Service Manual Info

  Une communauté de partage de manuel de service en ligne.







Aruba ArubaOS 3.4.2

Tags : ArubaOS3.4.20510621-02 
Aruba ArubaOS 3.4.2 Guide utilisateur

TéléchargerObtenez le fichier PDF

Description

ArubaOS 3.4.2 User Guide
P/N : 0510621-02
Edition December 2009

Preface 39
Document Organization39
Related Documents 39
Text Conventions.39
Contacting Aruba Networks .41
Chapter 1 Overview of the User-Centric Network 43
User-Centric Network Components ..43
Aruba Access Points.43
Automatic RF Channel and Power Settings..46
RF Monitoring ..46
Aruba Controllers 47
ArubaOS..48
Basic WLAN Configuration.49
Authentication ..49
Encryption ..50
VLAN .51
User Roles..52
Wireless Client Access to the WLAN.53
Association.53
Authentication ..54
802.1x Authentication..54
VPN54
Captive Portal ..54
MAC Address Authentication ..55
Client Mobility and AP Association 55
Configuring the User-Centric Network .55
Chapter 2 Deploying a Basic
User-Centric Network 57
Configuration Overview 57
Deployment Scenario #1.57
Deployment Scenario #2.58
Deployment Scenario #3.59
Configuring the Controller ..60
Run the Initial Setup..60
Connecting to the Controller after Initial Setup60
Configure a VLAN for Network Connection61
Create the VLAN .62
Using the WebUI to create the VLAN62
Using the CLI to create the VLAN..62
Using the WebUI to create a VLAN Pool 62
To update a VLAN Pool63
To delete a VLAN Pool .63
Using the CLI to create a VLAN Pool 63
Using the CLI to view existing VLAN IDs 64
Using the CLI to add existing VLAN IDs to a VLAN Pool64
Assign and Configure the Trunk Port64
Using the WebUI to configure the trunk port 64
Using the CLI to configure the trunk port ..65
Configure the Default Gateway65
Using the WebUI to configure the default gateway ..65
Using the CLI to configure the default gateway..65
Configure the Loopback for the Controller 65
Using the WebUI to configure the loopback 66
Using the CLI to configure the loopback 66
Configure the System Clock .66
Install Licenses.66
Connect the Controller to the Network 67
Deploying APs ..67
Run RF Plan ..67
Enable APs to Connect to the Controller 67
Enable APs to Obtain IP Addresses..68
Using the WebUI to enable the DHCP server on the controller ..68
Using the CLI to enable the DHCP server on the controller .68
Locate the Controller 68
From a DNS Server69
From a DHCP Server 69
Using the Aruba Discovery Protocol (ADP) ..69
Provision APs for Mesh70
Install APs ..70
Update RF Plan71
Additional Configuration..71
Chapter 3 Configuring Network Parameters 73
Configuring VLANs .73
Using the WebUI to create or edit a VLAN73
Using the CLI to create or edit a VLAN ..73
Using the WebUI to create a Range of VLANs73
Using the CLI to create a Range of VLANs ..74
Using the WebUI to create a VLAN Pool 74
Configuring Ports.74
Classifying Traffic as Trusted or Untrusted74
About Trusted and Untrusted Physical Ports ..74
About Trusted and Untrusted VLANs..74
Using the WebUI to Configure Trusted/Untrusted Ports and VLANs in Access
Mode .75
Using the CLI to Configure Trusted/Untrusted Ports and VLANs in Access
Mode.75
Using the WebUI to Configure Trusted/Untrusted Ports and VLANs in
Trunk Mode ..75
Using the CLI to Configure Trusted/Untrusted Ports and VLANs in Trunk
Mode.76
About VLAN Assignments ..76
Assigning a Static Address to a VLAN.77
Using the WebUI to Assign a Static Address to a VLAN 77
Using the CLI to Assign a Static Address to a VLAN77
Configuring a VLAN to Receive a Dynamic Address 77
Enabling the DHCP Client ..78
Using the WebUI to Enable DHCP on a VLAN.78
Using the CLI to Enable DHCP on a VLAN78
Enabling the PPPoE Client.78
Using the WebUI to Enable the PPPoE Client on a VLAN .78
Using the CLI to Enable the PPPoE Client on a VLAN.78
Default Gateway from DHCP/PPPoE78
Using the WebUI to Set a Default Gateway from DHCP/PPPoE79
Using the CLI to Set a Default Gateway from DHCP/PPPoE ..79
DNS/WINS Server from DHPC/PPPoE79
Using the WebUI to Configure the DNS/WINS Server.80
Using the CLI to Configure the DNS/WINS Server 80
Source NAT to Dynamic VLAN Address.80
Using the WebUI to Configure Source NAT to the Dynamic VLAN ..80
Using the CLI to Configure Source NAT to the Dynamic VLAN..81
Configuring Source NAT for VLAN Interfaces..81
Example Configuration 81
Using the WebUI to Configure the Source NAT for a VLAN Interface: 81
Using the CLI to Configure the Source NAT for a VLAN Interface.82
Inter-VLAN Routing 82
Using the WebUI to restrict VLAN routing .82
Using the CLI to restrict VLAN routing.83
Configuring Static Routes ..83
Using the WebUI to Configure a Static Route .83
Using the CLI to Configure a Static Route.83
Configuring the Loopback IP Address .84
Using the WebUI to Configure the Loopback IP Address .84
Using the CLI to Configure the Loopback IP Address.84
Using the CLI to reboot the controller..84
Configuring the Controller IP Address..84
Using the CLI to Configure the Controller IP Address .85
Configuring GRE Tunnels 86
Creating a Tunnel Interface86
WebUI ..86
CLI .86
Directing Traffic into the Tunnel ..86
Static Routes 87
Firewall Policy..87
Tunnel Keepalives..87
Chapter 4 RF Plan. 89
Supported Planning89
Before You Begin 90
Task Overview..90
Planning Requirements 90
Launching the RF Plan .92
Campus List Page..92
Building List Pane ..93
Building Specifications Overview94
Building Dimension Page95
AP Modeling Parameters Page96
Radio Type 96
Design Model97
Overlap Factor .97
Users/AP.98
Radio Properties (Desired Rates and HT Support Options) .98
AM Modeling Page.99
Design Models..100
Monitor Rates 100
Planning Floors Page .101
Zoom .102
Approximate Coverage Map..102
Coverage Rate..102
Channel.102
HT Mode..103
Floor Editor Dialog Box.103
Area Editor Dialog Box .104
Access Point Editor Dialog Box105
AP Plan Page .108
Initialize .108
Optimize ..108
Fix All Suggested AP/AMs..109
AM Plan Page 109
Initialize .109
Optimize ..109
Fix All Suggested AP/AMs..110
Exporting and Importing Files 110
Export Campus.110
Import Campus.111
Export Buildings Page ..111
Import Buildings Page ..112
Locate 112
FQLN Mapper 112
Using the FQLN Mapper in the AP Provision Page.114
Using the WebUI to configure the FQLN for an AP 115
Using the CLI to configure the FQLN for an AP115
Legacy RF Plan Example..115
Sample Building 115
Create a Building .117
Model the Access Points 118
Model the Air Monitors .118
Add and Edit a Floor ..118
To add the background image and name the first floor118
To add the background image and name the second floor119
Defining Areas119
Creating a Don’t Care Area 119
Creating a Don’t Deploy Area 120
Running the AP Plan .120
Running the AM Plan 121
