Extreme Networks ExtremeCloud Appliance Series User Manual
  1. Manuals
  2. Brands
  3. Extreme Networks Manuals
  4. Network Hardware
  5. ExtremeCloud Appliance Series
  6. User manual

Extreme Networks ExtremeCloud Appliance Series User Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

ExtremeCloud Appliance User
Guide
Version 4.36.03
9036135-02
Published June 2019

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the ExtremeCloud Appliance Series and is the answer not in the manual?

Questions and answers

Related Manuals for Extreme Networks ExtremeCloud Appliance Series

Summary of Contents for Extreme Networks ExtremeCloud Appliance Series

  • Page 1 ExtremeCloud Appliance User Guide Version 4.36.03 9036135-02 Published June 2019...
  • Page 2 Copyright © 2019 Extreme Networks, Inc. All rights reserved. Legal Notice Extreme Networks, Inc. reserves the right to make changes in specifications and other information contained in this document and its website without prior notice. The reader should in all cases consult representatives of Extreme Networks to determine whether any such changes have been made.

  • Page 3: Table Of Contents

    Table of Contents Preface........................................ 5 Conventions..................................... 5 Documentation and Training............................6 Providing Feedback to Us..............................6 Getting Help.................................... 6 AP Regulatory Information...............................7 Chapter 1: Welcome to ExtremeCloud Appliance..............8 The Appliance..................................8 Wireless AP Overview.................................9 Sites Overview..................................10 Navigating the User Interface............................18 Hierarchical Visibility for WiNG Appliances......................
  • Page 4 Table of Contents Index............................217 ExtremeCloud Appliance User Guide for version 4.36.03...

  • Page 5: Preface

    Preface This section discusses the conventions used in this guide, ways to provide feedback, additional help, and other Extreme Networks ® publications. Conventions This section discusses the conventions used in this guide. Text Conventions The following tables list text conventions that are used throughout this guide.

  • Page 6: Documentation And Training

    For more information, visit www.extremenetworks.com/education/. Providing Feedback to Us Quality is our first concern at Extreme Networks, and we have made every effort to ensure the accuracy and completeness of this document. We are always striving to improve our documentation and help...

  • Page 7: Ap Regulatory Information

    Before contacting Extreme Networks for technical support, have the following information ready: • Your Extreme Networks service contract number and/or serial numbers for all involved Extreme Networks products • A description of the failure • A description of any action(s) already taken to resolve the problem •...

  • Page 8: Chapter 1: Welcome To Extremecloud Appliance

    Hierarchical Visibility for WiNG Appliances ExtremeCloud Appliance offers a streamlined customer experience with a common platform and operating system across multiple Extreme Networks products. Get the power of ExtremeWireless and Extreme Management Center with the flexibility of ExtremeCloud in one easy-to-use platform.

  • Page 9: Wireless Ap Overview

    Ethernet LAN. In addition to the wireless APs that run proprietary software and communicate with an appliance only, Extreme Networks offers a Cloud- enabled AP. The AP39xx series are Cloud-enabled APs that inter-operate fully with ExtremeCloud ™...

  • Page 10: Sites Overview

    Welcome to ExtremeCloud Appliance For a Centralized site using AP39xx or AP5xx access points, a UDP-based protocol enables communication between an AP and ExtremeCloud Appliance. The UDP-based protocol encapsulates IP traffic from the AP and directs it to the appliance. The appliance decapsulates the packets and encrypts (IPSec)[Default AP and appliance communication] and routes them to the appropriate destinations, while managing sessions and applying roles.
  • Page 11 Welcome to ExtremeCloud Appliance A Centralized site topology allows seamless roaming within one geographic location. A single site supports multiple device groups with a total of 200 to 4,000 APs [in appliance High Availability mode] for the site. With a Centralized site, ExtremeCloud Appliance performs as the management server and the session manager.
  • Page 12 Welcome to ExtremeCloud Appliance The following AP models can be deployed in a Distributed site: • AP505i • AP510i/e • AP560i/h • AP7522 • AP7532 • AP7562 • AP7612 • AP7632 • AP7662 • AP8432 • AP8533 Use Case: Distributed Site Scenario: A site offers remote clinics with 10 APs each.
  • Page 13 Welcome to ExtremeCloud Appliance • Air Defense integration parameters • ExtremeLocation integration parameters • RTLS • Profiles for Centralized APs support the following features: IoT configuration Positioning Analytics • An RF Management policy. Note RF Management and configuration Profiles can be shared across device groups. Note Most AP radio properties depend on a regulatory domain;...
  • Page 14 Welcome to ExtremeCloud Appliance Figure 1 illustrates a single site, composed of multiple device groups, in different RF domains, using unique configuration Profiles. This model offers seamless roaming between APs of all device groups. Figure 1: Centralized Site Data Model: Unique Profile Per Device Group Figure 2 illustrates multiple sites with individual device groups, in one RF domain, sharing a common configuration profile.
  • Page 15 Welcome to ExtremeCloud Appliance Figure 2: Distributed Site Data Model: One Shared Profile Related Links Adding or Editing a Configuration Profile on page 68 RF Management on page 15 RF Management Self Monitoring At Run Time (SMART) RF Management is designed to simplify RF configurations for new deployments, while optimizing radio performance.
  • Page 16 Welcome to ExtremeCloud Appliance Real-time network monitoring allows RF Management to provide self-healing functions, providing automatic mitigation from potentially problematic events such as radio interference, non-WiFi interference (noise), external WiFi interference, coverage holes, and radio failures. Self-healing is used to enable a WLAN to better maintain wireless client performance and site coverage during dynamic RF environment changes, which would otherwise require manual reconfiguration to resolve.
  • Page 17 Welcome to ExtremeCloud Appliance Positioning Engine tracks location of multiple clients simultaneously and returns position relative to the floor plan. The Positioning Engine can be configured to track associated users (active clients) or all users. • Associated User. An associated user is an authenticated client. An associated user joins the SSID provided by the AP by simply associating to the open or protected SSID.

  • Page 18: Navigating The User Interface

    Welcome to ExtremeCloud Appliance Positioning Heatmaps on page 39 Placing Devices on page 103 Floor Plan Limits Table 3 outlines the floor plan limits for each type of ExtremeCloud Appliance appliance. Table 3: Floor Plan Limit per Appliance Appliance Maximum Floor Plan Limit Maximum Number of APs Per Floor E1120 E2120...
  • Page 19 Welcome to ExtremeCloud Appliance Configure Set up the following network components: • Sites. Network segmentation based on geographical location. Use sites to define boundaries for fast roaming and session mobility without interruption. Sites are comprised of Device Groups that organize network devices by platform, offering common configuration and RF Management.

  • Page 20: Hierarchical Visibility For Wing Appliances

    Extreme Management Center to ExtremeWireless WiNG accounts. This offers not only as an alternative to NSight, but supports unified wireless, wired infrastructure and expands other Extreme Networks software offerings, such as ExtremeAnalytics. If you are already leveraging NSight, this solution continues to support that investment.
  • Page 21 Welcome to ExtremeCloud Appliance • AP List — APs that are adopted by an ExtremeWireless WiNG controller are listed as Proxied on the ExtremeCloud Appliance AP page. • Site List — RF domains associated with the proxy AP are listed as Proxied on the ExtremeCloud Appliance Sites page.

  • Page 22: Chapter 2: Dashboard

    Dashboard Overview Dashboard Overview Dashboard Monitor your network activity and performance on the Overview dashboard. The Overview dashboard displays widgets that can help you proactively monitor and troubleshoot your network. The dashboard provides a graphical representation of information related to devices, clients, and network traffic. Depending on the report, the widget represents historical data or a combination of historical and the latest data from shared memory.
  • Page 23 Dashboard Filter data by radio band on each chart, individually. Click to show radio band filters on each chart. Then select the 2.4GHz or 5GHz radio button to display data for that band. Note The datasets are sampled at different intervals. Therefore, it is possible that data from the 14- day dataset will not include data from the 3-day dataset or from the 3-hour dataset.
  • Page 24 Dashboard To add a new dashboard: From the default dashboard, click the plus sign. The Layout tab displays. 2 In the Name field, enter a name for the dashboard. 3 Select a layout option for the dashboard. Each layout option has a set configuration. Choose the layout that matches the number of widgets you want to display.
  • Page 25 Dashboard From the Overview Dashboard page or from the dashboard page of a specific entity, such as a device, select Edit. The Layout and Widgets tabs display on the far right. Figure 7: Dashboard - Edit Mode 2 From the Layout tab, select a layout. 3 From the Widgets tab, expand the categories that you want to use.
  • Page 26 Dashboard Availability Link Status Once an Availability Pair is configured, the synchronization status between the paired appliances is displayed on the Dashboard Network Health chart. Table 4 describes each possible link status. Note Both client and AP statistics remain available on both sides of an availability pair. However, cross-appliance statistical data can be affected if a mobile user is roaming across multiple APs when the availability pair connection between the appliances is down.

