gig1)
Gigabit1 PoE /Gigabit1 PoE+
Gigabit2
CONSOLE
Serial (Console)
Gigabit PoE (gig1)
Gigabit 2 (gig2)
Serial (Console)
Gigabit PoE1 (gig1)
Gigabit PoE2 (gig2)
Gigabit 3 (gig3)
Gigabit 4 (gig4)
Wireless Access Point
78 Installing the Wireless AP
Using the Serial Port
If using the serial port to make your connection, use serial settings of 8 bits, no
parity, no flow control, 1 stop bit (8N1) and a speed setting of 115200 baud. Use
the communication package of your choice. You may use the serial port to change
settings on the AP, even if the AP’s Gigabit interfaces are in XMS managed mode
(i.e., read-only mode, see “Managing APs Locally or Using XMS” on page 85).
Using the Ethernet Ports to Access the AP
By default, the AP's Ethernet interfaces use DHCP to obtain an IP address. If the
AP is booted and does not receive DHCP addresses on Gigabit Ethernet ports,
then both Gigabit1 and its bonded pair port (if any) will default to 10.0.2.1 with a
mask of 255.255.255.0.
If the AP is connected to a network that provides DHCP addresses, the IP address
can be determined by the following methods:
1. The simplest way to address the AP is using its default hostname which is
the AP’s serial number, found on the AP label and shipping container (for
example, XR40123091CACD). If your network provides DHCP and DNS,
then you can use this hostname.
2. Otherwise, examine the DHCP tables on the server and find the addresses
assigned to the AP (Xirrus MAC addresses begin with 00:0F:7D or
50:60:28 and are found on the AP label and shipping container).
3. Alternatively, you may query the AP using the CLI via the console port
(on all models except the XR-500/600/1000, and some XR-2000 models).
Log in using the default user name admin and password admin. Use the
show ethernet command to view the IP addresses assigned to each port.
#The Xircon utility may also be used to communicate with APs locally as an
alternative to using a serial connection to the console. This is especially
useful for the XR-500/600/1000 Series and some XR-2000 models, which do
not have a console port. See “Securing Low Level Access to the AP” on
page 81.
Wireless Access Point
Installing the Wireless AP 79
4. If the AP cannot obtain an IP address via DHCP, the factory default uses a
static IP address of 10.0.2.1 with a mask of 255.255.255.0 on its Gigabit
POE port.
To connect to the AP, you must set your laptop to be in the same subnet
as the AP: set your laptop’s IP address to be in the 10.0.2.xx subnet, and
set its subnet mask to 255.255.255.0. If this subnet is already in use on
your network, you may connect your laptop directly to the AP by
connecting the laptop to the power injector’s IN port temporarily (this
port may be called the SWITCH port or the DATA port on your injector).
Starting the WMI
Use this procedure to log in to the WMI on a Web browser.
1. Establish a network connection and open your Web browser.
2. Connect to the Wireless AP using its host name or IP address as described
in the previous section.
http://<hostname or IPaddress>
Logging In
Enter the default user name and password the default user name is admin, and
the default password is admin.
See Also
Installation Workflow
Performing the Express Setup Procedure
Powering Up the Wireless AP
#Take care to ensure that your network is not using the 10.0.2.1 IP address
prior to connecting the AP to the network.
Wireless Access Point
80 Installing the Wireless AP
Licensing
When a newly deployed AP boots up, it automatically contacts Xirrus with its
serial number and MAC address and obtains its license key, software image, and
initial configuration from XMS. Any unlicensed AP running ArrayOS release 6.5
or above will update in this way after it boots up, if it has Internet connectivity
and if you are running XMS (you must have a default profile set up in XMS).
The AP’s license determines some of the features that are available on the AP. For
example, the Application Control feature on APs requires a license. When a new
AP first boots, it self-generates a license for its current software version. No
upgrades or licensed features will operate until the AP receives a license obtained
from Xirrus. The AP’s license is not installed at the factory.
If you need to enter the license manually, use the following procedure. It describes
entering the license key using the WMI. If you are using the XMS, you may use it
to manage and upgrade large numbers of licenses for the wireless network.
1. This procedure assumes that you have pointed a browser to the AP to
start WMI, and that you have logged in with the default username and
password above.
2. In the left hand frame, in the Configuration section, click Express Setup.
3. License Key: Enter the key License Activation Code (LAC) that was
provided for the AP. The key was provided to you in an email as an
attachment in the form of an Excel file (.xls). Enter the key exactly as it
appears in the file. Click the Apply button to apply the key.
4. Now you may verify the features provided by the key. In the Status
section of the left hand frame, click AP and then click Information. Check
the items listed in the License Features row.
Performing the Express Setup Procedure
The Express Setup procedure establishes global configuration settings that enable
basic AP functionality. Changes made in this window will affect all radios. If you
are not using XMS to perform your initial configuration, please see “Express
Wireless Access Point
Installing the Wireless AP 81
Setup” on page 163. Also see “Zero-Touch Provisioning and Ongoing
Management” on page 75.
See Also
Zero-Touch Provisioning and Ongoing Management
Installation Prerequisites
Installation Workflow
Logging In
Multiple SSIDs
Security
Securing Low Level Access to the AP
Most local management of the Xirrus AP is done via the WMI or CLI—see “The
Command Line Interface” on page 435. The AP also has a lower level interface:
XBL(Xirrus Boot Loader), which allows access to more primitive commands. You
won’t normally use XBL unless instructed to do so by Xirrus Customer Support.
For proper security, you should replace the default XBL login username and
password with your own, as instructed below. XBL has its own username and
password, separate from the ArrayOS Admin User and Password (used for
logging in to the WMI and CLI) that you may change on the Express Setup page
(see Step 5 on page 167).
Xirrus also provides the Xircon utility for connecting to Xirrus APs that are not
reachable via the normal access methods such as Secure Shell (SSH) or WMI and
that do not have a physical console port, or whose console port is not accessible.
Xircon discovers APs on your network subnet by sending IP/UDP broadcast
packets. Once an AP is discovered, Xircon can establish an encrypted console
session to the AP via the network even if the AP IP configuration is incorrect.
Xircon allows you to manage the AP using CLI, just as you would if connected to
the console port. Xircon also has an option for easily accessing XBL.
In normal circumstances Xirrus APs should be configured and managed through
SSH or via the WMI. A connection is established using either the AP hostname or
DHCP-assigned IP address, or via the other options described in “Using the
Ethernet Ports to Access the AP” on page 78. Xircon may be needed in special
circumstances as directed by Xirrus Customer Support for troubleshooting AP
Wireless Access Point
82 Installing the Wireless AP
problems or IP connectivity. (In this case, see the Xircon User Guide for detailed
information.)
Xircon access to the AP:
z
You may enable or disable all Xircon access to the AP as instructed in the
procedure below. There are also options to allow access only to CLI (i.e.,
ArrayOS access) or only to XBL.
z
Since some models do not have a console port, these models have Xircon
access to both XBL and CLI enabled by default. For APs that do not have
a console port, to avoid potentially being locked out of the AP, Xircon
should always be enabled at the XBL level at least.
z
On all other AP models (those with a console port), Xircon access to both
XBL and CLI is disabled by default. If Xircon is not going to be used to
access an AP, we recommend leaving Xircon access disabled.
Procedure for Securing Low Level AP Access
Use the following steps to replace the default XBL username and password, and
optionally to change the type of Xircon management access that is allowed. These
steps use CLI commands.
1. To access CLI via the WMI, click CLI under the Tools section on the left
(for detailed instructions see “CLI” on page 426). Skip to Step 4 on
page 83.
To access CLI via SSH, see “Establishing a Secure Shell (SSH)
Connection” on page 435. Then proceed to the next step.
!If you disable Xircon access to both XBL and CLI on models with no console
port, you must ensure that you do not lose track of the username and password
to log in to CLI/WMI! In this situation, there is no way to recover from a lost
password, other than returning the AP to Xirrus. If you have Xircon access to
XBL enabled, you can reset the password, but this recovery will require setting
the unit to factory defaults with loss of all configuration data.
Wireless Access Point
Installing the Wireless AP 83
2. At the login as prompt, log in to CLI using the username and password
that you set in Step 5 on page 167, or the default value of admin/admin if
you have not changed them.
login as: jsmith
jsmith@xr4012802207c's password:
Xirrus Wi-Fi AP
ArrayOS Version 6.1.2-3299
Copyright (c) 2005-2012 Xirrus, Inc.
http://www.xirrus.com
AP42#
3. Type configure to enter the CLI config mode.
AP42#configure
4. If Xircon access at the XBL level is to be allowed, use the following three
commands to change the XBL username and password from the default
values of admin/admin. In the example below, replace newusername
and newpassword with your desired entries. Note that these entries are
case-sensitive.
AP42#(config)#boot-env
AP42#(config-boot)#set username newusername
AP42#(config-boot)#set password newpassword
AP42#(config-boot)#save
Saving boot environment .... OK
AP42(config-boot)# exit
5. Enter the following commands if you wish to change Xircon access
permission:
AP42#(config)# management
AP42#(config-mgmt)# xircon <management-status>
AP42#(config-mgmt)# save
AP42#(config-mgmt)# exit
AP42#(config)#
<management-status> may be one of:
z
on—enables both CLI and XBL access
z
off—disables both CLI and XBL access
z
aos-only—enables only CLI (i.e. ArrayOS) access
Wireless Access Point
84 Installing the Wireless AP
z
boot-only—enables only XBL access
Note that there is a WMI setting for changing Xircon access, timeout
period, and the UDP port used. This may be used instead of CLI if you
wish. See “Management Control” on page 238. Note that you cannot
change the XBL username and password via the WMI.
Wireless Access Point
The Web Management Interface 85
The Web Management Interface
This topic provides an overview of the Xirrus Wireless AP’s embedded Web
Management Interface (WMI), used for establishing your network’s configuration
settings and wireless operating parameters. It also includes login instructions.
The following topics are discussed:
z
Managing APs Locally or Using XMS
z
An Overview
z
Structure of the WMI
z
User Interface
z
Logging In
z
Applying Configuration Changes
Managing APs Locally or Using XMS
For Xirrus deployments of any size, we recommend that you use XMS to manage
the network rather than directly managing each AP individually. You may change
settings directly on the AP—but be aware that XMS may not sync up with these
changes for up to 24 hours. All XMS versions automatically “rediscover” the
wireless network once a day by default, and XMS will fetch updated settings into
its database at that time. If you are an XMS-Cloud customer (XMS-9500-CL-x),
you may wish to use WMI or CLI directly on the wireless device to change
settings that may not be available in XMS-Cloud.
To immediately sync up XMS with changes that you have made to a particular
AP, you may go to the XMS Monitor > APs or Configure > APs page. Select the
AP, and click the Refresh button to update XMS with your changes on an AP.
This causes XMS to read the current configuration of the AP and update the XMS
database with these values.
Wireless Access Point
86 The Web Management Interface
An Overview
The WMI is an easy-to-use graphical interface to your Wireless AP. It allows you
to configure the product to suit your individual requirements and ensure that the
unit functions efficiently and effectively.
Figure 38. Web Management Interface
Wireless Access Point
The Web Management Interface 87
Structure of the WMI
The content of the WMI is organized by function and hierarchy, shown in the
following table. Click on any item below to jump to the referenced destination.
