omniaccess aos-w system reference

OmniAccess Reference

TM

AOS-W System Reference

OmniAccess Reference: AOS-W System Reference

CopyrightCopyright 2005 Alcatel Internetworking, Inc. All rights reserved. Specifications in this manual are subject to change without notice. Originated in the USA.

TrademarksAOS-W, OmniAccess 4304, OmniAccess 4308, OmniAccess Wireless LAN, OmniAccess 6000, OmniAccess AP60, OmniAccess AP61, and OmniAccess AP 70 are trademarks of Alcatel Internetworking, Inc. in the United States and certain other countries. Any other trademarks appearing in this manual are owned by their respective companies.

Legal NoticeThe use of Alcatel Internetworking, Inc. switching platforms and software, by all individuals or corporations, to terminate Cisco or Nortel VPN client devices constitutes complete acceptance of liability by that individual or corporation for this action and indemnifies, in full, Alcatel Internetworking, Inc. from any and all legal actions that might be taken against it with respect to infringement of copyright on behalf of Cisco Systems or Nortel Networks.ii Part 031652-00 May 2005

PrefaceAn Overview of this Manual Related Documents . . . . . Text Conventions . . . . . . Contacting Alcatel . . . . . .

xix

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

xix xx xx xxi

Part 1Chapter 1

Overview . . . . . . . . . . . . . . . . . . . . . . .

1

Overview . . . . . . . . . . . . . . . . . . . . . . . . 3 Key Features . . . . . . . . . . . . . . . . . . . . . . . . 3Prevention of Layer-2 Bridging between Wireless Users . . . . . . . . . . . . . . . Wired Port 802.1x Authentication . . . . . . Enhanced Location Services . . . . . . . . . Web Management Interface Enhancements Enhanced Network Monitoring Interface . . SNMPv3 . . . . . . . . . . . . . . . . . . . . Remote Thin AP . . . . . . . . . . . . . . . . Auto-Blacklist Firewall Extended Action . . Enhanced AP-Switch Discovery and Alcatel Discovery Protocol . . . . . . . . . . . . DHCP Configuration . . . . . . . . . . . . . . Multicast Configuration . . . . . . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

3 3 4 4 4 4 4 5 5 6 8

..... ..... ..... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Chapter 2

Management Options . Command-Line Interface . . . . Web Interface . . . . . . . . . . General Screen Elements . . Page Elements . . . . . . . . Command Line Basics Connecting to the Switch . . . Local Serial Console . . . . . Local or Remote Telnet . . . .......... Logging In Access Modes . . . . . . . . . . Command Context . . . . . . . Saving Configuration Changes . Viewing the Configuration . . . Shortcuts .......... Command Completion . . . Command Help . . . . . . . Command History . . . . . . Command Line Editing . . . Command Syntax . . . . . .

. . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . .

.. 9 .. 9 .. 9 . 10 . 11 . 13 . 13 . 13 . 14 . 15 . 15 . 16 . 17 . 17 . 18 . 18 . 18 . 19 . 20 . 20iii