  • Page 27: Chapter 3: Monitor

    Monitor Sites List Device List Networks List Clients Policy Sites List Go to Monitor > Sites to view a list of sites configured in ExtremeCloud Appliance. Select a site to view the site dashboard and related components. Related Links Sites Overview on page 10 Centralized Site on page 10...
  • Page 28 Monitor Network Snapshot: Sites To view network details from the Sites screen: Go to Monitor > Sites and select a site. The Site Dashboard displays. 2 Select any of the tabs described in the following table. Table 5: Tabs on the Sites Screen Description Dashboard Site dashboard that displays network metrics for the site.
  • Page 29 Monitor Table 6: Radio Settings Field Description Set Tx Power Channel Width Determines the channel width used by the channel on the selected radio. Available options include: • 20 MHz • 40 MHz • 80 MHz (supported on 5GHz only 802.11ac and 802.11ax) •...
  • Page 30 Monitor • View clients associated with a selected device. • View map zones for AP location. Related Links Viewing a Floor Plan on page 30 Floor Plans on page 16 Configuring a Floor Plan on page 96 Viewing a Floor Plan Once the floor plan is configured, view it from a selected site's dashboard.
  • Page 31 Monitor Table 7: Device Status from the Floor Plans View (continued) Status Description Unknown. The AP serial number is unknown to the floor plan. Typically occurs when you import a floor plan with AP place holders. For more information, see Use Case: Importing A Floor Plan with Unknown APs on page 98.
  • Page 32 Monitor • Filters. Click to display filter options. Filter the floor map by AP attributes to focus on network attributes that need attention. • Options. Click to display the following options: • Select Badges. Opens the AP Badge Configuration window. •...
  • Page 33 Monitor 2 In the Badge Configuration dialog, drag and drop the badges from the left panel to the AP. Figure 8: Badge Configuration Dialog The badges display around the AP and are visible when you zoom in on the map. Related Links Filtering Floor Plan By Badge Information on page 34...
  • Page 34 Monitor Figure 9: Device Context Menu Related Links Network Snapshot: AP Dashboard on page 44 Filtering Floor Plan By Badge Information The floor plan can be filtered by the badge information that you configure for each device. Set the filter criteria from the Filters panel on the right side of the screen.
  • Page 35 Monitor From the panel on the right side of the screen, select the Filters icon Figure 10: Map Filters Panel ExtremeCloud Appliance User Guide for version 4.36.03...
  • Page 36 Monitor 2 Use the slide bar on each filter to set criteria for the map display. The AP badges that meet the filter criteria appear on the map. Figure 11: Badges that meet filter criteria appear on map Understanding Readiness Maps ExtremeCloud Appliance Floor Plans view offers heat maps to illustrate network readiness, performance, and optimum positioning.
  • Page 37 Monitor strength of the clients connected to them and the retry rates. If there are no clients, there is no measurement. In addition, see Positioning for details about heat maps that indicate optimal positioning of an AP. To access the maps: From the right panel, click Maps to display a list of map types.
  • Page 38 Monitor Figure 13: Push-Pin Reading for Heatmap Values You also have the option to Select All APs or Deselect All APs. Use these options in addition to individual AP selection to more easily control which APs are selected. Use Cases: If you want all but one AP selected: Click Select All.
  • Page 39 Monitor Positioning Heatmaps ExtremeCloud Appliance Floor Plans view offers Positioning heat maps to illustrate optimal device location and client foot traffic. The following Positioning maps are available: • Location Readiness. Predicted location quality. • Foot Traffic (Supported on AP39xx only). Manage Location Tracking with AP76xx and AP8xxx using ExtremeLocation.

  • Page 40: Device List

    ExtremeCloud Appliance Release Notes for a list of supported APs and switches. Note ExtremeCloud Appliance supports Extreme Defender Adapter SA201 for the Defender for IoT solution. For more information on Extreme Defender for IoT, refer to documentation located in the Extreme Networks documentation portal: https://extremenetworks.com/ documentation/defender-application. Related Links...
  • Page 41 AP8432 • AP8533 The Extreme Networks Defender Adapter SA201 is supported. Note Most AP radio properties depend on a regulatory domain; which is defined at the site level. Devices that are connected to ExtremeCloud Appliance but not assigned to a device group have the status of In-Service Trouble.
  • Page 42 Monitor Table 8: AP State from the Device List (continued) State Description Unknown. Device is added to ExtremeCloud Appliance but the device has never discovered ExtremeCloud Appliance . Critical. After being Active, Discovered, and On-boarded, associated device is no longer connected to ExtremeCloud Appliance. Note Most AP radio properties depend on a regulatory domain;...
  • Page 43 Monitor Ethernet port (GE1 POE) connected to an AT switch port and Ethernet port (GE2) not connected Ethernet port (GE2 POE) connected to an AT switch port and Ethernet port (GE1) not connected Both Ethernet port (GE1) and Ethernet port (GE2 POE) connected to an AT switch port External power supply.
  • Page 44 Monitor Table 10: AP560h portfolio AP Model Number Description AP560h-FCC The AP560h is a stadium optimized access point, supporting a high density of users and devices. The AP560h offers flexible deployment options and can be mounted to a pole, a wall, and to other access points.
  • Page 45 Monitor Table 11: Tabs on the AP Details Screen (continued) Description Clients List of clients associated with the AP. Add or remove clients from black and white lists. Troubleshooting Offers packet capture at the AP and remote console access to the 3 Click Configure AP to modify AP settings.
  • Page 46 Monitor Capture packets from an individual AP or from a site. To capture packets from an individual AP, go to Monitor > Devices > Access Points. Select an access point, then select Troubleshooting > Packet Capture. To capture packets associated with a site, go to Monitor > Sites. Select a site, then select Troubleshooting >...
  • Page 47 Monitor Related Links Configuring AP Packet Capture on page 47 Packet Capture Parameters on page 47 Configuring AP Packet Capture To enable packet capture on an AP: Go to Monitor > Devices > Access Points. 2 Select an access point (not the check box). 3 Select Troubleshooting >...
  • Page 48 Monitor Field Name Field Description Wireless Enables wireless-packet capture on the selected AP. Filter packets on the basis of the direction of packet flow: • In — Capture packets received by the AP. • Out — Capture packets transmitted by the AP. •...
  • Page 49 Monitor Field Name Field Description Packet Destination Capture Destination. Valid values are: • File — Local .pcap file • scp — Provide the IP Address and credentials for the remote server. • AWS — Provide the url and access keys to the Amazon S3 Cloud Server Note: Each capture instance is assigned one local file.
  • Page 50 Monitor Understanding Switch States The following describes switch states on the Switches Device List. Table 12: Switch State from the Device List State Description In-service: • Switch acknowledges the sent configuration • Switch sends statistics every 5 minutes. In-Service Trouble: •...
  • Page 51 Monitor Table 13: Tabs on the Switch Details Screen (continued) Description Traces Lists trace information related to the selected switch. VLANS Provides a list of VLANS associated with the switch, including the switch port number. 3 Click Configure Switch to modify switch settings. Related Links Switch Widgets on page 51...

  • Page 52: Networks List

    Monitor • Alias • Function • Authentication • Port Speed • Neighbor Related Links Switch Port Configuration on page 116 NEW! Controllers List ExtremeCloud Appliance offers ExtremeWireless WiNG appliance users access to NSight by providing support for the ExtremeWireless WiNG infrastructure and acting as an NSight server. ExtremeWireless WiNG proxy controllers configured for NSight are listed in ExtremeCloud Appliance under Monitor >...