Status Windows
Access Point Status Windows
Access Point Summary
Access Point Information
Access Point Configuration
Admin History
Network Status Windows
Network Map
Spanning Tree Status
Routing Table
ARP Table
DHCP Leases
Connection Tracking/NAT
CDP List
Network Assurance
RF Monitor Windows
IAP Monitoring
Spectrum Analyzer
Rogues
Channel History
Radio Assurance
Station Status Windows
Stations
Location Map
RSSI
Signal-to-Noise Ratio (SNR)
Noise Floor
Max by IAP
Station Assurance
Statistics Windows
IAP Statistics Summary
Per-IAP Statistics
Network Statistics
VLAN Statistics
WDS Statistics
IDS Statistics
Filter Statistics
Station Statistics
Per-Station Statistics
Application Control Windows
System Log Window
IDS Event Log Window
Wireless Access Point
88 The Web Management Interface
Configuration Windows
Express Setup
Network
Interfaces
Bonds and Bridging
DNS Settings
Cisco Discovery Protocol
(CDP) Settings
Services
Time Settings (NTP)
NetFlow
Wi-Fi Tag
Location
System Log
SNMP
DHCP Server
Proxy Services
VLANs
VLAN Management
Tunnels
Tunnel Management
SSID Assignments
Security
Admin Management
Admin Privileges
Admin RADIUS
Management Control
Access Control List
Global Settings
External Radius
Internal Radius
Active Directory
Rogue Control List
OAuth 2.0 Management
SSIDs
SSID Management
Active IAPs
Per-SSID Access Control List
Honeypots
Configuration Windows (cont’d)
Groups
Group Management
IAPs
IAP Settings
Global Settings
Global Settings .11an
Global Settings .11bgn
Global Settings .11n
Global Settings .11u
Global Settings .11ac
Advanced RF Settings
Hotspot 2.0
NAI Realms
NAI EAP
Intrusion Detection
LED Settings
DSCP Mappings
Roaming Assist
WDS
WDS Client Links
Filters
Filter Lists
Filter Management
Clusters
Cluster Management
Mobile
AirWatch
Tool Windows
System Tools
CLI
API Documentation
Options
Logout
Wireless Access Point
The Web Management Interface 89
User Interface
Figure 39. WMI: Frames
The WMI has been designed with simplicity in mind, making navigation quick
and easy. In the following example, you’ll see that windows are divided into left
and right frames. (Figure 39 )
The left frame contains two main elements:
z
The menu is organized into three major sections (Status, Configuration,
Tools). Each has headings for major functions, such as Network, SSIDs,
Security, etc. Click a heading, such as Network, to display a page
Left frame Right frame Utilities
Log Message counters
Help
Command log
Utilities
Wireless Access Point
90 The Web Management Interface
showing a summary of its current configuration, as well as to show links
for all of its associated WMI pages.
z
Three Log Messages counters are located at the bottom of the menu. They
provide a running total of messages generated by the ArrayOS Syslog
subsystem during your session organized into Critical, Warning, and
General messages. Click on a counter to display the associated Syslog
messages. Messages at the selected level or higher will be shown. For
more information, please see “System Log Window” on page 157.
The right frame has four main elements:
z
The header shows the AP type in the upper right corner, along with the
hostname (this defaults to the unit’s serial number) and IP address. The
Uptime shows the time since the AP was last rebooted.
Below this is the page title, and the user name you used to log in. On the
right, click the Utilities button for a drop-down menu that allows
you to Refresh Page, Save your changes, open the Help system, or
Logout. If you have any unsaved changes, the Save button is
displayed on the right, in the top bar.
Figure 40. WMI Header
z
The main window displays the status information or configuration page
that you requested. This is where you review the AP’s current status and
activity or enter changes if you wish.
#If you have added modular IAPs to your AP, note that its model number will
be automatically adjusted to reflect the count and types of IAPs currently
installed. See Upgrading with 802.11ac radio modules.
Wireless Access Point
The Web Management Interface 91
z
The Command Log shows the resulting commands for requests made
through the WMI.
Figure 41. WMI Command Log
z
Utility buttons are located at the bottom right of each window a
Feedback button, a Print button and a Help button.
Figure 42. WMI: Utility Buttons
z
Click the Feedback button to generate a Web page that allows you to
submit your comments to Xirrus, Inc.
z
Click the Print button to open a print dialog to send a copy of the active
window to your local printer.
z
Click the Help button to access the AP’s online help system.
Submitting Your Comments
When submitting comments via the Feedback button ensure that you provide as
much detail as possible, including your contact information, the product model
number that the comment relates to, and the ArrayOS software version (if
known). When finished, click on the Submit button to submit your comment.
Print button
Help button
Feedback button
Wireless Access Point
92 The Web Management Interface
Note that WMI provides an option that allows you to change its behavior. You
may change:
z
Refresh Interval the refresh interval, if automatic refresh is selected.
See “Options” on page 433 for more information.
Logging In
Use this procedure to log in to the WMI via your Web browser.
1. Establish a network connection and open your Web browser.
2. If your network supports DHCP and DNS, enter the AP’s default host
name in the browser’s URL. The default host name is simply the AP’s
serial number (for example, XR0823091CACD).
Otherwise, enter the AP’s IP address. This may be determined as
described in “Using the Ethernet Ports to Access the AP” on page 78.
3. The default login to the AP’s Web Management Interface is admin for
both the user name and password.
Figure 43. Logging In to the Wireless AP
#Some pages or individual settings are only available if the AP’s license
includes appropriate Xirrus Advanced Feature Sets. If a setting is
unavailable (grayed out), then your license does not support the feature. See
“About Licensing and Upgrades” on page 412.
Wireless Access Point
The Web Management Interface 93
Applying Configuration Changes
In most of the WMI configuration windows, your changes to settings are applied
to the AP as you make them. In most cases, there is no separate Apply button to
click to make the changes take effect. There are a few exceptions to this rule. In
these cases, a particular section of a page may have its own Apply Settings
button right below the settings.
In both cases described above, the changes that you have made are not saved to
the latest configuration file in the AP’s flash memory, so they will not be restored
after a reboot. Click the Save button (located on the upper right of each page)
in order to make sure that these changes will be applied after rebooting. This will
save the entire current configuration, not only the changes on current WMI page.
Character Restrictions
When inputting strings in the WMI (for example, assigning SSIDs, host name,
password, etc.), use common alphanumeric characters. Some of the fields in the
WMI will not accept special characters, so use of the following characters should
typically be avoided:
&<>' / \
Wireless Access Point
94 The Web Management Interface
Wireless Access Point
Viewing Status on the Wireless AP 95
Viewing Status on the Wireless
AP
These windows provide status information and statistics for your AP using the
product’s embedded Web Management Interface (WMI). You cannot make
configuration changes to your AP from these windows. The following topics have
been organized into functional areas that reflect the flow and content of the Status
section of the navigation tree in the left frame of the WMI.
z
“Access Point Status Windows” on page 96
z
“Network Status Windows” on page 104
z
“RF Monitor Windows” on page 115
z
“Station Status Windows” on page 126
z
“Statistics Windows” on page 139
z
“Application Control Windows” on page 150
z
“System Log Window” on page 157
z
“IDS Event Log Window” on page 158
Configuration and Tools windows are not discussed here. For information on
these windows, please see:
z
“Configuring the Wireless AP” on page 161
z
“Using Tools on the Wireless AP” on page 411
#If you have added modular IAPs to your AP, note that its model number will
be automatically adjusted to reflect the count and types of IAPs currently
installed. See Upgrading with 802.11ac radio modules.
Wireless Access Point
96 Viewing Status on the Wireless AP
Access Point Status Windows
The following AP Status windows are available:
z
Access Point Summary displays information on the configuration of all
AP interfaces, including IAPs.
z
Access Point Information provides version/serial number information
for all AP components.
z
Access Point Configuration shows all configuration information for
the AP in text format.
z
Admin History shows all current and past logins since the last reboot.
Access Point Summary
This is a status only window that provides a snapshot of the global configuration
settings for all Wireless AP network interfaces and IAPs. You must go to the
appropriate configuration window to make changes to any of the settings
displayed here configuration changes cannot be made from this window.
Clicking on an interface or IAP will take you to the proper window for making
configuration changes.
Figure 44. AP Summary
Wireless Access Point
Viewing Status on the Wireless AP 97
Content of the Access Point Summary Window
The Access Point Summary window is sub-divided into the Ethernet Interfaces
section and the Integrated Access Point (radio) section, providing you with the
following information:
z
Ethernet Settings Summary
This section provides information about network interface devices. To
make configuration changes to these devices, go to “Interfaces” on
page 170.
Interface: Lists the network interfaces that are available on the AP.
State: Shows the current state of each interface, either enabled or
disabled.
Mgmt: Shows whether AP management traffic is allowed on this
interface.
Auto Neg: Shows whether auto-negotiation is in use on this interface,
to determine settings for speed, parity bits, etc.
LED: Shows whether LED display of interface status is enabled.
Link: Shows whether the link on this interface is up or down.
Duplex: Shows whether full duplex mode is in use.
Speed: Shows the speed of this interface in Mbps.
MTU Size: Shows the Maximum Transmission Unit size that has
been configured. This is the largest packet size (in bytes) that the
interface can pass along.
DHCP: Shows whether DHCP on this port is enabled or disabled.
IP Address: Shows the current IP address assigned to each network
interface device.
Subnet Mask: Shows the subnet mask, which defines the number of
IP addresses that are available on the routed subnet where the AP is
located.
Gateway: Shows the IP address of the router that the AP uses to
transmit data to other networks.
Wireless Access Point
98 Viewing Status on the Wireless AP
z
Bond Settings Summary
This section provides information about the relationship that has been
selected for the Gigabit ports. For detailed explanations and to make
configuration changes, see “Bonds and Bridging” on page 173.
Bond: Lists all network bonds that have been configured.
Mode: Shows the type of relationship that has been selected for the
Gigabit ports.
Ports: Shows the Gigabit ports that are part of this bond.
Port Mode: Shows the relationship that has been selected for the
Ethernet ports. See “Bonds and Bridging” on page 173 for details
Active VLANs: Shows the VLANs that are active in this bond.
Mirror: Shows whether mirroring is enabled on this bond.
z
IAP Section
This section provides information about the Integrated Access Points
(IAPs) that are contained within the AP. How many IAPs are listed
depends on which product model you are using. To make configuration
changes to these IAPs, go to “IAP Settings” on page 313.
IAP: Lists the IAPs that are available on the AP.
State: Shows the current state of each IAP, either up or down. IAPs
that are down are shown in RED. Figure 45 shows an example where
iap7 is down.
AP Type: Shows the types of 802.11 clients supported by this IAP (11/
a/b/g/n) and the number of separate data streams transmitted and
received by the antennas of each IAP for 802.11n. For example, 3x3
means that the IAP supports three transmit chains and three receive
chains. See “Up to Eight Simultaneous Data Streams Spatial
Multiplexing” on page 44.
Wireless Access Point
Viewing Status on the Wireless AP 99
Figure 45. Disabled IAP (Partial View)
Channel: Shows which channel each IAP is using, and the channel
setting. To avoid co-channel interference, adjacent radios should not
be using adjacent channels. To make channel selections for a specific
IAP, go to “IAP Settings” on page 313.
Wi-Fi Mode: Shows the 802.11 client types that the IAP has been
configured to support.
Antenna: Shows which antenna is being used by each IAP.
Cell Size: Indicates which cell size setting is currently active for each
IAP small, medium, large, max, automatic, or manually defined by
you.
Figure 46. IAP Cells
The cell size of an IAP is a function of its transmit power and
determines the IAP’s overall coverage. To define cell sizes, go to “IAP
Settings” on page 313. For additional information about cell sizes and
the importance of planning for and defining the optimum cell sizes
for your AP, go to “Coverage and Capacity Planning” on page 34.
Tx Power: Shows the transmit power for each IAP.
Wireless Access Point
100 Viewing Status on the Wireless AP
Rx Threshold: Shows the receive threshold for each IAP.
Stations: Informs you how many client stations are currently
associated with each IAP.
WDS Link/Distance: The WDS Link on this radio (if any), and
whether the link has been set to support Long Distance Links. See
“WDS” on page 385.
MAC Address/BSSID: Shows the MAC address for each IAP.
Description: The description (if any) that you set for this IAP.
z
Network Assurance Section
This section shows the results of ongoing network assurance testing. This
is the same as information shown in “Network Assurance” on page 113.
Figure 47. Network Assurance and Operating Status
The AP checks connectivity to network servers that you have configured
(for example, DNS and NTP servers) on an ongoing basis. For each
Setting, this list shows the server’s Host Name (if any), IP Address, and
Status.
Network assurance must be enabled on the AP in order to perform these
connectivity tests and display this information. See “Management
Control” on page 238.
z
Operating Status Section
This section shows the AP controller board’s current internal
temperatures, current fan speed, and compass heading. (Figure 47)
Wireless Access Point
Viewing Status on the Wireless AP 101
Notice that the Compass Heading field will only show a value if the AP
model is one that includes a built-in compass. In order for this reading to
be correct, the AP must be mounted with iap1 facing north. If the AP does
not have an integrated compass, this field will just show a dash.
See Also
Management Control
Interfaces
Bonds and Bridging
IAP Settings
Network Assurance
Wireless Access Point
102 Viewing Status on the Wireless AP
Access Point Information
This is a status only window that shows you the current firmware versions
utilized by the AP, serial numbers assigned to each module, MAC addresses,
licensing information, and recent boot timestamps. It will also show current
internal temperatures, fan speed, and compass heading if the AP model supports
these features.
Notice that the License Features row lists the features that are supported by your
AP’s license. See “About Licensing and Upgrades” on page 412 and “Advanced
Feature Sets” on page 21 for more information.
Figure 48. AP Information
You cannot make configuration changes in this window, but if you are
experiencing issues with network services, you may want to print the content of
this window for your records.
Wireless Access Point
Viewing Status on the Wireless AP 103
Access Point Configuration
This is a status only window that allows you to display the configuration settings
assigned to the AP, based on the following filter options:
z
Running displays the current configuration (the one running now).
z
Saved displays the saved configuration from this session.
z
Lastboot displays the configuration as it was after the last reboot.
z
Factory displays the configuration established at the factory.