Chapter 5 Configuring Access Points 123
AP Configuration Overview .123
AP Names and Groups..124
AP Names 124
Duplicate AP Names..125
Using the WebUI to rename an AP.125
Using the CLI to rename an AP 125
AP Groups125
Using the WebUI to create an AP group .126
Using the WebUI to assign APs to an AP group .126
Using the CLI to create an AP group.126
Using the CLI to assign an AP to an AP group.127
Virtual APs127
Configuring Profiles .127
Profile types 127
Wireless LAN Profiles 128
AP Profiles ..129
QOS Profiles ..130
RF Management Profiles .130
IDS Profiles .131
Mesh Profiles .131
Profile Hierarchies 132
Applying Profiles ..134
Using the WebUI to exclude a virtual AP profile from an AP.136
Using the CLI to exclude a virtual AP profile from an AP136
Viewing Profile Errors.136
Using the WebUI to view profile errors.136
Using the CLI to view profile errors 137
Virtual AP Configurations..137
Configuring the Corpnet WLAN 138
Configure the User Role138
Using the WebUI to configure the user role ..138
Using the CLI to configure the user role..139
Configure Authentication Servers 139
Using the WebUI to configure authentication servers..139
Using the CLI to configure authentication servers .139
Configure Authentication .139
Using the WebUI to configure authentication139
Using the CLI to configure authentication..141
Configure the Virtual AP141
Using the WebUI to configure the virtual AP .141
Using the CLI to configure the virtual AP 144
Guest WLAN ..144
Configure the VLAN 145
Using the WebUI to configure the VLAN .145
Using the CLI to configure the VLAN.145
Configure the Guest Role.145
Using the WebUI to configure the Guest Role .145
Using the CLI to configure the Guest Role.145
Configure the Virtual AP146
Using the WebUI to configure the virtual AP .146
Using the CLI to configure the virtual AP 146
Configuring High-throughput on Virtual APs ..147
Using the WebUI to configure high-throughput for a virtual AP profile assigned
to an AP group..147
Using the CLI to configure high-throughput for a virtual AP profile assigned
to an AP group..149
Advanced Configuration Options .149
802.11k Configuration149
Configuring 802.11k Profile Using the WebUI..150
Configuring 802.11k Profile Using CLI .151
RF Optimization 151
Configuring an RF Optimization Profile Using the WebUI..151
Configuring an RF Optimization Profile Using CLI .153
RF Event Configuration.153
Configuring a RF Event Profile Using the WebUI 153
Configuring a RF Event Profile Using CLI155
Changing AP Installation Modes..155
Using the WebUI to configure the AP Installation Mode.155
Using the CLI to configure the AP Installation Mode 156
Using the WebUI to configure CSA 156
Using the CLI to configure CSA ..157
20 MHz and 40 MHz Static Channel Assignments .157
Using the WebUI to configure channels ..158
Using the CLI to configure channels .158
Automatic Channel and Transmit Power Selection Using ARM158
Deploying APs Over Low-Speed Links .158
Using the WebUI to adjust the bootstrap threshold..159
Using the CLI to adjust the bootstrap threshold .159
Using the WebUI to prioritize AP heartbeats.159
Using the CLI to prioritize AP heartbeats 160
AP Redundancy.160
AP failback ..160
Using the WebUI to configure AP failback .160
Using the CLI to configure AP failback.160
AP Maintenance Mode ..161
Using the WebUI to configure AP maintenance mode.161
Using the CLI to configure AP maintenance mode 161
Viewing maintenance mode status information161
Manage AP LEDs..161
Using the WebUI to disable LEDs ..162
Using the CLI to enable or disable LEDs.162
Use the CLI to make the LEDs blink..162
Chapter 6 Adaptive Radio Management (ARM) 163
ARM Overview163
ARM Support for 802.11n 163
Monitoring Your Network with ARM ..164
Application Awareness .164
Managing ARM Profiles.164
Using the WebUI to Create a New ARM Profile ..165
Using the CLI to Create a New ARM Profile..165
Configuring ARM Settings Using the WebUI..166
Configuring ARM Using the CLI 169
Assigning a New ARM Profile to an AP Group..170
Assigning ARM Profiles Using the WebUI ..170
Assigning ARM Profiles Using the CLI .170
Deleting an ARM profile.171
Using the Multi-Band ARM feature in Networks with both 802.11a and 802.11g
Traffic..171
Band Steering.171
Enable or Disable Band Steering using the WebUI 172
Configure Band Steering using the CLI 172
Assign a Virtual AP Profile to an AP or AP Group ..172
Traffic Shaping ..172
Configure Traffic Shaping using the WebUI ..173
Configure Traffic Shaping using the CLI..173
Assign a Traffic Management Profile to an AP or AP Group.173
Spectrum Load Balancing174
RX Sensitivity Tuning Based Channel Reuse .174
Non-802.11 Noise Interference Immunity.174
ARM Metrics 175
ARM Troubleshooting.176
Too many APs are on the Same Channel 176
Wireless Clients Report a Low Signal Level From All APs..176
Transmission Power Levels Change Too Often176
APs Detect Errors but Do Not Change Channels 177
APs are not Changing Channels When There is a Lot of Channel Noise 177
Chapter 7 Configuring Remote APs 179
Important Points to Remember .179
Overview179
Configuring the Secure Remote Access Point Service .181
Configure a Public IP Address for the Controller .181
Using the WebUI to create a DMZ address181
Using the CLI to create a DMZ address ..182
Configure the VPN Server 182
Using the WebUI to configure VPN server .182
Using the CLI to configure VPN server.182
Configure the Remote AP User Role .183
Using the WebUI to configure the user role ..183
Using the CLI to configure the user role..184
Configure VPN Authentication ..184
Using the WebUI to configure the VPN authentication profile: 185
Using the CLI to configure the VPN authentication profile.185
Using the Internal Database for Authentication 185
Using the WebUI to configure the internal database for a remote AP user
185
Configure VPN authentication using the internal database ..187
Add the user to the internal database .187
Using the CLI to configure the internal database for a remote AP user..
187
Provision the AP187
Deploying a Branch Office/Home Office Solution 188
To configure the branch office AP ..189
Troubleshooting the Branch Office Configuration ..189
Double Encryption 190
Using the WebUI to enable double encryption:190
Using the CLI to enable double encryption190
Advanced Configuration Options .190
Understanding Remote AP Modes of Operation .191
Backup Configuration 192
Configuring the Backup Configuration..193
Using the WebUI to configure the AAA profile .193
Using the WebUI to define the backup configuration in the virtual AP profile
194
Using the CLI to configure the AAA profile.195
Using the CLI to define the backup configuration in the virtual AP profile.