  • Page 53: Clients

    Monitor Table 14: Tabs on the Network Service Screen (continued) Description Switches List of switches associated with the network service. Clients List of clients associated with the network service. Use the search facility to find a specific client. Add or remove clients from black and white lists directly from this client list.
  • Page 54 Monitor Understanding Client Status The Client List shows the status of each client in the network. • Green — Clients with currently active sessions. • Grey — Inactive. Inactive clients continue to be displayed as long as they were active within the Duration selected.
  • Page 55 Monitor Figure 14: Client Actions Button Table 15: Client Actions Field Description Delete Delete a client from the network. • The client is removed from groups of which it was a member. • The client remains on a blacklist or whitelist, if it was included on a list before deletion.
  • Page 56 Monitor To access the Clients screen: Go to Clients and select a client from the list. Information about the selected client appears. Table 16: Client Information Client MAC address and status Associated Access Point Client IP Address Network SSID IPv6 Address, if applicable Associated AP Radio Last device group RSS Reading...
  • Page 57 Monitor Station Events Use the following information to troubleshoot access and performance for a specific client. Review client details and events associated with a client. The event source can be the Access Control Engine or the Wireless Manager. The fields in Table 18 are documented in alphabetical order.

  • Page 58: Policy

    Monitor Table 18: End-System Event Fields (continued) Field Description Timestamp Indicates date and time of the event. User Name Logged in user associated with the client. Related Links Configuring Roles on page 127 Access Control Rules on page 168 Client Widgets The following widget reports are available from the Client dashboard: •...
  • Page 59 Monitor match the naming conventions that already exist in the organization. The role name should match filter ID values set up on the RADIUS servers. The default non-authenticated role is used when the client is not authenticated but able to access the network.
  • Page 60 Monitor Table 19: Preconfigured Policy Roles Role Description Enterprise User Intended for admin users with full access Quarantine The Quarantine access policy is used to restrict network access to end- systems that have failed assessment. The Quarantine policy role denies all traffic by default while permitting access to only required network resources such as basic network services (e.g., ARP, DHCP, and DNS) and HTTP to redirect web traffic for assisted remediation.
  • Page 61 Monitor Related Links Adding Policy Roles on page 128 Role Widgets Widgets for an individual role policy show the following information: • Top applications (by throughput) per role • Top applications (by throughput) by concurrent users per role To view widgets for an individual role: Go to Monitor >...
  • Page 62 Monitor Figure 16: Top Rules by Hit Count on the Roles Dashboard Figure 17: Rule Hit Count on the Roles Dashboard Rule-level statistics are saved per role, per rule, as an aggregate of all mobile user clients. Hit count is collected separately for From User Traffic and To User Traffic, and hits to the default policy are included.

  • Page 63: Chapter 4: Configure

    Note To ensure the devices discover ExtremeCloud Appliance, configure DHCP, NPS, and DNS Services for ExtremeCloud Appliance discovery. For more information, see the ExtremeCloud Appliance Deployment Guide located in the Extreme Networks documentation portal: https:// extremenetworks.com/documentation/extremecloud-appliance. Create one or more sites.

