Dell PowerConnect W-Airwave Configuration Manual
  1. Manuals
  2. Brands
  3. Dell Manuals
  4. Software
  5. PowerConnect W-Airwave
  6. Configuration manual
Dell PowerConnect W-Airwave Configuration Manual

Dell PowerConnect W-Airwave Configuration Manual

W-airwave 7.1 configuration guide
Hide thumbs Also See for PowerConnect W-Airwave:
Table of Contents

Advertisement

Quick Links

Download this manual See also: User Manual, Manual
AirWave Wireless
Management Suite

Advertisement

Table of Contents
loading

Related Manuals for Dell PowerConnect W-Airwave

Summary of Contents for Dell PowerConnect W-Airwave

  • Page 1 AirWave Wireless Management Suite...
  • Page 2 Copyright © 2010 Aruba Networks, Inc. AirWave®, Aruba Networks®, Aruba Mobility Management System®, Bluescanner, For Wireless That Works®, Mobile Edge Architecture®, People Move. Networks Must Follow®, RFProtect®, The All Wireless Workplace Is Now Open For Business, Green Island, and The Mobile Edge Company® are trademarks of Aruba Networks, Inc. All rights reserved. All other trademarks are the property of their respective owners.

  • Page 3: Table Of Contents

    Contents Preface ............................7 Document Audience and Organization ................7 Related Documents .....................7 Text Conventions ......................8 Contacting AirWave Wireless and Aruba Networks.............9 Chapter 1 Aruba Configuration in AWMS ..............11 Introduction ........................11 Requirements, Restrictions, and AOS Support in AWMS .........12 Requirements........................12 Restrictions ........................
  • Page 4 General Profiles Guidelines..................39 General Controller Procedures and Guidelines ............40 Using Master, Standby Master, and Local Controllers in Aruba Configuration ....40 Pushing Device Configurations to Controllers..............40 Supporting APs with Aruba Configuration..............41 AP Overrides Guidelines....................41 Configuring or Editing AP Overrides.................. 41 Changing Adaptive Radio Management (ARM) Settings...........
  • Page 5 Profiles > Mesh > Cluster ....................116 Profiles > QoS........................117 Profiles > QoS > Traffic Management ................117 Profiles > QoS > VoIP Call Admission Control ..............118 Profiles > QoS > WMM Traffic Management..............121 Profiles > RF ........................122 Profiles >...
  • Page 6 | Contents AirWave Wireless Management Suite | Configuration Guide...

  • Page 7: Preface

    Preface Document Audience and Organization This configuration guide is intended for wireless network administrators and helpdesk personnel who deploy ArubaOS (AOS) on the network and wish to manage it with the AirWave Wireless Management Suite (AWMS). AWMS Versions 6.3 and later support Aruba Configuration. This document provides instructions for using Aruba Configuration and contains the following chapters: Table 1 Document Organization and Purposes Chapter...

  • Page 8: Text Conventions

    RAPIDS Overview Page AirWave Management Client User Guide Download AirWave Management Client Best Practice Guides Aruba and AirWave Best Practices Guide Choosing the Right Server Hardware Helpdesk Guide: Troubleshooting WLAN Issues Converting Cisco IOS APs to LWAPP Interfacing With AWMS AWMS Integration Matrix State and Statistical XML API Documentation Location XML API Documentation...

  • Page 9: Contacting Airwave Wireless And Aruba Networks

    Indicates helpful suggestions, pertinent information, and important things to remember. N O T E Indicates a risk of damage to your hardware or loss of data. CAUTION Contacting AirWave Wireless and Aruba Networks Online Contact and Support Main Website http://www.airwave.com Email Contact sales@airwave.com AirWave Wireless Sales...
  • Page 10 | Preface AirWave Wireless Management Suite | AWMS Version 7.1...

  • Page 11: Chapter 1 Aruba Configuration In Awms

    Chapter 1 Aruba Configuration in AWMS Introduction ArubaOS (AOS) is the operating system, software suite, and application engine that operates Aruba mobility controllers and centralizes control over the entire mobile environment. The AOS Wizards, the AOS command-line interface (CLI), and the AOS WebUI are the primary means by which to configure and deploy AOS.

  • Page 12: Requirements, Restrictions, And Aos Support In Awms

    Requirements, Restrictions, and AOS Support in AWMS Requirements Aruba Configuration has the following requirements in AWMS: AWMS 6.3 or a later AWMS version must be installed and operational on the network. Aruba Controllers on the network must have AOS installed and operational. Ensure you have Telnet/SSH credentials (configuration only) and the “enable”...

  • Page 13: The Primary Pages Of Aruba Configuration

    The Primary Pages of Aruba Configuration AWMS supports Aruba Configuration with the following pages: Device Setup > Aruba Configuration Page—deploys and maintains Aruba Configuration in AWMS. This page supports several sections, as follows: Aruba AP Groups Section AP Overrides Section WLANs Section Profiles Section Security Section...

  • Page 14: Aruba Ap Groups Section

    Figure 1 Device Setup > Aruba Configuration Navigation Pane (Contracted and Expanded) Only Aruba AP Groups, AP Overrides, and WLANs contain custom-created items in the navigation pane. N O T E The navigation pane can be used as follows: Any portion with a plus sign ( ) expands with a click to display additional contents.

  • Page 15: Ap Overrides Section

    Figure 2 Device Setup > Aruba Configuration > Aruba AP Groups Navigation Aruba AP Groups are not to be confused with conventional AWMS device groups. AWMS supports both Groups > List group types and both are viewable on the page when so configured. Aruba AP Groups have the following characteristics: Aruba AP Groups are global, and any Aruba controller can support multiple Aruba AP Groups.

  • Page 16: Wlans Section

    Aruba controllers and AP devices operate in Aruba AP Groups that define shared parameters for all Device Setup > Aruba Configuration > Aruba AP Groups devices in those groups. The page displays all current Aruba AP groups. AP Override allows you to change some parameters for any specific device without having to create an Aruba AP group per AP.

  • Page 17: Security Section

    Figure 5 Device Setup > Aruba Configuration > Profiles Navigation Profiles are organized by type in Aruba Configuration. Custom-named profiles do not appear in the navigation pane as do custom-named Aruba AP Groups, WLANs, and AP Overrides. For additional information about profile procedures and guidelines, refer to the following sections in this document: “Setting Up Initial Aruba Configuration”...

  • Page 18: Advanced Services Section

    Figure 6 Device Setup > Aruba Configuration > Security Navigation Security The following general guidelines apply to profiles in Aruba configuration: Roles can have multiple policies; each policy can have numerous roles. Server groups are comprised of servers and rules. Security rules apply in Aruba Configuration in the same way as deployed in AOS.

  • Page 19: Groups > Aruba Config Page

    Groups > Aruba Config Page This focused submenu page displays and edits all configured Aruba AP groups, with the following factors: Device Setup > Aruba Configuration Aruba AP Groups must be defined from the page before they are Groups > Aruba Config visible on the page.

  • Page 20: Aps/Devices > Manage Page

    Figure 9 APs/Devices List Page Illustration (Partial Display) APs/Devices > Manage Page Manage This page configures device-level settings, including mode that enables pushing configurations to controllers. For additional information, refer to “Pushing Device Configurations to Controllers” on page 36. Figure 10 APs/Devices > Manage Page Illustration (Partial Display) APs/Devices >...