195
Configuring the DHCP Server on the Remote AP195
Using the WebUI to configure the DHCP server on the AP196
Using the CLI to configure the DHCP server on the AP..196
Advanced Backup Configuration Options ..197
Using the WebUI to configure the session ACL ..197
Using the WebUI to configure the AAA profile .198
Using the WebUI to define the backup configuration ..199
Using the CLI to configure the session ACL..199
Using the CLI to configure the AAA profile.200
Using the CLI to define the backup configuration..200
DNS Controller Setting..201
To specify the DNS name201
Backup Controller List ..201
Using the WebUI to configure the LMS and backup LMS IP addresses
202
Using the CLI to configure the LMS and backup LMS IP addresses202
Remote AP Failback202
Using the WebUI to configure remote AP failback.202
Using the CLI to configure remote AP failback 203
Access Control Lists and Firewall Policies .203
Split Tunneling ..203
Configuring Split Tunneling 204
Configuring the Session ACL.205
Using the WebUI to configure the session ACL ..205
Using the CLI to configure the session ACL..206
Configuring the AAA Profile and the Virtual AP Profile .206
Using the WebUI to configure a AAA profile .206
Using the WebUI to configure split tunneling in the virtual AP profile..207
Using the CLI to configure the AAA profile.207
Using the CLI to configure split tunneling in the virtual AP profile .207
Using the WebUI to list the corporate DNS servers ..208
Using the CLI to list the corporate DNS servers .208
Wi-Fi Multimedia ..208
PSK-Refresh ..208
Using the WebUI to enable PSK-refresh .209
Using the CLI to enable PSK-refresh 209
Troubleshooting PSK-Refresh ..209
Chapter 8 Configuring Secure Enterprise Mesh 211
Overview211
Using Adaptive Radio Management (ARM) in a Mesh Network ..211
Mesh Access Points212
Aruba Controllers .213
Mesh Portal .213
Mesh Point ..213
Mesh Cluster ..213
Mesh Profiles .214
Mesh Cluster Profile ..214
Mesh Radio Profile .215
RF Management (802.11a and 802.11g) Radio Profiles..215
Mesh High-Throughput SSID Profile .215
Wired AP Profile216
Mesh Recovery Profile..216
Mesh Link.216
Link Metrics 217
Aruba Secure Enterprise Mesh Solutions.218
Thin AP Services with Wireless Backhaul Deployment 218
Point-to-Point Deployment .219
Point-to-Multipoint Deployment219
High-Availability Deployment.220
Before You Begin .220
Pre-Deployment Considerations..220
Outdoor-Specific Deployment Considerations .221
Configuration Considerations 221
Post-Deployment Considerations221
AP-70 and AP-12x Specific Considerations ..222
Configuring APs.222
Components of a Mesh Profile .223
Defining the Mesh Radio Profile 223
Using the WebUI to create a new mesh radio profile 223
Using the WebUI to select a mesh radio profile for a mesh AP or AP group
226
Using the WebUI to edit an existing mesh radio profile226
Using the WebUI to delete an existing mesh radio profile..227
Using the CLI to Create or Modify a mesh radio profile ..227
View current Mesh Radio Settings..227
Using the CLI to select a mesh radio profile for an AP group ..227
Using the CLI to Delete a Mesh Radio profile228
Defining the RF Management (802.11a and 802.11g) Radio Profiles.228
Using the WebUI to create an 802.11a or 802.11g RF management profile .
228
Using the WebUI to select a 802.11a or 802.11g RF management profile for a
mesh AP or AP group 231
Using the WebUI to reference a high-throughput profile for an RF management
profile .231
Using the WebUI to reference an ARM profile for an RF management profile .
232
Using the WebUI to edit an existing 802.11a or 802.11g RF management profile.
233
Using the WebUI to delete an existing 802.11a or 802.11g radio profile 233
Using the CLI to create or modify a 802.11a or 802.11g radio profile..234
View current 802.11a or 802.11g RF Management profile settings234
Using the CLI to select an 802.11a or 802.11g RF management profile .234
Using the CLI to delete a 802.11a or 802.11g RF management profile235
Defining the Mesh High-Throughput SSID Profile235
Using the WebUI to create a mesh high-throughput SSID profile .235
Using the WebUI to select a mesh high-throughput SSID profile for a
mesh AP or AP group237
Using the WebUI to edit an existing mesh high-throughput SSID profile ..
237
Using the WebUI to delete an existing mesh high-throughput SSID profile
237
Using the CLI to create or modify a mesh high-throughput SSID radio profile
237
View current high-throughput SSID profile settings ..238
Using the CLI to select a mesh high-throughput SSID profile .238
Using the CLI to delete a mesh high-throughput SSID profile .238
Defining the Mesh Cluster Profile .238
Deployments with Multiple Mesh Cluster Profiles ..239
Using the WebUI to create a mesh cluster profile..239
Using the WebUI to add a mesh cluster profile to a mesh AP or AP group
241
Using the WebUI to edit an existing mesh cluster profile ..241
Using the WebUI to delete an existing mesh cluster profile..242
Using the CLI to create or modify a mesh cluster radio profile 242
Examples .242
View current mesh cluster profile settings..243
Using the CLI to associate one or more mesh cluster profiles with an AP
group .243
Example243
Using the CLI to exclude a mesh cluster profile from a mesh node .244
Using the CLI to delete a mesh cluster profile .244
Configuring Ethernet Ports for Mesh..244
Using the WebUI to configure bridging on the Ethernet port 244
Using the CLI to configure bridging on the Ethernet port ..245
Configuring Ethernet Ports for Secure Jack Operation 245
Using the WebUI to configure secure jack operation245
Using the CLI to configure secure jack operation ..246
Extending the Life of a Mesh Network..246
Using the WebUI to modify the AP system profile .246
Using the CLI to modify the AP system profile.246
Provisioning APs246
Outdoor AP Parameters247
Provisioning Caveats .247
To shutdown the port in the WebUI ..248
To shutdown the port in the CLI..248
Provisioning Mesh Nodes.248
Using the WebUI to provision a mesh node ..248
Using the CLI to provision a mesh node..249
AP Boot Sequence ..249
Mesh Portal .249
Mesh Point ..249
Air Monitoring and Mesh..250
Verifying the Network .250
Using the WebUI to view mesh network statistics .250
Using the CLI to view mesh network statistics.250
Remote Mesh Portals .250
Configuring a Remote Mesh Portal.250
Configuring an AP as a remote mesh portal..251
Using the CLI to provision a remote mesh portal251
Configuring the mesh private VLAN ..251
Using the WebUI to select a mesh radio profile for a remote mesh AP or
AP group..251
Using the WebUI to select a 802.11a or 802.11g RF management profile
for a remote mesh AP or AP group 252
.Using the WebUI to add a mesh cluster profile to a remote mesh AP or
AP group..252
Configure a DHCP pool 252
Additional Information253
Chapter 9 Authentication Servers 255
Important Points to Remember .255
Servers and Server Groups .255
Configuring Servers.256
Configuring a RADIUS Server 256
Using the WebUI to configure a RADIUS server .257
Using the CLI to configure a RADIUS server.257
Configuring an LDAP Server ..257
Using the WebUI to configure an LDAP server 258
Using the CLI to configure an LDAP server258
Configuring a TACACS+ Server 259
Using the WebUI to configure a TACACS+ server .259
Using the CLI to configure a TACACS+ server.259
Configuring a Windows Server .260
Using the WebUI to configure a Windows server260
Using the CLI to configure a Windows server ..260
Configuring the Internal Database260
Using the WebUI to configure users in the internal database ..261
Using the CLI to configure users in the internal database .261
Configuring Server Groups..261
Using the WebUI to configure a server group ..261
Using the CLI to configure a server group .262
Server List Order and Fail-Through.262
Using the WebUI to configure fail-through authentication .262
Using the CLI to configure fail-through authentication 263
Dynamic Server Selection 263
Using the WebUI to configure server selection 264
Using the CLI to configure server selection ..265
Match FQDN Option ..265
Using the WebUI to configure match FQDN option ..265
Using the CLI to configure match FQDN option..265
Trimming Domain Information from Requests ..265
Using the WebUI to trim domain information 265
Using the CLI to trim domain information ..266
Configuring Server-Derivation Rules..266
Using the WebUI to configure server rules .267
Using the CLI to configure server rules.267
Configuring a Role Derivation Rule for the Internal Database..268
Using the WebUI to configure a server rule for the internal database ..268
Using the CLI to configure a server rule for the internal database: 268
Assigning Server Groups..268
User Authentication.268
Management Authentication..269
Using the WebUI to assign a server group for management authentication .
