Service Manual Info

  Une communauté de partage de manuel de service en ligne.







Aruba ArubaOS 5.0

Tags : ArubaOS5.00510654-01 
Aruba ArubaOS 5.0 Guide utilisateur

TéléchargerObtenez le fichier PDF

Description

ArubaOS 5.0 user Guide
P/N : 0510654-01
Edition March 2010

About this Guide 39
Audience..39
Fundamentals 39
WebUI ..39
CLI..39
Related Documents 40
Conventions40
Contacting Support ..41
Chapter 2 Configuring Basic User-Centric Networks 43
Configuring the User-Centric Network .43
Deployment and Configuration Tasks ..43
Deployment Scenario #1.44
Deployment Scenario #2.44
Deployment Scenario #3.45
Configuring the Controller ..46
Run the Initial Setup..46
Connecting to the Controller after Initial Setup47
Configure a VLAN for Network Connection47
Create and Update a VLAN48
View Existing VLAN IDs ..48
Create, Update and Delete VLAN Pools .48
Using the CLI to add existing VLAN IDs to a VLAN Pool ..48
Assign and Configure the Trunk Port48
Using the WebUI to configure the trunk port49
Using the CLI to configure the trunk port ..49
Configure the Default Gateway49
Using the WebUI to configure the default gateway..49
Using the CLI to configure the default gateway .49
Configure the Loopback for the Controller 49
Using the WebUI to configure the loopback ..50
Using the CLI to configure the loopback50
Configure the System Clock .50
Install Licenses.51
Connect the Controller to the Network 51
Deploying APs ..51
Run RF Plan ..51
Enable APs to Connect to the Controller 52
Enable APs to Obtain IP Addresses..52
Using the WebUI to enable the DHCP server on the controller .52
Using the CLI to enable the DHCP server on the controller.52
Locate the Controller 53
From a DNS Server53
From a DHCP Server 53
Using the Aruba Discovery Protocol (ADP) ..54
Provision APs for Mesh54
Install APs ..54
Update RF Plan55
Additional Configuration..55
Chapter 3 Network Parameters 57
Configuring VLANs .57
Creating and Updating VLANs.57
Using the WebUI to create or edit a VLAN57
Using the CLI to create or edit a VLAN ..57
Using the WebUI to create a Bulk VLANs .58
Using the CLI to create a Range of VLANs ..58
Creating, Updating and Deleting VLAN Pools .58
Using the WebUI to create a VLAN Pool 58
To update a VLAN Pool ..58
To delete a VLAN Pool 58
Using the CLI to create a VLAN Pool ..59
Using the CLI to view existing VLAN IDs59
Using the CLI to add existing VLAN IDs to a VLAN Pool ..59
Configuring Ports.59
Classifying Traffic as Trusted or Untrusted60
About Trusted and Untrusted Physical Ports ..60
About Trusted and Untrusted VLANs..60
Using the WebUI to Configure Trusted/Untrusted Ports and VLANs in
Access Mode60
Using the CLI to Configure Trusted/Untrusted Ports and VLANs in Access
Mode.61
Using the WebUI to Configure Trusted/Untrusted Ports and VLANs in
Trunk Mode ..61
Using the CLI to Configure Trusted/Untrusted Ports and VLANs in Trunk
Mode.62
About VLAN Assignments ..62
Assigning a Static Address to a VLAN.62
Using the WebUI to Assign a Static Address to a VLAN 62
Using the CLI to Assign a Static Address to a VLAN62
Configuring a VLAN to Receive a Dynamic Address 62
Enabling the DHCP Client ..63
Using the WebUI to Enable DHCP on a VLAN.63
Using the CLI to Enable DHCP on a VLAN63
Enabling the PPPoE Client.64
Using the WebUI to Enable the PPPoE Client on a VLAN .64
Using the CLI to Enable the PPPoE Client on a VLAN.64
Default Gateway from DHCP/PPPoE64
Using the WebUI to Set a Default Gateway from DHCP/PPPoE64
Using the CLI to Set a Default Gateway from DHCP/PPPoE ..64
DNS/WINS Server from DHPC/PPPoE64
Using the WebUI to Configure the DNS/WINS Server.65
Using the CLI to Configure the DNS/WINS Server 65
Source NAT to Dynamic VLAN Address.65
Using the WebUI to Configure Source NAT to the Dynamic VLAN ..65
Using the CLI to Configure Source NAT to the Dynamic VLAN..66
Configuring Source NAT for VLAN Interfaces..66
Example Configuration 66
Using the WebUI to Configure the Source NAT for a VLAN Interface: 66
Using the CLI to Configure the Source NAT for a VLAN Interface.67
Inter-VLAN Routing 67
Using the WebUI to restrict VLAN routing .67
Using the CLI to restrict VLAN routing.68
Configuring Static Routes ..68
Using the WebUI to Configure a Static Route .68
Using the CLI to Configure a Static Route.68
Configuring the Loopback IP Address .69
Using the WebUI to Configure the Loopback IP Address .69
Using the CLI to Configure the Loopback IP Address.69
Using the CLI to reboot the controller..69
Configuring the Controller IP Address..69
Using the CLI to Configure the Controller IP Address .70
Configuring GRE Tunnels 71
Creating a Tunnel Interface71
WebUI ..71
CLI .71
Directing Traffic into the Tunnel ..71
Static Routes 72
Firewall Policy..72
Tunnel Keepalives..72
Chapter 4 RF Plan. 73
Supported Planning73
Before You Begin 74
Task Overview..74
Planning Requirements 74
Launching the RF Plan .76
Campus List Page..76
Building List Pane ..77
Building Specifications Overview78
Building Dimension Page79
AP Modeling Parameters Page80
Radio Type 80
Design Model81
Overlap Factor .81
Users/AP.82
Radio Properties (Desired Rates and HT Support Options) .82
AM Modeling Page.83
Design Models.84
Monitor Rates ..84
Planning Floors Page 85
Zoom 86
Approximate Coverage Map.86
Coverage Rate.86
Channel86
HT Mode.87
Floor Editor Dialog Box87
Area Editor Dialog Box 88
Access Point Editor Dialog Box..89
AP Plan Page 92
Initialize 92
Optimize .92
Fix All Suggested AP/AMs.93
AM Plan Page ..93
Initialize 93
Optimize .93
Fix All Suggested AP/AMs.94
Exporting and Importing Files ..94
Export Campus94
Import Campus95
Export Buildings Page .95
Import Buildings Page .96
Locate ..96
FQLN Mapper ..96
Using the FQLN Mapper in the AP Provision Page98
Using the WebUI to configure the FQLN for an AP ..99
Using the CLI to configure the FQLN for an AP..99
Legacy RF Plan Example.99
Sample Building ..99
Create a Building .101
Model the Access Points 102
Model the Air Monitors .102
Add and Edit a Floor ..102
To add the background image and name the first floor102
To add the background image and name the second floor103
Defining Areas103
Creating a Don’t Care Area 103
Creating a Don’t Deploy Area 104
Running the AP Plan .104
Running the AM Plan 105
Chapter 5 Access Points 107
Overview107
Names and Groups .108
AP Names 108
Duplicate AP Names..109
Renaming an AP in the WebUI .109
Renaming an AP in the CLI.109
AP Groups109
Creating an AP group in the WebUI ..110
Assigning APs to an AP group in the WebUI.110
Creating an AP group in the CLI..110
Assigning an AP to an AP group in the CLI 110
Virtual APs 111
Configuring Profiles .111
Wireless LAN Profiles.112
AP Profiles114
QoS Profiles 114
RF Management Profiles..114
IDS Profiles..115
Mesh Profiles .115
Controller Profiles.116
Profile Hierarchies 116
Applying Profiles ..119
Excluding a virtual AP profile from an AP in the WebUI ..121
Excluding a virtual AP profile from an AP in the CLI .121
Viewing Profile Errors.121
Viewing profile errors in the CLI122
Virtual AP Configurations..122