  • Page 21: Groups > Basic Page

    Alert Summary Recent Events Audit Log For additional information, refer to “Pushing Device Configurations to Controllers” on page 36. Groups > Basic Page Groups > Basic page deploys the following aspects of Aruba Configuration: Aruba GUI Config Device Setup > This page contains a new field.

  • Page 22: Controller Overrides

    Figure 11 Embedded Profile Configuration for an Aruba AP Group Save Save and Click the icon (the plus symbol) at right to add a referenced profile. Once you Apply that profile, AWMS automatically returns you to the original Aruba AP Group configuration page. Additional Aruba Profiles This embedded configuration is also supported on the section of the...

  • Page 23: Save, Save And Apply, And Revert Buttons

    Figure 12 Overriding a Controller Profile Save, Save and Apply, and Revert Buttons Detail Save Save and Apply Revert Several pages in Aruba Configuration include the , and buttons. These buttons function as follows: Save —This button saves a configuration but does not apply it, allowing you to return to complete or apply the configuration at a later time.

  • Page 24: Licensing And Dependencies In Aruba Configuration

    1. You can review the AOS running configuration file. This is configuration information that AWMS reads from the device. In template-based configuration, you can review the running configuration file when working on a related template. APs/Devices > Audit 2. You can use the page for device-specific auditing.
  • Page 25 Figure 14 Groups > Basic Page Illustration (Partial Display) 2. Authorize Aruba controllers into the AMP Group. When authorizing the first controller onto a group, you must add the device in monitor-only mode. Otherwise, AWMS removes the configuration of the controller before you have a chance to import the configuration, and this would remove critical network configuration and status.
  • Page 26 If the page reports a device mismatch, the page will display an Import button that allows you to import the Aruba controller settings from an Aruba Controller that has already been configured. To import the complete configuration from the controller (including any unreferenced profiles) select the Include unreferenced profiles checkbox.
  • Page 27 Figure 17 Device Setup > Aruba Configuration > Aruba AP Groups > Add/Edit Details Page The following section of this configuration guide provide additional information about configuring Aruba AP Groups: “General Aruba AP Groups Procedures and Guidelines” on page 30 6. Add or edit WLANs in Aruba Configuration as required. Device Setup >...
  • Page 28 Profiles 7. Add or edit Aruba Configuration as required. Device Setup > Aruba Configuration > Profiles a. Navigate to section of the navigation pane. Controller, IDS Mesh SSID b. You must select the type of profile to configure: , or c.
  • Page 29 Figure 18 APs/Devices > Manage Page Illustration (Partial Display) APs/Devices > Audit 11. Navigate to the page for the controller to view mismatched settings. This page provides links to display additional and current configurations. You can display all mismatched devices APs/Devices >...

  • Page 30: What Next

    Figure 19 APs/Devices > Audit Page Illustration (Partial Display) Figure 20 APs/Devices > Mismatched Page Illustration What Next? After initial AOS deployment with the Aruba Configuration feature, you can make many additional configurations or continue with maintenance tasks, such as with the following examples: | Aruba Configuration in AWMS AirWave Wireless Management Suite | Configuration Guide...

  • Page 31: Additional Capabilities Of Aruba Configuration

    Once Aruba Configuration is deployed in AWMS, you can perform debugging with Telnet/SSH. Review telnet_cmds var/log file in the / folder from the command line interface, or access this file from System > Status Groups > Basic Device Setup > page.
  • Page 32 | Aruba Configuration in AWMS AirWave Wireless Management Suite | Configuration Guide...

  • Page 33: Chapter 2 Using Aruba Configuration In Daily Operations

    Chapter 2 Using Aruba Configuration in Daily Operations Introduction This chapter presents the more common tasks or concepts after initial setup of Aruba Configuration is complete, as described in the section “Setting Up Initial Aruba Configuration” on page 24. This chapter emphasizes frequent procedures as follows: General Aruba AP Groups Procedures and Guidelines Guidelines and Pages for Aruba AP Groups in Aruba Configuration...

  • Page 34: General Aruba Ap Groups Procedures And Guidelines

    General Aruba AP Groups Procedures and Guidelines Guidelines and Pages for Aruba AP Groups in Aruba Configuration The fields and default settings for Aruba AP Groups are described in “Aruba AP Groups” on page 53. The following guidelines govern the configuration and use of Aruba AP Groups across AWMS: Aruba AP Groups function with standard AWMS groups that contain them.
  • Page 35 Figure 21 Device Setup > Aruba Configuration > AP Groups Page Illustration Add AP Group 2. To add a new group, click the button. pencil To edit an existing group, click the icon next to the group name. Group Details Details page appears with current or default configurations.

  • Page 36: What Next

    Figure 22 Device Setup > Aruba Configuration > Add/Edit Group Details Page Illustration Save Cancel 3. Click to finish creating or editing the Aruba AP Group. Click to back out of this screen and to cancel the AP Group configurations. AP Groups 4.

  • Page 37: General Wlan Procedures And Guidelines

    General WLAN Procedures and Guidelines Guidelines and Pages for WLANs in Aruba Configuration Device Setup > Aruba Configuration navigation pane displays custom-configured WLANs and Aruba Device Setup > Aruba Configuration WLANs AP Groups. You define or modify WLANs on the page.

  • Page 38: Configuring Or Editing Wlans With Advanced View

    Figure 24 Device Setup > WLANs > Add > Basic Page Illustration Save WLANs 3. Click . The added or edited WLAN appears on the page. You can now use this WLAN with one or more Aruba AP Groups. 4. Repeat this procedure or continue to additional procedures to complete WLAN, Profile, Aruba AP Group or other configurations.

  • Page 39: General Profiles Guidelines

    Figure 25 Device Setup > Aruba Configuration > WLANs > Add > Advanced Page Illustration Save WLANs 3. Click . The added or edited WLAN appears on the page. You can now use this WLAN with one or more Aruba AP Groups. 4.

  • Page 40: General Controller Procedures And Guidelines

    General Controller Procedures and Guidelines Using Master, Standby Master, and Local Controllers in Aruba Configuration AWMS implements the following general approaches in relation to controllers. Master Controller—This controller maintains and pushes all global configurations. AWMS pushes configurations only to a master controller. Standby Controller—The master controller synchronizes with the standby master controller, which remains ready to govern global configurations for all controllers should the active master controller fail.

  • Page 41: Supporting Aps With Aruba Configuration

    Supporting APs with Aruba Configuration AP Overrides Guidelines AP Override Device Setup > component of Aruba Configuration appears in the navigation pane of the Aruba Configuration page. This component operates with the following principles: AP devices function within groups that define operational parameters for groups of APs. This is standard across all of AWMS.

  • Page 42: Changing Adaptive Radio Management (Arm) Settings

    Figure 27 AP Overrides Add or Edit Page Illustration (Non-scrolling View) For a description of all fields on this page, refer to Table 5 in the Appendix. Save AP Overrides 3. Click . The added or edited AP Override appears on the page.

  • Page 43: Changing Ssid And Encryption Settings

    Changing SSID and Encryption Settings You can adjust SSID and Encryption parameters for devices by adjusting the profiles that define these settings, then applying those profiles to Aruba AP Groups and WLANs that support them. To do so, refer to the following topics that describe relevant steps and configuration pages: “Configuring Aruba AP Groups”...
  • Page 44 One possible workaround to update an Aruba AP device name in AWMS would be as follows, and this is not the most efficient approach: 1. Configure and deploy the AP from AOS (separate from AWMS). 2. Delete the AP from AWMS. 3.