Figure 49. Show Configuration
If you want to see just the differences between the Running, Saved, Lastboot, and
Factory configurations, you can do this by choosing a configuration option from
the Select Config pull-down menu then selecting an alternative configuration
option from the Select Diff pull-down menu.
To include the default configuration settings in the output, choose the
configuration then click the Include Defaults check box. If Include Defaults is
disabled, then only the changes from the default configuration are shown.
Wireless Access Point
104 Viewing Status on the Wireless AP
Admin History
It is useful to know who else is currently logged in to an AP while you're
configuring it, or who has logged in since the AP booted. This status-only
window shows you all administrator logins to the AP that have occurred since the
last reboot. To determine who is currently logged in, check which entries say
active in the Logout Time column.
Figure 50. Admin Login History
Network Status Windows
The following Network Status windows are available:
z
Network — displays a summary of network interface settings.
z
Network Map — displays information about this AP and neighboring
APs that have been detected.
z
Spanning Tree Status displays the spanning tree status of network
links on this AP.
z
Routing Table displays information about routing on this AP.
z
ARP Table displays information about Address Resolution Protocol on
this AP.
z
DHCP Leases displays information about IP addresses (leases) that the
AP has allocated to client stations.
z
Connection Tracking/NAT lists connections that have been established
for client stations.
z
CDP List — lists neighboring network devices using Cisco Discovery
Protocol.
z
LLDP Listlists devices on the AP’s network that support the Link
Layer Discovery Protocol (LLDP).
Wireless Access Point
Viewing Status on the Wireless AP 105
z
Network Assurance shows results of connectivity tests for network
servers.
z
Undefined VLANs shows VLANs present on an 802.1Q connection to
the AP, that are not configured in the AP's VLAN list.
Network
This window provides a snapshot of the configuration settings currently
established for AP’s wired interfaces. This includes the Gigabit interfaces and
their bonding settings. DNS Settings are summarized as well. You can click on
any item in the Interface or Bond columns to go to the associated configuration
window.
Figure 51. Network Settings
WMI windows that allow you to change or view configuration settings associated
with the network interfaces include:
z
“Interfaces” on page 170
z
“Bonds and Bridging” on page 173
z
“DNS Settings” on page 180
z
“Cisco Discovery Protocol (CDP) Settings” on page 181
Wireless Access Point
106 Viewing Status on the Wireless AP
Network Map
This window offers detailed information about this AP and all neighboring APs,
including how the APs have been set up within your network.
Figure 52. Network Map
The Network Map has a number of options at the top of the page that allow you
to customize your output by selecting from a variety of information that may be
displayed. You may sort the rows based on any column that has an active column
header, indicated when the mouse pointer changes to the hand icon . Click
Refresh to update the information at any time. Click Auto Refresh to instruct the
AP to refresh this window automatically.
Content of the Network Map Window
By default, the network map shows the following status information for each AP:
z
Access Point Name: The host name assigned to the AP. To establish the
host name, go to “Express Setup” on page 163. You may click the host
name to access WMI for this AP.
z
IP Address: The AP’s IP address. You may click the address to access
WMI for this AP. If DHCP is enabled, the AP’s IP address is assigned by
the DHCP server. If DHCP is disabled, you must assign a static IP
address. To enable DHCP or to assign a static IP address for the AP, go to
“Express Setup” on page 163.
z
Location: The location assigned to the AP. To establish the location
information, go to “Express Setup” on page 163.
z
Array OS: The software version running on the AP.
z
IAP: The number of IAPs on the AP.
Wireless Access Point
Viewing Status on the Wireless AP 107
z
(IAP) Up: Informs you how many IAPs are currently up and running. To
enable or disable all IAPs, go to “Express Setup” on page 163. To enable
or disable individual IAPs, go to “IAP Settings” on page 313.
z
SSID: Informs you how many SSIDs have been assigned for the AP. To
assign an SSID, go to “SSID Management” on page 277.
z
(SSID) On: Informs you how many SSIDs are enabled. To enable or
disable SSIDs, go to “SSID Management” on page 277.
z
In Range: Informs you whether the AP is within wireless range of
another Wireless AP.
z
Fast Roam: Informs you whether or not the Xirrus fast roaming feature is
enabled. This feature utilizes the Xirrus Roaming Protocol (XRP) ensuring
fast and seamless roaming capabilities between IAPs or APs at both Layer
2 and Layer 3. To enable or disable fast roaming, go to “Global Settings”
on page 319.
z
Uptime (D:H:M): Informs you how long the AP has been up and running
(in Days, Hours and Minutes).
To see additional information, select from the following checkboxes at the bottom
of the page. This will show the columns described below.
Hardware
z
Model: The model number of each AP, plus the amount of RAM memory
and the speed of the processor.
z
Serial: Displays the serial number of each AP.
License
z
License: The license key of each AP.
z
Licensed Features: Lists the features enabled by the key.
Software (enabled by default)
z
Enable/disable display of the AP OS column.
Firmware
z
Boot Loader: The software version number of the boot loader on each AP.
Wireless Access Point
108 Viewing Status on the Wireless AP
z
SCD Firmware: The software version number of the SCD firmware on
each AP.
IAP Info (enabled by default)
z
Enable/disable display of the IAP/Up columns.
Stations
z
Stations: Tells you how many stations are currently associated to each
AP. To de-authenticate a station, go to “Stations” on page 127.
The columns to the right (H, D, W, and M) show the highest number of
stations that have been associated over various periods of time: the
previous hour, day, week, and month.
Default
z
Sets the columns displayed to the default settings. By default, only
Software and IAP Info are selected.
Wireless Access Point
Viewing Status on the Wireless AP 109
Spanning Tree Status
Multiple active paths between stations can cause loops in the network. If a loop
exists in the network topology, the potential exists for the duplication of
messages. The spanning tree protocol is a link management protocol that
provides path redundancy while preventing undesirable loops. For a wireless
network to function properly, only one active path can exist between two stations.
To facilitate path redundancy, the spanning tree protocol defines a tree that spans
all stations in the network and forces certain redundant data paths into a standby
(blocked) state. If one segment in the spanning tree becomes unreachable, the
spanning tree algorithm reconfigures the network topology and reestablishes the
link by activating the standby path. The spanning tree function is transparent to
client stations.
Figure 53. Spanning Tree Status
This window shows the spanning tree status (forwarding or blocked) for path
segments that terminate on the Gigabit ports and WDS links of this AP. You may
sort the rows based on the VLAN Name or Number columns by clicking the
column header. Click Refresh to update the information at any time. Click Auto
Refresh to instruct the AP to refresh this window automatically.
See Also
Network
Interfaces
Network Status Windows
VLANs
WDS
Wireless Access Point
110 Viewing Status on the Wireless AP
Routing Table
This status-only window lists the entries in the AP’s routing table. The table
provides the AP with instructions for sending each packet to its next hop on its
route across the network.
Figure 54. Routing Table
See Also
VLANs
Configuring VLANs on an Open SSID
ARP Table
This status-only window lists the entries in the AP’s ARP table. For a device with
a given IP address, this table lists the device’s MAC address. It also shows the AP
interface through which this device may be reached. The table typically includes
devices that are on the same local area network segment as the AP.
Figure 55. ARP Table
See Also
Routing Table
ARP Filtering
Wireless Access Point
Viewing Status on the Wireless AP 111
DHCP Leases
This status-only window lists the IP addresses (leases) that the AP has allocated to
client stations. For each, it shows the IP address assigned from one of the defined
DHCP pools, and the MAC address and host name of the client station. The start
and end time of the lease show how long the allocation is valid. The same IP
address is normally renewed at the expiration of the current lease.
Figure 56. DHCP Leases
See Also
DHCP Server
Connection Tracking/NAT
This status-only window lists the session connections that have been created on
behalf of clients. This table may also be used to view information about current
NAT sessions.
Figure 57. Connection Tracking
Click the Show Hostnames checkbox at the top of the page to display name
information (if any) for the source and destination location of the connection. The
Hostname columns will replace traffic statistics columns.
Wireless Access Point
112 Viewing Status on the Wireless AP
You may sort the rows based on any column that has an active column header,
indicated when the mouse pointer changes to the hand icon . Click Refresh to
update the information at any time. Click Auto Refresh to instruct the AP to
refresh this window automatically.
See Also
Filters
CDP List
This status-only window lists devices on the AP’s network that support the Cisco
Discovery Protocol (CDP).
Figure 58. CDP List
The AP performs discovery on the network on an ongoing basis. This list shows
the devices that have been discovered Cisco devices and other devices on the
network that have CDP running. For each, it shows the device’s host name, IP
address, manufacturer and model name, the device interface that is connected to
the network (i.e., the port that was discovered), and the network capabilities of
the device (switch, router, supported protocols, etc.).
CDP must be enabled on the AP in order to gather and display this information.
For details and some restrictions, see “Cisco Discovery Protocol (CDP) Settings”
on page 181.
Wireless Access Point
Viewing Status on the Wireless AP 113
LLDP List
This status-only window lists devices on the AP’s network that support the Link
Layer Discovery Protocol (LLDP).
Figure 59. LLDP List
The AP performs discovery on the network on an ongoing basis. This list shows
the devices that have been discovered devices on the network that have LLDP
running. For each, it shows the device’s host name, IP address, and model name,
the device interface that is connected to the network (i.e., the port that was
discovered), and the network capabilities of the device (switch, router, supported
protocols, etc.).
LLDP must be enabled on the AP in order to gather and display this information.
For details and some restrictions, see “LLDP Settings” on page 182.
Network Assurance
This status-only window shows the results of ongoing network assurance testing.
Figure 60. Network Assurance
The AP checks connectivity to network servers that you have configured (for
example, DNS and NTP servers) on an ongoing basis. For each server, this list
shows the server’s host name (if any), IP address, and status.
Wireless Access Point
114 Viewing Status on the Wireless AP
Network assurance must be enabled on the AP in order to perform these
connectivity tests and display this information. See “Management Control” on
page 238.
See Also
Management Control
Undefined VLANs
This status-only window lists VLANs that are detected on the AP’s trunk ports
(i.e., wired ports), but have not been configured on the AP. See “VLANs” on
page 213.
Figure 61. Undefined VLANs
This feature alerts you to the fact that an 802.1Q trunk to the AP has VLANs that
are not being properly handled on the AP. To reduce unnecessary traffic, only
VLANs that are actually needed on the AP should normally be on the trunk, e.g.,
the management VLAN and SSID VLANs. In some cases such as multicast
forwarding for Apple Bonjour you may want to extend other VLANs to the AP, in
order to forward Bonjour or other multicast packets (see “Advanced Traffic
Optimization” on page 324).
See Also
VLANs
Wireless Access Point
Viewing Status on the Wireless AP 115
RF Monitor Windows
Every Wireless AP includes an integrated RF spectrum analyzer as a standard
feature. The spectrum analyzer allows you to characterize the RF environment by
monitoring throughput, signal, noise, errors, and interference levels continually
per channel. This capability uses the assigned threat-sensor (monitor) radio. The
associated software is part of the ArrayOS.
The following RF Status windows are available:
z
IAP Monitoring displays current statistics and RF measurements for
each of the AP’s IAPs.
z
Spectrum Analyzer displays current statistics and RF measurements
for each of the AP’s channels.
z
Rogues displays rogue APs that have been detected by the AP.
z
Channel History charts ongoing statistics and RF measurements for
one selected channel over time.
z
Radio Assurance displays counts of types of problems that caused each
IAP to reset.
Wireless Access Point
116 Viewing Status on the Wireless AP
IAP Monitoring
The RF Monitor IAP Monitoring window displays traffic statistics and RF
readings observed by each AP IAP (radio). Note that the data is an instantaneous
snapshot for the IAP it is not an average or a cumulative total. To graph these
values over time for a particular channel, see “Channel History” on page 122. For
detailed information on the measurements displayed, please see “Spectrum
Analyzer Measurements” on page 119.
Figure 62. RF Monitor IAPs
Figure 62 presents the data as a graphical display, enabled by selecting the Graph
checkbox on the upper left. If this option is not selected, data is presented as a
numerical table.
Figure 63. RF Monitor IAPs
You may sort the rows based on any column that has an active column header,
indicated when the mouse pointer changes to the hand icon . Click Refresh to
update the information at any time. Click Auto Refresh to instruct the AP to
refresh this window automatically.
Wireless Access Point
Viewing Status on the Wireless AP 117
Spectrum Analyzer
Spectrum analysis on Wireless APs is a distributed capability that automatically
covers the entire wireless network, since a sensor is present in every unit. APs
monitor the network 24/7 and analyze interference anywhere in the network
from your desk. There’s no need to walk around with a device as with traditional
spectrum analyzers, thus you don’t have to be in the right place to find outside
sources that may cause network problems or pose a security threat. The AP
monitors all 802.11 radio bands (a/b/g/n), not just those currently used for data
transmission.