  • Page 64: Sites

    Configure 7 Install and add devices. Access Points and switches are automatically added to an ExtremeCloud Appliance configuration via the cloud-connector when the DHCP and DNS prerequisites have been met. However, you can use the Add function to pre-provision any AP or switch before they connect, allowing them to be added to the correct site.
  • Page 65 Configure Go to Configure > Sites > Add. 2 Configure the site parameters. Related Links Site Parameters on page 65 Site Parameters Configure the following parameters for site configuration. Table 20: Site Configuration Parameters Field Description Name Determines the name of the site. Centralized Specifies a Centralized...
  • Page 66 Configure Floor Plans on page 16 Site Location on page 67 Device Groups on page 12 RADIUS Configuration for Switches Per Site on page 66 SNMP Configuration on page 199 NEW! RADIUS Configuration for Switches Per Site ExtremeCloud Appliance supports direct access from a switch to an external RADIUS server within the site configuration.
  • Page 67 Configure 3 Enable MSTP. Site Location To display your site location on a physical map from the Site workbench, provide site metadata including map coordinates. To access Site metadata: Go to Configure > Sites. 2 Select a site and click the Location tab. 3 Provide the following optional information: •...
  • Page 68 Configure Table 21: Device Group Settings Field Description Name Device Group name. Profile The configuration profile associated with the device group. Each AP platform has a default configuration profile. Select the default profile from the list or click to create a unique profile. RF Management The RF Management profile associated with the device group.
  • Page 69 Configure 2 From the Profile field, click to configure a new profile or click to edit the profile. 3 Configure the following parameters: Table 22: Profile Configuration Settings Field Description Name Name of the configuration profile. AP Platform Select the AP Platform on which to base the new configuration profile.
  • Page 70 Configure Table 22: Profile Configuration Settings (continued) Field Description Positioning Select a configured Positioning profile. Or, Click to add a new profile. Click to edit the selected profile. Note: Supported on AP39xx only. Analytics Select a configured ExtremeAnalytics profile. Or, Click to add a new profile.
  • Page 71 Configure Table 23: Radio Modes AP Model Radio 1 Radio 2 AP39xx 5GHz 2.4GHz • • sensor sensor • • a/n/ac • • ac-strict • b/g/n • g/n-strict AP505i 2.4GHz 5GHz • • sensor sensor • • a/n/ac • • a/n/ac/x •...
  • Page 72 Configure Table 23: Radio Modes (continued) AP Model Radio 1 Radio 2 AP84xx 2.4GHz 5GHz • • sensor sensor • • a/n/ac • • b/g/n AP85xx 2.4GHz 5GHz • • sensor sensor • • a/n/ac • • b/g/n Related Links Advanced AP Radio Settings on page 75 Radio as a Sensor...
  • Page 73 Configure Table 24: Advanced Configuration Profile Settings Field Description Band Steering Band steering is intended to relieve congestion by encouraging dual- band client devices to use the higher capacity 5 GHz band. To make use of this feature, ensure that networks are assigned to both radios. The system always enables both radios when Band Steering is enabled.
  • Page 74 Configure Table 24: Advanced Configuration Profile Settings (continued) Field Description Session Persistence Note: Supported on APs in a Centralized site and on AP5xx in a Distributed site. Determines if session persistence is enabled. A persistent session directs a client's requests to the same backend server for the duration of a session or the time it takes to complete a task or transaction.
  • Page 75 Configure Table 24: Advanced Configuration Profile Settings (continued) Field Description Link Aggregation Note: Supported on AP5xx models only. Enable or disable link aggregation. Link aggregation combines network connections to increase throughput and to provide redundancy in case of link failure. AP Log Level Specify the message level you want included in the AP log.
  • Page 76 Configure result in a single frame. Management information is specified only once per frame; therefore, the ratio of payload data to the total volume of data is higher, resulting in greater throughput. Note You can configure radio settings for all APs in a device group from the device group Radio tab and Advanced Radio dialog.
  • Page 77 Configure Table 25: Advanced Radio Settings (continued) Field Description Radio Share Mode Radio operates as a sensor and a traffic forwarder. Valid values are: • Off. When the radio mode is set to Off, the Radio Share capability is disabled. •...
  • Page 78 Configure Table 25: Advanced Radio Settings (continued) Field Description DTIM When any single wireless client associated with an access point has 802.11 power-save mode enabled, the access point buffers all multicast frames and sends them only after the next DTIM (Delivery Traffic Indication Message) beacon, which may be every one, two, or three beacons (referred to as the “DTIM interval”).
  • Page 79 Configure the AP to integrate with ExtremeLocation. ExtremeLocation is a premier location tracking and analytics solution by Extreme Networks. Using HTTPS with self-signed certificates, an AP opens WebSocket connections to the ExtremeLocation Server and reports RSS signal strength readings based on the ExtremeLocation configuration.
  • Page 80 Configure Table 27: ExtremeLocation Profile Settings (continued) Field Description Server Address The FQDN (fully-qualified domain name) of the LocationEngine Server. Minimum RSS RSS threshold for reporting location data. Valid values are -90 to -70 dBm. Report Frequency Reporting interval in seconds. 2 Click Save.
  • Page 81 Configure Adding or Editing a Configuration Profile on page 68 iBeacon Settings on page 81 iBeacon Scan Settings on page 82 Eddystone-url Beacon Settings on page 82 Eddystone-url Scan Settings on page 83 Thread Gateway Settings on page 84 iBeacon Settings Table 29: iBeacon IoT Settings Parameter Description...
  • Page 82 Configure iBeacon Scan Settings Table 30: iBeacon Scan Settings Field Description Application Determines application type. Select iBeacon Scan. Destination IP Address IP address of the customer Application Server that receives the beacon report. Destination Port Destination Port on the customer Application Server that presents the beacon report.
  • Page 83 Configure Table 31: Eddystone-url Beacon Settings (continued) Field Description Advertise Interval The advertising interval for the beacon application. Valid values are: Min (100ms) and Max (10240ms). The default value is Min (100ms). Measured RSSI The calibrated (or measured) RSSI, in dBm for the beacon. The transmitted beacon includes this value in the tag.
  • Page 84 Configure Thread Gateway Settings Note Thread Gateway is supported by access point models AP39xx and AP5xx (Centralized site) only. Table 33: Thread Gateway Settings Parameters Description Application Determines application type. Select Thread Gateway. Name Thread Network name. Default value is the AP serial number. Each AP creates a separate Thread Network identified with separate Short PAN ID and Extended PAN ID.
  • Page 85 68 Position Aware Services on page 16 Positioning Heatmaps on page 39 Analytics Profile Settings Configure the AP to integrate with the Extreme Networks premier analytics solution ExtremeAnalytics. Configure the following settings: Table 34: Analytics Profile Settings Field Description Name Name of Analytics profile.
  • Page 86 Configure RTLS Settings A Real-Time Location System (RTLS) profile must be configured and enabled within ExtremeCloud Appliance before ExtremeCloud Appliance will communicate with the location-based server and before the APs will perform location-based functionality. ExtremeCloud Appliance supports the following location-based solutions: •...
  • Page 87 Configure Configuring RF Management RF Management profiles are AP model dependent and reusable. Default profiles are intended to make RF Management easy, getting you up and running without having to configure an RF policy. However, you can always create additional profiles based off of default RF Management profiles. The RF Management support is dependent on the AP model.
  • Page 88 Configure Table 36: Basic RF Management Settings (continued) Field Description Coverage Hole Recovery Determines radio power adjustments to react to holes in RF coverage in an AP deployment area. Smart RF determines the radio power Note: Available for Smart RF policy only. adjustments required based on a reporting client’s signal to noise (SNR) ratio.
  • Page 89 Configure Table 37: Channel and Power Settings (continued) Field Description Max TX Power dBm Determines the maximum power level that can be used by the radio in dBm. The values are governed by compliance requirements based on the country, radio, and antenna selected, and will vary by AP. Channel Plan Select a Channel Plan option.
  • Page 90 Configure • Auto — ACS scans the default channel plan channels: 1, 6, and 11 in North America, and 1, 5, 9, and 13 in the rest of the world. • Custom — If you want to configure individual channels from which the ACS or Smart RF selects an operating channel, click Configure.
  • Page 91 Configure Table 38: ACS Interference Recovery Settings Field Description Channel Occupancy Threshold % Defines the channel utilization level, measured as a percentage. If the threshold is exceeded, ACS scans for a new operating channel for the Noise Threshold (dBm) Defines the noise interference limit, measured in dBm. If the noise interface exceeds this threshold, ACS scans for a new operating channel for the AP.
  • Page 92 Configure Related Links Basic RF Management Settings on page 87 Channel and Power Settings on page 88 Scan Settings for Smart RF on page 92 Neighbor Recovery Settings for Smart RF on page 93 Interference Recovery Settings for Smart RF on page 94 Scan Settings for Smart RF A Smart RF policy can reduce deployment costs by scanning the RF environment to determine the best...
  • Page 93 Configure Table 39: ExtremeWireless WiNG AP Scan Settings (continued) Field Description Scan Sample Count A client awareness count (number of clients 1 - 255) for Off Channel Scans of either the 5 GHz or 2.4 GHz band. Channel scanning is avoided when the number of clients associated with the AP radio is greater than or equal to the value configured here.
  • Page 94 Configure Table 40: Neighbor Recovery Settings Field Description Power Hold Time (seconds) The number of seconds Smart RF waits before changing radio channels in response to channel noise. This hold timer definition avoids channel flapping. Range is 0 to 3600 seconds. Neighbor Recovery 2.4 GHz Neighbor Power Threshold Defines the maximum power the 2.4 GHz radio will emit to...
  • Page 95 Configure Table 41: Smart RF Interference Recovery Settings (continued) Field Description Channel Hold Time Defines the minimum time between channel changes during neighbor recovery. Set the time in seconds (1- 86,400). This setting prevents rapid channel changes. Client Threshold Defines the number of clients that must be associated with a radio channel to initiate a interference recovery override.
  • Page 96 Configure Table 42: Select Shutdown Settings Field Description Enable Select to enable auto-shutdown of radios causing interference within the Smart RF monitored network. Auto-shutdown of select 2.4 GHz radios, in dual-band networks, maintains CCI levels within specified limits. When enabled, Smart-RF monitors CCI levels to ensure that the deployment average CCI remains within specified minimum and maximum limits.
  • Page 97 Configure 5 Draw the inner walls. 6 Place the devices. 7 Assign badges, and view the heat maps and device coverage. Related Links Floor Plan Limits on page 18 Adding a New Floor Plan on page 99 Setting a Background Image on page 100 Setting Floor Plan Scale on page 101...
  • Page 98 Configure Devices that are displayed on the floor plan belong to a selected device group. All devices in a device group must share the same platform (as well as profile configuration and RF Management). The example site has four device groups and three floor plans: •...
  • Page 99 Configure 2 From the map, right-click each icon and select the serial number for the AP that will be installed in that location. Note The list of available APs is populated from the selected device groups. 3 To edit the AP placement, click the AP selector next to the Place APs field, then click the AP icon and drag it to a new location.
  • Page 100 Configure Table 43: New Floor Plan Settings Field Description Floor Name Unique name for the floor plan. Floor Height Floor height in meters. 2 Click OK. Related Links Adding a New Floor Plan on page 99 Importing or Exporting a Floor Plan on page 100 Importing or Exporting a Floor Plan ExtremeCloud Appliance supports the following floor plan file formats:...
  • Page 101 Configure 4 Navigate to the background image file. The following image file formats are supported: .jpg, .png. svg Note .svg is not supported with Internet Explorer version 11. 5 Click Open. The background image is displayed. 6 Click Save to save the floor plan. To remove the image: display the image on the map and click the Floor Image delete icon .
  • Page 102 Configure Figure 18: Setting Floor Plan Scale • Click to draw a doorway. Draw a line to represent a doorway. 2 Click Apply. • Click to draw the floor length. Draw a line on the map that represents an actual physical distance.
  • Page 103 Configure Drawing Inner Walls Wall materials affect the propagation of the signal and estimation models. An accurate representation of the walls is essential to the accuracy of the model. We recommend that you draw inner walls for a custom environment and choose material types, such as concrete around stairwells.
  • Page 104 Configure 4 Click the device from the list. The cursor changes to an device icon 5 Click on the floor plan to place the device. 6 If you need to move the device on the floor plan, first click the selector tool, then select the device icon and move it on the map.