  • Page 45: Using General Awms Device Groups And Folders

    If the list of Aruba AP Groups are not there, ensure you either create these Aruba AP groups manually on the Device Setup > Aruba Configuration page, wherein you merely need the device names and not the settings, or import the configuration from one of your controllers to learn the groups. N O T E 12.

  • Page 46: Defining Visibility For Aruba Configuration

    Device Setup > Aruba Configuration Administrative and Management users in AWMS can view the page APs/Devices > Aruba Config and the pages. Administrative users are enabled to view all configurations. Management users have access to all profiles and Aruba AP groups for their respective folders. Device Setup >...
  • Page 47 3. As required, create or edit a user role that is to have rights and manage privileges required to support their function in Aruba Configuration. a. At least one user must have administrative privileges, but several additional users may be required, with less rights and visibility, to support Aruba Configuration without access to the most sensitive information, such as SSIDs or other security related data.
  • Page 48 | Using Aruba Configuration in Daily Operations AirWave Wireless Management Suite | Configuration Guide...

  • Page 49: Appendix A Aruba Configuration Reference

    Appendix A Aruba Configuration Reference Introduction This appendix describes the pages, field-level settings, and interdependencies of Aruba Configuration profiles. Additional information is available as follows: Aruba Configuration components are summarized in “Additional Concepts and Components of Aruba Configuration” on page 21. For procedures that use several of these components, refer to earlier chapters in this document.
  • Page 50 Profiles > AAA > Mac Auth Profiles > AAA > Stateful 802.1X Auth Profiles > AAA > Wired Auth Profiles > AAA > VPN Auth Profiles > AAA > Management Auth Profiles > AAA > 802.1x Auth Profiles > AAA > Stateful NTLM Auth Profiles >...
  • Page 51 Security Pages and Field Descriptions Security > User Roles Security > User Roles > BW Contracts Security > User Roles > VPN Dialers Security > Policies Security > Policies > Destinations Security > Policies > Services Security > Server Groups Security >...

  • Page 52: Aruba Ap Groups Pages And Field Descriptions

    Aruba AP Groups Pages and Field Descriptions Aruba AP Groups appear at the top of the Aruba Configuration navigation pane. This section describes the configuration pages and fields of Aruba AP Groups. Aruba AP Groups Aruba AP Groups page displays all configured Aruba AP Groups and enables you to add or edit Aruba AP Groups.

  • Page 53: Aruba Ap Groups

    Table 4 Device Setup > Aruba Configuration > Aruba AP Groups Details, Settings and Default Values Field Default Description General Settings Folder Displays the folder with which the AP Group is associated. The drop-down menu displays all folders available for association with the AP Group. Folders provide a way to organize the visibility of device parameters that is separate from the configuration groups of devices.
  • Page 54 Table 4 Device Setup > Aruba Configuration > Aruba AP Groups Details, Settings and Default Values (Continued) Field Default Description Wired AP Profile default Controls whether 802.11 frames are tunneled to the controller using Generic Routing Encapsulation (GRE) tunnels, bridged into the local Ethernet LAN (for remote APs), or a configured for combination of the two (split-mode).
  • Page 55 Table 4 Device Setup > Aruba Configuration > Aruba AP Groups Details, Settings and Default Values (Continued) Field Default Description 802.11a Traffic default Specifies the minimum percentage of available bandwidth to be allocated to a specific SSID when Management there is congestion on the wireless network, and sets the interval between bandwidth usage Profile reports.

  • Page 56: Ap Overrides Pages And Field Descriptions

    AP Overrides Pages and Field Descriptions AP Overrides component of Aruba Configuration allow you to define device-specific settings for an AP device without having to remove that device from an existing Aruba AP Group or create a new Aruba AP AP Overrides Group specifically for that device.
  • Page 57 Table 6 Aruba Configuration > AP Overrides Add or Edit Page Fields Field Default Description Excluded WLANs Excluded WLANs This section displays WLANs currently defined in Aruba Configuration by default. This section can display selected WLANs or all WLANs. Use this section to specify which WLANs are not to support AP Override.
  • Page 58 Table 6 Aruba Configuration > AP Overrides Add or Edit Page Fields Field Default Description Wired AP Profile default Controls whether 802.11 frames are tunneled to the controller using Generic Routing Encapsulation (GRE) tunnels, bridged into the local Ethernet LAN (for remote APs), or a configured for combination of the two (split-mode).
  • Page 59 Table 6 Aruba Configuration > AP Overrides Add or Edit Page Fields Field Default Description SNMP Profile default Selects the SNMP profile to associate with this AP group. The drop-down menu lists all SNMP profiles currently enabled in AWMS. Click the pencil icon next to this field to display the Profiles > AP > SNMP page of Aruba Configuration, and adjust these settings as desired.

  • Page 60: Wlan Pages And Field Descriptions

    Table 6 Aruba Configuration > AP Overrides Add or Edit Page Fields Field Default Description Mesh Cluster Profiles Add New Mesh The Add Clicking this Add button displays a new Mesh Cluster Profile section to Cluster Profile Mesh Cluster this page, as illustrated in Figure Profile section Figure 36 Add New Mesh Cluster Profile Illustration...

  • Page 61: Wlans

    Use the following guidelines when configuring and using WLANs in Aruba Configuration: Device Setup > Aruba Configuration navigation pane displays custom-configured WLANs and Aruba AP Groups. All other components of the navigation pane are standard across all deployments of Aruba Configuration.

  • Page 62: Wlans > Basic

    You can create new WLANs from this page by clicking the button. You can edit an existing WLAN by clicking the pencil icon for that WLAN. Basic Advanced You have two pages by which to create or edit WLANs: the page and the page.

  • Page 63: Wlans > Advanced

    WLANs > Advanced Aruba Configuration > WLANs From the page, click to create a new WLAN, or click the pencil icon to edit an existing WLAN, then click Advanced. The Advanced page allows you to configure many more sophisticated settings when creating or editing WLANs. Table 9 describes the fields for this page.
  • Page 64 Table 9 Aruba Configuration > WLANs > Advanced Page Fields (Continued) Field Default Description HA Discovery on Enable or disable HA discovery on Association. In normal circumstances a Association controller performs an HA discovery only when it is aware of the client’s IP address which it learns through the ARP or any L3 packet from the client.
  • Page 65 Table 9 Aruba Configuration > WLANs > Advanced Page Fields (Continued) Field Default Description Remote AP standard Define the rights for remote APs in this WLAN. Options are as follows: Operation standard persistent backup always Remote APs connect to a controller using Layer-2 Tunneling Protocol and Internet Protocol Security (L2TP/IPSec).

  • Page 66: Profiles Pages And Field Descriptions

    Profiles Pages and Field Descriptions Understanding Aruba Configuration Profiles In ArubaOS, related configuration parameters are grouped into a profile that you can apply as needed to an AP group or to individual APs. This section lists each category of AP profiles that you can configure and then apply to an AP group or to an individual AP.