The RF Spectrum Analyzer window displays instantaneous traffic statistics and
RF readings for all channels, as measured by the AP’s monitor radio. This differs
from the RF Monitor-Radio Monitoring window, which displays values measured
by each IAP for its current assigned channel. For the spectrum analyzer, the
monitor radio is in a listen-only mode, scanning across all wireless channels. Each
channel is scanned in sequence, for a 250 millisecond interval per channel. The
spectrum analyzer window presents the data as a graphical display of vertical bar
graphs for each statistic as shown in Figure 64 (the default presentation), or
horizontally as bar graphs or numerical RF measurements. The measurements
displayed are explained in “Spectrum Analyzer Measurements” on page 119.
As an aid to viewing data for a particular channel, click the channel number. The
channel will be highlighted down the page (or across the page for a rotated view,
in both text and graph modes). Click additional channels to highlight them for
easy comparison. To remove the highlighting from a channel, click the channel
number again. Click Refresh to update the information at any time. Click Auto
Refresh to instruct the AP to refresh this window automatically.
#The RF measurements for this feature are obtained by the monitor radio. You
must have a radio set to monitor mode for any data to be available. See
“IAP Settings” on page 313.
#Spectrum Analysis is not available for APs or Access Points featuring
802.11ac IAPs.
Wireless Access Point
118 Viewing Status on the Wireless AP
Figure 64. RF Spectrum Analyzer
The Spectrum Analyzer offers several display options:
z
To display horizontal bar graphs, click the Rotate checkbox at the bottom
of the data window.
z
In the rotated view, if you wish to view data as a numerical table, click the
Text checkbox. Click again to return to a graphical display. The text
option is only available in the rotated view.
z
When viewing a graphical display, click Bars to have the bar graphs
displayed against a gray background you may find this easier on the
eyes. This operation is not available when Text is selected.
z
You may sort the rows based on any column that has an active column
header, indicated when the mouse pointer changes to the hand icon .
Sorting is only available in the rotated view.
Click Channel number to highlightSelect Display Options
Wireless Access Point
Viewing Status on the Wireless AP 119
z
At the bottom left of the frame, you may select whether to display only
2.4 GHz channels, 5 GHz channels, or both (the default is both). Note that
the data is an instantaneous snapshot it is not an average or a
cumulative total.
Spectrum Analyzer Measurements
The spectrum analyzer displays the following information:
z
Packets/Sec: Total number of wireless packets per second on the channel,
both valid and errored packets.
z
Bytes/Sec: Total number of wireless bytes per second on the channel,
valid packets only.
z
802.11 Busy: Percentage of time that 802.11 activity is seen on the channel.
z
Other Busy: Percentage of time that the channel is unavailable due to
non-802.11 activity.
The total busy time (802.11 Busy plus Other Busy) will never total more
than 100%. The remaining time (100% minus total busy time) is quiet
time the time that no activity was seen on the channel.
z
Signal to Noise: Average SNR (signal to noise ratio) seen on the channel,
calculated from the signal seen on valid 802.11 packets less the noise floor
level. A dash value “-“means no SNR data was available for the interval.
z
Noise Floor: Average noise floor reading seen on the channel (ambient
noise). A dash value “-“means no noise data was available for the
interval.
z
Error Rate: Percentage of the total number of wireless packets seen on the
channel that have CRC errors. The Error rate percentage may be high on
some channels since the monitor radio is set to receive at a very sensitive
level, enabling it to hear packets from devices at far distances.
z
Average RSSI: Average RSSI level seen on 802.11 packets received on the
channel. A dash value “-“means no RSSI data was available for the
interval.
z
Average Data Rate: Average data rate over time (per byte, not per packet)
seen on 802.11 packets received on the channel. A dash value “-“means
Wireless Access Point
120 Viewing Status on the Wireless AP
no data rate information was available for the interval. A higher date rate
(above 6 Mbps) typically indicates user data traffic on the channel.
Otherwise, the data rate reflects control packets at the lower basic rates.
Rogues
This window displays all detected access points, according to the classifications
you select from the checkboxes at the top Blocked, Unknown, Known, or
Approved. This includes ad hoc access points (station-to-station connections). For
more information about intrusion detection, rogue APs, and blocking, please see
“About Blocking Rogue APs” on page 376.
Figure 65. Intrusion Detection/Rogue AP List
The Intrusion Detection window provides the easiest method for classifying
rogue APs as Blocked, Known, Approved, or Unknown. Choose one or more APs
using the checkbox in the Select column, then use the buttons on the upper left to
classify them with the following actions: Approve, Set Known, Block, or Set
Unknown.
You can sort the results based on the following parameters by clicking the desired
column header:
z
SSID
z
Security
z
BSSID
z
Type
z
Manufacturer
z
Status
z
Channel
z
Discovered
z
RSSI
z
Last Active
Select APs to DisplayClassify APs
Wireless Access Point
Viewing Status on the Wireless AP 121
You can refresh the list at any time by clicking on the Refresh button, or click in
the Auto Refresh check box to instruct the AP to refresh the list automatically.
See Also
Network Map
Rogue Control List
SSIDs
SSID Management
Wireless Access Point
122 Viewing Status on the Wireless AP
Channel History
The RF Monitor Channel History window focuses on traffic statistics and RF
readings observed for just one channel that you select in the Channel field. A new
set of readings is added every 10 seconds for a 5 GHz channel, or every 5 seconds
for a 2.4 GHz channel. For descriptions of the measurements displayed, please see
“Spectrum Analyzer Measurements” on page 119.
Figure 66. RF Monitor Channel History
Figure 66 presents the data in graphical form. New data appears at the left, with
older readings shifting to the right. To make the data appear as a bar chart, click
the Bar checkbox which will shade the background.
You also have the option of clicking the Rotate checkbox to give each statistic its
own column. In other words, the graph for each statistic will grow down the page
as new readings display at the top. (Figure 67)
#Channel History is not available for APs or Access Points featuring
802.11ac IAPs.
Wireless Access Point
Viewing Status on the Wireless AP 123
Figure 67. RF Monitor Channel History (Rotated)
If you select Rotate and Text together, data is presented as a numerical table.
(Figure 68)
Click Pause to stop collecting data, or Resume to continue.
Figure 68. RF Monitor — Channel History (Text)
Wireless Access Point
124 Viewing Status on the Wireless AP
Radio Assurance
When Radio Assurance mode is enabled, the monitor radio performs loopback
tests on the AP’s radios. When problems are encountered, the AP can take various
actions to correct them by performing different levels of reset on the affected
radio. This window shows which resets, if any, have been performed on which
radios since the last reboot.
The AP’s response to radio problems is controlled by the Radio Assurance Mode
selected, as described in “RF Resilience” on page 360. If you have selected Failure
Alerts & Repairs (with or without reboots), then the AP can take corrective action
if a problem is detected. Note that radio assurance requires RF Monitor Mode to
be enabled in Advanced RF Settings to turn on self-monitoring functions. It also
requires a radio to be set to monitoring mode. For a detailed discussion of the
operation of this feature and the types of resets performed, see “Radio Assurance”
on page 530.
Figure 69. Radio Assurance
For each of the AP’s radios, this window shows the radio’s state, its type (IEEE
802.11 type, and antenna type—2x2 or 3x3), the assigned channel, and the selected
802.11 wireless mode. To the right, the table shows counts for the number of
times, if any, that radio assurance has performed each of the following types of
resets since the last reboot, as described in Radio Assurance:
z
Monitor
z
Beacon
z
Phy
z
MAC
z
System (i.e., reboot the AP)
Wireless Access Point
Viewing Status on the Wireless AP 125
See Also
IAPs
Xirrus Advanced RF Analysis Manager (RAM)
RF Resilience
Radio Assurance
Wireless Access Point
126 Viewing Status on the Wireless AP
Station Status Windows
The following Station Status windows are available:
z
Stations — this list describes all stations associated to the AP.
z
Location Map displays a map showing the approximate locations of all
stations associated to the AP.
z
RSSI for each associated station, this displays the Received Signal
Strength Indicator at each of the AP’s IAPs.
z
Signal-to-Noise Ratio (SNR) for each associated station, this displays
the SNR at each of the AP’s IAPs.
z
Noise Floor for each associated station, this displays the ambient noise
(silence) value at each of the AP’s IAPs.
z
Max by IAP for each IAP, this shows the historical maximum number
of stations that have been associated to it over various periods of time.
z
Station Assurance displays stations that are having connectivity
problems.
Wireless Access Point
Viewing Status on the Wireless AP 127
Stations
This window shows client stations currently visible to the AP. You may choose to
view only stations that have Associated to the AP, or include stations that are
Unassociated by selecting the appropriate buttons above the list. The list always
shows the MAC address of each station, its IP address, the SSID used for the
association, the Group (if any) that this station belongs to, its VLAN, its QoS, the
IAP used for the association, transmit and receive rates, the RSSI for each station,
and how long each association has been active (up time).
In the Link column, click the details button to jump to a detailed statistics
page for this station. Click to see Application Control information.
You may click other buttons above the list to show a number of additional
columns:
z
Identification: shows more identifying information for the station its
User Name, Host Name, Manufacturer, Device Type, and Device Class
(for example, notebook, iPad, etc.).
z
Security: includes security settings used by the connection Encryption
type, Cipher used, and Key Management used by the station.
z
Connection Info: shows the Band (5GHz or 2.4 GHz) used. Shows an
additional RF measurement that affects the quality of the connection:
SNR (signal to noise ratio).
z
Reset: click this button to return the display to showing just the default
columns.
Figure 70. Stations
Wireless Access Point
128 Viewing Status on the Wireless AP
You may sort the rows based on any column that has an active column header.
Click again to reverse the sort order. You may select one or more specific stations
and perform one of the following actions by clicking the associated button:
z
Deny Access: Sends a de-authentication frame to the selected station and
explicitly denies it access by adding its MAC address to the Deny List in
the Access Control List window. To permit access again, go to “Access
Control List” on page 248 and delete the station from the Deny list.
z
Deauthenticate: Sends a de-authentication frame to the selected station.
The station may re-authenticate.
Click on the Refresh button to refresh the station list, or click in the Auto Refresh
check box to instruct the AP to refresh this window automatically.
See Also
Access Control List
Station Status Windows
Station Statistics
Wireless Access Point
Viewing Status on the Wireless AP 129
Location Map
The Location Map shows the approximate locations of stations relative to this AP.
The location of each station is computed based on the RSSI of its signal as received
by the AP. The distance is adjusted based on the environment setting that you
selected. You may display just the stations associated to this AP, unassociated
stations (shown in gray), or both. The station count is shown on the right, above
the map. You may also choose to display only 5 GHz stations (shown in orange)
or 2.4 GHz stations (shown in green), or both.
Figure 71. Location Map
The map and AP are shown as if you were looking down on the AP from above,
say from a skylight on the roof. Thus the positions of the radios are a mirror image
of the way they are typically drawn when looking at the face of the AP. Radios are
marked on the map to show the orientation of the AP.
A station is identified by the type of Preferred Label that you select: Netbios
Name, IP Address, MAC Address, or Manufacturer. If multiple stations are near
each other, they will be displayed slightly offset so that one station does not
Associated Stations
orange - 5 GHz
green - 2.4GHz
Unassociated Station
Hover mouse to
show details
AP
Wireless Access Point
130 Viewing Status on the Wireless AP
completely obscure another. You may minimize a station that is not of interest by
clicking it. There is also a Minimize All button.
You may replace the range-finder background image above with your own
custom image of the floor plan of the area served by the AP see “Working with
the Custom Image” on page 132
Hover the mouse over a station to show detailed information. (Figure 71) For a
station that is associated to this AP, the details include:
z
The IAP, Channel, and SSID to which the station is associated.
z
The MAC and IP address and Netbios name of the station.
z
The TX Rate and RX Rate of this connection.
z
The approximate Distance of this station from the AP. The distance is
estimated using the received signal strength and your environment
setting. The environment determines the typical signal attenuation due to
walls and other construction that affect signal reception.
Controls and items displayed on the Location Map window
Figure 72. Controls for Location Map
#The Location Map has its own scroll bars in addition to the browser’s scroll
bars. If you narrow the browser window, the map’s scroll bar may be hidden.
Use the browser’s bottom scroll bar if you need to move it into view.