Configuring the WLAN ..123
Configure the User Role123
Configuring the user role in the WebUI 123
Configuring the user role in the CLI124
Configure Authentication Servers 124
Configuring authentication servers in the WebUI124
Configuring authentication servers in the CLI ..124
Configure Authentication .124
Configuring authentication in the WebUI.124
Configuring authentication in the CLI 126
Applying the Virtual AP .126
Configuring the virtual AP in the WebUI ..126
Configuring the virtual AP in the CLI .130
Guest WLAN ..130
Configure the VLAN 130
Configuring the VLAN in the WebUI ..130
Configuring the VLAN in the CLI..130
Configuring the Guest Role.130
Configuring the Guest Role in the WebUI ..130
Configuring the Guest Role in the CLI..131
Configuring the Guest Virtual AP .131
Configuring the virtual AP in the WebUI ..131
Configuring the virtual AP in the CLI .132
Configuring High-throughput on Virtual APs ..132
Configuring high-throughput for a virtual AP profile assigned to an AP
group in the WebUI.132
Configuring high-throughput for a virtual AP profile assigned to an AP
group in the CLI 134
Advanced Configuration Options .135
802.11k Configuration135
Configuring 802.11k Profile in the WebUI ..135
Configuring 802.11k Profile Using CLI .136
RF Optimization 136
Configuring an RF Optimization Profile in the WebUI ..136
Configuring an RF Optimization Profile in the CLI..137
RF Event Configuration.137
Configuring a RF Event Profile in the WebUI.138
Configuring a RF Event Profile in the CLI 140
Changing AP Installation Modes..140
Configuring the AP Installation Mode in the WebUI ..140
Configuring the AP Installation Mode in the CLI .140
Channel Switch Announcement (CSA)..141
Configuring CSA in the WebUI .141
Configuring CSA in the CLI.141
20 MHz and 40 MHz Static Channel Assignments .141
Using the WebUI to configure channels ..142
Using the CLI to configure channels .143
Automatic Channel and Transmit Power Selection Using ARM143
APs Over Low-Speed Links.143
Adjusting the bootstrap threshold in the WebUI .144
adjusting the bootstrap threshold in the CLI .144
Prioritizing AP heartbeats in the WebUI ..144
Prioritizing AP heartbeats in the CLI..144
AP Redundancy.144
AP failback ..144
Configuring AP failback in the WebUI ..145
Configuring AP failback in the CLI..145
AP Maintenance Mode ..145
Configuring AP maintenance mode in the WebUI..145
Configuring AP maintenance mode in the CLI .146
Manage AP LEDs..146
Disabling LEDs in the WebUI.146
Enable or disable LEDs in the CLI ..146
Configuring Blinking LEDs in the CLI 147
Chapter 6 Adaptive Radio Management (ARM) 149
ARM Overview149
ARM Support for 802.11n 149
Monitoring Your Network with ARM ..150
Application Awareness .150
Managing ARM Profiles.150
Using the WebUI to Create a New ARM Profile ..151
Using the CLI to Create a New ARM Profile..151
Configuring ARM Settings Using the WebUI..152
Configuring ARM Using the CLI 155
Assigning a New ARM Profile to an AP Group..156
Assigning ARM Profiles Using the WebUI ..156
Assigning ARM Profiles Using the CLI .156
Deleting an ARM profile.157
Using the Multi-Band ARM feature in Networks with both 802.11a and
802.11g Traffic157
Band Steering.157
Enable or Disable Band Steering using the WebUI 158
Configure Band Steering using the CLI 158
Assign a Virtual AP Profile to an AP or AP Group ..158
Traffic Shaping ..158
Configure Traffic Shaping using the WebUI ..159
Configure Traffic Shaping using the CLI..159
Assign a Traffic Management Profile to an AP or AP Group.159
Spectrum Load Balancing160
RX Sensitivity Tuning Based Channel Reuse .160
Non-802.11 Noise Interference Immunity.161
ARM Metrics 161
ARM Troubleshooting.162
Too many APs are on the Same Channel 162
Wireless Clients Report a Low Signal Level From All APs..162
Transmission Power Levels Change Too Often162
APs Detect Errors but Do Not Change Channels 163
APs are not Changing Channels When There is a Lot of Channel Noise 163
Chapter 7 Remote Access Points 165
Overview165
Configuring the Secure Remote Access Point Service .167
Configure a Public IP Address for the Controller .167
Using the WebUI to create a DMZ address167
Using the CLI to create a DMZ address ..168
Configure the VPN Server 168
Using the WebUI to configure VPN server .168
Using the CLI to configure VPN server.168
Configure the Remote AP User Role .169
Using the WebUI to configure the user role ..169
Using the CLI to configure the user role..170
Configure VPN Authentication ..170
Using the WebUI to configure the VPN authentication profile: 171
Using the CLI to configure the VPN authentication profile.171
Using the Internal Database for Authentication 171
Using the WebUI to configure the internal database for a remote
AP user .171
Configure VPN authentication using the internal database173
Add the user to the internal database ..173
Using the CLI to configure the internal database for a remote
AP user .173
Provision the AP173
Creating a Remote AP Whitelist174
Revoking an AP 175
Deploying a Branch Office/Home Office Solution 175
To configure the branch office AP ..175
Troubleshooting Remote AP..176
Local Debugging .176
Remote AP Summary 176
Remote AP Connectivity..179
Remote AP Diagnostics179
Double Encryption 179
Using the WebUI to enable double encryption:180
Using the CLI to enable double encryption180
Advanced Configuration Options .180
Understanding Remote AP Modes of Operation .180
Backup Configuration 182
Configuring the Backup Configuration..183
Using the WebUI to configure the AAA profile .183
Using the WebUI to define the backup configuration in the virtual
AP profile .184
Using the CLI to configure the AAA profile.184
Using the CLI to define the backup configuration in the virtual
AP profile .184
Configuring the DHCP Server on the Remote AP185
Using the WebUI to configure the DHCP server on the AP185
Using the CLI to configure the DHCP server on the AP..186
Advanced Backup Configuration Options ..186
Using the WebUI to configure the session ACL ..187
Using the WebUI to configure the AAA profile .188
Using the WebUI to define the backup configuration ..188
Using the CLI to configure the session ACL..189
Using the CLI to configure the AAA profile.189
Using the CLI to define the backup configuration..189
DNS Controller Setting..191
To specify the DNS name191
Backup Controller List ..191
Using the WebUI to configure the LMS and backup LMS IP
addresses 192
Using the CLI to configure the LMS and backup LMS IP
addresses 192
Remote AP Failback192
Using the WebUI to configure remote AP failback.192
Using the CLI to configure remote AP failback 193
RAP Local Network Access 193
Using the WebUI..193
Using CLI .193
Access Control Lists and Firewall Policies .194
Split Tunneling ..194
Configuring Split Tunneling 194
Configuring the Session ACL.195
Using the WebUI to configure the session ACL ..195
Using the CLI to configure the session ACL..196
Configuring ACL for restricted LD homepage access ..197
Using CLI .197
Configuring the AAA Profile and the Virtual AP Profile .198