  • Page 67: Profiles > Aaa

    Profiles > AAA This profile type defines authentication settings for the WLAN users, including the role for unauthenticated users, and the different roles that should be assigned to users authenticated via 802.1x, MAC or SIP authentication. Perform these steps to determine the need for and to configure AAA profiles. 1.
  • Page 68 WISPr Auth—The Wireless Internet Service Provider roaming (WISPr) protocol allows users to roam between service providers. A RADIUS server is used to authenticate subscriber credentials. Refer to “Profiles > AAA > WISPr Auth” on page 81. Profiles > AAA Captive Portal Authentication Perform these steps to configure a profile.

  • Page 69: Profiles > Aaa > Captive Portal Auth

    Table 10 Captive Portal Auth Profile Settings Field Default Description 802.1X ap-role Select the 802.1X authentication default role to be referenced by the AAA Authentication profile being configured. Add a new role by clicking the add icon, or edit an Default Role existing role by clicking the pencil icon.
  • Page 70 Table 11 Captive Portal Auth Profile Settings Field Default Description Folder Use this field to set and display the folder with which the profile is associated. The drop-down menu displays all folders available for association with the profile. Folders provide a way to organize the visibility of device parameters that is separate from the configuration groups of devices.

  • Page 71: Modifying The Initial User Role

    Table 11 Captive Portal Auth Profile Settings Field Default Description Show Welcome Page Yes Enables the display of the welcome page. If this option is disabled, redirection to the web URL happens immediately after logon. Adding Switch IP Select this option to send the controller’s IP address in the redirection Address in URL when external captive portal servers are used.

  • Page 72: Profiles > Aaa > Stateful 802.1X Auth

    Table 12 Aruba Configuration > Profiles > AAA > MAC Auth Profile Settings Field Default Description Max Authentication Number of times a station can fail to authenticate before it is Failures (0-10) blacklisted. A value of 0 disables blacklisting. Save. Mac Auth AAA Profiles 3.

  • Page 73: Profiles > Aaa > Wired Auth

    Profiles > AAA > Wired Auth This profile type merely references an AAA profile to be used for wired authentication. Wired Auth Perform these steps to configure a profile. Profiles > AAA > Wired Auth Aruba Navigation 1. Click in the pane.

  • Page 74: Profiles > Aaa > Management Auth

    Table 15 Aruba Configuration > Profiles > AAA > VPN Auth Profile Settings Field Default Description General Settings Folder Use this field to set and display the folder with which the profile is associated. The drop-down menu displays all folders available for association with the profile.

  • Page 75: Profiles > Aaa > 802.1X Auth

    Table 16 Aruba Configuration > Profiles > AAA > Management Auth Profile Settings Field Default Description Referenced Profiles Server Group Select the AAA authentication server group. Click the pencil icon to edit an existing server group or click the add icon to create a new server group.
  • Page 76 Table 17 Aruba Configuration > Profiles > AAA > 802.1x Auth Profile Settings Field Default Description General Settings Folder Use this field to set and display the folder with which the profile is associated. The drop-down menu displays all folders available for association with the profile.
  • Page 77 Table 17 Aruba Configuration > Profiles > AAA > 802.1x Auth Profile Settings (Continued) Field Default Description Machine ap-role Select the default role to be assigned to the user after completing 802.1x Authentication: authentication. Default User Role This setting requires a policy enforcement firewall license. Interval Between Specify the interval in which identity requests are to be spaced between Identity Requests...
  • Page 78 Table 17 Aruba Configuration > Profiles > AAA > 802.1x Auth Profile Settings (Continued) Field Default Description Maximum Number Define whether a held state can be bypassed, and the number of times this of Times Held State is to be allowed. Can Be Bypassed (0-3) Dynamic WEP Key...
  • Page 79 Table 17 Aruba Configuration > Profiles > AAA > 802.1x Auth Profile Settings (Continued) Field Default Description xSec MTU 1300 bytes Define the maximum transmission unit size in bytes. (1024 - 1500 Bytes) Termination Select this option to terminate 802.1x authentication on the controller. Termination EAP- Specify if the EAP termination type is TLS.

  • Page 80: Profiles > Aaa > Stateful Ntlm Auth

    Table 17 Aruba Configuration > Profiles > AAA > 802.1x Auth Profile Settings (Continued) Field Default Description Ignore EAPOL- Enable or disable this setting. START After EAP authentication starts with a EAPOL-start frame that is sent by the Authentication wireless client to the AP. Upon reception of such a frame, the AP responds back to the wireless client with an EAP-Identify-Request and also does internal resource allocation.

  • Page 81: Profiles > Aaa > Wispr Auth

    Table 18 Aruba Configuration > Profiles > AAA > Stateful NTLM Auth Profile Settings Field Default Description General Settings Folder Use this field to set and display the folder with which the profile is associated. The drop-down menu displays all folders available for association with the profile.
  • Page 82 Table 19 Aruba Configuration > Profiles > AAA > WISPr Auth Profile Settings Field Default Description General Settings Folder Use this field to set and display the folder with which the profile is associated. The drop-down menu displays all folders available for association with the profile.

  • Page 83: Profiles > Ap

    Profiles > AP Device Setup > Profiles > AP Display the currently configured AP profiles by navigating to In AOS, related configuration parameters are grouped into a profile that you can apply as needed to an AP group or to individual APs. This section lists each category of AP profiles that you can configure and apply to an AP group or to an individual AP.
  • Page 84 System Perform these steps to configure a profile. Profiles > AP > System Aruba Navigation 1. Click in the pane. This page summarizes the current profiles of this type. System pencil 2. Click the button to create a new profile, or click the icon next to an existing profile to Details edit that profile.
  • Page 85 Table 20 Aruba Configuration > Profiles > AP > System Profile Settings (Continued) Field Default Description Bootstrap Enter a threshold value from 0 to 65,535. Threshold (1-65535) Adjust the bootstrap threshold to 30 if the network experiences packet loss. This makes the AP recover more slowly in the event of a failure, but it will be more tolerant to heartbeat packet loss.
  • Page 86 Table 20 Aruba Configuration > Profiles > AP > System Profile Settings (Continued) Field Default Description Remote-AP DHCP Specify the VLAN to be associated with the remote-AP DHCP server. This Server VLAN field requires a remote access points license, when used. (1-4094) Remote-AP DHCP Specify the IP address of the remote-AP DHCP server.

  • Page 87: Profiles > Ap > Regulatory Domain

    Profiles > AP > Regulatory Domain This profile type defines an AP’s country code and valid channels for both legacy and high-throughput 802.11a and 802.11b/g radios. With the implementation of the high-throughput IEEE 802.11n draft standard, 40 MHz channels were added in addition to the existing 20 MHz channel options.

  • Page 88: Profiles > Ap > Ap Wired

    Table 21 Aruba Configuration > Profiles > AP > Regulatory Domain Profile Settings Field Default Description Valid 802.11g 40 Select a 40MHz channel pair for 802.11ag MHz Channel Pairs A high-throughput (HT) AP can use a 40 MHz channel pair comprised of two adjacent 20 MHz channels available in the regulatory domain profile for your country.
  • Page 89 Table 22 Aruba Configuration > Profiles > AP > Wired Profile Settings Field Default Description Switchport Mode Access Select access or trunk. These options only apply to bridge mode configurations. Access mode forwards untagged packets received on the port to the controller and they appear on the configured access mode VLAN.