Chapter 3


Part 2Chapter 4

Design and Planning . . . . . . . . . . . .RF Design . . . . . . . . . . . . . . . . . . . . . . The Alcatel RF Plan Tool . . . . . . . . . . . . . . . . Getting Started . . . . . . . . . . . . . . . . . . . . . System Requirements for Standalone RF Plan . Installing RF Plan . . . . . . . . . . . . . . . . . . Launching RF Plan . . . . . . . . . . . . . . . . . RF Plan Basics . . . . . . . . . . . . . . . . . . . . . Page Summary . . . . . . . . . . . . . . . . . . . Page Fields . . . . . . . . . . . . . . . . . . . . . Navigation . . . . . . . . . . . . . . . . . . . . . . Applying and Saving . . . . . . . . . . . . . . . . Next Step Button . . . . . . . . . . . . . . . . . . Opening Screen. . . . . . . . . . . . . . . . . . . . . Using RF Plan . . . . . . . . . . . . . . . . . . . . . . Task Overview . . . . . . . . . . . . . . . . . . . Planning Requirements . . . . . . . . . . . . . . Adding a New Building to the Plan . . . . . . . . . . Planning Pages . . . . . . . . . . . . . . . . . . . Locating Devices . . . . . . . . . . . . . . . . . . . . . . . . . . Firewall and Traffic Policies . . . . . . . . Introduction to Firewall and Traffic Policies . Configuring Traffic Policies . . . . . . . . . . Access Control Lists . . . . . . . . . . . . . . Standard ACLs . . . . . . . . . . . . . . . . . Extended ACLs . . . . . . . . . . . . . . . . . MAC ACLs . . . . . . . . . . . . . . . . . . . Ethertype ACLs . . . . . . . . . . . . . . . . . Authentication and Accounting Servers . . . . . RADIUS . . . . . . . . . . . . . . . . . . . . . LDAP . . . . . . . . . . . . . . . . . . . . . . . Internal Authentication Database . . . . . . . Accounting . . . . . . . . . . . . . . . . . . . Security Options . . Default Open Ports . . . . . AOS-W Security Options . ........ User Roles Role Design . . . . . . . Role Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

23 2525 26 26 26 27 27 27 28 29 29 29 30 31 31 32 32 41 52

Chapter 5

5556 59 60 60 60 62 62 63 70 71 71 72 72 72 73 77 82 83

iv

Part 031652-00

May 2005

Authentication Methods . . . . . . 802.1x Authentication . . . . . VPN Authentication . . . . . . . Captive Portal Authentication . MAC Address Role Mapping . . Stateful 802.1x . . . . . . . . . SSID Role Mapping . . . . . . . Encryption Type Role Mapping Advanced Authentication . . . . Configuring VPN Settings . . . . . IPSec . . . . . . . . . . . . . . . PPTP . . . . . . . . . . . . . . . VPN Dialer Configuration . . . . VPN Server Emulation . . . . . . Advanced Authentication . . . . SecureID Token Caching . . . . Firewall Settings . . . . . . . . . . . Advanced Security Options . . . . Service Aliases . . . . . . . . . . Source/Destination Aliases . . . Bandwidth Contracts . . . . . . NAT Pools . . . . . . . . . . . . Time Range . . . . . . . . . . . . Additional Information . . . . . . . Encryption . . . . . . . . . . . . Authentication . . . . . . . . . . Supported VPN Clients . . . . . Configuring L2TP and IPSec . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . .

83 84 88 89 91 92 94 95 96 97 97 100 101 104 105 106 107 109 109 110 112 112 113 113 114 116 117 118

Chapter 6

Common Tasks . . . . . Basic Network Configuration . VLANs . . . . . . . . . . . Port Trunks . . . . . . . . . Spanning Tree . . . . . . .

. . . . . . Making Configuration Backups Creating an On-System Backup . Saving to a New Location . . . . Restoring the Configuration File . Annotating Configuration Files . . Upgrading the AOS-W Software . . . Reset Configuration to Defaults . . . Air Management. . . . . Required Components . . . . . Wireless LAN Classification . . AP Classifications . . . . . . . . . . . . . . . . . .

. . . . .

. . . . . .

. . . . . .

. 123 . 123 . 123 . 125 . 125 . 126 . 126 . 127 . 128 . 128 . 129 . 133 . 135 . 135 . 136 . 136 . 137v

Chapter 7

Wireless Client Station Classifications


Enforcement Policies . . . . . . . . . . AP Policies . . . . . . . . . . . . . Wireless Client Station Policies . . Global Policies . . . . . . . . . . . Statistics Events . . . . . . . . . . . . General WMS Attributes. . . . . . . . AiroPeek Support for Packet Capture Starting Packet Capture . . . . . . The AiroPeek Application . . . . . Stopping Packet Capture . . . . . Remediation with Sygate . . . . . . .

. . . . . . . . . . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

137 137 141 143 143 144 146 146 147 148 148

Chapter 8

802.1x Client Setup . . . . . . PEAP or TLS for Windows 2000 . . . Prepare the Operating System . . Configure the Service . . . . . . . Validate the User Credentials . . . PEAP or TLS for Windows XP . . . . Cisco-PEAP for Windows XP . . . . . Prepare the Operating System . .

. . . . . . . . Enable Wireless Zero Configuration . Configure the Cisco ACU . . . . . . .

. . . . . . . . . . Configure the Wireless Network Connection . Validate the User Credentials . . . . . . . . . .

151152 152 152 158 160 162 162 162 164 167 172

Chapter 9

Basic Switch Configuration . . . . . . . . 175 General Configuration . . . . . . . . . . . . . . . . . . 175 Configuring the Switch Role . . . . . . . . . . . . 175 Configuring the Switch/Loopback IP Address . . 176 Mobility Configuration . . . . . . . . . . . . . . . . 177 Wi-Fi MUX Configuration . . . . . . . . . . . . . . 177 MUX CLI Commands . . . . . . . . . . . . . . . . . 179 MUX Server CLI Commands . . . . . . . . . . . . 179 Setting the 802.11d Regulatory Domain . . . . . . 180 Configuring Time Zones . . . . . . . . . . . . . . . 180 Configuring NTP Servers . . . . . . . . . . . . . . 180 Port Configuration . . . . . . . . . . . . . . . . . . . . 181 Port Selection Options . . . . . . . . . . . . . . . . 181 Port Selection . . . . . . . . . . . . . . . . . . . . . 182 Port Configuration Options . . . . . . . . . . . . . 183 VLAN Configuration . . . . . . . . . . . . . . . . . . . 184 View Current VLAN Configuration . . . . . . . . . 185 Add New VLAN . . . . . . . . . . . . . . . . . . . . 185 Tunnels . . . . . . . . . . . . . . . . . . . . . . . . 186 IP Route Configuration. . . . . . . . . . . . . . . . 187 VRRP Configuration . . . . . . . . . . . . . . . . . . . 188Dual Supervisor Card (Virtual Switch)

vi

Part 031652-00

May 2005

Operation . . . . . . . . . . . . . . . . Rules of Operating a Virtual Switch . . . Hot Swapping Support . . . . . . . . . . Resetting the Other SC . . . . . . . . . . DHCP Server Configuration . . . . . . . DHCP Pool Configuration . . . . . . . . . DHCP Excluded Address Configuration .

. . . . . . .

. . . . . . . . . . . .

. . . . . . .

. . . . . . . . . . . . . . . .

. . . . . . .

190 191 191 191 192 192 194

Chapter 10

802.1x Configuration . . . . . . . . . Introduction .................. Background . . . . . . . . . . . . . . . . . Definitions and Common Abbreviations . Configuring the Switch for 802.1x . . . . . .

. . . . . Creating an Authentication Server Instance . Assigning Default Roles . . . . . . . . . . . . Configuring the 802.1x State Machine . . . . .................... Certificates

. 195 . 195 . 195 . 196 . 197 . 197 . 201 . 204 . 212 . . . . . . . . . . . . . . . . . . .212 214 217 224 230 231 231 231 232 232 232 233 233 233 234 234 234 234 235

Introduction to Server, Client, and CA Certificates . . . . . . . . . . . . . . . . . . . Obtaining A Certification Authority (CA) Certificate . . . . . . . . . . . . . . . . . . . Obtaining a Server Certificate . . . . . . . . . . Obtaining a Client Certificate . . . . . . . . . . . 802.1x Configuration under Microsoft Pocket PC . Configuration using Pocket PC Embedded Supplicant . . . . . . . . . . . . . . . . . . . . . Export Trusted Certification Authority . . . . . Install Certificate Authority . . . . . . . . . . . . Configure Wireless Settings . . . . . . . . . . . Login to Wireless Network . . . . . . . . . . . . Configuration using Funk Odyssey Client . . . Certificate Configuration . . . . . . . . . . . . . Odyssey Client Configuration . . . . . . . . . . Trusted Servers Configuration . . . . . . . . . . Profile Configuration . . . . . . . . . . . . . . . Networks Configuration . . . . . . . . . . . . . Connection Configuration . . . . . . . . . . . . Push to Device . . . . . . . . . . . . . . . . . . . Captive Portal Certificates with Intermediate CAs . . . . . . . . . . . . . . . . . . . . . . .