Stations
to display Environment
Setting
Replace background
Minimize stations
Reset display Rotate map
Zoom in
Zoom out
Scale
Station counts
Wireless Access Point
Viewing Status on the Wireless AP 131
z
Display Associated/Unassociated: Select whether to display stations that
are associated to the AP, stations that are not associated, or both.
z
Display 2.4 GHz/5 GHz: Select whether to display 802.11bgn stations, or
802.11an stations, or both.
z
Preferred Label: This field is located on the top of the window towards
the right. It shows the type of label to be displayed for stations: NetBIOS
is the default, else, an IP or MAC address will be used, in that order.
z
Auto Refresh: Instructs the AP to refresh this window automatically.
z
Refresh: Updates the stations displayed.
z
Custom Image: Use this feature to replace the default background image
with your own image of the floor plan of your location. Click the Browse
button and browse to the desired file on your computer. This may be
a .gif, .jpg, .jpeg., .png, .htm, or .html file. The scale of the file should be
100 feet per inch. Then click Upload (see below). For more information on
using the custom, image, see “Working with the Custom Image” on
page 132.
z
Upload: After browsing to the desired custom image, click the Upload
button to install it. The map is redisplayed with your new background.
No hash marks (for the map scale) are added to the image display.
z
Reset: Click this button to restore the map display to the factory settings.
All attributes are restored including the stations selected for display, the
scale, the rotation, and the background map.
z
Rotate: Click this button to rotate the orientation of the entire map. It
rotates the map 45o counter-clockwise.
z
Enlarge: Click this button to enlarge (zoom in on) the map. The displayed
Scale is updated with the new scale for the map.
z
Reduce: Click this button to reduce (zoom out on) the map.
The displayed Scale is updated with the new scale for the map.
z
Environment: This field is located on the top right of the window. Select
the type of environment for this AP’s deployment: Indoor open (few
walls or obstructions), Indoor walled (typical wall or cubicle
Wireless Access Point
132 Viewing Status on the Wireless AP
construction), or Indoor dense (many walls or obstructions, or unusually
dense walls).
z
Scale: This view-only value shows the approximate distance represented
by each hash mark on the default map background.
z
Associated, Unassociated, Total Stations: These view-only values show
the station counts observed by the AP.
See Also
Station Status Windows
Working with the Custom Image
After you have uploaded a custom image (see Custom Image and Upload in
“Controls and items displayed on the Location Map window” on page 130), you
should move the display of the AP on your map to correspond with its actual
location at your site.
To move the AP on the map, simply click it, then drag and drop it to the desired
location. The AP will continue to follow the mouse pointer to allow you to make
further changes to its location. When you are satisfied with its location, click the
AP again to return to normal operation.
RSSI
For each station that is associated to the AP, the RSSI (Received Signal Strength
Indicator) window shows the station’s RSSI value as measured by each IAP. In
other words, the window shows the strength of the station’s signal at each radio.
You may choose to display Unassociated Stations as well with a checkbox at the
bottom of the window.
Figure 73. Station RSSI Values
By default, the RSSI is displayed numerically. You may display the relative
strength using color if you select Colorize Intensity, with the strongest signals
indicated by the most intense color. (Figure 73) If you select Graph, then the RSSI
Wireless Access Point
Viewing Status on the Wireless AP 133
is shown on a representation of the AP, either colorized or numerically based on
your selection. (Figure 74) The stations are listed to the left of the AP click on a
station to show its RSSI values on the AP.
Figure 74. Station RSSI Values Colorized Graphical View
In either graphical or tabular view, you may sort the rows based on any column
that has an active column header, indicated when the mouse pointer changes to
the hand icon . Click on the Refresh button to refresh the station list, or click in
the Auto Refresh check box to instruct the AP to refresh this window
automatically.
See Also
Station Status Windows
RF Monitor Windows
Wireless Access Point
134 Viewing Status on the Wireless AP
Signal-to-Noise Ratio (SNR)
For each station that is associated to the AP, the Signal-to-Noise Ratio (SNR)
window shows the station’s SNR value as measured by each IAP. In other words,
the window shows the SNR of the station’s signal at each IAP. The signal-to-noise
ratio can be very useful for determining the cause of poor performance at a
station. A low value means that action may need to be taken to reduce sources of
noise in the environment and/or improve the signal from the station.
Figure 75. Station Signal-to-Noise Ratio Values
You may choose to display Unassociated Stations as well with a checkbox at the
bottom of the window.
By default, the SNR is displayed numerically. (Figure 75) You may display
the relative value using color if you select Colorize Intensity, with the highest
SNR indicated by the most intense color. (Figure 76) If you select Graph, then
the SNR is shown on a representation of the AP, either colorized or numerically
based on your selection. The stations are listed to the left of the AP click on a
station to show its SNR values on the AP.
Figure 76. Station SNR Values Colorized Graphical View
In either graphical or tabular view, you may sort the rows based on any column
that has an active column header, indicated when the mouse pointer changes to
Wireless Access Point
Viewing Status on the Wireless AP 135
the hand icon . Click on the Refresh button to refresh the station list, or click in
the Auto Refresh check box to instruct the AP to refresh this window
automatically.
See Also
Station Status Windows
RF Monitor Windows
Noise Floor
For each station that is associated to the AP, the Noise Floor window shows
the ambient noise affecting a station’s signal as measured by each IAP. The noise
floor is the RSSI value when the station is not transmitting, sometimes called a
Silence value. In other words, the window shows the noise floor of the station’s
signal at each IAP. The noise floor value can be very useful for characterizing the
environment of a station to determine the cause of poor performance. A relatively
high value means that action may need to be taken to reduce sources of noise in
the environment.
Figure 77. Station Noise Floor Values
You may choose to display Unassociated Stations as well with a checkbox at the
bottom of the window.
By default, the noise floor is displayed numerically. (Figure 77) You may display
the relative value using color if you select Colorize Intensity, with the highest
noise indicated by the most intense color. If you select Graph, then the ambient
noise is shown on a representation of the AP, either colorized or numerically
based on your selection.(Figure 78) The stations are listed to the left of the AP
click on a station to show its values on the AP.
Wireless Access Point
136 Viewing Status on the Wireless AP
Figure 78. Station Noise Floor Values Colorized Graphical View
In either graphical or tabular view, you may sort the rows based on any column
that has an active column header, indicated when the mouse pointer changes to
the hand icon . Click on the Refresh button to refresh the station list, or click in
the Auto Refresh check box to instruct the AP to refresh this window
automatically.
See Also
Station Status Windows
RF Monitor Windows
Wireless Access Point
Viewing Status on the Wireless AP 137
Max by IAP
This status-only window shows the maximum number of client stations that have
historically been associated to the AP. For each IAP, the list shows the IAP’s state
and channel number, the current number of stations associated, and the highest
number of stations that have been associated over various periods of time: hour,
day, week, month, and year. In other words, the Max Station Count shows the
“high water mark” over the selected period of time the maximum count of
stations for the selected period, rather than a cumulative count of all stations that
have associated. This information aids in network administration and in planning
for additional capacity.
Figure 79. Max by IAP
You may click an IAP to go to the IAP Settings window. Click on the Refresh
button to refresh the station list, or click Auto Refresh to instruct the AP to refresh
this window automatically.
See Also
IAPs
Station Status Windows
Wireless Access Point
138 Viewing Status on the Wireless AP
Station Assurance
Station assurance monitors the quality of the connections that users are
experiencing on the wireless network. This window shows client stations that
have had connectivity issues. You may enable or disable the station assurance
feature and set thresholds for the problems that it checks, such as excessive packet
retry or packet error rates, or stations that are unable to stay associated to the AP.
Please see “Station Assurance” on page 365 for more information about these
settings. When the AP detects that a station has reached the threshold value for
one or more of the issues checked, it adds the station to this page. In addition, an
event is triggered, a trap is generated, and a Syslog message is logged.
For each station, this list shows the MAC address, its IP address, its host name, its
device type, device class, and manufacturer. It also shows the values of the
various statistics that were monitored for problems as described in “Station
Assurance” on page 365: associated time, authentication failures, packet error
rate, packet retry rate, packet data rate, RSSI, signal to noise ratio (SNR), and
distance.
Figure 80. Station Assurance
You may click the Clear Inactive button to remove stations that are no longer
connected to the AP from the list. Click the Clear All button to remove all entries
and start fresh to add problem stations to the list as they are detected. Click on the
Refresh button to refresh the station list, or click Auto Refresh to instruct the AP
to refresh this window automatically.
See Also
IAPs
Station Status Windows
Station Assurance
Wireless Access Point
Viewing Status on the Wireless AP 139
Statistics Windows
The following AP Statistics windows are available:
z
IAP Statistics Summary provides an overview of the statistical data
associated with all IAPs. Expands to show links for displaying detailed
statistics for individual IAPs.
z
Per-IAP Statistics provides detailed statistics for an individual IAP.
z
Network Statistics displays statistical data associated with each
network (Ethernet) interface.
z
VLAN Statistics provides statistical data associated with your assigned
VLANs.
z
WDS Statistics — provides statistical data for all WDS client and host
links.
z
IDS Statistics provides statistical data for intrusion detection.
z
Filter Statistics provides statistical data for all configured filters.
z
Station Statistics — provides statistical data associated with each station.
IAP Statistics Summary
This is a status only window that provides an overview of the statistical data
associated with all IAPs. It also shows the channel used by each IAP. For detailed
statistics for a specific IAP, see “Per-IAP Statistics” on page 140. Click the Unicast
Stats Only checkbox on the lower left to filter the results, or clear the checkbox to
show statistics for all wireless traffic.
Figure 81. IAP Statistics Summary Page
You can Refresh the data (update the window with the latest information) or
Clear the data (reset all content to zero and begin counting again) at any time by
Wireless Access Point
140 Viewing Status on the Wireless AP
clicking on the appropriate button. You can also click in the Auto Refresh check
box to instruct the AP to refresh this window automatically.
See Also
System Log Window
Global Settings
Global Settings .11an
Global Settings .11bgn
IAPs
Per-IAP Statistics
This is a status only window that provides detailed statistics for the selected IAP.
Scroll the window down to see a breakout of the statistics by connection rate. For
a summary of statistics for all IAPs, see “IAP Statistics Summary” on page 139.
Use the Display Percentages checkbox at the upper left to select the output
format check this option to express each statistic as a percentage of the total at
the top of the column, or leave it blank to display raw numbers.
Receive Error statistics include:
z
Total Retries: the count of packets that were sent more than once before
being received correctly.
z
CRC error: the count of packets that were corrupted on the air and were
dropped. Some level of CRC errors are expected in wireless networks.
Note that all IAPs operate in a mode where they are listening to
everything all the time, which means they will see many CRC errors.
z
Fragment Errors: the count of packets that were incomplete.
z
Encryption Errors: the count of packets that had encryption problems.
z
Duplicates: the count of packets that were received more than once. The
duplicate packets are dropped.
z
Dropped Packets: the count of packets that were dropped due to various
receive errors, including being received when all receive queues were
full. These packets are dropped after being received.
z
Overruns: indicate the number of times that First-In-First-Out (FIFO)
overflow errors occur.
Wireless Access Point
Viewing Status on the Wireless AP 141
Figure 82. Individual IAP Statistics Page
You can Refresh the data (update the window with the latest information) or
Clear the data (reset all content to zero and begin counting again) at any time by
clicking on the appropriate button. You can also click in the Auto Refresh check
box to instruct the AP to refresh this window automatically.
See Also
System Log Window
Global Settings
Global Settings .11an
Global Settings .11bgn
IAPs
Wireless Access Point
142 Viewing Status on the Wireless AP
Network Statistics
This is a status only window that allows you to review statistical data associated
with each network (Ethernet) interface and its activity. You can Refresh the data
(update the window with the latest information) or Clear the data (reset all
content to zero and begin counting again) at any time by clicking on the
appropriate button. You can also click in the Auto Refresh check box to instruct
the AP to refresh this window automatically. If you are experiencing problems on
the AP, you may also want to print this window for your records
.
Figure 83. Network Statistics
See Also
DHCP Server
DNS Settings
Network
Interfaces
Wireless Access Point
Viewing Status on the Wireless AP 143
VLAN Statistics
This is a status only window that allows you to review statistical data associated
with your assigned VLANs. You can refresh the information that is displayed on
this page at any time by clicking on the Refresh button, or select the Auto Refresh
option for this window to refresh automatically. The Clear All button at the lower
left allows you to clear (zero out) all VLAN statistics.
Figure 84. VLAN Statistics
See Also
VLAN Management
VLANs
Wireless Access Point
144 Viewing Status on the Wireless AP
WDS Statistics
The main WDS Statistics window provides statistical data for all WDS client and
host links. To access data about a specific WDS client or host link, simply click on
the desired link in the left frame to access the appropriate window. You may also
choose to view a sum of the statistics for all client links, all host links, or all links
(both client and host links).