  • Page 90: Profiles > Ap > Ap Ethernet Link

    Profiles > AP > AP Ethernet Link The configurable speed defined in this profile is dependent on the port type, and you can define a separate Ethernet Interface profile for each Ethernet link. Ethernet Link Perform these steps to configure a profile.

  • Page 91: Profiles > Ap > Snmp > Snmp User

    Table 24 Aruba Configuration > Profiles > AP > SNMP Profile Settings Field Default Description Other Settings SNMP Enable Enable or disable SNMP in this profile. Enter Community Text field allows you to type one or multiple SNMP community strings String applied to this profile.

  • Page 92: Aruba Controller Traps

    Aruba Controller Traps Table 26 provides a list of key traps generated by the Aruba controller. Table 26 Key SNMP Traps of the Aruba Controller Trap Description Priority Level Mobility controller IP This indicates the controller IP has been changed. The controller IP is either the Critical changed loopback IP address or the IP address of the VLAN 1 interface (if no loopback IP...

  • Page 93: Access Point/Air Monitor Traps

    Access Point/Air Monitor Traps Table 27 describes the key traps that can be generated by an Aruba access point or an air monitor: Table 27 Key SNMP Traps from Aruba Access Points or Air Monitors Trap Description Priority Unsecure AP Detected This trap indicates that an air monitor has detected and classified an access point Critical as unsecure.

  • Page 94: Profiles > Ids

    Table 27 Key SNMP Traps from Aruba Access Points or Air Monitors (Continued) Trap Description Priority Frame Retry rate exceeded This trap refers to the event when the percentage of received and transmitted Medium frames with the retry bit crosses the High watermark. This event can be triggered for an AP, a station or a channel.
  • Page 95 A predefined IDS profile refers to specific instances of the other IDS profiles. You cannot create new instances of a profile within a predefined IDS profile. You can modify parameters within the other IDS profiles. N O T E IDS profiles reference other profiles. These additional profiles can be created before, during, or after the configuration of the IDS profile.

  • Page 96: Profiles > Ids > General

    4. Select the profile type to view or configure: General—Configures general AP attributes. Refer to “Profiles > IDS > General” on page 96. Signature Matching—Configures signatures and signature matching for intrusion detection. Refer to “Profiles > IDS > Signature Matching” on page 97.

  • Page 97: Profiles > Ids > Signature Matching

    Table 29 Aruba Configuration > Profiles > IDS > General Profile Settings Field Default Description Min Potential AP Set the minimum time, in seconds, a potential AP has to be up before it is Monitor Time classified as a real AP. (0-36000 sec) Signature Quiet Time Set the time to wait, in seconds, after which the check can be resumed...

  • Page 98: Profiles > Ids > Signature Matching > Signatures

    Profiles > IDS > Signature Matching > Signatures Signature Matching Perform these steps to create signatures for use with profiles. Profiles > IDS > Signature Matching > Signature Aruba Navigation 1. Click in the pane. Signature pencil 2. Click the button to create a new , or click the icon next to an existing profile to edit...
  • Page 99 Table 32 Predefined IDS DoS Profiles Parameter ids-dosdisabled ids-dos-lowsetting ids-dosmedium-setting ids-dos-highsetting Detect Disconnect Station disabled enabled enabled enabled Attack Disconnect STA Detection 900 seconds 900 seconds 900 seconds 900 seconds Quiet Time Spoofed Deauth Blacklist disabled disabled disabled disabled Detect AP Flood Attack disabled disabled disabled...
  • Page 100 Table 33 Aruba Configuration > Profiles > IDS > Denial of Service Profile Settings Field Default Description General Settings Folder Use this field to set and display the folder with which the profile is associated. The drop-down menu displays all folders available for association with the profile.

  • Page 101: Profiles > Ids > Denial Of Service > Rate Threshold

    Table 33 Aruba Configuration > Profiles > IDS > Denial of Service Profile Settings (Continued) Field Default Description AP Flood Increase Sets the time, in seconds, during which a configured number of Fake AP Time beacons must be received to trigger an alarm. AP Flood Detection After an alarm has been triggered by a Fake AP flood, the time (in seconds) Quiet Time...
  • Page 102 Table 34 Aruba Configuration > Profiles > IDS > Denial of Service, Rate Threshold Settings Field Default Description General Settings Folder Use this field to set and display the folder with which the profile is associated. The drop-down menu displays all folders available for association with the profile.

  • Page 103: Profiles > Ids > Impersonation

    Profiles > IDS > Impersonation Impersonation Perform these steps to create IDS profiles. Profiles > IDS > Impersonation Aruba Navigation 1. Click in the pane. Impersonation pencil 2. Click the button to create a new profile or click the icon next to an existing Details profile to edit.

  • Page 104: Profiles > Ids > Unauthorized Device

    Profiles > IDS > Unauthorized Device Unauthorized device detection includes the ability to detect and disable rogue APs and other devices that can potentially disrupt network operations. The most important IDS functionality offered in the Aruba system is the ability to classify an AP as either a rogue AP or an interfering AP.
  • Page 105 Table 36 Aruba Configuration > Profiles > IDS > Unauthorized Devices Profile Settings (Continued) Field Default Description MAC OUI Detection Set the time, in seconds, that must elapse after an invalid MAC OUI alarm Quiet Time has been triggered before another identical alarm may be triggered. (60-360000 sec) Adhoc Network Set the time, in seconds, that must elapse after an adhoc network...
  • Page 106 Table 36 Aruba Configuration > Profiles > IDS > Unauthorized Devices Profile Settings (Continued) Field Default Description Suspected Rogue Set the confidence level. When an AP is classified as a suspected rogue Containment AP, it is assigned a 50% confidence level. If multiple APs trigger the same Confidence Level events that classify the AP as a suspected rogue, the confidence level (50-100)

  • Page 107: Profiles > Mesh

    Profiles > Mesh Mesh profiles help define and bring-up the mesh network. This section describes the mesh radio and mesh cluster profiles in more detail. Radio—Aruba provides a “default” version of the mesh radio profile. You can use the “default” version or create a new instance of a profile which you can then edit as you need.
  • Page 108 Table 37 Aruba Configuration > Profiles > Mesh > Radio Profile Settings (Continued) Field Default Description Heartbeat Use this field to indicate the maximum number of heartbeat messages that Threshold (1-255) can be lost between neighboring mesh nodes. The supported range is from 1 to 255.

  • Page 109: Profiles > Mesh > Radio > Mesh Ht Ssid

    Table 37 Aruba Configuration > Profiles > Mesh > Radio Profile Settings (Continued) Field Default Description Transmit Power Define the transmission power supporting mesh profiles, as described for (0-30 dBm) the portal channel settings immediately above. This setting supports a range from 0 to 30 dBm.
  • Page 110 Table 38 Aruba Configuration > Mesh > Radio > Mesh HT SSID Profile Settings (Continued) Field Default Description Name Blank Enter the name of the profile. This profile name can have a maximum of 32 characters. Other Settings 40 MHz Channel Usage Yes Enable or disable the use of 40 MHz channels.

  • Page 111: Profiles > Mesh > Cluster

    Profiles > Mesh > Cluster AirWave provides a “default” version of the mesh cluster profile. You can use the “default” version or create a new instance of a profile which you can then edit as you need. You can configure a maximum of 16 mesh cluster profiles on a mesh node.