  • Page 105: Devices

    Release Notes for a list of supported APs and switches. Note ExtremeCloud Appliance supports Extreme Defender Adapter SA201 for the Defender for IoT solution. For more information on Extreme Defender for IoT, refer to documentation located in the Extreme Networks documentation portal: https://extremenetworks.com/ documentation/defender-application. Related Links...
  • Page 106 Configure Adding or Editing a Configuration Profile on page 68 Advanced AP Radio Settings on page 75 Network Snapshot: AP Dashboard on page 44 Opening Live SSH Console to a Selected AP on page 49 Packet Capture on page 45 Switches on page 113 Controllers List...
  • Page 107 DHCP and DNS prerequisites have been met. For full instructions on configuring DHCP, NPS, and DNS services, refer to the ExtremeCloud Appliance Deployment Guide located in the Extreme Networks documentation portal: https://extremenetworks.com/documentation/ extremecloud-appliance. You can use the Add functionality to pre-provision any AP or switch before they connect.
  • Page 108 Configure When you create device groups, then add APs, a list of discovered APs that match the site and device group configuration settings will display on the Edit Device Group page. You can then select each AP from the Edit Device Group page to add it to the device group. If your APs are not displaying within the Edit Device Group page, verify the following: •...
  • Page 109 Configure 4 Select an LED Status. Valid values are: Table 45: LED Operational Modes LED Mode Information Displayed Displays fault patterns only. LEDs do not light when the AP is fault free and the discovery is complete. Normal Identifies the AP status during the registration process during power on and boot process.
  • Page 110 Configure Advanced AP Settings Table 47: Advanced AP Settings Field Description Actions Reboot Restart the AP. Retrieve Trace ExtremeCloud Appliance collects information from the AP, including logs and crash reports if applicable. Download Trace Download the trace report. Overrides Management VLAN ID Override Virtual Local Area Network Identifier.
  • Page 111 Configure 3 Click Professional Install. The fields and corresponding antenna value options that appear on the Professional Install dialog depend on the selected AP and the antenna models that are available. Select an antenna for each available port. By default, the two antennas must be identical. However, you have the option to select No Antenna for the second antenna port.
  • Page 112 Configure • Mode 1. Radios 1 and 2 are enabled when: • One or more antennas are configured in Group 1. • Mode 2. Radio 1 is a 2.4/5 sensor and Radio 2 forwards traffic. • Radio 2 is enabled only if one or more antennas are configured in Group 1. •...
  • Page 113 Configure • INTERNAL-560H-30, dual band, 8feed, 30 degree sector • INTERNAL-560H-70, dual band, 8feed, 70 degree sector Note The AP must be part of an AP560 device group to display the Professional Install dialog. Figure 21: AP560h Professional Install Settings Related Links Adding APs on page 107...
  • Page 114 Configure Table 48: Switch Actions (continued) Field Description Retrieve Traces Initiates a traces routine creating a zip file that includes switch configuration, state information, and log files. ExtremeCloud Appliance receives the Traces zip file and presents a download-able zip file in the Traces tab on the Monitor page for the switch.
  • Page 115 Confirm that the DHCP server is serving the correct DNS and domain name information. Note For full instructions on configuring DHCP, NPS, and DNS services, refer to the ExtremeCloud Appliance Deployment Guide located in the Extreme Networks documentation portal: https://extremenetworks.com/documentation/extremecloud- appliance 2 Go to Configure >...
  • Page 116 Configure Go to Configure > Devices > Switches and select a switch (not the check box). For each port, the following information is displayed: • Admin State • Name • Alias Function • Speed • Neighbor • Lag Members • 2 Select one or more ports from the list,.
  • Page 117 Configure Admin State Indicates if the port is an Admin Port. Valid values are On or Off. Function Port function refers to the type of device the port serves. Valid values include: • Access Point. Connects an access point. This port is part of all VLANs that are defined for all VLANs on the site.

  • Page 118: Networks

    Configure Advanced Switch Settings Table 50: Advanced Switch Settings Field Description Bridge Priority Indicates the priority of the switch in a Spanning Tree network configuration to determine the Root Bridge Switch. All switches are assigned a Bridge Priority. The Bridge Priority plus the Mac Address determine the Switch ID.
  • Page 119 Configure Related Links Network Service Settings on page 119 Associated Profiles on page 129 Managing a Network Service on page 127 Network Service Settings Table 51: Network Service Configuration Settings Field Description Network Name Enter a unique, user-friendly value that makes sense for your business. Example: Staff SSID Enter a character string to identify the wireless network.
  • Page 120 Configure Table 51: Network Service Configuration Settings (continued) Field Description MAC-based Authentication The following parameter appears when MAC-based Authentication is enabled: • MBA Timeout Role. Select the role that will be assigned to a wireless client during MAC-based authentication (MBA) if the RADIUS server access request times out.
  • Page 121 Configure Privacy Settings for WPAv2 with PSK WPAv2 with PSK — Network access is allowed to any client that knows the pre-shared key (PSK). Configure the following privacy settings: • TKIP-CCMP — Select this option to use Temporal Key Integrity Protocol (TKIP) and Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP).
  • Page 122 Configure NEW! Privacy Settings for WEP Important Always use a restrictive policy to the associated VLAN to reduce your exposure after a breach. WEP (Static Wired Equivalent Privacy) uses keys for a selected network, that match the WEP mechanism used on the rest of the network. Each AP can participate in up to 50 networks. Specify one WEP key per network.
  • Page 123 Configure Table 52: Internal Captive Portal Settings Field Description Portal name Select an icon to add, edit, or delete a captive portal. When you add or edit a captive portal, the portal configuration dialog displays. Portal Connection Indicates the Interface/Topology that is used for the portal communication.
  • Page 124 Configure Table 53: External Captive Portal Settings (continued) Field Description Shared Secret The password that is used to validate the connection between the client and the RADIUS server. Use HTTPS for connection Indicates that the connection will be secure with HTTPS. Send Successful Login To Indicates destination of authenticated user.
  • Page 125 Configure Adding Walled Garden Rules Take the following steps to configure Walled Garden rules: Go to Configure > Networks and select a network. 2 Enable Captive Portal. 3 Click Walled Garden Rules. 4 Click drop-down to display settings for each OSI layer: •...
  • Page 126 Configure 2 Click Advanced. 3 Configure the following parameters: RADIUS Indicates that the RADIUS server will also handle RADIUS accounting requests. Accounting Hide SSID Prevents the SSID from going in a beacon message but sends out the SSID when a device probes the APs.

  • Page 127: Policy

    Configure Related Links Network Service Settings on page 119 Managing a Network Service Once a network service is created, you can modify the configuration settings or delete the network. To get started: Go to Configure > Networks. 2 Select a network service from the list. The network settings display.
  • Page 128 Configure When the default action is sufficient, a role does not need additional rules. Rules are used only to provide unique treatment of packet types when a single role is applied. ExtremeCloud Appliance is shipped with a default policy configuration that includes the following default roles: •...
  • Page 129 Configure Associated Profiles on page 129 Policy Role Settings Table 55: Role Parameter Settings Field Description Name Name of the role. Bandwidth Limit Select this option to allow unlimited bandwidth. Click to set the Class of Service value. Default Action Determines the access control default action.
  • Page 130 Configure and the policy, it is necessary to open each device group and associate the configured network and the defined roles by editing the assigned configuration Profile. ExtremeCloud Appliance simplifies this procedure. After saving a network configuration or policy definition, ExtremeCloud Appliance prompts you to select the configuration Profile for association. Note The association that you define applies to all device groups that use the selected configuration Profile.
  • Page 131 Configure Select the L2 drop-down and select New or select the rule to edit and existing rule. 2 Configure the following parameters: Name Name the rule. Action Determines access control action for the rule. Valid values are: • None - No role defined •...
  • Page 132 Configure IP Subnet Specify the IP address or subnet address associated with the defined rule. Traffic from this address will be subject to the defined rule. Valid values are: • User Defined. Specify the destination IP address and mask. Use this option to explicitly define the IP/subnet aspect of the rule.
  • Page 133 Configure Custom application rules are rules that you create to recognize (match) applications that are not in the pre-defined set of application matches provided by ExtremeCloud Appliance. You create a custom application rule by defining a regular expression to match against host names. The rule's match criteria will be available as a match criteria for policy rules that you create in the future.
  • Page 134 Configure • None - No role defined • Allow - Packets contained to role's default action's VLAN/topology • Deny - Any packet not matching a rule in the policy is dropped. • Containment VLAN - A topology to use when a network is created using a role that does not specify a topology.
  • Page 135 Configure Table 56: Custom Application Settings Field Description Group Internet applications are organized in groups based on the type or purpose of the application. Once you select an Application Group, the Application Name drop-down is populated with application names that are part of the specified group. The group names are pre-defined standard Extreme Application Analytics ™...
  • Page 136 Configure 3 Configure the following parameters: Name Naming should reflect the priority for your organization and be easily recognized by your IT team, such as Bulk Data or Critical Data. Priority Define how the Layer 2 priority of the packet will be marked. Priority 0 is the highest priority. 4 For ToS/DSCP, define how the Layer 3 ToS/DSCP will be marked.
  • Page 137 Configure Bandwidth Rate Inbound Rate: Inbound traffic is sent from the client to the network. Rate limits are enforced on a per- client basis whether the rate limit is assigned to a rule or role. Each client has its own set of counters that are used to monitor its wireless network utilization.
  • Page 138 Configure To configure a VLAN: Select Configure > Policy > VLANS. 2 Select Add, or select an existing VLAN from the list. 3 Configure the following parameters: Table 57: VLAN Configuration Settings Field Description Name Provide a unique name for the VLAN. Mode Bridged@AC —...
  • Page 139 Configure Table 57: VLAN Configuration Settings (continued) Field Description CIDR CIDR field is used along with IP address field to find the IP address range. DHCP Dynamic Host Configuration Protocol allows network administrators to centrally manage and automate the assignment of IP addresses on the corporate network. DHCP sends a new IP address when a computer is plugged into a different place in the network.
  • Page 140 Configure Pre-defined Multicast Rules Go to Policy > VLANS > Add, or select a VLAN. 2 Select Advanced. 3 Select Add Pre-Defined Rule. 4 Select a value from the Multicast Group field and click Add. Related Links Configuring a Multicast Rule on page 140 Configuring VLANS on page 137...
  • Page 141 Configure ExtremeWireless APs connected to a Fabric-enabled switch automatically use the default management VLAN that is configured on the switch. Moving an AP from a Fabric-enabled switch to a non Fabric- enabled switch requires a factory default reset to connect to the new management VLAN. Note When using ExtremeWireless WiNG APs, you must manually set the Management VLAN ID from the device group Profile.