Figure 85. WDS Statistics
See Also
SSID Management
WDS
Wireless Access Point
Viewing Status on the Wireless AP 145
IDS Statistics
The Xirrus AP employs a number of IDS/IPS (Intrusion Detection System/
Intrusion Prevention System) strategies to detect and prevent malicious attacks on
the wireless network. This status-only window provides detailed intrusion
detection statistics for the selected IAP.
You must have Intrusion Detection Mode enabled to collect IDS statistics. See
“Intrusion Detection” on page 373. Information about IDS events is discussed in
the “IDS Event Log Window” on page 158.
Figure 86. IDS Statistics Page
Use the filter feature to show only information for a selected IAP or for selected
event types. Select the type of Filter: IAP to select IAPs, or Packet/Event to select
particular attack types. Select the type of string matching, for example, Begins
with or Contains. Then enter the string to be matched and click the Filter button.
For example, in Figure 87, the filter Packet/Event Contains assoc finds events that
include the string assoc in any position. If you have an AP with 12 IAPs, then IAP
Wireless Access Point
146 Viewing Status on the Wireless AP
Contains 1 will show entries for iap1, iap10, iap11, and iap12. Click the Reset
button to return to showing all entries.
Figure 87. Filtered IDS Statistics
Many of the column headers may be clicked to sort the entries in ascending or
descending order based on that column. You can Refresh the data (update the
window with the latest information) at any time by clicking the Refresh button
on the upper right. You can also click in the Auto Refresh check box to
instruct the AP to refresh this window automatically.
See Also
Intrusion Detection
IDS Event Log Window
Wireless Access Point
Viewing Status on the Wireless AP 147
Filter Statistics
The Filter Statistics window provides statistical data for all configured filters. The
name, state (enabled on or off), and type (allow or deny) of each filter is shown.
For enabled filters, this window shows the number of packets and bytes that met
the filter criteria. Click on a column header to sort the rows based on that column.
Click on a filter name to edit the filter settings.
Figure 88. Filter Statistics
See Also
Filters
Application Control Windows
Station Statistics
This status-only window provides an overview of statistical data for all stations.
Stations are listed by MAC address, and Receive and Transmit statistics are
summarized for each. For detailed statistics for a specific station, click the desired
MAC address in the Station column or click the details button in the
station’s Link column, and see “Per-Station Statistics” on page 149.
Figure 89. Station Statistics
Wireless Access Point
148 Viewing Status on the Wireless AP
Click on a column header to sort the rows based on that column. You can Refresh
the data (update the window with the latest information) at any time by clicking
the refresh button . You can also click in the Auto Refresh check box to
instruct the AP to refresh this window automatically.
See Also
Per-Station Statistics
Stations
Wireless Access Point
Viewing Status on the Wireless AP 149
Per-Station Statistics
This window provides detailed statistics for the selected station. This window is
accessed from the Station Statistics window click the MAC address of the
desired entry in the Station column to display its Per-Station Statistics window.
Receive and Transmit statistics are listed by Rate this is the data rate in Mbps.
For a summary of statistics for all stations, see “Station Statistics” on page 147.
You can Refresh the data (update the window with the latest information) at any
time by clicking on the appropriate button. You can also click in the Auto Refresh
check box to instruct the AP to refresh this window automatically.
Figure 90. Individual Station Statistics Page
See Also
Station Statistics
Wireless Access Point
150 Viewing Status on the Wireless AP
Application Control Windows
The Application Control feature provides real-time visibility of application usage
by users across the wireless network. Network usage has changed enormously in
the last few years, with the increase in smart phone and tablet usage stressing
networks. Increasing traffic from legitimate business needs such as cloud- and
web-based applications, streaming media and VoIP must be handled with an
adequate quality of experience.
Application Control is discussed in the following topics:
z
About Application Control an overview of this feature.
z
Application Control displays information about applications running
on the wireless network.
z
Stations (Application Control) displays a list of stations. Click one to
analyze application control information for only that station.
About Application Control
The AP uses Deep Packet Inspection (DPI) to determine what applications are
being used and by whom, and how much bandwidth they are consuming. These
applications are rated by their degree of risk and productiveness. Filters can be
used to implement per-application policies that keep network usage focused on
productive uses:
z
Usage of non-productive and risky applications like BitTorrent can be
restricted using Filters.
z
Traffic for mission-critical applications like VoIP and WebEx may be given
higher priority (QoS).
z
Non- critical traffic from applications like YouTube may be given lower
priority (QoS).
z
Traffic flows for specific applications may be controlled by sending them
into VLANs that are designated for that type of traffic.
#This feature is only available if the AP license includes Application
Control. See “About Licensing and Upgrades” on page 412.
Wireless Access Point
Viewing Status on the Wireless AP 151
Application Control can track application usage over time to monitor trends.
Usage may be tracked by AP, VLAN, or station. Many hundreds of applications
are recognized and grouped into a number of categories. The distributed
architecture of Xirrus APs allows Application Control to scale naturally as you
grow the network.
About Risk and Productivity
Application Control ranks applications in terms of their levels of risk and
productivity.
Productivity indicates how appropriate an application is for business purposes.
The higher the rating number, the more business-oriented an application is.
z
1—Primarily recreational
z
2—Mostly recreational
z
3—Combination of business and recreational purposes
z
4—Mainly used for business
z
5—Primarily used for business
Risk indicates how likely an application is to pose a threat to the security of your
network. The higher the rating number, the more risky an application is.
z
1—No threat
z
2—Minimal threat
z
3—Some risk - may be misused
z
4—High risk - may be malware or allow data leaks
z
5—Very high risk - threat circumvents firewalls or avoids detection
Keeping Application Control Current
Applications are recognized using a signature file which may be updated using
the System Tools page as new applications become popular (see “Application
Control Signature File Management” on page 422).
Wireless Access Point
152 Viewing Status on the Wireless AP
Application Control
This display-only window provides a snapshot of the application usage on your
AP. In order to view the Application Control window, the AP must have a license
that supports this feature, and you must have enabled the Application Control
option on the Filter Lists page (see “Filter Lists” on page 392).
Figure 91. Application Control
Wireless Access Point
Viewing Status on the Wireless AP 153
The Application Control window has three sections:
z
Selection Criteria allow you to choose the type of data to show, and to
filter for a single VLAN or station.
z
Pie Charts present a color coded at-a-glance view of the top ten
applications being used by the network.
z
Traffic Tables beneath the pie charts list the applications in use along
with traffic statistics. Unique Productivity and Risk ratings let you easily
assess the nature of applications in use, so that you can take action using
Filter Management.
Selection Criteria
At the top of the window, the options in the gray ribbon allow you to customize
the display with the following choices:
z
Display for VLAN: Use the drop-down list if you wish to select just one
VLAN to analyze, or leave the default value of all to see data from all
VLANs.
z
Display for Station: Use the drop-down list if you wish to select just one
station to analyze (stations are listed by their MAC address), or leave the
default value of all to see data from all stations. You may also use the
Stations window to select a station to display. See “Stations (Application
Control)” on page 156.
z
Station Traffic: Check this box if you wish to analyze traffic from stations,
listing the applications that they are using.
z
AP Management Traffic: Check this box if you wish to analyze
management traffic on this AP, including the load due to functions such
as Xirrus Roaming. Tracking traffic into the AP on the management side
can alert you to nefarious activity—and even to traffic on the wired
network that would best be blocked before it hits the AP. You may
display both station and AP management traffic, if you wish.
z
By Application: Check this box if you wish to analyze and list traffic by
what specific applications are in use, such as WebEx or BitTorrent.
Wireless Access Point
154 Viewing Status on the Wireless AP
z
By Category: Check this box if you wish to analyze and list traffic by the
types of applications in use, such as Games or Collaboration.
z
Auto Refresh instructs the AP to periodically refresh this window
automatically. Use the Refresh button to refresh the window right now.
Pie Charts
Figure 92. Application Control (Pie Charts)
These charts provide a quick way to determine how your wireless bandwidth is
being used. There are charts for Station Traffic and/or AP Management Traffic,
depending on which checkboxes you selected. Similarly, there are charts for By
Application and/or By Category, depending on your selections. The top ten
applications or categories are listed, by percentage of bandwidth usage.
Wireless Access Point
Viewing Status on the Wireless AP 155
Traffic Tables
Figure 93. Application Control (Station Traffic)
These tables provide detailed information about how your wireless bandwidth is
being used. There are tables for Station Traffic and/or AP Management Traffic,
depending on which checkboxes you selected. Similarly, there are tables for By
Application and/or By Category, depending on your selections.
In addition to showing traffic statistics, there are two unique and highly useful
columns. Risk estimates the likelihood of an application causing problems for
your business, such as a file-sharing utility introducing viruses or exposing you to
legal problems. Risk is rated from 1 (low risk: for example, Google) to 5 (high risk:
for example, BitTorrent). Risky applications (rated at 4 or 5) are flagged for your
attention by highlighting the entry in pale red. Productivity estimates the value of
an activity to your business, from 1 (unproductive: for example, Y8 gaming) to 5
(productive: for example, WebEx).
You may click the heading of any column to sort based on that column. Click
again to sort in the reverse order. For instance, sort on Risk to find problem
applications, or sort on Productivity to find applications that should be given
increased or decreased handling priority.
Wireless Access Point
156 Viewing Status on the Wireless AP
When you find risky or unproductive applications consuming bandwidth on the
network, you can easily create Filters to control them. See “Filter Management”
on page 395. You may use filters to:
z
Block problematic traffic, such as BitTorrent or Y8.
z
Prioritize mission critical traffic—by increasing the QoS assigned to the
traffic. See “Understanding QoS Priority on the Wireless AP” on
page 271.
z
Lower the priority of less productive traffic—use filters to decrease the
QoS assigned to traffic for applications like YouTube and Facebook.
Stations (Application Control)
This status-only window shows client stations currently visible to the AP.
The MAC address in the first column is a link. Click on a selected station, and the
Application Control window opens with the Display for Station field set to that
station, to perform a detailed analysis of its application usage.
Figure 94. Stations (Application Control)
The rest of the fields and display options on this window (including the
Identification, Security, and Connection Info checkboxes) are as described in
“Stations” on page 127.
Wireless Access Point
Viewing Status on the Wireless AP 157
System Log Window
This is a status only window that allows you to review the system log, where
system alerts and messages are displayed. Although there are no configuration
options available in this window, you do have the usual choice of deciding how
the event messages are sorted by clicking in the column header for the desired
field (Time Stamp, Priority, or Message).
z
Time Stamp sorts the list based on the time the event occurred.
z
Priority — sorts the list based on the priority assigned to the message.
z
Message — sorts the list based on the message category
The displayed messages may be filtered by using the Filter Priority option, which
allows control of the minimum priority level displayed. For example, you may
choose (under Services >System Log) to log messages at or above Debug level
but use Filter Priority to display only those at Information level and above.
Figure 95. System Log (Alert Level Highlighted)
Use the Highlight Priority field if you wish to highlight messages at the selected
priority level. Click on the Refresh button to refresh the message list, or click on
the Clear All button at the upper left to delete all messages. You can also click in
the Auto Refresh check box to instruct the AP to refresh this window
automatically.
Wireless Access Point
158 Viewing Status on the Wireless AP
IDS Event Log Window
This status only window displays the Intrusion Detection System (IDS) Event log,
listing any detected attacks on your network. For descriptions of the types of
attacks detected, as well as the settings to fine-tune IDS on the AP, please see
“Intrusion Detection” on page 373.
The displayed messages may be filtered by using the Filter Event setting, which
allows you to select just one type of intrusion to display. For example, you may
choose to display only beacon flood attacks.
Figure 96. IDS Event Log
Use the Highlight Event field if you wish to highlight all events of one particular
type in the list. Click on a column header to sort the rows based on that column.
Click on the Refresh button to refresh the message list, or click the Auto Refresh
check box to instruct the AP to refresh this window automatically.
Although there are no configuration options available in this window, you do
have the usual choice of deciding how the event messages are sorted by clicking
in the column header for the desired field.
z
Time Stamp the time that the event occurred.
z
IAP — the affected radio.
z
Channel — the affected channel.
z
Event the type of attack, as described in Intrusion Detection.
z
SSID the SSID that was attacked.
z
MAC Address the MAC address of the attacker.
Wireless Access Point
Viewing Status on the Wireless AP 159
z
Period the length of the window used to determine whether the count
of this type of event exceeded the threshold.
z
Current the count of this type of event for the current period.
z
Average the average count per period of this type of event.
z
Maximum the maximum count per period of this type of event.