269
Using the CLI to assign a server group for management authentication 269
Accounting ..269
RADIUS Accounting ..269
Using the WebUI to assign a server group for RADIUS accounting..271
Using the CLI to assign a server group for RADIUS accounting .271
TACACS+ Accounting ..271
Configuring Authentication Timers ..271
Using the WebUI to set an authentication timer ..272
Using the CLI to set an authentication timer:.272
Chapter 10 802.1x Authentication 273
Overview of 802.1x Authentication..273
Supported EAP Types274
Authentication with a RADIUS Server 274
Authentication Terminated on Controller .275
Configuring 802.1x Authentication ..276
Using the WebUI to configure an 802.1x authentication profile..277
Using the CLI to configure an 802.1x authentication profile .282
Using Certificates with AAA FastConnect282
Using the WebUI to configure AAA FastConnect certificate authentication:.
283
Using the CLI to configure AAA FastConnect certificate authentication:
283
Configuring User and Machine Authentication .283
Role Assignment with Machine Authentication Enabled .283
VLAN Assignment with Machine Authentication Enabled284
Example Configurations 285
Authentication with an 802.1x RADIUS Server .285
Configuring Policies and Roles .286
Using the Web to create the student policy and role 286
Using the WebUI to create the faculty policy and role .287
Using the WebUI to create the guest policy and role287
Using the WebUI to create the sysadmin role ..288
Using the WebUI to create the computer role..288
Using the CLI to create an alias for the internal network 289
Using the CLI to create the student role..289
Using the CLI to create the faculty role289
Using the CLI to create the guest role..289
Using the CLI to create the sysadmin role .289
Using the CLI to create the computer role .289
Configuring the RADIUS Authentication Server290
Using the WebUI to configure the RADIUS authentication server .290
Using the CLI to configure the RADIUS authentication server.290
Configure 802.1x Authentication..290
Using the WebUI to configure 802.1x authentication290
Using the CLI to configure 802.1x authentication ..291
Configure VLANs..291
Using the WebUI to configure VLANs ..291
Using the CLI to Configure VLANs .292
Configure the WLANs 292
Guest WLAN ..293
Using the WebUI to configure the WLAN293
Using the CLI to configure the guest WLAN .293
Non-Guest WLANs..294
Using the WebUI to configure the non-guest WLANs..294
Using the CLI to configure the non-guest WLANs .295
Authentication with the Controller’s Internal Database.295
Configuring Policies and Roles .295
Using the Web to create the student policy and role 295
Using the WebUI to create the faculty policy and role .296
Using the WebUI to create the guest policy and role296
Using the WebUI to create the sysadmin role ..298
Using the WebUI to create the computer role..298
Using the CLI to create an alias for the internal network 298
Using the CLI to create the student role..298
Using the CLI to create the faculty role298
Using the CLI to create the guest role..298
Using the CLI to create the sysadmin role .299
Using the CLI to create the computer role .299
Configuring the Internal Database ..299
Using the WebUI to configure the internal database.299
Using the WebUI to configure a server rule for the internal database .299
Using the CLI to configure the internal database299
Using the CLI to configure a server rule for the internal database.300
Configure 802.1x Authentication..300
Using the WebUI to configure 802.1x authentication300
Using the CLI to configure 802.1x authentication ..300
Configure VLANs..300
Using the WebUI to configure VLAN .301
Using the CLI to configure VLANs..301
Configure the WLANs 302
Guest WLAN ..302
Using the WebUI to configure the WLAN302
Using the CLI to configure the guest WLAN .303
Non-Guest WLANs..303
Using the WebUI to configure the non-guest WLANs..303
Using the CLI to configure the non-guest WLANs .304
Advanced Configuration Options for 802.1x ..304
Reauthentication with Unicast Key Rotation..304
Using the WebUI to configure reauthentication with unicast key rotation .
305
Using the CLI to configure reauthentication with unicast key rotation.305
Chapter 11 Configuring Roles and Policies . 307
Policies ..307
Access Control Lists (ACLs)308
Creating a Firewall Policy .308
Using the WebUI to create a new firewall policy .310
Using the CLI to create a new firewall policy 310
Creating an ACL White List .310
Using the WebUI to configure a White List Bandwidth Contract 310
Using the WebUI to configure the ACL White List .311
Using the CLI to configure the White List Bandwidth Contract ..311
Using the CLI to configure the ACL White List.311
Creating a User Role ..311
Using the WebUI to create a role 312
Deleting a user-role 313
Using the CLI to create a role313
Bandwidth Contracts .313
Using the WebUI to configure a bandwidth contract 313
Using the WebUI to assign a Bandwidth Contract to a User Role.314
Using the CLI to configure and assign bandwidth contracts 314
Assigning User Roles..314
Default User Role in AAA Profile ..315
Using the WebUI to configure user roles in the AAA profile..315
Using the CLI to configure user roles in the AAA profile .315
User-Derived Role315
Using the WebUI to configure a user-derived role .316
Using the CLI to configure a user-derived role.317
Default Role for Authentication Method317
Using the WebUI to configure a default role for an authentication method
317
Using the CLI to configure a default role for an authentication method .
317
Server-Derived Role 317
VSA-Derived Role 318
Global Firewall Parameters..318
Chapter 12 Stateful and WISPr Authentication . 323
Stateful Authentication Overview .323
WISPr Authentication Overview.323
Important Things to Remember.324
Configuring Stateful 802.1x Authentication.324
Using the WebUI to configure the Stateful 802.1x Authentication profile ..