Using the WebUI to configure a AAA profile .198
Using the WebUI to configure split tunneling in the virtual AP profile..198
Using the CLI to configure the AAA profile.199
Using the CLI to configure split tunneling in the virtual AP profile .199
Using the WebUI to list the corporate DNS servers ..199
Using the CLI to list the corporate DNS servers .199
Wi-Fi Multimedia ..200
Uplink Bandwidth Reservation..200
Bandwidth Reservation for Uplink Voice Traffic..200
Using CLI to Configure Bandwidth Reservation..200
Chapter 8 Secure Enterprise Mesh. 203
Mesh Access Points 203
Mesh Portals ..204
Mesh Points 204
Mesh Clusters 205
Mesh Links ..205
Link Metrics.206
Mesh Profiles ..207
Mesh Cluster Profile207
Mesh Radio Profile..207
RF Management (802.11a and 802.11g) Radio Profiles ..207
Adaptive Radio Management Profiles ..208
High-Throughput Profiles 208
Mesh High-Throughput SSID Profile..208
Wired AP Profile 209
Mesh Recovery Profile ..209
Mesh Solutions..209
Thin AP Services with Wireless Backhaul Deployment 210
Point-to-Point Deployment .210
Point-to-Multipoint Deployment210
High-Availability Deployment.211
Before You Begin .212
Pre-Deployment Considerations..212
Outdoor-Specific Deployment Considerations .212
Configuration Considerations. ..212
Post-Deployment Considerations213
AP-70 and AP-12x Specific Considerations ..213
Defining the Mesh Radio Profile 213
Manage Mesh Radio Profiles via the WebUI..213
Create a New Mesh Radio Profile ..213
Select a Mesh Radio Profile for a mesh AP or AP Group216
Edit an Mesh Radio Profile .217
Delete a Mesh Radio Profile ..217
Manage mesh radio profiles using the CLI .217
Create or Modify a Mesh Radio Profile 217
View Current Mesh Radio Settings.218
Select a Mesh Radio Profile ..218
Delete a Mesh Radio Profile ..218
Defining the RF Management (802.11a and 802.11g) Radio Profiles.218
Manage RF Management Profiles via the WebUI 219
Create an 802.11a or 802.11g RF management profile ..219
Assign a 802.11a or 802.11g RF Management Profile .221
Assign a High-throughput Profile 222
Assign an ARM profile to a RF Management Profile .223
Edit an 802.11a or 802.11g RF management profile.223
Delete an 802.11a or 802.11g radio profile 224
Manage RF Management Radio Profiles using the CLI 224
Create or Modify an 802.11a or 802.11g Radio Profile 224
View RF Management Settings 225
Assign an 802.11a or 802.11g RF Management Profile ..225
Delete an 802.11a or 802.11g RF management profile225
Defining the Mesh High-Throughput SSID Profile225
Manage mesh high-throughput SSID profiles via the WebUI 225
Create a Mesh High-throughput SSID Profile ..226
Select a Mesh High-throughput SSID Profile 227
Edit a Mesh High-throughput SSID Profile .227
Delete a Mesh High-throughput SSID Profile 227
Manage high-throughput SSID profiles using the CLI ..228
Create or Modify a High-throughput SSID Radio Profile.228
View current high-throughput SSID profile settings ..228
Reference a mesh high-throughput SSID profile.228
Delete a mesh high-throughput SSID profile.228
Defining the Mesh Cluster Profile .229
Deployments with Multiple Mesh Cluster Profiles ..229
Manage Mesh Cluster Profiles via the WebUI ..230
Create a Mesh Cluster Profile230
Add a Mesh Cluster Profile.231
Edit a Mesh Cluster Profile .232
Delete a Mesh Cluster Profile 232
Manage Mesh Cluster Profiles Using the CLI 232
View current mesh cluster profile settings..233
Associate mesh cluster profiles233
Exclude a mesh cluster profile from a mesh node .234
Delete a mesh cluster profile .234
Configuring Ethernet Ports for Mesh..234
Configure bridging on the Ethernet port ..234
Configuring Ethernet Ports for Secure Jack Operation 235
Use the following commands to configure secure jack operation via the
CLI. .236
Extending the Life of a Mesh Network..236
Modify the AP System Profile236
Provisioning Mesh Nodes.236
Outdoor AP Parameters237
Provisioning Caveats .237
Provision a Mesh Node via the WebUI .238
Provision a Mesh Node via the CLI.238
AP Boot Sequence ..239
Mesh Portal .239
Mesh Point ..239
Air Monitoring and Mesh..239
Verifying the Network .240
Remote Mesh Portals .240
How RMP Works..240
Configuring a Remote Mesh Portal via the WebUI .241
Configure an AP as a remote mesh portal .241
Configuring the Mesh Private VLAN..242
Select a Mesh Radio Profile ..243
Select an RF Management Profile ..243
Add a Mesh Cluster Profile.243
Configure a DHCP Pool244
Configuring a Remote Mesh Portal via the CLI.245
Additional Information245
Chapter 9 Authentication Servers 247
Important Points to Remember .247
Servers and Server Groups .247
Configuring Servers.248
Configuring a RADIUS Server 248
Using the WebUI to configure a RADIUS server .249
Using the CLI to configure a RADIUS server.249
RADIUS Server Authentication Codes..249
Configuring an LDAP Server ..250
Using the WebUI to configure an LDAP server 250
Using the CLI to configure an LDAP server251
Configuring a TACACS+ Server 251
Using the WebUI to configure a TACACS+ server .251
Using the CLI to configure a TACACS+ server.251
Configuring a Windows Server .252
Using the WebUI to configure a Windows server252
Using the CLI to configure a Windows server ..252
Configuring the Internal Database252
Using the WebUI to configure users in the internal database ..253
Using the CLI to configure users in the internal database .253
RAP Static Inner IP Address ..253
Using the WebUI..254
..254
Using CLI .254
Managing Internal Database Files255
Using the WebUI to export files from the internal database .255
Using the WebUI to export files from the internal database .255
Using the CLI to export and import users in the internal database255
Internal Database Utilities 255
Using the WebUI to delete all users from the internal database .255
Using the WebUI to repair the internal database 256
Configuring Server Groups..256
Using the WebUI to configure a server group ..256
Using the CLI to configure a server group .256
Server List Order and Fail-Through.256
Using the WebUI to configure fail-through authentication .257
Using the CLI to configure fail-through authentication 257
Dynamic Server Selection 257
Using the WebUI to configure server selection 258
Using the CLI to configure server selection ..259
Match FQDN Option ..259
Using the WebUI to configure match FQDN option ..259
Using the CLI to configure match FQDN option..259
Trimming Domain Information from Requests ..260
Using the WebUI to trim domain information 260
Using the CLI to trim domain information ..260
Configuring Server-Derivation Rules..260
Using the WebUI to configure server rules .261
Using the CLI to configure server rules.262
Configuring a Role Derivation Rule for the Internal Database..262
Using the WebUI to configure a server rule for the internal database ..262
Using the CLI to configure a server rule for the internal database: 262
Assigning Server Groups..262
User Authentication.263
Management Authentication..263
Using the WebUI to assign a server group for management authentication .