Wireless Access Point
160 Viewing Status on the Wireless AP
Wireless Access Point
Configuring the Wireless AP 161
Configuring the Wireless AP
The following topics include procedures for configuring the AP using the
product’s embedded Web Management Interface (WMI). Procedures have been
organized into functional areas that reflect the flow and content of the WMI. The
following WMI windows allow you to establish configuration parameters for
your AP, and include:
z
“Express Setup” on page 163
z
“Network” on page 169
z
“Services” on page 185
z
“VLANs” on page 213
z
“Tunnels” on page 220
z
“Security” on page 225
z
“SSIDs” on page 268
z
“Groups” on page 304
z
“IAPs” on page 311
z
“WDS” on page 385
z
“Filters” on page 391
z
“Clusters” on page 401
z
“Mobile” on page 406
After making changes to the configuration settings of an AP you must click the
Save button at the top of the configuration window, otherwise the changes
you make will not be applied the next time the AP is rebooted.
#If you are a customer using XMS-9000-CL-x, then APs are managed via the
Cloud, and local AP management interfaces are inaccessible.
#Some pages or individual settings are only available if the AP’s license
includes appropriate features. If a setting is unavailable (grayed out), then
your license or your AP model does not support the feature. See “About
Licensing and Upgrades” on page 412.
Wireless Access Point
162 Configuring the Wireless AP
This chapter only covers using the configuration windows on the AP. To view
status or use system tools on the AP, please see:
z
“Viewing Status on the Wireless AP” on page 95
z
“Using Tools on the Wireless AP” on page 411
#If you have added modular IAPs to your AP, note that its model number will
be automatically adjusted to reflect the count and types of IAPs currently
installed. See Upgrading with 802.11ac radio modules.
Wireless Access Point
Configuring the Wireless AP 163
Express Setup
Initial AP configuration via XMS sets items such as SSIDs and security, as
described in “Zero-Touch Provisioning and Ongoing Management” on page 75.
This page allows you to see many of these values, or change them locally.
Figure 97. WMI: Express Setup
Wireless Access Point
164 Configuring the Wireless AP
When finished, click the Save button if you wish to make your changes
permanent.
Procedure for Performing an Express Setup
1. License Key: An unlicensed AP will automatically contact Xirrus to
obtain its license, if it has Internet connectivity. If you need to enter a
license manually, enter it here. The factory installed license key is listed
here. See “Licensing” on page 80.
2. Configure the Contact Information settings.
a. Location: Enter a brief but meaningful description that accurately
defines the physical location of the AP. In an environment where
multiple units are installed, clear definitions for their locations are
important if you want to identify a specific unit.
b. Contact Name: Enter the name and contact information of the person
who is responsible for administering the AP at the designated
location.
c. Contact Email: Enter the email address of the admin contact you
entered in Step 3.
d. Contact Phone: Enter the telephone number of the admin contact you
entered in Step 3.
3. Configure the Network settings. Please see “Interfaces” on page 170 for
more information.
a. Host Name: Specify a unique host name for this AP. The host name is
used to identify the AP on the network. Use a name that will be
meaningful within your network environment, up to 64
alphanumeric characters. The default is the AP’s serial number.
b. Address Type: Choose DHCP to instruct the AP to use DHCP to
assign IP addresses to the AP’s Ethernet interfaces, or choose Static if
you intend to enter IP addresses manually. If you choose the Static IP
option, you must enter the following IP Settings:
Wireless Access Point
Configuring the Wireless AP 165
c. IP Settings: If you choose the Static IP addressing option, enter the
following:
Address: Enter a valid IP address for this AP. To use a remote
connection (Web, SNMP, or SSH), a valid IP address must be
used.
Subnet Mask: Enter a valid IP address for the subnet mask (the
default is 255.255.255.0). The subnet mask defines the number of
IP addresses that are available on the routed subnet where the AP
is located.
Default Gateway: Enter a valid IP address for the default
gateway. This is the IP address of the router that the AP uses to
forward data to other networks.
Click the Apply button for this interface when done making IP
changes.
4. SSID Settings: This section specifies the wireless network name and
security settings.
a. SSID Name is a unique name that identifies a wireless network. The
default SSID is xirrus. Entering a value in this field will replace the
this default SSID with the new name.
For additional information about SSIDs, go to the Multiple SSIDs
section of “Frequently Asked Questions” on page 522.
b. Wireless Security: Select the desired wireless security scheme (Open,
WEP or WPA). Make your selection from the choices available in the
pull-down list.
Open This option offers no data encryption and is not
recommended, though you might choose this option if clients are
required to use a VPN connection through a secure SSH utility,
like PuTTy.
#For improved security, you should also take the additional steps described in
“Securing Low Level Access to the AP” on page 81.
Wireless Access Point
166 Configuring the Wireless AP
WEP (Wired Equivalent Privacy) An optional IEEE 802.11
function that offers frame transmission privacy similar to a wired
network. WEP generates secret shared encryption keys that both
source and destination stations can use to alter frame bits to
avoid disclosure to eavesdroppers.
WPA (Wi-Fi Protected Access) A Wi-Fi Alliance standard that
contains a subset of the IEEE 802.11i standard, using TKIP or AES
as an encryption method and 802.1x for authentication. WPA is
the stronger of the two wireless security schemes.
WPA2 (Wi-Fi Protected Access 2) WPA2 is the follow-on
security method to WPA for wireless networks and provides
stronger data protection and network access control. It offers
Enterprise and consumer Wi-Fi users with a high level of
assurance that only authorized users can access their wireless
networks. Like WPA, WPA2 is designed to secure all versions of
802.11 devices, including 802.11a, 802.11b, 802.11g, and 802.11n,
multi-band and multi-mode.
WPA-Both (WPA and WPA2) This option makes use of both
WPA and WPA2.
For more information about security, including a full review of all
security options and settings, go to “Understanding Security” on
page 226.
c. WEP Encryption Key/WPA Passphrase: Depending on the wireless
security scheme you selected, enter a unique WEP key or WPA
passphrase. This field and the one below only appear if you select a
Wireless Security option other than Open.
d. Confirm Encryption Key/Passphrase: If you entered a WEP key or
WPA passphrase, confirm it here.
e. Click Apply SSID Settings when done.
f. Current SSIDs: This lists all of the currently defined SSIDs for you
(regardless of whether they are enabled or not).
Wireless Access Point
Configuring the Wireless AP 167
5. Admin Settings: This section allows you to change the default admin
username, password, and privileges for the AP. You may change the
password and leave the user name as is, but we suggest that you change
both to improve AP security.
a. New Admin User (Replaces user “admin”): Enter the name of a new
administrator user account. Be sure to record the new account name
and password, because the default admin user will be deleted! Note
that the AP also offers the option of authenticating administrators
using a RADIUS server (see “Admin Management” on page 231).
b. New Admin Privilege Level: By default, the new administrator will
have read/write privileges on the AP (i.e., the new user will be able
to change the configuration of the AP). If you wish the new account
to have different privileges, select the desired level from the drop-
down list. For more information about user privileges, please see
“Admin Privileges” on page 233. Take care to make sure to leave
yourself enough read/write privileges on at least one account to be
able to administer the AP.
c. New Admin Password: Enter a new administration password for
managing this AP. If you forget this password, you must reset the AP
to its factory defaults so that the password is reset to admin (its
default setting).
d. Confirm Admin Password: If you have entered a new administration
password, confirm the new password here.
e. Click Apply Admin Settings when done.
6. Time and Date Settings: System time is synchronized using NTP
(Network Time Protocol) by default. Use the drop-down list to select the
Time Zone.
7. Quick Configuration: This offers predefined configuration options such
as Classroom and High-Density that capture best practices from years of
field experience. If one of the options in the drop-down list is appropriate
Wireless Access Point
168 Configuring the Wireless AP
to your deployment, select it and click Apply. For example, the High-
Density option uses best practices to configure the AP for high density
settings such as lecture halls, convention centers, stadiums, etc.
8. IAP Settings:
Figure 98. LEDs are Switched On
Enable/Configure All IAPs: Click on the Execute button to enable and
auto configure all IAPs (a message displays the countdown time in
seconds to complete the auto-configuration task). When enabled, the
IAP’s LED is switched on.
9. Click the Save button at the upper right to make your changes
permanent, i.e., these settings will still be in effect after a reboot.
LED on
Wireless Access Point
Configuring the Wireless AP 169
Network
This is a status-only window that provides a snapshot of the configuration
settings currently established for the Ethernet interfaces. DNS Settings and other
settings are summarized as well. You must go to the appropriate configuration
window to make changes to any of the settings displayed here (configuration
changes cannot be made from this window). You can click on any item in the
Interface column to “jump” to the associated configuration window.
Figure 99. Network Interfaces
WMI windows that allow you to change or view configuration settings associated
with the network interfaces include:
z
“Interfaces” on page 170
z
“Bonds and Bridging” on page 173
z
“DNS Settings” on page 180
z
“Cisco Discovery Protocol (CDP) Settings” on page 181
z
“LLDP Settings” on page 182
See Also
DNS Settings
Interfaces
Wireless Access Point
170 Configuring the Wireless AP
Network Status Windows
Spanning Tree Status
Network Statistics
Interfaces
XR-500, XR-1000, and some XR-2000 Series APs have one Gigabit Ethernet
interface, while XR- 600, XR-4000 and some XR-2000 Series APs have two, and
XR-6000 Series models have four. This window allows you to establish
configuration settings for these interfaces.
Figure 100. Network Settings
When finished making changes, click the Save button if you wish to make
your changes permanent. When the status of a port changes, a Syslog entry is
created describing the change.
Wireless Access Point
Configuring the Wireless AP 171
Network Interface Ports
For the location of network interface ports on an AP, see the illustrations in “User
Interfaces” on page 76.
Procedure for Configuring the Network Interfaces
Configure the Gigabit network interfaces. The fields for each of these interfaces
are the same, and include:
1. Enable Interface: Choose Yes to enable this network interface, or choose
No to disable the interface.
2. LED Indicator: Choose Enabled to allow the LED for this interface to
blink with traffic on the port, or choose Disabled to turn the LED off.
The LED will still light during the boot sequence, then turn off. This
option is only available for the Gigabit interfaces.
3. Allow Management on Interface: Choose Yes to allow management of
this AP via the selected network interface, or choose No to deny all
management privileges for this interface.
4. Auto Negotiate: This feature allows the AP to negotiate the best
transmission rates automatically. Choose Yes to enable this feature, or
choose No to disable this feature the default is enabled. If you disable
the Auto Negotiate feature, you must define the Duplex and Speed
options manually (otherwise these options are not available). Both sides
of the link must have the same values for the following settings, or the
connection will have errors.
a. Duplex: Full-duplex mode transmits data in two directions
simultaneously (for example, a telephone is a full-duplex device
because both parties can talk and be heard at the same time). Half-
duplex allows data transmission in one direction at a time only (for
example, a walkie-talkie is a half-duplex device). If the Auto-
#For improved security, you should also take the additional steps described in
“Securing Low Level Access to the AP” on page 81.
Wireless Access Point
172 Configuring the Wireless AP
Negotiate feature is disabled, you can manually choose Half or Full
duplex for your data transmission preference.
b. MTU: The Maximum Transmission Unit size. This is the largest
packet size (in bytes) that the interface can pass along.
c. Speed: If the Auto-Negotiate feature is disabled, you must manually
choose the data transmission speed from the pull-down list. For the
Gigabit interfaces the options are 10 Megabit or 100 Megabit. (Note
that 1000 Megabit speed can only be set by Auto-Negotiation.)
5. Configuration Server Protocol / IP Settings: Choose DHCP to instruct
the AP to use DHCP when assigning IP addresses to the AP, or choose
Static IP if you intend to enter IP addresses manually. If you select the
Static IP option you must specify the IP address, IP subnet mask and
default gateway.
a. Address: If you selected the Static IP option, enter a valid IP address
for the AP. To use any of the remote connections (Web, SNMP, or
SSH), a valid IP address must be established.
b. Subnet Mask: If you selected the Static IP option, enter a valid IP
address for the subnet mask (the default for Class C is 255.255.255.0).
The subnet mask defines the number of IP addresses that are
available on the routed subnet where the AP is located.
c. Default Gateway: If you selected the Static IP option, enter a valid IP
address for the default gateway. This is the IP address of the router
that the AP uses to send data to other networks. (You don’t need to
enter the gateway if it is on the same subnet as the AP.)
d. Click the Apply button for this interface when done making IP
changes.
6. When done configuring all interfaces as desired, click the Save button
if you wish to make your changes permanent.
See Also
Bonds and Bridging
Wireless Access Point
Configuring the Wireless AP 173
DNS Settings
Network
Network Statistics
Spanning Tree Status
Bonds and Bridging
On models with more than one Gigabit port these ports may be bonded, i.e.
configured to work together in sets. For example, one port may provide active
backup or load balancing for another, or other options as described in this section.
XR-6000 Series APs have four Gigabit ports, and you may specify which ports are
bonded to work together as a pair. You may also select more than two ports to
work together in one group.