324
Using the CLI to configure the Stateful 802.1x Authentication profile .324
Configuring Stateful NTLM Authentication..325
Using the WebUI to configure the Stateful NTLM Authentication profile
325
Using the CLI to configure the Stateful NTLM Authentication profile ..326
Configuring WISPr Authentication326
Using the WebUI to configure the WISPr Authentication profile .326
Using the CLI to configure the WISPr Authentication profile 327
Chapter 13 Captive Portal 329
Captive Portal Overview329
Policy Enforcement Firewall License .329
Controller Server Certificate330
Using the WebUI to select a certificate for captive portal ..330
Using the CLI to select a certificate for captive portal .330
Captive Portal in the Base ArubaOS ..330
Configuring Captive Portal in the base ArubaOS.331
Using the WebUI to configure captive portal 331
Using the CLI to configure captive portal in the base operating system
332
Captive Portal with the Policy Enforcement Firewall License 332
Using the WebUI to configure captive portal with PEF license333
Using the CLI to configure captive portal with PEF license ..335
Example Authentication with Captive Portal ..335
Configuring Policies and Roles .335
Creating a guest-logon User Role ..336
Creating auth-guest User Role .336
Using the WebUI to create a Time Range ..336
Using the WebUI to create the guest-logon-access Policy ..337
Using the WebUI to Configure the auth-guest-access Policy..337
Using the WebUI to Create the block-internal-access Policy ..338
Using the WebUI to Create the drop-and-log Policy.339
Using the WebUI to Create the guest-logon Role ..339
Using the WebUI to Create the auth-guest Role .340
Using the CLI to create a time range.340
Using the CLI to Create Aliases340
Using the CLI to Create the guest-logon-access Policy .340
Using the CLI to Create the auth-guest-access Policy 341
Using the CLI to Create the block-internal-access Policy..341
Using the CLI to Create the drop-and-log Policy 341
Using the CLI to Create the guest-logon Role .341
Using the CLI to Create the auth-guest Role 341
Configuring the Guest VLAN ..341
Using the WebUI to configure the guest VLAN.341
Using the CLI to configure the guest VLAN342
Configuring Captive Portal Authentication ..342
Using the WebUI to configure captive portal authentication .342
Using the CLI to configure captive portal authentication 342
Modifying the Initial User Role ..342
Using the WebUI to modify the guest-logon role 343
Using the CLI to modify the guest-logon role ..343
Configuring the AAA Profile 343
Using the WebUI to configure the AAA profile .343
Using the CLI to configure the AAA profile.343
Configuring the WLAN ..343
Using the WebUI to configure the guest WLAN..343
Using the CLI to configure the guest WLAN .344
User Account Administration .344
Captive Portal Configuration Parameters 344
Optional Captive Portal Configurations.346
Per-SSID Captive Portal Page ..346
Changing the Protocol to HTTP347
Using the WebUI to change the protocol to HTTP.347
Using the CLI to change the protocol to HTTP 348
Proxy Server Redirect 348
Using the WebUI to redirect proxy server traffic .348
Using the CLI to redirect proxy server traffic 349
Redirecting Clients on Different VLANs 349
Using the CLI to redirect clients on different VLANs.349
Web Client Configuration with Proxy Script ..349
Using the WebUI to allow clients to download proxy script..350
Using the CLI to allow clients to download proxy script .350
Personalizing the Captive Portal Page ..350
Chapter 14 Configuring Advanced Security. 353
Securing Client Traffic 354
Securing Wireless Clients 354
Using the WebUI to configure xSec for wireless clients..355
Using the CLI to configure xSec for wireless clients.355
Securing Wired Clients..356
Using the WebUI to configure xSec for wired clients356
Using the CLI to configure xSec for wired clients ..357
Securing Wireless Clients Through Non-Aruba APs..357
Using the WebUI to configure xSec for non-Aruba AP wireless clients..
358
Using the CLI to configure xSec for non-Aruba AP wireless clients .358
Securing Controller-to-Controller Communication .359
Using the WebUI to configure Controllers for xSec:..359
Using the CLI to configure controllers for xSec: ..360
Configuring the Odyssey Client on Client Machines..360
To install the Odyssey Client..360
VPN Configuration 365
Chapter 15 Configuring Virtual Private Networks 365
Using the WebUI to configure VPN authentication.366
Using the CLI to configure VPN authentication 366
Configuring Remote Access VPN for L2TP IPsec 366
Using the WebUI to configure VPN with L2TP IPsec.366
Authentication Method and Server Addresses.366
Address Pools ..367
Source NAT 367
IKE Shared Secrets 367
IKE Policies.367
Using the CLI to configure VPN with L2TP IPsec 367
Authentication Method and Server Addresses.367
Address Pools ..367
Source NAT 368
IKE Shared Secrets 368
IKE Policies.368
Example Configurations for Remote Access Clients .368
L2TP/IPsec Clients Using Smart Cards368
Using the WebUI to configure L2TP/IPsec VPN for Microsoft smart card
clients 368
Using the CLI to configure L2TP/IPsec VPN for Microsoft smart card clients
.370
Configuring for L2TP/IPsec Clients Using Username/Password.370
Using the WebUI to configure L2TP/IPsec VPN for username/password
clients 371
Using the WebUI to configure client entries in the internal database ..372
Using the CLI to configure L2TP/IPsec VPN for username/password clients
.372
Using the CLI to configure client entries in the internal database..372
Configuring Remote Access VPN for XAuth372
Using the WebUI to configure VPN with XAuth 373
Authentication Method and Server Addresses.373
Address Pools ..373
Source NAT 373
Aggressive Mode.373
Server Certificate.373
CA Certificate for VPN Clients ..373
IKE Shared Secrets 374
IKE Policies.374
Using the CLI to configure VPN with XAuth374
Authentication Method and Server Addresses.374
Address Pools ..374
Source NAT 374
Aggressive Mode.374
Server Certificate.374
CA Certificate Assigned for VPN Clients .374
IKE Shared Secrets 375
IKE Policies.375
Example Configurations for XAuth Clients..375
XAuth Clients Using Smart Cards375
Using the WebUI to configure VPN for Cisco smart card clients 375
Using the WebUI to configure client entries in the internal database ..376
Using the CLI to configure VPN for Cisco smart card clients ..376
Using the CLI to configure client entries in the internal database..377
XAuth Clients Using Username/Password..377
Using the WebUI to configure VPN for XAuth clients with username/password
377
Using the WebUI to configure client entries in the internal database ..378
Using the CLI to configure VPN for XAuth clients with username/password
378
Using the CLI to configure client entries in the internal database..379
Configuring Remote Access VPN for PPTP 379
Using the WebUI to configure VPN with PPTP.379
Using the CLI to configure VPN with PPTP 379
Configuring Site-to-Site VPNs379
Site-to-Site VPNs with Dynamic IP Addresses .380
VPN Topologies 380
Using the WebUI to configure site-to-site VPN 380
Using the CLI to configure site-to-site VPN382
Using the CLI to configure site-to-site VPN with a static and a dynamically addressed
Controller:..382
Dead Peer Detection..383
Using the CLI to configure DPD for site-to-site VPN.383
Configuring Aruba Dialer ..383
Using the WebUI to configure the Aruba dialer 383
Using the CLI to configure the Aruba dialer384
Captive Portal Download of Dialer ..384
Using the WebUI to configure the captive portal dialer384
Using the CLI to configure the captive portal dialer ..384
Configuring MAC-Based Authentication ..385
Configuring the MAC Authentication Profile ..385