263
Using the CLI to assign a server group for management authentication 263
Accounting ..263
RADIUS Accounting ..263
Using the WebUI to assign a server group for RADIUS accounting..265
Using the CLI to assign a server group for RADIUS accounting .265
TACACS+ Accounting ..265
Configuring Authentication Timers ..266
Using the WebUI to set an authentication timer ..266
Using the CLI to set an authentication timer:.266
Chapter 10 802.1x Authentication 267
Overview of 802.1x Authentication..267
Supported EAP Types268
Authentication with a RADIUS Server 268
Authentication Terminated on Controller .269
Configuring 802.1x Authentication ..270
Using the WebUI to configure an 802.1x authentication profile..271
Using the CLI to configure an 802.1x authentication profile .275
Using Certificates with AAA FastConnect276
Using the WebUI to configure AAA FastConnect certificate
authentication: ..276
Using the CLI to configure AAA FastConnect certificate
authentication 277
Configuring User and Machine Authentication .277
Role Assignment with Machine Authentication Enabled .277
VLAN Assignment with Machine Authentication Enabled278
Example Configurations 278
Authentication with an 802.1x RADIUS Server .279
Configuring Policies and Roles .279
Using the Web to create the student policy and role 279
Using the WebUI to create the faculty policy and role .280
Using the WebUI to create the guest policy and role281
Using the WebUI to create the sysadmin role ..282
Using the WebUI to create the computer role..282
Using the CLI to create an alias for the internal network 282
Using the CLI to create the student role..282
Using the CLI to create the faculty role282
Using the CLI to create the guest role..283
Using the CLI to create the sysadmin role .283
Using the CLI to create the computer role .283
Configuring the RADIUS Authentication Server283
Using the WebUI to configure the RADIUS authentication server .283
Using the CLI to configure the RADIUS authentication server.284
Configure 802.1x Authentication..284
Using the WebUI to configure 802.1x authentication284
Using the CLI to configure 802.1x authentication ..284
Configure VLANs..285
Using the WebUI to configure VLANs ..285
Using the CLI to Configure VLANs .285
Configure the WLANs 286
Guest WLAN ..286
Using the WebUI to configure the WLAN286
Using the CLI to configure the guest WLAN .287
Non-Guest WLANs..287
Using the WebUI to configure the non-guest WLANs..287
Using the CLI to configure the non-guest WLANs .288
Authentication with the Controller’s Internal Database.288
Configuring Policies and Roles .288
Using the Web to create the student policy and role 289
Using the WebUI to create the faculty policy and role .289
Using the WebUI to create the guest policy and role290
Using the WebUI to create the sysadmin role ..291
Using the WebUI to create the computer role..291
Using the CLI to create an alias for the internal network 291
Using the CLI to create the student role..291
Using the CLI to create the faculty role292
Using the CLI to create the guest role..292
Using the CLI to create the sysadmin role .292
Using the CLI to create the computer role .292
Configuring the Internal Database ..292
Using the WebUI to configure the internal database.292
Using the WebUI to configure a server rule for the internal database .293
Using the CLI to configure the internal database293
Using the CLI to configure a server rule for the internal database.293
Configure 802.1x Authentication..293
Using the WebUI to configure 802.1x authentication293
Using the CLI to configure 802.1x authentication ..294
Configure VLANs..294
Using the WebUI to configure VLAN .294
Using the CLI to configure VLANs..295
Configure the WLANs 295
Guest WLAN ..295
Using the WebUI to configure the WLAN295
Using the CLI to configure the guest WLAN .296
Non-Guest WLANs..296
Using the WebUI to configure the non-guest WLANs..296
Using the CLI to configure the non-guest WLANs .297
Advanced Configuration Options for 802.1x ..298
Reauthentication with Unicast Key Rotation..298
Using the WebUI to configure reauthentication with unicast
key rotation.298
Using the CLI to configure reauthentication with unicast
key rotation.298
Chapter 11 Roles and Policies . 299
Policies ..299
Access Control Lists (ACLs)300
Creating a Firewall Policy .300
Using the WebUI to create a new firewall policy .302
Using the CLI to create a new firewall policy 302
Creating an ACL White List .302
Using the WebUI to configure a White List Bandwidth Contract 302
Using the WebUI to configure the ACL White List .303
Using the CLI to configure the White List Bandwidth Contract ..303
Using the CLI to configure the ACL White List.303
Creating a User Role ..303
Using the WebUI to create a role 304
Deleting a user-role 305
Using the CLI to create a role305
Bandwidth Contracts .305
Using the WebUI to configure a bandwidth contract 305
Using the WebUI to assign a Bandwidth Contract to a User Role.306
Using the CLI to configure and assign bandwidth contracts 306
Assigning User Roles..306
Default User Role in AAA Profile ..307
Using the WebUI to configure user roles in the AAA profile..307
Using the CLI to configure user roles in the AAA profile .307
User-Derived Role307
Using the WebUI to configure a user-derived role .308
Using the CLI to configure a user-derived role.309
Default Role for Authentication Method309
Using the WebUI to configure a default role for an authentication method
309
Using the CLI to configure a default role for an authentication method .
309
Server-Derived Role 309
VSA-Derived Role 310
Global Firewall Parameters..310
Chapter 12 Stateful and WISPr Authentication . 315
Stateful Authentication Overview .315
WISPr Authentication Overview.315
Important Points to Remember .316
Configuring Stateful 802.1x Authentication.316
Using the WebUI to configure the Stateful 802.1x Authentication
profile.316
Using the CLI to configure the Stateful 802.1x Authentication
profile.317
Configuring Stateful NTLM Authentication..317
Using the WebUI to configure the Stateful NTLM Authentication
profile.317
Using the CLI to configure the Stateful NTLM Authentication
profile.318
Configuring WISPr Authentication318
Using the WebUI to configure the WISPr Authentication profile .318
Using the CLI to configure the WISPr Authentication profile 319
Chapter 13 Captive Portal 321
Captive Portal Overview321
Policy Enforcement Firewall Next Generation (PEFNG) License .321
Controller Server Certificate322
Using the WebUI to select a certificate for captive portal ..322
Using the CLI to select a certificate for captive portal .322
Captive Portal in the Base ArubaOS ..322
Configuring Captive Portal in the base ArubaOS.323
Using the WebUI to configure captive portal 323
Using the CLI to configure captive portal in the base operating system
324
Captive Portal with the PEFNG License324
Using the WebUI to configure captive portal with PEFNG license.325
Using the CLI to configure captive portal with PEFNG license 327
Example Authentication with Captive Portal ..327
Configuring Policies and Roles .327
Creating a guest-logon User Role ..328
Creating auth-guest User Role .328
Using the WebUI to create a Time Range ..328
Using the WebUI to create the guest-logon-access Policy ..329
Using the WebUI to Configure the auth-guest-access Policy..329
Using the WebUI to Create the block-internal-access Policy ..330
Using the WebUI to Create the drop-and-log Policy.331
Using the WebUI to Create the guest-logon Role ..331
Using the WebUI to Create the auth-guest Role .332
Using the CLI to create a time range.332
Using the CLI to Create Aliases332
Using the CLI to Create the guest-logon-access Policy .332
Using the CLI to Create the auth-guest-access Policy 333
Using the CLI to Create the block-internal-access Policy..333
Using the CLI to Create the drop-and-log Policy 333
Using the CLI to Create the guest-logon Role .333
Using the CLI to Create the auth-guest Role 333
Configuring the Guest VLAN ..333
Using the WebUI to configure the guest VLAN.333
Using the CLI to configure the guest VLAN334
Configuring Captive Portal Authentication ..334
Using the WebUI to configure captive portal authentication .334
Using the CLI to configure captive portal authentication 334
Modifying the Initial User Role ..334
Using the WebUI to modify the guest-logon role 335
Using the CLI to modify the guest-logon role ..335
Configuring the AAA Profile 335
Using the WebUI to configure the AAA profile .335
Using the CLI to configure the AAA profile.335
Configuring the WLAN ..335
Using the WebUI to configure the guest WLAN..335
Using the CLI to configure the guest WLAN .336
User Account Administration .336
Captive Portal Configuration Parameters 336
Optional Captive Portal Configurations.338
Per-SSID Captive Portal Page ..338
Changing the Protocol to HTTP339
Using the WebUI to change the protocol to HTTP.339
Using the CLI to change the protocol to HTTP 340
Proxy Server Redirect 340
Using the WebUI to redirect proxy server traffic .340
Using the CLI to redirect proxy server traffic 341
Redirecting Clients on Different VLANs 341
Using the CLI to redirect clients on different VLANs.341
Web Client Configuration with Proxy Script ..341
Using the WebUI to allow clients to download proxy script..342
Using the CLI to allow clients to download proxy script .342
Personalizing the Captive Portal Page ..342
Chapter 14 Advanced Security. 345
Securing Client Traffic 346
Securing Wireless Clients 346
Using the WebUI to configure xSec for wireless clients..347
Using the CLI to configure xSec for wireless clients.347
Securing Wired Clients..348
Using the WebUI to configure xSec for wired clients348
Using the CLI to configure xSec for wired clients ..349
Securing Wireless Clients Through Non-Aruba APs..349
Using the WebUI to configure xSec for non-Aruba AP wireless clients..