  • Page 142: Ap Adoption Rules

    Configure • Select a group to view or edit. • Click Add to add a new group. Related Links VLAN Group Settings on page 142 VLAN Group Settings To create a VLAN Group: Go to Configure > Policy > VLAN Groups. 2 Click Add.
  • Page 143 Configure To avoid this manual process, create AP adoption rules before you register the devices. AP adoption rules organize your devices based on preset conditions or rules. When you are ready to register one or more APs: Create the logical device groups within a site. 2 Configure the adoption rules that populate the groups.
  • Page 144 Configure Adoption Rule Settings Configure the following parameters to create an adoption rule: Site Select the site associated with the adoption rule. The site holds the device group. The device group includes the APs that meet the filter criteria. Device Group Select a device group that will contain the APs that meet the filter criteria. Filter Parameters IP Address/CIDR Filter the APs by IP address, adopting APs into the specified device group based on their IP address.

  • Page 145: Chapter 5: Onboard

    Onboard AAA Authentication Managing Captive Portal Managing Access Control Groups Access Control Rules AAA Authentication Configure network access from the Onboard menu, including AAA configuration, local password repository, LDAP, and captive portal configuration, access control groups, and a rules engine. Related Links Managing RADIUS Servers on page 146...
  • Page 146 Onboard 3 Configure the following parameters for the default configuration: Table 58: Default AAA Configuration Parameters Field Description Authentication Method Determines the method for user authentication. Additional authentication parameters depend on the method you select here. Valid values are: • RADIUS.
  • Page 147 Onboard Advanced RADIUS Settings on page 147 RADIUS Settings Configure the following parameters and click Save. Table 59: RADIUS Server Settings Field Description RADIUS Server IP address IP address of the RADIUS server. Response Window Determines the window of time, in seconds, that ExtremeCloud Appliance will wait for a response from the RADIUS server.
  • Page 148 Onboard Table 60: RADIUS Server Advanced Settings Field Description Username Format Determines if the domain name will be included in the username when proxying a request to the backend RADIUS server. Valid values are: • Strip Domain Name (default) - Select this option unless the backend RADIUS server requires the domain name to be included.
  • Page 149 Onboard LDAP Configurations LDAP (Lightweight Directory Access Protocol) is a software protocol used to locate people, organizations, or other resources in a network. LDAP can be used on a public Internet or on a corporate intranet. Configure an LDAP configuration for each LDAP server in your network. To access or add new LDAP configurations: Go to Onboard >...
  • Page 150 Onboard Table 61: LDAP Configuration Settings (continued) Field Description Schema Definition Describes how entries are organized in the LDAP server. Click View to see default definitions. You can modify these definitions if necessary. Test Configuration Test the specified configuration. The connection to the LDAP server is tested and a report on connection test results is provided.
  • Page 151 Onboard Table 62: LDAP Schema Definition Settings (continued) Field Description Use Fully Qualified Domain Name Select this option to use the Fully Qualified Domain Name (FQDN). Clear this option to use the hostname without domain. OU Object Classes Organizational Unit Object Classes Related Links LDAP Configurations on page 149...
  • Page 152 Onboard User Account Settings Configure the following user account settings and click Save. Table 63: User Account Settings Field Description Enabled Indicates if the user account is enabled. Select to enable the user account. First Name User's first name. Last Name User's last name.
  • Page 153 Onboard Generate Browser Certificates Browser certificates are used for website security or to secure the captive portal client communications. Generate a certificate or use a saved certificate and key from one or more files. Go to the following screens for the Certificates feature: •...

  • Page 154: Managing Captive Portal

    Onboard 3 Select the Certificate option: • Generate a new unique private key and certificate This option generates and loads a Self-Signed certificate. • Provision a private key and certificate from files This option loads the key and certificate from a Certificate Authority. Select this option, then do the following: Click Choose File and navigate to the Private Key file.
  • Page 155 Onboard • From any VLAN or interface with Management enabled (except for Admin), you can connect to https://interface_ip:8445/administration. Related Links Portal Website Configuration on page 155 Portal Network Configuration on page 163 Portal Administration Configuration on page 163 Portal Website Configuration From the Website Configuration tab, configure settings related to guest access, authentication, and appearance of the portal website.
  • Page 156 Onboard Related Links Guest Portal: Guest Web Access on page 156 Guest Portal: Guest Registration on page 157 Authenticated Portal: Authenticated Web Access on page 159 Authenticated Portal: Authenticated Registration Settings on page 159 Look and Feel Settings on page 161 Guest Portal: Guest Web Access Table 64: Guest Portal —...
  • Page 157 Onboard Default Rules for Captive Portal on page 171 Guest Portal: Guest Registration Table 65: Guest Portal — Guest Registration Field Description Guest Portal — Guest Registration Introduction Message Introduction Message. Custom Fields Custom Fields. Redirection See Redirection. Default Expiration Indicates registration window before expiration, measured in days, minutes, or hours.
  • Page 158 Onboard Authentication with Third-party Credentials Guest Registration using a third-party application has the following advantages: • It provides ExtremeCloud Appliance with a higher level of user information by obtaining information from the end user's third-party application account instead of relying on information entered by the end-user.
  • Page 159 Onboard Authenticated Portal: Authenticated Web Access Table 66: Authenticated Portal — Authenticated Web Access Field Description Login or Register Message Introduction Message. Introduction Message Introduction Message. Failed Authentication Message The message displayed to the end-user upon failed authentication. By default, this message advises the end user to contact their network administrator for assistance.
  • Page 160 Onboard Table 67: Authenticated Portal — Authenticated Registration Settings (continued) Field Description Default Max Registered Devices Indicates the maximum number of MAC addresses each authenticated end user may register on the network. If a user attempts to exceed this count, an error message is displayed in the Registration web page. The default value for this field is 2.
  • Page 161 Table 68: Captive Portal Website Look and Feel Settings Setting Description Display Powered by Logo Display the Extreme Networks logo at the bottom of all of your portal web pages. Edit Message String Modify the message displayed to users on the menu bar of any registration or web access page.
  • Page 162 Onboard Table 68: Captive Portal Website Look and Feel Settings (continued) Setting Description Edit Colors Click on the Background or Text color box corresponding to each item to open the Choose Color window. Define the colors used in the portal web pages: •...
  • Page 163 Onboard Portal Network Configuration Configure settings for portal network configuration: Go to Onboard > Portal. 2 Click an existing portal or click Add. 3 Configure the following parameters on the Network Configuration tab. Table 69: Network Configuration Settings Field Description Use Mobile Captive Portal Allows mobile devices to access the network via captive portal registration and remediation.
  • Page 164 Onboard 2 Click an existing portal or click Add. 3 Configure the following parameters on the Administration tab. Table 70: Admin Portal Configuration Settings Setting Description Welcome Message Message displayed to users when they log into the administration portal. The default welcome message is Registration System Administration.