Chapter 16 Configuring MAC-based Authentication . 385
Using the WebUI to configure a MAC authentication profile.386
Using the CLI to configure a MAC authentication profile 386
Configuring Clients ..386
Using the WebUI to configure clients in the internal database.386
Using the CLI to configure clients in the internal database 387
Moving to a Multi-Controller Environment389
Preshared Key for Inter-Controller Communication389
Chapter 17 Adding Local Controllers 389
Best Security Practices for the Preshared Key.390
Configuring the Preshared Key .390
Using the WebUI to configure the Local Controller PSK.390
Using the WebUI to configure the Master Controller PSK .390
Using the CLI to configure the PSK391
Configuring Local Controllers.391
Configuring the Local Controller ..391
Using the Initial Setup391
Using the Web UI.392
Using the CLI .392
Configuring Layer-2/Layer-3 Settings392
Configuring Trusted Ports 392
Configuring APs 392
Using the WebUI to configure the LMS IP..392
Using the CLI to configure the LMS IP .393
Chapter 18 IP Mobility 395
Aruba Mobility Architecture .395
Configuring Mobility Domains 396
Configuring a Mobility Domain..397
Using the WebUI to configure a mobility domain (on the master controller)
397
Using the CLI to configure a mobility domain (on the master controller)
397
Joining a Mobility Domain398
Using the WebUI to join a mobility domain 398
Using the CLI to join a mobility domain398
Example Configuration..398
Configuring Mobility using the WebUI..399
Configuring Mobility using the CLI..400
Tracking Mobile Users400
Mobile Client Roaming Status ..400
Using the WebUI to view mobile client status..400
Using the CLI to view mobile client status .401
Using the CLI to view user roaming status.401
Using the CLI to view specific client information 401
Mobile Client Roaming Locations 402
Using the WebUI to view client roaming locations.402
Using the CLI to view client roaming locations 402
HA Discovery on Association.402
Using the CLI to Set up Mobility on Association.402
Advanced Mobility Functions .402
Using the WebUI to configure advanced mobility functions .402
Using the CLI to configure mobility functions ..405
Proxy Mobile IP .405
Proxy DHCP405
Revocations 405
Mobility Multicast .406
Proxy IGMP and Proxy Remote Subscription406
Inter-controller Mobility .407
Configuring Mobility Multicast Using the WebUI.407
Configuring Mobility Multicast Using the CLI 408
Example408
Chapter 19 VRRP 409
Configuring Redundancy..409
Local Controller Redundancy 410
Configure VRRP 410
Using the WebUI to configure redundancy for a local controller 411
Using the CLI to configure redundancy for a local controller411
Configure the LMS IP.411
Master Controller Redundancy .411
Database Synchronization ..413
Using the WebUI to configure database synchronization ..413
Using the CLI to configure database synchronization..413
Master-Local Controller Redundancy413
Configuring the master and local controllers for redundant topology..414
Using the WebUI to configure the LMS IP..415
Using the CLI to configure the LMS IP .416
Chapter 20 RSTP 417
Migration and Interoperability.417
Rapid Convergence.417
Edge Port and Point-to-Point.419
WebUI Configuration ..419
Configuring RSTP from the CLI 420
Monitoring RSTP..420
Troubleshooting.421
Chapter 21 600 Series Controller 423
Important Things to Remember.423
Internal Access Point (AP) 424
USB Cellular Modems 424
Functional Description ..424
Mode-Switching424
USB Modems Commands ..424
Uplink Manager 425
Cellular Profile 426
Dialer Group426
Configuring a Supported USB Modem .427
Configuring a New USB Modem..428
Configuring the Profile and Modem Driver..428
Configuring the TTY Port .430
Testing the TTY Port ..431
Selecting the Dialer Profile ..431
Linux Support.432
NAS (Network-Attached Storage).432
Setting up a NAS device involves the following tasks: .432
Configuring the NAS Device via CLI ..433
Other commands for managing NAS device.433
Mounting and Unmounting Devices .434
Using WebUI..435
Print Server ..437
Setting up a Printer .437
Using CLI .437
Other commands for managing printer 438
Using the WebUI..438
Sample Topology and Configuration..439
Remote Branch 1—651 Controller..439
Remote Branch 2—650 Controller..440
3200 Central Office Controller—Active.441
3200 Central Office Controller—Backup .443
ArubaOS Upgrade and Migration.444
Chapter 22 OSPFv2 . 445
Important Points to Remember .445
WLAN Scenario .445
WLAN Topology 446
WLAN Routing Table..446
Branch Office Scenario..447
Branch Office Topology 447
Branch Office Routing Table..448
OSPF on the WebUI 449
Deployment Best Practices .451
Sample Topology and Configuration..452
Remote Branch 1 .453
Remote Branch 2 .454
3200 Central Office Controller—Active.455
3200 Central Office Controller—Backup .456
Chapter 23 Configuring Wireless Intrusion Prevention 459
IDS Features 459
Unauthorized Device Detection 459
Rogue/Interfering AP Detection459
Adhoc Network Detection and Containment.459
Wireless Bridge Detection ..460
Misconfigured AP Detection..460
Weak WEP Detection 460
Multi Tenancy Protection.460
MAC OUI Checking 460
Denial of Service (DoS) Detection 460
Rate Analysis .461
Fake AP 461
Impersonation Detection..461
Station Disconnection ..461
EAP Handshake Analysis 461
Sequence Number Analysis ..461
AP Impersonation 461
Signature Detection 462
IDS Configuration .462
IDS Profile Hierarchy..462
Using the WebUI to configure IDS..462
Using the CLI to configure IDS.463
Configuring the IDS General Profile 463
Using the WebUI to configure the IDS general profile..464
Using the CLI to configure the IDS general profile .464
Configuring Denial of Service Attack Detection464
Using the WebUI to configure the IDS DoS profile.466
Using the CLI to configure the IDS DoS profile 467
IDS Rate Thresholds Profile 467
Using the WebUI to configure an IDS rate thresholds profile468
Using the CLI to configure an IDS rate thresholds profile ..468
Configuring Impersonation Detection 468
Using the WebUI to configure the IDS impersonation profile468
Using the CLI to configure the IDS impersonation profile ..469
Configuring Signature Detection..469
Using the WebUI to configure the IDS signature-matching profile 469
Using the CLI to configure the IDS signature-matching profile470
Creating a New Signature 470
Using the WebUI to create a new signature..471
Using the CLI to add a new signature ..471
Configuring Unauthorized Device Detection..471
Using the WebUI to configure the IDS unauthorized device profile ..475
Using the CLI to configure the IDS unauthorized device profile .475
Configuring WMS .476
Using the WebUI to configure WMS parameters 476
Using the CLI to configure WMS parameters476
Managing the WMS database ..477
Enabling AP Learning.477
Using the WebUI to enable or disable AP learning 477
Using the CLI to enable or disable AP learning477
Classifying APs .477
Using the WebUI to Manually Classify APs 478
Using the CLI to Manually Classify APs ..478
Configuring Misconfigured AP Detection and Protection478
Updating the Valid Enterprise SSID List ..479
Using the WebUI to add an SSID to the Valid Enterprise SSID list 479
Using the CLI to add an SSID to the Valid Enterprise SSID list ..479
Use of the Valid Enterprise SSID List.479
Client Blacklisting .480
Methods of Blacklisting.480
Manual Blacklisting .481
Using the WebUI to manually blacklist a client 481
Using the CLI to manually blacklist a client481
Authentication Failure Blacklisting..481
Using the WebUI to set the authentication failure threshold.481
Using the CLI to set the authentication failure threshold 481
Attack Blacklisting482
Using the WebUI to enable spoofed deauth detection and blacklisting .