350
Using the CLI to configure xSec for non-Aruba AP wireless clients .350
Securing Controller-to-Controller Communication .351
Using the WebUI to configure Controllers for xSec:..351
Using the CLI to configure controllers for xSec: ..352
Configuring the Odyssey Client on Client Machines..352
To install the Odyssey Client..352
VPN Configuration 357
Chapter 15 Virtual Private Networks 357
Configure VPN authentication358
Supported VPN AAA Deployments.358
Configuring Remote Access VPN for L2TP IPsec 358
Configure the VPN via the WebUI359
Authentication Method and Server Addresses.359
Define Address Pools 359
Source NAT 359
IKE Shared Secrets 360
IKE Policies.360
Configure the VPN via the CLI ..360
Authentication Method and Server Addresses.360
Address Pools ..360
Source NAT 360
IKE Shared Secrets 360
IKE Policies.361
Example Configurations for Remote Access Clients .361
Configure a VPN for Microsoft Smart Card Clients 361
Configure a VPN for L2TP/IPsec Clients with Passwords ..363
Configure the VPN via the WebUI ..363
Configure the VPN via the CLI..365
Configuring Remote Access VPN for XAuth365
Configure VPN with XAuth via the WebUI365
Address Pools ..365
Source NAT 366
Aggressive Mode.366
Server Certificate.366
CA Certificate for VPN Clients ..366
IKE Shared Secrets 366
IKE Policies.366
Configure VPN with XAuth via the CLI ..367
Authentication Method and Server Addresses.367
Address Pools ..367
Source NAT 367
Aggressive Mode.367
Server Certificate.367
CA Certificate Assigned for VPN Clients .367
IKE Shared Secrets 367
IKE Policies.367
Configurations for XAuth Clients using Smart Cards.367
Configure a VPN for Cisco XAuth Smart Card Clients..368
Configure the VPN via the WebUI ..368
Configure the VPN via the CLI..369
XAuth Clients Using a Username/Password..369
Configure VPN for XAuth clients with username/password370
Configure the VPN via the WebUI ..370
Configure the VPN via the CLI..371
To configure a VPN for Cisco VPN XAuth clients using a username
and passwords via the CLI: 371
Configuring Remote Access VPN for PPTP 371
Configure a VPN with PPTP via the WebUI 372
Configure a VPN with PPTP via the CLI372
Configuring Site-to-Site VPNs372
Site-to-Site VPNs with Dynamic IP Addresses .372
VPN Topologies 373
Configure site-to-site VPN ..373
Configure the VPN via the WebUI ..373
Configure the VPN via the CLI..375
Dead Peer Detection..376
Aruba Dialer .376
Configure the dialer via the WebUI .376
Configure the dialer via the CLI.377
Issue the following commands to configured the Aruba dialer
via the CLI: ..377
Captive Portal Download of Dialer ..377
Configure the Captive Portal Dialer via the WebUI.377
Configure the Captive Portal Dialer via the CLI 377
Chapter 16 Virtual Intranet Access 379
Windows Desktop Application (Aruba VIA) .379
Controller Configuration379
Aruba VIA—Windows Desktop Application.379
How it Works..379
Installing Aruba VIA .380
Upgrade Workflow..380
Minimal Upgrade .380
Complete Upgrade .380
Configuring the VIA Controller381
Configuring VIA Settings ..381
Using WebUI to Configure VIA..382
Enable VPN Server Module 382
Create VIA User Roles ..382
Create VIA Authentication Profile 382
Create VIA Connection Profile ..383
Configure VIA Web Authentication .386
Associate VIA Connection Profile to User Role387
Configure VIA Client WLAN Profiles ..387
Rebranding Aruba VIA and Downloading the Installer .390
Using CLI to Configure VIA .391
Enable VPN module391
Create VIA roles391
Create VIA authentication profiles ..391
Create VIA connection profiles .391
Configure VIA web authentication ..392
Associate VIA connection profile to user role392
Configure VIA client WLAN profiles 392
Customize VIA logo, landing page and downloading installer .392
Configuring MAC-Based Authentication ..393
Configuring the MAC Authentication Profile ..393
Chapter 17 MAC-based Authentication . 393
Using the WebUI to configure a MAC authentication profile.394
Using the CLI to configure a MAC authentication profile 394
Configuring Clients ..394
Using the WebUI to configure clients in the internal database.394
Using the CLI to configure clients in the internal database 395
Chapter 18 Control Plane Security 397
Control Plane Security Overview..397
Configuring Control Plane Security .398
Using the WebUI to Configure Control Plane Security.399
Using the CLI to Configure Control Plane Security 400
Managing the Campus AP Whitelist ..401
Adding an AP to the Campus AP Whitelist.401
Viewing Entries in the Campus AP Whitelist .401
Modifying an AP in the Campus AP Whitelist403
Revoking an AP via the Campus AP Whitelist..404
Deleting an AP Entry from the Campus AP Whitelist 404
Purging the Campus AP Whitelist ..405
Managing Whitelists on Master and Local Controllers..405
Campus AP Whitelist Synchronization..406
Viewing and Managing the Master or Local controller Whitelists 406
Viewing the Master or Local Controller Whitelist.406
Deleting an Entry from the Master or Local Controller Whitelist .407
Purging the Master or Local Controller Whitelist.408
Environments with Multiple Master Controllers.408
Configuring Networks with a Backup Master Controller .408
Configuring Networks with Clusters of Master Controllers.409
Creating a Cluster Root 409
Creating a Cluster Member 410
Replacing a Controller on a Multi-Controller Network ..411
Replacing Controllers in a Single Master Network .411
Replacing a Local Controller .411
Replacing a Master Controller (With No Backup)412
Replacing a Redundant Master Controller .412
Replacing Controllers in a Multi-Master Network 413
Replacing a Local Controller in a Multi-Master Network.413
Replacing a Cluster Member Controller (With no Backup).413
Replacing a Redundant Cluster Member Controller .414
Replacing a Cluster Root Controller with no Backup Controller .414
Replacing a Redundant Cluster Root Controller .414
Troubleshooting Control Plane Security415
Certificate Problems415
Disabling Control Plane Security .415
Verify Whitelist Synchronization415
Supported APs..416
Rogue APs ..416
Moving to a Multi-Controller Environment417
Preshared Key for Inter-Controller Communication417
Chapter 19 Adding Local Controllers 417
Best Security Practices for the Preshared Key.418
Configuring the Preshared Key .418
Using the WebUI to configure the Local Controller PSK.418
Using the WebUI to configure the Master Controller PSK .418
Using the CLI to configure the PSK419
Configuring Local Controllers.419
Configuring the Local Controller ..419
Using the Initial Setup419
Using the Web UI.420
Using the CLI .420
Configuring Layer-2/Layer-3 Settings420
Configuring Trusted Ports 420
Configuring APs 420
Using the WebUI to configure the LMS IP..420
Using the CLI to configure the LMS IP .421
Chapter 20 IP Mobility 423
Aruba Mobility Architecture .423
Configuring Mobility Domains 424
Configuring a Mobility Domain..425
Using the WebUI to configure a mobility domain (on the master