  • Page 112: Profiles > Qos > Traffic Management

    WMM Traffic Management—Wi-Fi Multimedia (WMM) is a Wi-Fi Alliance specification based on the IEEE 802.11e wireless Quality of Service (QoS) standard. WMM works with 802.11a, b, g, and n physical layer standards. WMM supports four access categories (ACs): voice, video, best effort, and background. The 802.1D priority value is contained in a two-byte QoS control field in the WMM data frame.Refer to “Profiles >...
  • Page 113 You enable this feature in the VoIP CAC profile. You also need to enable call admission control, which is disabled by default, in this profile. Perform these steps to create or edit VoIP Call Admission Control profiles. Profiles > QoS > Aruba Navigation VoIP Call Admission Control in the 1.
  • Page 114 Table 41 Aruba Configuration > Profiles > QoS > VoIP Call Admission Control Profile Settings Field Default Description VoIP High-capacity Specifies the threshold that defines high-capacity VoIP. This field is a Threshold (0-100%) percentage of entire bandwidth. VoIP Send SIP 100 The SIP invite call setup message is time-sensitive, as the originator Trying retries the call as quickly as possible if it does not proceed.

  • Page 115: Profiles > Qos > Wmm Traffic Management

    Profiles > QoS > WMM Traffic Management Wi-Fi Multimedia (WMM) is a Wi-Fi Alliance specification based on the IEEE 802.11e wireless Quality of Service (QoS) standard. WMM works with 802.11a, b, g, and n physical layer standards. WMM supports four access categories (ACs): voice, video, best effort, and background. The 802.1D priority value is contained in a two-byte QoS control field in the WMM data frame.

  • Page 116: Profiles > Rf

    Profiles > RF The RF management profiles configure radio tuning and calibration, AP load balancing, coverage hole detection, and RSSI metrics. 802.11a Radio—Defines AP radio settings for the 5 GHz frequency band, including the Adaptive Radio Management (ARM) profile and the high-throughput (802.11n) radio profile. Refer to “Profiles >...
  • Page 117 Table 43 Aruba Configuration > Profiles > RF > 802.11a/g Profile Settings Field Default Description General Settings Folder Use this field to set and display the folder with which the profile is associated. The drop-down menu displays all folders available for association with the profile. Folders provide a way to organize the visibility of device parameters that is separate from the configuration groups of devices.

  • Page 118: Profiles > Rf > 802.11A/G Radio > Arm

    Table 43 Aruba Configuration > Profiles > RF > 802.11a/g Profile Settings (Continued) Field Default Description Advertise Enable or disable the radio to advertise its 802.11d (Country Information) and 802.11d and 802.11h (Transmit Power Control) capabilities. 802.11h Capabilities Enable CSA Enable or disable Channel Switch Announcements (CSAs), as defined by IEEE 802.11h.
  • Page 119 pencil 2. Click the button to create a new profile or click the icon to edit an existing profile. Details page appears. Complete the settings as described in Table Table 44 Aruba Configuration > Profiles > RF > 802.11a/g Radio > ARM Profile Settings Field Default Description...
  • Page 120 Table 44 Aruba Configuration > Profiles > RF > 802.11a/g Radio > ARM Profile Settings (Continued) Field Default Description Rogue AP Aware No If you have enabled both the Scanning and Rogue AP options, Aruba APs may change channels to contain off-channel rogue APs with active clients. This security feature allows APs to change channels even if the Client Aware setting is disabled.
  • Page 121 Table 44 Aruba Configuration > Profiles > RF > 802.11a/g Radio > ARM Profile Settings (Continued) Field Default Description Free Channel The Aruba Interference index metric measures interference for a specified Index channel and its surrounding channels. This value is calculated and weighted for all APs on those channels (including 3rd-party APs).

  • Page 122: Profiles > Rf > 802.11A/G Radio > High-Throughput (Ht) Radio

    Profiles > RF > 802.11a/g Radio > High-Throughput (HT) Radio Perform these steps to create or edit High Throughput (HT) Radio profiles. Profiles > RF > HT Radio Aruba Navigation 1. Click in the pane. HT Radio pencil 2. Click the button to create a new profile or click the...

  • Page 123: Profiles > Rf > Event Thresholds

    Profiles > RF > Event Thresholds Event Threshold Perform these steps to create or edit profiles. Profiles > RF > Event Thresholds Aruba Navigation 1. Click in the pane. Event Thresholds pencil 2. Click the button to create a new profile or click the icon to edit an existing...

  • Page 124: Profiles > Rf > Optimization

    Table 46 Aruba Configuration > Profiles > RF > Event Thresholds Profile Settings (Continued) Field Default Description Frame Non Sets a high percentage watermark for non-Unicast frame rate. When the Unicast Rate percentage of non-Unicast frames exceeds the configured high watermark, the High Watermark system generates an alert.
  • Page 125 Table 47 Aruba Configuration > Profiles > RF > Optimization Profile Settings (Continued) Field Default Description AP Load Balancing Set the maximum number of times that an AP attempts load balancing Max Retries before timing out. (0-100,000) AP Load Balancing Set the high watermark level for the number of users that AP load balancing User High is to support.

  • Page 126: Profiles > Ssid

    Table 47 Aruba Configuration > Profiles > RF > Optimization Profile Settings (Continued) Field Default Description Interference Sets the maximum allowable interference to be tolerated by APs that are Threshold configured with this optimization profile, as a percentage. (0-100%) Interference Sets the amount of time in seconds during which interference is allowed to Threshold Exceed exceed the threshold percentage.

  • Page 127: Profiles > Ssid > Edca Ap

    Profiles > SSID > EDCA AP Perform these steps to create or edit EDCA AP profiles. Profiles > SSID > EDCA AP Aruba Navigation 1. Click in the pane. This page summarizes the SSID profiles currently configured. pencil 2. Click the button to create a new EDCA AP profile or click the icon to edit an existing profile.
  • Page 128 Table 48 Aruba Configuration > Profiles > EDCA AP Profile Settings (Continued) Field Default Description Encryption opensyst Select any encryption type to be supported in this SSID profile. The supported encryption types are as follows: xSec—Encrypts an original Layer-2 data frame inside a Layer-2 xSec frame, the contents of which are defined by the protocol.
  • Page 129 Table 48 Aruba Configuration > Profiles > EDCA AP Profile Settings (Continued) Field Default Description 802.11a Basic 6, 12, Specify the basic rates for the 802.11a radio. Rates and 24 selected Max Transmit Specify the maximum number of transmit attempts. The supported range is 1 to 15. Attempts RTS threshold 2333...
  • Page 130 Table 48 Aruba Configuration > Profiles > EDCA AP Profile Settings (Continued) Field Default Description DSCP Specify Differentiated Services Code Point (DSCP) mapping for wireless multimedia Mapping for video admission control. The supported range is 0 to 63. WMM Video DSCP Specify Differentiated Services Code Point (DSCP) mapping for wireless multimedia Mapping for...

  • Page 131: Profiles > Ssid > Edca Ap

    Table 48 Aruba Configuration > Profiles > EDCA AP Profile Settings (Continued) Field Default Description BC/MC Rate Enables or disables scanning of all active stations currently associated to a mesh Optimization point to select the lowest transmission rate based on the slowest connected mesh child.
  • Page 132 Profiles > SSID > EDCA AP Aruba Navigation 1. Click in the pane. This page summarizes the current profiles of this type. pencil 2. Click the button to create a new EDCA AP profile or click the icon to edit an existing profile. Details page appears.
  • Page 133 Table 50 Aruba Configuration > Profiles > SSID > EDCA Profile Settings (Continued) Field Default Description Transmission Set the transmission opportunity slots in 32-micro-second intervals. Opportunity Slots For each AC, the backoff time is the sum of the AIFSN and a random value in 32 usec Units between 0 and the CW value.