482
Using the CLI to enable spoofed deauth detection and blacklisting.482
Blacklist Duration .482
Using the WebUI to configure the blacklist duration.482
Using the CLI to configure the blacklist duration 483
Removing a Client from Blacklisting ..483
Using the WebUI to remove a client from blacklisting .483
Using the CLI to remove a client from blacklisting.483
Chapter 24 Link Aggregation
Control Protocol (LACP). 485
Important Points to Remember .485
LACP Configuration.485
Configuring LACP using the CLI ..485
Configuring LACP using the WebUI487
Best Practices 487
Sample Configuration.488
Chapter 25 Configuring Management Access 489
Certificate Authentication for WebUI Access .489
Using the WebUI to configure certificate authentication for WebUI access
489
Using the CLI to configure certificate authentication for WebUI access.
490
Public Key Authentication for SSH Access.490
Using the WebUI to configure certificate authentication for SSH access..
490
Using the CLI to configure certificate authentication for SSH access .491
External Server Username/Password Authentication 491
Using the WebUI for server authentication.491
Using the CLI for server authentication491
RADIUS Server Authentication with VSA .492
RADIUS Server Authentication with Server-Derivation Rule..492
Using the WebUI to configure a value-of server-derivation rule .492
Using the CLI to configure a value-of server-derivation rule.493
Using the WebUI to configure a set-value server-derivation rule493
Using the CLI to configure a set-value server-derivation rule ..494
Disabling Authentication of Local Management User Accounts..494
Using the WebUI to disable authentication of local management user accounts
494
Using the CLI to disable authentication of local management user accounts
494
Verifying the configuration ..494
Resetting the Admin or Enable Password ..494
To reset the password for the default administrator user account 495
Setting an Administrator Session Timeout..495
Setting a CLI Session Timeout .495
Setting a WebUI Session Timeout..496
Configuring Managed RFprotect Sensors496
Setting RFprotect Sensor Mode in the Radio Profile.496
Using the WebUI to change the operating mode of an AP 497
Using the CLI to change the operating mode of an AP497
Specifying the IP Address of the RFprotect Server 497
Using the WebUI to configure the RFprotect server address ..497
Using the CLI to configure the RFprotect server address..497
Reverting Managed Sensors to APs ..497
Managing Certificates.497
About Digital Certificates .498
Obtaining a Server Certificate498
Using the WebUI to generate a CSR.499
Using the CLI to generate a CSR 499
Obtaining a Client Certificate .499
Importing Certificates.500
Using the WebUI to import certificates 500
Using the CLI to import certificates500
Viewing Certificate Information .500
Imported Certificate Locations..501
Checking CRLs .501
Configuring SNMP502
SNMP for the Controller502
Using the WebUI to configure SNMP on the controller503
Using the CLI to configure SNMP on the controller ..503
Configuring Logging 503
Using the WebUI to configure logging .505
Using the CLI to configure logging.505
Guest Provisioning ..505
Configuring the Guest Provisioning Page 506
Using the WebUI to create a Guest Provisioning page 506
Using the WebUI to configure the SMTP Server and Port .509
Using the CLI to create an SMTP server and port .509
Using the WebUI to create Email Messages .509
Configuring a Guest Provisioning User .510
Using the WebUI to configure the Guest Provisioning user ..511
Using the CLI to create the Guest Provisioning user 512
Customizing the Guest Access Pass.513
Creating Guest Accounts .513
Guest Provisioning User Tasks.514
Optional Configurations 516
Restricting one Captive Portal Session for each Guest ..516
Setting the Maximum Time for Guest Accounts..517
Managing Files on the Controller..517
Transferring ArubaOS Image Files ..518
Using the WebUI to transfer ArubaOS image files .518
Using the CLI to transfer ArubaOS image files.518
Backing Up and Restoring the Flash File System518
Using the WebUI to create and copy a backup of the flash file system .
518
Using the CLI to create and copy a backup of the flash file system.519
Using the WebUI to restore the backup file to the flash file system .519
Using the CLI to restore the backup file to the flash file system.519
Copying Log Files 519
Using the WebUI to copy log files ..519
Using the CLI to copy log files..519
Copying Other Files 519
Using the WebUI to copy other files..520
Using the CLI to copy other files .520
Setting the System Clock .520
Manually Setting the Clock .520
Using the WebUI to set the system clock ..520
Using the CLI to set the system clock..520
Configuring an NTP Server .521
Using the WebUI to configure an NTP server521
Using the CLI to configure an NTP server ..521
Chapter 26 Software Licenses . 523
Terminology.523
Licenses.524
Deprecated License 524
ArubaOS 3.4.1 ..524
ArubaOS 3.4 ..524
License Types 524
Multi-Controller Network ..525
License Usage 526
Interaction.526
Best Practices 527
Installing a License ..527
Enabling a software license feature on your controller .527
Obtaining a Software License Certificate.528
Software License Certificates528
Locating the System Serial Number ..528
Obtaining a Software License Key..528
Creating a software license key529
Applying the Software License Key using the WebUI529
Applying the Software License Key using the License Wizard .529
Deleting a License Key ..530
Moving Licenses530
Resetting the Controller.530
Resetting the Controller Configuration .530
Getting Help with Licenses..530
Chapter 27 IPv6 Client Support 531
About IPv6 531
ArubaOS Support for IPv6531
Supported Network Configuration..531
Network Connection for Windows IPv6 Clients 532
ArubaOS Features that Support IPv6.533
Authentication 533
Firewall ..533
Using the WebUI to configure firewall functions .535
Using the CLI to configure firewall functions.535
Firewall Policies.535
Using the WebUI to create an IPv6 firewall policy..536
Using the WebUI to assign an IPv6 policy to a user role 537
Using the CLI to create an IPv6 firewall policy .537
Using the CLI to assign an IPv6 policy to a user role 537
DHCPv6 Pass through/Relay .537
Multicast Snooping .538
Using the WebUI to enable MLDv1 538
Using the CLI to enable MLDv1538
User Address Display.538
To view user entries for IPv6 clients using the WebUI .538
To view user entries for IPv6 clients using the CLI.538
To view datapath statistics for IPv6 sessions ..539
To view datapath statistics for IPv6 users..539
Limitations for this Release .540
Chapter 28 Voice and Video QoS 541
License Requirements541
Roles and Policies for Voice Traffic .541
Configuring a User Role for New Office Environment (NOE) Clients .541
Using the WebUI to configure an NOE user role.542
Using the CLI to configure an NOE user role 542
Configuring a User Role for SIP Phones..543
Using the WebUI to configure a SIP user role ..543
Using the CLI to configure a SIP user role .544
Configuring a User Role for SVP Phones.544
Using the WebUI to configure an SVP user role..545
Using the CLI to configure an SVP user role .546
Configuring a User Role for Vocera Badges ..546
Using the WebUI to configure a vocera user role546
Using the CLI to configure a vocera user role ..548
Configuring a User Role for SCCP Phones.548
Using the WebUI to configure an SCCP user role..548
Using the CLI to configure an SCCP user role .549
Configuring a User Role for H.323 Phones.550