controller).425
Using the CLI to configure a mobility domain (on the master
controller).425
Joining a Mobility Domain426
Using the WebUI to join a mobility domain 426
Using the CLI to join a mobility domain426
Example Configuration..426
Configuring Mobility using the WebUI..427
Configuring Mobility using the CLI..428
Tracking Mobile Users428
Mobile Client Roaming Status ..428
Using the WebUI to view mobile client status..428
Using the CLI to view mobile client status .429
Using the CLI to view user roaming status.429
Using the CLI to view specific client information 429
Mobile Client Roaming Locations 430
Using the WebUI to view client roaming locations.430
Using the CLI to view client roaming locations 430
HA Discovery on Association.430
Using the CLI to Set up Mobility on Association.430
Advanced Mobility Functions .430
Using the WebUI to configure advanced mobility functions .430
Using the CLI to configure mobility functions ..433
Proxy Mobile IP .433
Proxy DHCP433
Revocations 433
Mobility Multicast .434
Proxy IGMP and Proxy Remote Subscription434
Inter-controller Mobility .435
Configuring Mobility Multicast Using the WebUI.435
Configuring Mobility Multicast Using the CLI 436
Example436
Chapter 21 VRRP 437
Configuring Redundancy..437
Local Controller Redundancy 438
Configure VRRP 438
Using the WebUI to configure redundancy for a local controller 439
Using the CLI to configure redundancy for a local controller439
Configure the LMS IP.439
Master Controller Redundancy .439
Database Synchronization ..441
Using the WebUI to configure database synchronization ..441
Using the CLI to configure database synchronization..441
Master-Local Controller Redundancy441
Configuring the master and local controllers for redundant topology..442
Using the WebUI to configure the LMS IP..443
Using the CLI to configure the LMS IP .444
Chapter 22 RSTP 445
Migration and Interoperability.445
Rapid Convergence.445
Edge Port and Point-to-Point.447
WebUI Configuration ..447
Configuring RSTP from the CLI 448
Monitoring RSTP..448
Troubleshooting.449
Chapter 23 600 Series Controller 451
Important Points to Remember .451
Internal Access Point (AP) 452
USB Cellular Modems 452
Functional Description ..452
Mode-Switching452
USB Modems Commands ..452
Uplink Manager 453
Cellular Profile 454
Dialer Group454
Configuring a Supported USB Modem .455
Configuring a New USB Modem..456
Configuring the Profile and Modem Driver..456
Configuring the TTY Port .458
Testing the TTY Port ..459
Selecting the Dialer Profile ..459
Linux Support.460
NAS (Network-Attached Storage).460
Setting up a NAS device involves the following tasks: .460
Configuring the NAS Device via CLI ..461
Other commands for managing NAS device.461
Mounting and Unmounting Devices .462
Using WebUI..463
Print Server ..465
Setting up a Printer .465
Using CLI .465
Other commands for managing printer 466
Using the WebUI..466
Sample Topology and Configuration..467
Remote Branch 1—651 Controller..467
Remote Branch 2—650 Controller..468
Aruba 3200 Central Office Controller—Active ..469
Aruba 3200 Central Office Controller—Backup471
Upgrade and Migration..472
Chapter 24 OSPFv2 . 473
Important Points to Remember .473
WLAN Scenario .473
WLAN Topology 474
WLAN Routing Table..474
Branch Office Scenario..475
Branch Office Topology 475
Branch Office Routing Table..476
OSPF on the WebUI 477
Deployment Best Practices .478
Sample Topology and Configuration..479
Remote Branch 1 .479
Remote Branch 2 .480
Aruba 3200 Central Office Controller—Active ..481
Aruba 3200 Central Office Controller—Backup483
Chapter 25 Wireless Intrusion Prevention 485
IDS Features 485
Unauthorized Device Detection 485
Rogue/Interfering AP Detection485
Adhoc Network Detection and Containment.485
Wireless Bridge Detection ..486
Misconfigured AP Detection..486
Weak WEP Detection 486
Multi Tenancy Protection.486
MAC OUI Checking 486
Denial of Service (DoS) Detection 486
Rate Analysis .487
Fake AP 487
Impersonation Detection..487
Station Disconnection ..487
EAP Handshake Analysis 487
Sequence Number Analysis ..487
AP Impersonation 487
Signature Detection 488
IDS Configuration .488
IDS Profile Hierarchy..488
Using the WebUI to configure IDS..488
Using the CLI to configure IDS.489
Configuring the IDS General Profile 489
Using the WebUI to configure the IDS general profile..490
Using the CLI to configure the IDS general profile .490
Configuring Denial of Service Attack Detection490
Using the WebUI to configure the IDS DoS profile.492
Using the CLI to configure the IDS DoS profile 493
IDS Rate Thresholds Profile 493
Using the WebUI to configure an IDS rate thresholds profile494
Using the CLI to configure an IDS rate thresholds profile ..494
Configuring Impersonation Detection 494
Using the WebUI to configure the IDS impersonation profile495
Using the CLI to configure the IDS impersonation profile ..495
Configuring Signature Detection..495
Using the WebUI to configure the IDS signature-matching profile 496
Using the CLI to configure the IDS signature-matching profile496
Creating a New Signature 497
Using the WebUI to create a new signature..497
Using the CLI to add a new signature ..497
Configuring Unauthorized Device Detection..498
Using the WebUI to configure the IDS unauthorized device profile ..502
Using the CLI to configure the IDS unauthorized device profile .503
Configuring WMS .503
Using the WebUI to configure WMS parameters 503
Using the CLI to configure WMS parameters504
Managing the WMS database ..504
Enabling AP Learning.505
Using the WebUI to enable or disable AP learning 505
Using the CLI to enable or disable AP learning505
Classifying APs .505
Using the WebUI to Manually Classify APs 506
Using the CLI to Manually Classify APs ..506
Configuring Misconfigured AP Detection and Protection506
Updating the Valid Enterprise SSID List ..506
Using the WebUI to add or remove SSIDs from the Valid
Enterprise SSID list.506
Using the CLI to add an SSID to the Valid Enterprise SSID list ..507
Use of the Valid Enterprise SSID List.507
Client Blacklisting .508
Methods of Blacklisting.508
Manual Blacklisting .508
Using the WebUI to manually blacklist a client 509
Using the CLI to manually blacklist a client509
Authentication Failure Blacklisting..509
Using the WebUI to set the authentication failure threshold.509
Using the CLI to set the authentication failure threshold 509
Attack Blacklisting509
Using the WebUI to enable spoofed deauth detection and
blacklisting..510
Using the CLI to enable spoofed deauth detection and blacklisting.510
Blacklist Duration .510
Using the WebUI to configure the blacklist duration.510
Using the CLI to configure the blacklist duration 510
Removing a Client from Blacklisting ..510
Using the WebUI to remove a client from blacklisting .510
Using the CLI to remove a client from blacklisting.510