  • Page 165: Managing Access Control Groups

    Onboard Message String Settings From this dialog, select the message Locale and edit the Description text for the registration verification message displayed during the user verification process. Managing Access Control Groups An access control group is used to organize mobile clients by various group types, including device type or end system characteristics such as IP address, hostname, or LDAP host group.
  • Page 166 Onboard Table 72: Access Control Group Settings (continued) Field Description Group Type Criteria by which the accounts are grouped. Valid values are: • End System - MAC Possible entry values are: • MAC Address • MAC Mask • MAC OUI (Organizationally Unique Identifier) •...
  • Page 167 Onboard 5 To modify an entry: Select an entry from the Entry list. 2 Click the drop-down arrow and select a new value. Cloning Groups To easily create new groups, use the cloning feature, then modify the group entries and settings as necessary.

  • Page 168: Access Control Rules

    Onboard Access Control Rules Access Control Rules allow you to apply network access permissions and restrictions based on defined rules. The rules can address network resources, a user's role or purpose in the organization, or the device type that is used to access the network. Network access control is dynamic. End-user network access can change as group associations change without a network administrator getting involved.
  • Page 169 Onboard • One network policy rule that provides full access to the network. • One application policy rule that denies access to social media apps. 2 Configure a policy role named Basic Student Access: The member has limited network access but access to all applications is allowed.
  • Page 170 Onboard Results: • If the student is a member of the student body using a school computer, the student has full network access and is denied access to social media applications. • If the student is a member of the student body using a personal computer, the student has limited access to the network and full access to social media.
  • Page 171 Onboard Rule Settings on page 171 Default Rules for Captive Portal The following Access Control rules are added when you enable an internal captive portal. The rules are removed when you disable the captive portal. • Unregistered: This rule is a catchall, and will always be listed immediately before the Default Catchall. Users who do not match any other rule will match Unregistered, and they will be presented with the captive portal.
  • Page 172 Onboard Table 73: Access Control Rule Settings (continued) Field Description End-System Group The end-system group that you configured that is affected by the rule. End-systems that do not match any of the listed rules are assigned the Default Catchall rule. Device Type Group The device type group that you configured that is affected by the rule.

  • Page 173: Chapter 6: Tools

    Tools Workflow Logs Diagnostics NEW! Workflow Use Workflow to understand the relationships between the ExtremeCloud Appliance components and to more easily navigate ExtremeCloud Appliance. The following is a relationship diagram illustrating the ExtremeCloud Appliance components. You can easily navigate to any of these components using Workflow.
  • Page 174 Tools Navigating ExtremeCloud Appliance Using Workflow on page 174 Modifying a Component on page 181 Navigating ExtremeCloud Appliance Using Workflow The following component types are displayed when you access Tools > Workflow: Site, Profile, Role, and Network. Alternatively, you can use the Search field to search for any component. The Workflow pane lists all components that are available in ExtremeCloud Appliance.
  • Page 175 Tools How to Navigate Using Workflow Go to Tools > Workflow to navigate ExtremeCloud Appliance accessing components. The following example illustrates the relationship between ExtremeCloud Appliance components, and it demonstrates how to easily access each component using Workflow. Select the Site icon on the Workflow page to display a list of available sites. Note If there is only one available component of that type, the component details or configuration page displays instead of a list of specific components.
  • Page 176 Tools Figure 25: Site with associated components Figure 25 illustrates possible icon colors on the Workflow page: • Black Icon — The center icon surrounded by associated icons. This icon has the focus. • White Icon — This icon indicates a configured component that is associated with the center icon. •...
  • Page 177 Tools 4 Select a specific device group from the list. The device group icon gains focus. Figure 26: Device Group with associated components • A device group has the following associated components: • RF Management • Site • Access Point •...
  • Page 178 Tools 6 Each device group has a single profile. Click the Profile icon to display the configuration items associated with that profile. Figure 27: Profile with associated components Note Grey icons indicate components that are not configured. Click to display the Edit Profile page and configure the component.
  • Page 179 Tools Adding or Editing a Configuration Profile on page 68 Adding APs on page 107 Navigating ExtremeCloud Appliance Using Workflow on page 174 Workflow on page 173 Adding Components from Workflow The Workflow pane lists all available components and indicates how many components you have configured for each component type.
  • Page 180 Tools Figure 30: Add AP dialog 3 Configure the following parameters, then click OK. • Serial Number • Model • Name • (Optional) Description The Access Points configuration page for the specific AP displays. See Configure AP Radio Settings on page 108 for instructions on configuring the AP radio settings. Related Links Configure AP Radio Settings on page 108...
  • Page 181 Tools A confirmation dialog displays. Figure 31: Delete AP in Workflow 3 Click OK to delete the component. Related Links How to Navigate Using Workflow on page 175 Adding Components from Workflow on page 179 Modifying a Component You can easily modify any component that has focus at the center of the Workflow page. Select the component that has the focus.

  • Page 182: Logs

    Tools Logs The log messages contain the time of event, severity, source component, and any details generated by the source component. Log messages are divided into the following groups: • Events • Station Events • Audit • AP Logs Working with the logging page: •...
  • Page 183 Tools View Station Logs If configured to do so, ExtremeCloud Appliance logs all station events. You can view a record of the station event from the Tools workbench or from the Clients workbench. Note Send Station Events before viewing station logs. Station log files include the following information: •...
  • Page 184 Tools Go to Tools > Logs > Audit. 2 (Optional) Search for a specific audit log. 3 Set a filter or use the default filter. 4 Press Enter to execute a search. The audit log list is updated. 5 (Optional) Select to export the data and manage which columns display.

  • Page 185: Diagnostics

    Tools Go to Tools > Logs. 2 Click Change to display the Start Date/Time dialog. 3 From the Time field, specify the hour and minutes and click AM or PM. 4 In the Date field, use the arrows to navigate to the month, then select the calendar day. 5 Click OK.
  • Page 186 Tools Packet Capture on page 45 Network Service Engine TCP Dump Management Table 75: Network Service Engine TCP Dump Management Field Description Interface Target interface. See list of possible interfaces on the Interface tab. Filename Specify the name of the dump file. Save File To Specify where to save the dump file.