Using the WebUI to configure an H.323 user role ..550
Using the CLI to configure an H.323 user role .551
Configuring User-Derivation Rules..552
Using the WebUI to derive the role based on SSID ..552
Using the CLI to derive the role based on SSID..552
Using the WebUI to derive the role based on MAC OUI .552
Using the CLI to derive the role based on MAC OUI.552
Optional Configurations.553
Wi-Fi Multimedia ..553
Using the WebUI to enable WMM..553
Using the CLI to enable WMM .554
Configurable WMM AC Mapping.554
Mapping Considerations..555
Using the WebUI to map between WMM AC and DSCP555
Using the CLI to map between WMM AC and DSCP ..555
WPA Fast Handover555
Using the WebUI to enable WPA fast handover..555
Using the CLI to enable WPA fast handover .556
Voice Services Module Features ..556
The VoIP Call Admission Control Profile..556
Using the WebUI to configure a VoIP Call Admission Control profile ..556
Using the CLI to configure the VoIP Call Admission Control profile .558
VoIP-Aware ARM Scanning 558
Using the WebUI to enable VoIP aware scanning in the ARM profile ..558
Using the CLI to enable VoIP aware scanning in the ARM profile .559
Battery Boost .559
Using the WebUI to enable battery boost ..559
Using the CLI to enable battery boost..559
Dynamic WMM Queue Management .559
Enhanced Distributed Channel Access 560
Using the WebUI to configure EDCA parameters ..560
Using the CLI to configure EDCA parameters..562
WMM Queue Content Enforcement562
Using the WebUI to enable WMM queue content enforcement..562
Using the CLI to enable WMM queue content enforcement .563
Voice-Aware 802.1x 563
Using the WebUI to disable voice awareness for 802.1x563
Using the CLI to disable voice awareness for 802.1x ..563
SIP Authentication Tracking563
Using the WebUI to configure the SIP client user role .563
Using the CLI to configure the SIP client user role.563
Mobile IP Home Agent Assignment 564
Video Over Wireless LAN Enhancements.564
Configuring Video over WLAN enhancements..564
Pre-requisites.564
Using CLI .564
Using WebUI ..566
Chapter 29 External Services Interface 571
Understanding ESI571
Understanding the ESI Syslog Parser 573
ESI Parser Domains 573
Peer Controllers 574
Syslog Parser Rules 575
Condition Pattern Matching575
User Pattern Matching..576
ESI Configuration Overview.576
Health-Check Method, Groups, and Servers.577
Using the WebUI to configure a health-check method 577
Using the CLI to configure a health-check method578
Defining the ESI Server .578
Using the WebUI to configure an ESI server .578
Using the CLI to configure an ESI server 579
Defining the ESI Server Group ..579
Using the WebUI to configure an ESI server group579
Using the CLI to configure an ESI server group..579
Redirection Policies and User Role.579
Using the WebUI to configure the user role ..580
Using the CLI to configure redirection and user role.582
ESI Syslog Parser Domains and Rules .583
Using the WebUI to Manage Syslog Parser Domains ..583
Adding a new syslog parser domain .584
Deleting an existing syslog parser domain.584
Editing an existing syslog parser domain584
Using the CLI to Manage Syslog Parser Domains..585
Adding a new syslog parser domain .585
Showing ESI syslog parser domain information..585
Deleting an existing syslog parser domain.585
Editing an existing syslog parser domain585
Managing Syslog Parser Rules .586
Using the WebUI to Manage Syslog Parser Rules .586
Adding a new parser rule.587
Deleting a syslog parser rule .587
Editing an existing syslog parser rule 588
Testing a Parser Rule 588
Using the CLI to Manage Syslog Parser Rules .589
Adding a new parser rule.589
Showing ESI syslog parser rule information:.589
Deleting a syslog parser rule: 589
Editing an existing syslog parser rule 590
Testing a parser rule ..590
Monitoring Syslog Parser Statistics 590
Using the WebUI to Monitor Syslog Parser Statistics..590
Using the CLI to Monitor Syslog Parser Statistics .590
Example Route-mode ESI Topology ..591
ESI server configuration on controller ..591
IP routing configuration on Fortinet gateway 591
Configuring the Example Routed ESI Topology ..591
Health-Check Method, Groups, and Servers.592
Defining the Ping Health-Check Method .592
Using the WebUI to configure a health-check method 592
Using the CLI to configure a health-check method592
Defining the ESI Server .593
Using the WebUI to configure an ESI server .593
Using the CLI to configure an ESI server 593
Defining the ESI Server Group ..593
Using the WebUI to configure an ESI server group593
Using the CLI to configure an ESI server group..594
Redirection Policies and User Role.594
Using the WebUI to configure the user role ..594
Using the CLI to configure the user role..597
Syslog Parser Domain and Rules.597
Using the WebUI to add a new syslog parser domain .597
Using the WebUI to add a new parser rule 598
Using the CLI to define a new syslog parser domain and rules ..598
Example NAT-mode ESI Topology..598
ESI server configuration on the controller ..599
Configuring the Example NAT-mode ESI Topology600
Using the WebUI to Configure the NAT-mode ESI Example .600
Using the WebUI to configure the health-check ping method .600
Using the WebUI to configure the ESI group 601
Using the WebUI to configure the ESI servers .601
Using the WebUI to configure the redirection filter 601
Using the CLI to Configure the Example NAT-mode Topology602
Configure a Health-Check Ping602
Configuring ESI Servers602
Configure an ESI Group, Add the Health-Check Ping and ESI Servers..
603
Use This ESI Group in a Session Access Control List .603
CLI Configuration Example 1.603
CLI Configuration Example 2.603
Basic Regular Expression Syntax.604
Character-Matching Operators.604
Regular Expression Repetition Operators605
Regular Expression Anchors..605
References ..606
Appendix A DHCP with Vendor-Specific Options . 607
Overview607
Windows-Based DHCP Server..607
Configuring Option 60607
To configure option 60 on the Windows DHCP server.608
Configuring Option 43608
To configure option 43 on the Windows DHCP server:608
Linux DHCP Servers609
Appendix B External Firewall Configuration. 611
Communication Between Aruba Devices.611
Network Management Access ..612
Other Communications..612
Appendix C Aruba System Defaults 615
Basic System Defaults615
Firewall Defaults 615
Network Services..615
Policies..617
Roles ..620
Default Management User Roles..622
Default Open Ports ..625
Appendix D 802.1x Configuration for IAS and Windows Client. 629
Configuring Microsoft IAS 629
RADIUS Client Configuration .629
Remote Access Policies630
Active Directory Database ..630
Configuring Policies 631
Configuring RADIUS Attributes.634
Window XP Wireless Client Example Configuration637
Appendix E Internal Captive Portal 641
Creating a New Internal Web Page .641
Basic HTML Example.642
Installing a New Captive Portal Page .643
Displaying Authentication Error Message 643
Reverting to the Default Captive Portal .644
Language Customization..644
Customizing the Welcome Page ..647
Customizing the Pop-Up box.649
Customizing the Logged Out Box 650
Appendix F Configuring an Aruba Wired Multiplexor (Mux) 653
Configuration Overview .653
Configuring a Wired Mux Client.654
Configuring an Access Port as a Mux Port .655
Configuring a Trunk Port as a Mux Port ..655
Example Output.656
Index 657



Commentaires


Envoyer un commentaire

Vous devez être connecté pour soumettre des commentaires. Cliquez ici pour vous connecter.





Documents connexes