Chapter 26 Link Aggregation
Control Protocol (LACP). 511
Important Points to Remember .511
LACP Configuration.511
Configuring LACP using the CLI ..511
Configuring LACP using the WebUI513
Best Practices 513
Sample Configuration.514
Chapter 27 Management Access 515
Certificate Authentication for WebUI Access .515
Using the WebUI to configure certificate authentication for WebUI
access ..515
Using the CLI to configure certificate authentication for WebUI
access ..516
Public Key Authentication for SSH Access.516
Using the WebUI to configure certificate authentication for SSH
access ..516
Using the CLI to configure certificate authentication for SSH
access ..517
External Server Username/Password Authentication 517
Using the WebUI for server authentication.517
Using the CLI for server authentication517
RADIUS Server Authentication with VSA .518
RADIUS Server Authentication with Server-Derivation Rule..518
Using the WebUI to configure a value-of server-derivation rule .518
Using the CLI to configure a value-of server-derivation rule.519
Using the WebUI to configure a set-value server-derivation rule519
Using the CLI to configure a set-value server-derivation rule ..520
Disabling Authentication of Local Management User Accounts..520
Using the WebUI to disable authentication of local management user
accounts ..520
Using the CLI to disable authentication of local management user
accounts ..520
Verifying the configuration ..520
Resetting the Admin or Enable Password ..520
To reset the password for the default administrator user account 521
Setting an Administrator Session Timeout..521
Setting a CLI Session Timeout .521
Setting a WebUI Session Timeout..522
Configuring a Management Password Policy 522
Using the WebUI to Define a Management Password Policy ..522
Configuring Managed RFprotect Sensors524
Setting RFprotect Sensor Mode in the Radio Profile.525
Using the WebUI to change the operating mode of an AP 525
Using the CLI to change the operating mode of an AP525
Specifying the IP Address of the RFprotect Server 525
Using the WebUI to configure the RFprotect server address ..525
Using the CLI to configure the RFprotect server address..526
Reverting Managed Sensors to APs ..526
Managing Certificates.526
About Digital Certificates .526
Obtaining a Server Certificate527
Using the WebUI to generate a CSR.527
Using the CLI to generate a CSR 527
Obtaining a Client Certificate .528
Importing Certificates.528
Using the WebUI to import certificates 528
Using the CLI to import certificates528
Viewing Certificate Information .529
Imported Certificate Locations..529
Checking CRLs .529
Configuring SNMP530
SNMP for the Controller530
Using the WebUI to configure SNMP on the controller531
Using the CLI to configure SNMP on the controller ..531
Configuring Logging 531
Using the WebUI to configure logging .533
Using the CLI to configure logging.533
Guest Provisioning ..533
Configuring the Guest Provisioning Page 534
Using the WebUI to create a Guest Provisioning page 534
Using the WebUI to configure the SMTP Server and Port .537
Using the CLI to create an SMTP server and port .537
Using the WebUI to create Email Messages .537
Configuring a Guest Provisioning User .538
Using the WebUI to configure the Guest Provisioning user ..539
Using the CLI to create the Guest Provisioning user 540
Customizing the Guest Access Pass.541
Creating Guest Accounts .541
Guest Provisioning User Tasks.542
Optional Configurations 544
Restricting one Captive Portal Session for each Guest ..544
Setting the Maximum Time for Guest Accounts..545
Managing Files on the Controller..545
Transferring ArubaOS Image Files ..546
Using the WebUI to transfer ArubaOS image files .546
Using the CLI to transfer ArubaOS image files.546
Backing Up and Restoring the Flash File System546
Using the WebUI to create and copy a backup of the flash file
system ..546
Using the CLI to create and copy a backup of the flash file system.547
Using the WebUI to restore the backup file to the flash file system .547
Using the CLI to restore the backup file to the flash file system.547
Copying Log Files 547
Using the WebUI to copy log files ..547
Using the CLI to copy log files..547
Copying Other Files 547
Using the WebUI to copy other files..548
Using the CLI to copy other files .548
Setting the System Clock .548
Manually Setting the Clock .548
Using the WebUI to set the system clock ..548
Using the CLI to set the system clock..548
Configuring an NTP Server .549
Using the WebUI to configure an NTP server549
Using the CLI to configure an NTP server ..549
Chapter 28 Software Licenses . 551
Terminology.551
Licenses.552
License Types 552
Multi-Controller Network ..553
License Usage 553
Interaction.554
Best Practices 554
Installing a License ..555
Enabling a new license on your controller ..555
Software License Email.555
Locating the System Serial Number ..556
Obtaining a Software License Key..556
Creating a software license key556
Applying the Software License Key using the WebUI556
Applying the Software License Key using the License Wizard .557
Deleting a License 557
Moving Licenses557
Resetting the Controller.557
Resetting the Controller Configuration .557
Chapter 29 IPv6 Client Support 559
About IPv6 559
ArubaOS Support for IPv6559
Supported Network Configuration..559
Network Connection for Windows IPv6 Clients 560
ArubaOS Features that Support IPv6.561
Authentication 561
Firewall Functions 561
Configure Firewall Functions .563
Firewall Policies.563
Create an IPv6 firewall policy 564
Assign an IPv6 Policy to a User Role 565
DHCPv6 Passthrough/Relay ..565
Multicast Snooping .566
Manage IPv6 User Addresses 566
View or Delete User Entries.566
View Datapath Statistics for IPv6 Sessions 566
Important Points to Remember .567
Chapter 30 Voice and Video 569
License Requirements569
Configuring Voice .569
Setting up Net Services 569
Using Default Net Services.569
Creating or Modifying Net Services570
Configuring User Roles .570
Using the Default User Role ..570
Creating or Modifying User Roles ..571
Using User-Derivation Roles .572
Optional Configurations 573
WPA Fast Handover ..573
Mobile IP Home Agent Assignment574
The VoIP Call Admission Control Profile .574
VoIP-Aware ARM Scanning576
Voice-Aware 802.1x ..576
SIP Authentication Tracking ..577
Dial Plan for SIP Calls 577
Dial Plan Format ..577
Configuring Dial Plans ..578
Voice over Remote Access Point.580
Configuring Video.581
Configuring Video over WLAN enhancements..581
Pre-requisites.581
Using CLI .581
Using WebUI ..583
QoS..585
Wi-Fi Multimedia ..585
Using the WebUI to enable WMM..586
Using the CLI to enable WMM .586
Configurable WMM AC Mapping.586
Mapping Considerations..587
Using the WebUI to map between WMM AC and DSCP588
Using the CLI to map between WMM AC and DSCP ..588
Battery Boost .588
Using the WebUI to enable battery boost ..588
Using the CLI to enable battery boost..589