  • Page 134: Profiles > Ssid > Edca Station

    Table 50 Aruba Configuration > Profiles > SSID > EDCA Profile Settings (Continued) Field Default Description Define whether or not admission control mandatory (ACM) is to be supported on APs configured with this EDCA profile. Save Profiles > SSID > EDCA AP 3.
  • Page 135 Table 52 Aruba Configuration > Profiles > SSID > EDCA Station Profile Settings Field Default Description General Settings Folder Use this field to set and display the folder with which the profile is associated. The drop-down menu displays all folders available for association with the profile.
  • Page 136 Table 52 Aruba Configuration > Profiles > SSID > EDCA Station Profile Settings (Continued) Field Default Description Define whether or not admission control mandatory (ACM) is to be supported on APs configured with this EDCA profile. Video Arbitrary Inter- WMM is an extension to the Carrier Sense Multiple Access with Collision frame Space Avoidance (CSMA/CA) protocol’s Distributed Coordination Function (DCF).

  • Page 137: Profiles > Ssid > Ht Ssid

    Profiles > SSID > HT SSID High-throughput (HT) APs support additional settings not available in legacy APs. A mesh high-throughput SSID profile can enable or disable high-throughput (802.11n) features and 40 Mhz channel usage, and define values for aggregated MAC protocol data units (MDPUs) and Modulation and Coding Scheme (MCS) ranges. Aruba provides a “default”...

  • Page 138: Profiles > Ssid > 802.11K

    Table 53 Aruba Configuration > Profiles > SSID > HT SSID Profile Settings (Continued) Field Default Description Min MPDU Start Set the minimum time between the start of adjacent MPDUs within an Spacing (usec) aggregate MPDU, in microseconds. Allowed values: 0 (No restriction on MDPU start spacing), 0.25 usec, 0.5 usec, 1 usec, 2 usec, 4 usec.
  • Page 139 Table 54 Aruba Configuration > Profiles > SSID > 802.11K Profile Settings Field Default Description General Settings Folder Use this field to set and display the folder with which the profile is associated. The drop-down menu displays all folders available for association with the profile.

  • Page 140: Security Pages And Field Descriptions

    Security Pages and Field Descriptions Aruba Configuration supports user roles, policies, server groups, and additional security parameters with Security Aruba Configuration profiles that are listed in the portion of the navigation pane on the page, as illustrated in Figure Figure 43 Security Components in Aruba Configuration Security This section describes the profiles, pages, parameters and default settings for all components in...

  • Page 141: Security > User Roles

    Security > User Roles A client is assigned a user role by one of several methods. A user role assigned by one method may take precedence over a user role assigned by a different method. The methods of assigning user roles are, from lowest to highest precedence: 1.
  • Page 142 Table 55 Security > User Roles Page Contents (Continued) Column Description Folder Displays the folder that is associated with this User Role. A Top viewable folder for the role is able to view all devices and groups contained by the top folder. The top folder and its subfolders must contain all of the devices in any of the groups it can view.

  • Page 143: Security > User Roles > Bw Contracts

    Table 56 Security > User Roles > Add New User Role Field Descriptions Field Default Description VPN Dialer Profile None (Optional) Use this field to assign a VPN dialer to a user role. Select a dialer from the drop-down list and assign it to the user role. This dialer will be available for download when a client logs in using captive portal and is assigned this role.

  • Page 144: Security > User Roles > Vpn Dialers

    Table 57 Security > User Roles > Add New BW Contract Page Field Descriptions (Continued) Field Default Description Name Blank Enter the name of the profile. Other Settings Units kbits Configure bandwidth contracts, in kilobits per second (Kbps) or megabits per second (Mbps), for the following types of traffic: from the client to the controller (“upstream”...
  • Page 145 Table 58 Security > User Roles > Add VPN Dialer Field Descriptions (Continued) Field Default Description Enable L2TP Enable L2TP with this setting as desired. The combination of Layer-2 Tunneling Protocol and Internet Protocol Security (L2TP/IPSec) is a highly secure technology that enables VPN connections across public networks such as the Internet.

  • Page 146: Security > Policies

    Table 58 Security > User Roles > Add VPN Dialer Field Descriptions (Continued) Field Default Description IKE Diffie-Hellman 1024-bit (1) Select the IPSEC Mode Group that matches the Diffie Hellman Group Group configured for the IPSEC policy. The two options are as follows: 1024-bit 768-bit The IKE policy selections, along with the preshared key, need to be reflected...

  • Page 147: Security > Policies > Destinations

    Table 59 Security > Policy > Add New Policy Field Descriptions (Continued) Field Description Name Blank Enter the name of the policy. Other Settings Policy Type IPv4 Session Specify the type of policy. The options are as follows: IPv4 IPv6 Security >...

  • Page 148: Security > Policies > Services

    Security > Policies > Services Security > Policies > Services page displays all Netservice profiles that are available for reference by Security policies. This page displays Netservice profile names, the protocol associated with it, the policy that uses this Netservice profile, and the folder. Click to create a new Netservice profile, or click the pencil icon next to an existing Netservice profile Security >...

  • Page 149: Security > Server Groups

    Security > Server Groups Server Groups Page Overview Server > Server Groups page displays all server groups currently configured, and the profiles and folders that are used by each server group, to include the following: Captive Portal Auth Management Auth Stateful 802.1X Auth TACACS Accounting VPN Auth...

  • Page 150: Adding A New Server Group

    Adding a New Server Group The server group is assigned to the server group for 802.1x authentication. To create a new server group, click the button, or to edit an existing group, click the pencil icon next to Add New Server Group that group.

  • Page 151: Security > Server Groups > Ldap

    Table 62 Security > Server Groups > Add or Edit Server Group Field Descriptions (Continued) Field Default Description Server Group Rule Field to set role Specify whether the server group rule is a role or a VLAN. The Role/VLAN field at the bottom of the page changes in response to your selection here. Attribute ARAP- From the drop-down menu, click the attribute that defines the server group...

  • Page 152: Security > Server Groups > Radius

    Table 63 Security > Server Groups > Add LDAP Server Field Descriptions (Continued) Field Default Description Base-DN Enter the distinguished name of the node which contains the entire user database to use. Filter (objectclass=*) Select the filter that should be applied to any search of the user in the LDAP database.

  • Page 153: Security > Server Groups > Tacacs

    Table 64 Security > Server Groups > RADIUS (Continued) Field Default Description Acct Port 1813 Set the accounting port on the server. Retransmits (0-3) Set the Maximum number of retries sent to the server by the controller before the server is marked as down. Timeout (1-30 sec) Set the maximum time, in seconds, that the controller waits before...

  • Page 154: Security > Server Groups > Internal

    Table 65 Security > Server Groups > TACACS (Continued) Field Default Description Tmout (1-30 sec) Set the timeout period for TACACS+ requests, in seconds. Enable Enable or disable the TACACS server. TACACS Server Save Click to complete the configuration of the , or click to complete the editing of an Security >...