A special option lets you configure bridging between the Gigabit ports on an AP
that has two of these ports.
Figure 101. Network Bonds and Bridging
You may use the mirror option to have all the traffic that is ingressing and
egressing one bond be transmitted by the bond you are configuring. For example,
if you configure Bond2 to mirror Bond1, then all traffic going in and out of
Bond1’s Gigabit ports will be transmitted out of Bond2’s Gigabit ports. This way
Wireless Access Point
174 Configuring the Wireless AP
of duplicating one bond’s traffic to another bond is very useful for
troubleshooting with a network analyzer.
Procedure for Configuring Network Bonds
Configure the bonding behavior of the Gigabit network interfaces. The fields for
each of these bonds are the same, and include:
1. Bridge Traffic Across All Ports: Click this for Layer 2 bridging between
all Gigabit ports. (Figure 102)
Figure 102. Bridging Traffic
#If a set of Gigabit ports have been bonded, the IP address, IP mask, IP
gateway, IP DHCP, and Management settings are shared between bonded
ports. Any changes you make to these settings on one member will be
reflected in the settings of the other members. Other settings may be
configured individually.
Bridging traffic
Wireless Access Point
Configuring the Wireless AP 175
Traffic received on Gigx is transmitted by Gigy; similarly, traffic received
on Gigy is transmitted by Gigx. The AP acts as a wired bridge—this
allows APs to be chained and still maintain wired connectivity.
When bridging is enabled, it configures the following bond settings for
each bond. Do not make any manual changes to these settings afterwards
if you wish to continue bridging.
Bond Mode is set to Active Backup (the default value).
Each port is in its own bond, by itself.
Bond Mirror is Off.
You will typically need to enable use of Spanning Tree manually, to
prevent network loops.
Active VLANs is set to All.
A bridge between ports Gig1 and Gig2 sets Bond1 to contain only Gig1.
Bond2 contains only Gig2.
If you are bridging a chain of more than two APs, the endpoint AP is not
actually bridging. It can be left with the default settings—Bond1 is set to
Active Backup, and will contain Gig1 and Gig2.
Skip to Step 7 on page 179.
2. If you are not enabling bridging, configure the bonding behavior of the
Gigabit network interfaces as described in the following steps. The fields
for each of these bonds are the same.
3. Bond Mode: Select the desired behavior for a set of bonded Gigabit
Ethernet ports from the following options.
The modes below describe the relationship between a set of Gigabit
ports—for example, load balancing or active backup. Use the Bond Ports
field to select the ports that are bonded (set in Step 4). Two or more ports
#Each AP in a chain must have power supplied to its PoE port from a
compatible power injector or powered switch port. An AP does not supply
power to another AP.
Wireless Access Point
176 Configuring the Wireless AP
may be bonded. You may also include just one single port in a bond—this
is useful for mirroring one Gigabit port to another port (Step c on
page 178). In APs that have four Gigabit ports, you have the option of
bonding three or four ports together. In this discussion, we call two ports
that are bonded Gigx and Gigy.
a. Active Backup (gig ports fail over to each other) — This mode
provides fault tolerance and is the default mode. Gigx acts as the
primary link. Gigy is the backup link and is passive. Gigy assumes
the IP properties of Gigx. If Gigx fails, the AP automatically fails over
to Gigy. When a failover occurs in this mode, Gigy issues gratuitous
ARPs to allow it to substitute for Gigx at Layer 3 as well as Layer 2.
See Figure 103 (a). You may include more than two ports in the bond
with Active Backup to provide additional fault tolerance. For
example, if you have three Gigabit ports configured in a bond, if the
first two ports in the bond were to go down, the AP would fail over
traffic to the third Gigabit port.
Figure 103. Port Modes (a, b)
(a) Active backup (b) Aggregate using 802.3ad
Wireless Access Point
Configuring the Wireless AP 177
b. Aggregate Traffic from gig ports using 802.3ad The AP sends
network traffic across all member Gigabit ports to increase link speed
to the network. These ports act as a single logical interface, using a
load balancing algorithm to balance traffic across the ports. For non-
IP traffic (such as ARP), the last byte of the destination MAC address
is used to do the calculation. If the packet is a fragment or not TCP or
UDP, the source and destination IP addresses are used to do the
calculation. If the packet is TCP or UDP over IP then the source IP
address, destination IP address, source port number and destination
port number are all used to do the calculation. The network switch
must also support 802.3ad. If a port fails, the connection degrades
gracefully the other port still transmits. See Figure 103 (b).
c. Transmit Traffic on all gig ports Transmits incoming traffic on all
Gigabit ports. Any traffic received on Gigabit ports is sent to the
onboard processor. This mode provides fault tolerance. See
Figure 104 (c).
Figure 104. Port Modes (c, d)
(c) Transmit on all ports
(d) Load balance traffic
Wireless Access Point
178 Configuring the Wireless AP
d. Load balance traffic between gig ports This option provides
trunking, similar to option (b) Aggregate Traffic from gig1 & gig2
using 802.3ad, but it does not use 802.3ad and it uses a different load
balancing algorithm to determine the outgoing Gigabit port. The
outgoing port used is based on an exclusive OR of the source and
destination MAC address. Like option (b), this mode also provides
load balancing and fault tolerance. See Figure 104 (d).
4. Bond Ports: Select the ports to be members of this bond for the behavior
specified by Bond Mode. By default, Bond1 contains Gig1 and Gig2. You
may also set up a bond with a single port, for example, if you wish to
mirror one Gigabit port to another. In APs that have four Gigabit ports,
you also have the option of bonding three or four ports together.
When you check off a port to be a member of a bond, that port is
automatically removed from any other bonds that contain it.
5. Active VLANs: Active VLANs shows the VLANs that you have selected
to be passed through this port. Create and manage the list of VLANs that
are allowed to be passed through this port. Traffic will be dropped for
VLANs that are not in this list. The default setting is to pass All VLANs.
a. To add a VLAN to the list of allowed VLANs, click this field and
select the desired VLAN from the drop-down list. To allow all
VLANs (current or future) to be passed, select All VLANs.
b. To allow only the set of currently defined VLANs (see “VLANs” on
page 213) to be passed, select All Current VLANs. Essentially, this
“fixes” the Active VLANs list to contain the currently defined
VLANs, and only this set, until you make explicit changes to the
Active VLANs list. If you create new VLANs, they will not be passed
unless you take action to add them to the list.
c. To remove a VLAN from the list of allowed VLANs, click the X before
its name.
6. Mirroring Specify one of the active bonds (Bondx) that is to be
mirrored by this bond (Bondy). (Figure 105) All wireless traffic received
on the AP is transmitted out both Bondx and Bondy. All traffic received
Wireless Access Point
Configuring the Wireless AP 179
on Bondx is passed on to the onboard processor as well as out Bondy. All
traffic received on Bondy is passed on to the onboard processor as well as
out Bondx. This allows a network analyzer to be plugged into Bondy to
capture traffic for troubleshooting, while the bonded ports provide
network connectivity for data traffic.
If each bond contains just one port, then you have the simple case of one
port mirroring another.
Figure 105. Mirroring Traffic
7. When done configuring bonds and bridging as desired, click the Save
button if you wish to make your changes permanent.
See Also
Interfaces
DNS Settings
Network
Network Statistics
Spanning Tree Status
Wireless Access Point
180 Configuring the Wireless AP
DNS Settings
This window allows you to establish your DNS (Domain Name System) settings.
The AP uses these DNS servers to resolve host names into IP addresses. The AP
also registers its own Host Name with these DNS servers, so that others may
address the AP using its name rather than its IP address. An option allows you to
specify that the AP’s DNS servers will be assigned via a DHCP server on the
wired network.
Note that the DNS servers defined here are not used by wireless clients servers
for stations associated to the AP are defined along with DHCP pools. See “DHCP
Server” on page 200. At least one DNS server must be set up if you want to offer
clients associating with the AP the ability to use meaningful host names instead of
numerical IP addresses. When finished, click the Save button if you wish to
make your changes permanent.
Figure 106. DNS Settings
Procedure for Configuring DNS Servers
1. DNS Host Name: Enter a valid DNS host name.
2. DNS Domain: Enter the DNS domain name.
3. DNS Server 1: Enter the IP address of the primary DNS server.
4. DNS Server 2 and DNS Server 3: Enter the IP address of the secondary
and tertiary DNS servers (if required).
5. Use DNS settings assigned by DHCP: If you are using DHCP to assign
the AP’s IP address, you may turn this option On. The AP will then
obtain its DNS domain and server settings from the network DHCP
Wireless Access Point
Configuring the Wireless AP 181
server that assigns an IP address to the AP, rather than using the DNS
Server fields above. You may also configure that DHCP server to assign a
host name to the AP.
6. Click the Save button if you wish to make your changes permanent.
See Also
DHCP Server
Network
Interfaces
Network Statistics
Spanning Tree Status
Cisco Discovery Protocol (CDP) Settings
CDP is a layer 2 network protocol used to share information (such as the device
manufacturer and model, network capabilities, and IP address) with other
directly connected network devices. Wireless APs can both advertise their
presence by sending CDP announcements, and gather and display information
sent by neighbors (see “CDP List” on page 112).
This window allows you to establish your CDP settings. When finished, use the
Save button if you wish to make your changes permanent.
Figure 107. CDP Settings
Procedure for Configuring CDP Settings
1. Enable CDP: When CDP is enabled, the AP sends out CDP
announcements of the AP’s presence, and gathers CDP data sent by
neighbors. When disabled, it does neither. CDP is disabled by default.
Wireless Access Point
182 Configuring the Wireless AP
2. CDP Interval: The AP sends out CDP announcements advertising its
presence at this interval. The default is 60 seconds.
3. CDP Hold Time: CDP information received from neighbors is retained
for this period of time before aging out of the AP’s neighbor list. Thus, if a
neighbor stops sending announcements, it will no longer appear on the
CDP List window after CDP Hold Time seconds from its last
announcement. The default is 180 seconds.
See Also
CDP List
Network
Interfaces
Network Statistics
LLDP Settings
Link Layer Discovery Protocol (LLDP) is a Layer 2 network protocol used to share
information (such as the device manufacturer and model, network capabilities,
and IP address) with other directly connected network devices. APs can both
advertise their presence by sending LLDP announcements, and gather and
display information sent by neighbors (see “LLDP List” on page 113).
This window allows you to establish your LLDP settings. When finished, use the
Save button if you wish to make your changes permanent.
Figure 108. LLDP Settings
Wireless Access Point
Configuring the Wireless AP 183
Procedure for Configuring LLDP Settings
1. Enable LLDP: When LLDP is enabled, the AP sends out LLDP
announcements of the AP’s presence, and gathers LLDP data sent by
neighbors. When disabled, it does neither. LLDP is disabled by default.
2. LLDP Interval: The AP sends out LLDP announcements advertising its
presence at this interval. The default is 30 seconds.
3. LLDP Hold Time: LLDP information received from neighbors is retained
for this period of time before aging out of the AP’s neighbor list. Thus, if a
neighbor stops sending announcements, it will no longer appear on the
LLDP List window after LLDP Hold Time seconds from its last
announcement. The default is 120 seconds.
4. Request Power: You must enable LLDP before enabling this feature. If
Request Power is set to Yes and LLDP discovers a device port that
supplies power to this AP (on a powered switch, for example), the AP
checks that the port is able to supply the peak power that is required by
this AP model. The Request Power feature does this by requesting this
peak power (in watts) from the PoE source, and it expects the PoE source
to reply with the amount of power allocated. If the AP does not receive a
response confirming that the power allocated by the PoE source is equal
to or greater than the power requested, then the AP issues a Syslog
message and keeps the radios down for ten minutes. The radios may be
enabled manually after this—see “IAP Settings” on page 313.
Using this feature provides a more graceful way of handling an
underpowered situation on a Wi-Fi device. When the radios are turned
off, XMS can notify you, rather than having to hunt down an intermittent
problem. This feature is disabled by default.
Request Power is available on XR-500/600 and XR-2000 models. It is
especially useful for XR-2000 models ending in 5 or 6 (except for the XR-
2435/2436), since these models draw PoE+ power levels. Some of these
models use Request Power to draw higher power than the IEEE 802.3at
maximum of 25.5W. Requested levels are:
Wireless Access Point
184 Configuring the Wireless AP
XR-2225/2226 (two 2x2 radios) = 22.5W
XR-2235/2236 (two 3x3 radios) = 26.1W
XR-2425/2426 (four 2x2 radios) = 30W
Note that Request Power is not available on the XR-2435/2436.
Additionally, it is not available on certain other APs, including these
XR Series models: XR-1000, XR-4000, XR-6000, XR-7000.
See Also
LLDP List
Network
Interfaces