Dynamic WMM Queue Management .589
Enhanced Distributed Channel Access 589
Using the WebUI to configure EDCA parameters ..590
Using the CLI to configure EDCA parameters..591
WMM Queue Content Enforcement592
Using the WebUI to enable WMM queue content enforcement..592
Using the CLI to enable WMM queue content enforcement .592
Chapter 31 External Services Interface 593
Understanding ESI593
Understanding the ESI Syslog Parser 595
ESI Parser Domains 595
Peer Controllers 596
Syslog Parser Rules 597
Condition Pattern Matching597
User Pattern Matching..598
ESI Configuration Overview.598
Health-Check Method, Groups, and Servers.599
Using the WebUI to configure a health-check method 599
Using the CLI to configure a health-check method599
Defining the ESI Server .599
Using the WebUI to configure an ESI server .600
Using the CLI to configure an ESI server 600
Defining the ESI Server Group ..600
Using the WebUI to configure an ESI server group600
Using the CLI to configure an ESI server group..601
Redirection Policies and User Role.601
Using the WebUI to configure the user role ..601
Using the CLI to configure redirection and user role.602
ESI Syslog Parser Domains and Rules .602
Using the WebUI to Manage Syslog Parser Domains ..602
Adding a new syslog parser domain .602
Deleting an existing syslog parser domain.603
Editing an existing syslog parser domain603
Using the CLI to Manage Syslog Parser Domains..603
Adding a new syslog parser domain .603
Showing ESI syslog parser domain information..603
Deleting an existing syslog parser domain.603
Editing an existing syslog parser domain603
Managing Syslog Parser Rules .604
Using the WebUI to Manage Syslog Parser Rules .604
Adding a new parser rule.604
Deleting a syslog parser rule .605
Editing an existing syslog parser rule 605
Testing a Parser Rule 605
Using the CLI to Manage Syslog Parser Rules .606
Adding a new parser rule.606
Showing ESI syslog parser rule information:.606
Deleting a syslog parser rule: 606
Editing an existing syslog parser rule 606
Testing a parser rule ..606
Monitoring Syslog Parser Statistics 606
Using the WebUI to Monitor Syslog Parser Statistics..606
Using the CLI to Monitor Syslog Parser Statistics .607
Example Route-mode ESI Topology ..607
ESI server configuration on controller ..607
IP routing configuration on Fortinet gateway 607
Configuring the Example Routed ESI Topology ..608
Health-Check Method, Groups, and Servers.608
Defining the Ping Health-Check Method .608
Using the WebUI to configure a health-check method 608
Using the CLI to configure a health-check method609
Defining the ESI Server .609
Using the WebUI to configure an ESI server .609
Using the CLI to configure an ESI server 609
Defining the ESI Server Group ..610
Using the WebUI to configure an ESI server group610
Using the CLI to configure an ESI server group..610
Redirection Policies and User Role.610
Using the WebUI to configure the user role ..610
Using the CLI to configure the user role..611
Syslog Parser Domain and Rules.612
Using the WebUI to add a new syslog parser domain .612
Using the WebUI to add a new parser rule 612
Using the CLI to define a new syslog parser domain and rules ..612
Example NAT-mode ESI Topology..613
ESI server configuration on the controller ..614
Configuring the Example NAT-mode ESI Topology614
Using the WebUI to Configure the NAT-mode ESI Example .614
Using the WebUI to configure the health-check ping method .615
Using the WebUI to configure the ESI group 615
Using the WebUI to configure the ESI servers .615
Using the WebUI to configure the redirection filter 616
Using the CLI to Configure the Example NAT-mode Topology616
Configure a Health-Check Ping616
Configuring ESI Servers617
Configure an ESI Group, Add the Health-Check Ping and ESI Servers..
617
Use This ESI Group in a Session Access Control List .617
CLI Configuration Example 1.617
CLI Configuration Example 2.618
Basic Regular Expression Syntax.618
Character-Matching Operators.618
Regular Expression Repetition Operators619
Regular Expression Anchors..619
References ..620
Chapter 32 Application Acceleration Module . 621
Aruba Application Acceleration Service 621
Configuring the RAP621
Using the WebUI to configure the RAP for the Application Acceleration
Module..621
Monitoring and Troubleshooting ..622
Chapter 33 Content Security Service 623
Redirecting Traffic 623
Administration 623
Controllers—HTTP dst-nat to Scanning Server in a Corporate
Network 623
Controllers—HTTP dst-nat to any Static IP623
RAP—HTTP Route dst-nat to Cloud Service 623
RAP—HTTP Route dst-nat to any Static IP ..624
Example624
Verifying and Debugging..624
Appendix A DHCP with Vendor-Specific Options . 625
Overview625
Windows-Based DHCP Server..625
Configuring Option 60625
To configure option 60 on the Windows DHCP server.626
Configuring Option 43626
To configure option 43 on the Windows DHCP server:626
Linux DHCP Servers627
Appendix B External Firewall Configuration. 629
Communication Between Aruba Devices.629
Network Management Access ..630
Other Communications..630
Appendix C Behavior and Defaults. 633
Mode Support.633
Basic System Defaults634
Network Services .634
Policies..636
Roles ..639
Default Management User Roles..641
Default Open Ports ..645
Appendix D 802.1x Configuration for IAS and Windows Clients 649
Configuring Microsoft IAS 649
RADIUS Client Configuration .649
Remote Access Policies650
Active Directory Database ..650
Configuring Policies 650
Configuring RADIUS Attributes.652
Configure Management Authentication using IAS ..653
Configure the Aruba Controller to use IAS Management Authentication 654
Verify Communication between the Controller and the RADIUS Server .656
Window XP Wireless Client Example Configuration656
Appendix E Internal Captive Portal 661
Creating a New Internal Web Page .661
Basic HTML Example.662
Installing a New Captive Portal Page .663
Displaying Authentication Error Message 663
Reverting to the Default Captive Portal .664
Language Customization..664
Customizing the Welcome Page ..667
Customizing the Pop-Up box.669
Customizing the Logged Out Box 670
Appendix F Aruba Wired Multiplexors (Mux) 673
Configuration Overview .673
Configuring a Wired Mux Client.674
Configuring an Access Port as a Mux Port .675
Configuring a Trunk Port as a Mux Port ..675
Example Output.676
Appendix G VIA: End User Instructions 677
Pre-requisites.677
Downloading VIA..677
Installing Aruba VIA .677
Using Aruba VIA 678
Connection Details Tab.678
Diagnostic Tab ..678
Diagnostics Tools 678
Settings Tab679
Appendix H Provisioning RAP at Home 681
Provision the RAP using a Static IP Address.681
Provision the RAP on a PPPoE Connection ..682
Using 3G/EVDO USB Modem683
Index 687



Commentaires


Envoyer un commentaire

Vous devez être connecté pour soumettre des commentaires. Cliquez ici pour vous connecter.





Documents connexes