  • Page 187: Chapter 7: Administration

    Administration System Configuration Managing Administrator Accounts ExtremeCloud Appliance Applications Licensing System Configuration System administrators can do the following from the System menu: • Configure network interfaces and network time. • Manage software upgrades and system maintenance. • Configure availability mode for network failover and redundancy. •...
  • Page 188 Administration Static Routes Use static routes to set the default route of the ExtremeCloud Appliance so that device traffic can be forwarded to the default gateway. To add a static route, click Add. Related Links Add an Interface on page 188 Add a Static Route on page 189 Add an Interface...
  • Page 189 Administration Table 76: Interface Parameters (continued) Field Description IP Address For an Admin topology, the Layer 3 check box is selected automatically. The IP address is mandatory for a Physical topology. This allows for IP Interface and subnet configuration together with other networking services.
  • Page 190 Administration Network Time System administrators can configure network time and the NTP servers. Go to Administration > System > Network Time. System Time Displays the current system date and time. Time Zone Settings Manually configure time zone settings for your network. Search for a time zone, and click Save to manually change system date and time.
  • Page 191 Administration Performing a Backup Before you perform a backup procedure, decide what to backup and where to save the backup file: • Select full backup or configuration only. • Select a location to store the backup file. • (Optional) Configure a backup schedule. On-demand backups can only be stored locally, while scheduled backups can be stored on a mounted flash drive or on a remote server.
  • Page 192 Administration Upgrading Software Note All locally-stored configuration backup files are removed during software upgrade. To preserve locally-stored files, download them prior to upgrading the ExtremeCloud Appliance software. There is more than one way to put the upgrade image on ExtremeCloud Appliance: •...
  • Page 193 Administration Date Enter the date of the scheduled upgrade in Month: Day format (MM-DD). Note When you supply a Date and Time that has passed, the schedule is set for the following year at the specified date and time. 4 Click Schedule. Related Links Software Upgrade on page 190...
  • Page 194 Administration Upgrade AP Images To upgrade AP image files, do the following: Go to Administration > System > Software Upgrade. 2 Scroll down the page to AP Images. 3 Select an AP Platform. 4 To upload image from local drive: •...
  • Page 195 Administration USB connector the device is connected to. If you connect more than one USB device at a time, the system returns an error. Note Format flash devices as non-bootable. The ExtremeCloud Appliance may experience difficulty rebooting when connected to a bootable formatted flash device.
  • Page 196 Administration Related Links Availability Pair Settings on page 198 Mobility Settings on page 198 Session Availability on page 196 Availability Link Status on page 26 Configuring VLANS on page 137 Session Availability Session availability enables wireless APs to switch over to a standby (backup) wireless appliance fast enough to maintain the mobile user’s session availability in the following scenarios: •...
  • Page 197 Administration Figure 33: AP Fail Over When Connectivity to Primary Fails The backup ExtremeCloud Appliance does not have to detect its link failure with the primary ExtremeCloud Appliance for the session availability to kick in. If the AP loses five consecutive polls to the primary ExtremeCloud Appliance either due to the ExtremeCloud Appliance outage or to connectivity failure, it fails over to the backup ExtremeCloud Appliance fast enough to maintain the user session.
  • Page 198 Administration The following is the traffic flow of the topology illustrated in Figure • The AP establishes the active tunnel to connect to the primary ExtremeCloud Appliance. • The ExtremeCloud Appliance sends the configuration to the AP. This configuration also contains the port information of the backup ExtremeCloud Appliance.
  • Page 199 Administration 2 Check Mobility and configure the following parameters: Table 80: Mobility Settings Field Description Port The port address of the ExtremeCloud Appliance. Discovery Method Method by which ExtremeCloud Appliance discovers the mobility manager. You have two options: • SLPD — Rely on SLP with DHCP Option 78 •...
  • Page 200 Administration To configure SNMP for the full ExtremeCloud Appliance environment: Go to Administration > System > Settings > SNMP. To configure SNMP for the switches associated with a site: Go to Configure > Sites and select a site. 2 Click SNMP. Table 81 describes how to configure SNMP credentials on ExtremeCloud Appliance.
  • Page 201 Administration Related Links Working with SNMPv2 Communities on page 201 Working with SNMPv3 Users on page 201 Working with SNMP Notifications on page 202 Working with SNMPv2 Communities To access SNMPv2 Communities: • Go to Administration > System > Settings > SNMP •...
  • Page 202 Administration Working with SNMP Notifications on page 202 Working with SNMPv2 Communities on page 201 Working with SNMP Notifications To work with SNMP notifications: Go to Administration > System > Settings > SNMP. 2 Find the SNMP Notifications field. 3 To add a notification: Click Add.
  • Page 203 Administration For more information about using ExtremeCloud Appliance as a proxy server, see the ExtremeCloud Appliance Deployment Guide. System Logging Configuration Syslog event reporting uses the syslog protocol to relay event messages to a centralized event server on the enterprise network. In the protocol, a device generates messages, a relay receives and forwards the messages, and a syslog server receives the messages.
  • Page 204 Administration System Information Go to Admin > System > System Information to view the following information about your system. Figure 35: Example System Information Figure 36: Example Manufacturing Information ExtremeCloud Appliance User Guide for version 4.36.03...

  • Page 205: Managing Administrator Accounts

    Administration Managing Administrator Accounts ExtremeCloud Appliance is shipped with a factory-set, default administrator account with full rights: • The user ID is admin. • The factory preset password for this account is abc123. These values are case sensitive. During initial configuration of ExtremeCloud Appliance, the CLI wizard prompts you to change the default Admin user ID and password.

  • Page 206: Extremecloud Appliance Applications

    ExtremeCloud Appliance operates as the base operating system for container applications that will share its resources. ExtremeCloud Appliance supports container applications that offer custom solutions for network management. Applications are installed as .Docker files available on Extreme Networks support site or downloaded from the Docker hub.
  • Page 207 Administration Upgrading an Application on page 208 Uninstalling an Application on page 209 Application Details on page 209 Extreme Defender for IoT on page 210 NEW! Configuration Template Details Use a configuration template to install and upgrade container applications in ExtremeCloud Appliance. To add a template: Go to Administration >...
  • Page 208 Administration Table 82: Container Application Configuration Template (continued) Field Description Logs Config Log file format. Valid values include: • json-file. Default value,which allows you to view the application logs from the application Details icon in ExtremeCloud Appliance. • syslog. View application logs from the System log file. •...
  • Page 209 Administration 6 Click Upload and select the Docker file. 7 Click Open and click OK. 8 Click to start the application. Related Links Installing Applications on page 206 Uninstalling an Application on page 209 Uninstalling an Application Note All application data is deleted when you uninstall an application. To uninstall an application: Go to Admin >...

  • Page 210: Licensing

    ExtremeCloud Appliance offers a default configuration template for the Extreme Defender Application. Note The Extreme Defender Application is available on the Extreme Networks support site. The Extreme Defender Application user interface can be accessed using the HTTPS protocol on the TCP port 5825.
  • Page 211 Administration The ExtremeCloud Appliance can be in the following licensing modes: • Unlicensed — (DEMO) When the appliance is not licensed, it operates in demo mode. In demo mode, you can operate as many devices as you want, subject to the maximum limit of the platform type.
  • Page 212 Administration • AP560i/h The following ExtremeWireless ™ AP39xx series APs are supported in a Centralized site: • AP3917i/e/k • AP3916ic • AP3915i/e • AP3912i • AP3935i/e • AP3965i/e ™ The following ExtremeWireless WiNG APs are supported in a Distributed site: •...
  • Page 213 3 The Extreme Networks web portal presents the temporary key. 4 On the ExtremeCloud Appliance, go to Admin > License. 5 Copy and paste the key from the Extreme Networks web portal to the ExtremeCloud Appliance user interface. 6 Click Apply to apply the temporary license.
  • Page 214 Administration 5 Click Apply to apply the capacity license. Note There are SKUs available for device adoption transfer and SKUs for capacity adoption. Use these SKUs to transfer existing devices to ExtremeCloud Appliance. Related Links Obtaining a Temporary License Key on page 213 Obtaining a Permanent License Key on page 213...

  • Page 215: Glossary

    Glossary Chalet Chalet is a web-based user interface for setting up and viewing information about a switch, removing the need to enter common commands individually in the CLI. Command Line Interface. The CLI provides an environment to issue commands to monitor and manage switches and wireless appliances.
  • Page 216 Glossary Built on architecture with the latest technology, the embedded operating system supports application containers that enable future expansion of value added applications for the unified access edge. Learn more about ExtremeCloud Appliance at https://www.extremenetworks.com/product/extremecloud- appliance/. ExtremeCloud ExtremeCloud is a cloud-based network management Software as a Service (SaaS) tool. ExtremeCloud allows you to manage users, wired and wireless devices, and applications on corporate and guest networks.
  • Page 217 Index Certificates, AAA Certificate Authorities 154 channel plan, configuration 89 AAA configuration, default 145 Class of Service, configuring 135, 136 Access Control client actions 54 AAA configuration 145 Client Events 57 certificates 152 client, snapshot 55 groups 165 Column Display, configuring 20 LDAP Configuration 149 Configuration Profile, adding or editing 68 RADIUS Servers 146 configuration template, adding for applications 207 rules 168 Controllers list 52...
  • Page 218 Index privacy settings for WPAv2 with PSK 121 Professional Install Settings LAG, configuring 116 AP510e 111 LDAP Configuration 149 AP560h 112 LDAP Connection, testing 151 profiles LDAP Schema Definition 150 network association 129 LDAP settings 149 role association 129 license key, permanent 213 proxy server 20 license key, temporary 213 licensing, capacity key 213 Licensing, obtaining a key 212 Local Password Repository 151 radio mode 70...
  • Page 219 Index SSH, Live Console to AP 49 SSID, configuring 119 static route, adding 189 Station Events 57 support, see technical support switch, snapshot 50 switches 113 Switches port configuration 116 Port Dashboard 51 RADIUS settings 66 Switches list 49 system information, viewing 204 system maintenance 194 technical support contacting 6, 7 ToS/DSCP, configuring 135, 136 troubleshooting 209 upgrades, scheduled 192 upgrading 192...

This manual is also suitable for:

Extremecloud appliance e2120Extremecloud appliance e1120Extremecloud appliance e3120

Table of Contents