  • Page 155: Security > Server Groups > Xml Api

    Table 66 Security > Server Groups > Add Internal Server Field Descriptions (Continued) Field Default Description User Role guest From the drop-down menu, select the user role to associate with this user. The role establishes read/write privileges, manage/ monitor privileges, and other settings. E-Mail Enter the email address of the guest user.

  • Page 156: Security > Server Groups > Rfc 3576

    Security > Server Groups > RFC 3576 RFC 3576 servers support dynamic authorization extensions to Remote Authentication Dial-In User Service (RADIUS). Aruba Configuration supports RFC 3576 servers that can be referenced by server groups. Security > Server To view currently configured RFC 3576 servers and where they are used, navigate to the Groups >...

  • Page 157: Security > Tacacs Accounting

    Security > TACACS Accounting TACACS+ accounting allows commands issued on the controller to be reported to TACACS+ servers. You can specify the types of commands that are reported, and these are action, configuration, or show commands. You can have all commands reported as desired. Aruba Configuration supports TACACS Accounting servers that can be referenced by server groups.

  • Page 158: Security > User Rules

    Add New Time Range To create a new time range profile, click the button, or click the pencil icon next to an Security > Time Range > Add/Edit New Time Range existing time range profile to adjust settings. The page contains the following fields, as described in Table Table 71 Security >...

  • Page 159: Advanced Services Pages And Field Descriptions

    Table 72 Security > User Rules > Add/Edit User Rules Field Descriptions (Continued) Field Default Description Set Type role Select whether the rule is based on role or VLAN. Rule Type bssid Select one of the following options from the drop-down menu. Your selection in this field changes an ensuing field that must be completed, as follows: bssid—Selecting this option displays the BSSID field below.
  • Page 160 The home agent for the client is the controller where the client appears for the first time when it joins the mobility domain. The home agent is the single point of contact for the client when the client roams. The foreign agent for the client is the controller which handles all Mobile IP communication with the home agent on behalf of the client.

  • Page 161: Advanced Services > Ip Mobility

    Advanced Services > IP Mobility Advanced Services > IP Mobility Aruba Configuration Navigate to page from the navigation pane. This page displays all currently configured profiles supporting IP Mobility, each group that uses each IP Mobility profile, and the folder for each IP Mobility profile. IP Mobility Click to create a new...
  • Page 162 Table 74 Advanced Services > IP Mobility, Add/Edit Field Descriptions (Continued) Field Default Description Maximum Number of Active Bindings 5000 Define the maximum number of bindings in which (0-5000) the home agent network is to support a client when the client is out of range of the network, or otherwise disconnected.
  • Page 163 Table 74 Advanced Services > IP Mobility, Add/Edit Field Descriptions (Continued) Field Default Description Mobility Host Entry Hold Time After Define how long IP mobility is to support hosts Connectivity Loss should there be a disconnection. (30-3600 sec) Mobility Host Entry LIfetime When Define how long host entries in the IP mobility Mobility Cannot Be Provided (30- domain are to be maintained when they are...

  • Page 164: Advanced Services > Ip Mobility > Mobility Domain

    Advanced Services > IP Mobility > Mobility Domain You configure mobility domains on master controllers. All local controllers managed by the master controller share the list of mobility domains configured on the master. Mobility is disabled by default and must be explicitly enabled on all controllers that will support client mobility. Disabling mobility does not delete any mobility-related configuration.

  • Page 165: Advanced Services > Vpn Services

    Save Click to create the new IP Mobility Domain, or click to save changes to a reconfigured IP Mobility Domain. The domain is now available for use in IP Mobility profiles. Advanced Services > VPN Services For wireless networks, virtual private network (VPN) connections can be used to further secure the wireless data from attackers.

  • Page 166: Advanced Services > Vpn Services > Ike

    > VPN Services > Add/Edit VPN Service Profiles Table 76 Advanced Services Field Descriptions Field Default Description PPTP Profile Select a PPTK profile from the drop-down menu. Click the add icon to add a new profile of this type, or click the pencil icon to edit an existing PPTP profile.

  • Page 167: Advanced Services > Vpn Services > L2Tp

    Table 77 Advanced Services > VPN Services > IKE Add/Edit Detail Field Descriptions (Continued) Field Default Description IKE Shared Secrets Click this button to add an IKE shared secret. The following settings appear. Complete these settings and click Add in this section. Subnet—Enter the subnet for the shared secret.

  • Page 168: Advanced Services > Vpn Services > Pptp

    Table 78 Advanced Services > VPN Services > L2TP Add/Edit Details Field Descriptions Field Default Description Folder Use this field to set and display the folder with which the L2TP profile is associated. The drop-down menu displays all folders available for association with the L2TP profile.

  • Page 169: Advanced Services > Vpn Services > Ipsec

    Table 79 Advanced Services > VPN Services > PPTP Add/Edit Details Field Descriptions Field Default Description General Settings Folder Use this field to set and display the folder with which the PPTP profile is associated. The drop-down menu displays all folders available for association with the PPTP profile.

  • Page 170: Advanced Services > Vpn Services > Ipsec > Dynamic Map

    IPSEC Click to create a new profile, or click the pencil icon next to an existing profile to modify Add/Edit Details settings. The page contains the following fields, as described in Table Table 80 Advanced Services > VPN Services > IPSEC Add/Edit Field Descriptions Field Default Description...

  • Page 171: Advanced Services > Vpn Services > Ipsec > Dynamic Map > Transform Set

    Table 81 Advanced Services > VPN Services > IPSEC > Dynamic Map Add/Edit Field Descriptions Field Default Description Name Blank Enter the name of the Dynamic Map. Other Settings Priority Specify the priority in which this Dynamic Map should be processed in relation to additional Dynamic Maps that may be configured and used by IPSEC profiles.

  • Page 172: Groups > Aruba Config Page And Section Information

    Groups > Aruba Config Page and Section Information Device Setup > Aruba Configuration Create Aruba AP Groups with the page, as described in earlier in this document. To view and edit profile assignments for Aruba AP Groups, perform these steps. Groups >...

  • Page 173: Index

    Index ......................42 Adaptive Radio Management (ARM) Advanced Services ....................170 Advanced Services > IP Mobility page ..............................18 defined ........................168 pages and field descriptions AP Overrides ..............................41 guidelines ........................57 pages and field descriptions ....................43 deploying with AWMS for the first time ........................45 using in groups and folders ............................19 APs/Devices >...

  • Page 174: Profiles > Ids > Signature Matching > Signatures

    Device Setup > Aruba Configuration > Advanced Services > VPN Services > IPSEC > Dynamic Map > Transform Set ...................................181 ........176 Device Setup > Aruba Configuration > Advanced Services > VPN Services > L2TP ........178 Device Setup > Aruba Configuration > Advanced Services > VPN Services > PPTP ..................57 Device Setup >...
  • Page 175 ...........161 Device Setup > Aruba Configuration > Security > Server Groups > Internal .............158 Device Setup > Aruba Configuration > Security > Server Groups > LDAP ..........160 Device Setup > Aruba Configuration > Security > Server Groups > RADIUS ..........164 Device Setup >...
  • Page 176 | Index AirWave Wireless Management Suite | Configuration Guide...

This manual is also suitable for:

Airwave wireless management suite

Table of Contents