Chapter 11

802.1x Solution Cookbook . . . . . . . . . 237 Physical Topology . . . . . . . . . . . . . . . . . . . . 238

vii


Wireless Network Operation . . . . . . . . . . . Wireless Laptops . . . . . . . . . . . . . . . . Printers . . . . . . . . . . . . . . . . . . . . . OmniAccess 6000 Switch Configuration . . Firewall Policies. . . . . . . . . . . . . . . . . User Role Configuration . . . . . . . . . . . . Authentication Parameters . . . . . . . . . . VLAN and IP Address Configuration . . . . . Wireless Configuration . . . . . . . . . . . . AP Configuration . . . . . . . . . . . . . . . . Microsoft Active Directory Server Configuration Remote Access Permission . . . . . . . . . . Windows Group Membership Configuration Group Policy Configuration . . . . . . . . . . Microsoft Internet Authentication Server Configuration . . . . . . . . . . . . . . . . . . RADIUS Client Configuration . . . . . . . . . Policy Configuration . . . . . . . . . . . . . . Microsoft Windows XP Client Configuration . . Microsoft PocketPC 2003 Client Configuration . Export Trusted Certification Authority . . . . Install Certificate Authority . . . . . . . . . . Configure Wireless Settings . . . . . . . . . Login to Wireless Network . . . . . . . . . . Microsoft Requirement . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . .

238 238 242 242 242 244 245 246 247 248 248 248 249 249 251 251 251 253 254 254 255 255 256 256

Chapter 12

Switch Management Configuration SNMP Configuration Using Web UI . . . . . . SNMP Configuration Using The CLI . . . . . . Configuring SNMPv3 Users . . . . . . . . . . .Configuring Administrative Access Using Web UI . . . . . . . . . . . . . . . . . . . . . Adding and Changing Administrative Access Using the CLI . . . . . . . . . . . . . . . . . Adding Auth Servers . . . . . . . . . . . . . . . Logging ..................... Configuring Logging Using Web UI . . . . . . Configuring Logging Using The CLI . . . . . .

. 257 . . 257 . . 259 . . 260 .. . . . . . . . . . . . . . . . . . . . . . . . . .261 265 267 267 268 270

Chapter 13

Wireless LAN Configuration . . . . Wireless LAN Configuration . . . . . . . . . . . Wireless LAN Network (SSID) Configuration . Adding a New SSID . . . . . . . . . . . . . Adjusting Radio Parameters . . . . . . . . . . . Using ARM . . . . . . . . . . . . . . . . . . Advanced Location-Based AP Configuration . General Wireless LAN Settings . . . . . . .

. . . . . . . .

. . . . . . . .

273273 273 274 279 284 284 287

viii

Part 031652-00

May 2005

Chapter 14

Radio Resource Management Introduction ................ ................ Calibration Optimization ................ Self-Healing . . . . . . . . . . . . . . . Load Balancing . . . . . . . . . . . . . . Client and AP DoS Protection . . . . . . . Configuration of RF Monitoring . . . . . . Coverage Hole Detection . . . . . . . . Interference Detection . . . . . . . . . Event Threshold Configuration . . . . . Advanced Parameters . . . . . . . . . .

. . . . . . . . . . . .

. . . . . . . . . . . .

. . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. 289 . 289 . 289 . 291 . 291 . 292 . 294 . 295 . 295 . 297 . 298 . 301

Chapter 15

Intrusion Detection Configuration Wireless LAN Intrusion Detection . . . . . . . . ................... Rogue AP Denial of Service . . . . . . . . . . . . . . . . . . Rate Analysis. . . . . . . . . . . . . . . . . . FakeAP Detection . . . . . . . . . . . . . . . Man-in-the-Middle . . . . . . . . . . . . . . . . . MAC Spoofing . . . . . . . . . . . . . . . . . Station Disconnection Detection. . . . . . . EAP Handshake Analysis . . . . . . . . . . . Sequence Number Analysis . . . . . . . . . AP Impersonation Protection. . . . . . . . . Signature Detection . . . . . . . . . . . . . . . . Wireless LAN Policies . . . . . . . . . . . . . . . Ad-hoc Network Protection . . . . . . . . . Wireless Bridge Detection . . . . . . . . . . Misconfigured AP Protection . . . . . . . . Weak WEP Detection . . . . . . . . . . . . .

. 305 . 305 . 307 . 308 . 308 . 310 . 311 . 312 . 312 . 313 . 314 . 315 . 316 . 320 . 320 . 321 . 321 . 323 Multi-Tenancy Policies and Honeypot Defense . 324 MAC OUI Checking . . . . . . . . . . . . . . . . . 325 . . . . . . . . . . . . . . . . . . . . . . 327 . 327 . 328 . 330 . 331 . 333 . 334 . . . .335 336 337 339ix

Chapter 16

Authentication Server Configuration . . . . . . . . . . . . . Introduction .................. Configuring RADIUS Servers with Web UI . . Server Rules . . . . . . . . . . . . . . . . . Configuring Attributes . . . . . . . . . . . Configuring LDAP Servers with Web UI . . . Adding a Server Rule . . . . . . . . . . . .

Configuring the Internal Authentication Database with Web UI . . . . . . . . . . . . . . . . . . . . Configuring RADIUS Accounting with Web UI . . . Configuring 802.1x Authentication with Web UI . . Configuring VPN Authentication with Web UI . . .


Configuring Captive Portal Authentication with Web UI ..................... Configuring MAC Address Role Mapping with ..................... Web UI Configuring Stateful 802.1x for Third Party Access Points . . . . . . . . . . . . . . . . . . Role Mapping . . . . . . . . . . . . . . . . . . . . . SSID Role Mapping . . . . . . . . . . . . . . . . Encryption Type Role Mapping . . . . . . . . . Configuring Advanced Conditions . . . . . . . Configuring General AAA Settings Using the CLI . Configuring RADIUS Servers Using the CLI . . . . Server Rules. . . . . . . . . . . . . . . . . . . . Configuring LDAP Servers Using the CLI . . . . . Server Rules. . . . . . . . . . . . . . . . . . . . Configuring the Internal Authentication Database Using the CLI . . . . . . . . . . . . . . . . . . . Configuring RADIUS Accounting Using the CLI . . Configuring 802.1x Authentication Using the CLI Adding 802.1x Authentication Servers . . . . Configuring VPN Authentication Using the CLI . . Configuring Captive Portal Authentication Using the CLI . . . . . . . . . . . . . . . . . . . Configuring MAC Address Role Mapping Using the CLI . . . . . . . . . . . . . . . . . . . Configuring Stateful 802.1x Using the CLI . . . . AP/Server Configuration for Stateful 802.1x . Role Mapping . . . . . . . . . . . . . . . . . . . . . SSID Role Mapping . . . . . . . . . . . . . . . . Encryption Type Role Mapping . . . . . . . . . Notes on Advanced AAA Features . . . . . . . . . The Problem . . . . . . . . . . . . . . . . . . . The AOS-W Solution . . . . . . . . . . . . . . .

.. .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

340 343 344 345 345 346 346 348 348 349 350 352 353 353 354 357 357 357 359 359 360 360 360 360 361 361 362

.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Chapter 17

IAS Server Configuration Starting the IAS Server . . . . . . . Creating NAS Client Entries . . . . . Creating Remote Access Policies . . Adding a User . . . . . . . . . . . . . Firewall Configuration . Setting Policies Using Web UI . Aliases . . . . . . . . . . . . . Defining Service Aliases . . . . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . .

. . . . . . . . . . .

. . . . . . . . . . .

367368 369 372 376

Chapter 18

. . . . Defining Source and Destination Aliases . Firewall Policies. . . . . . . . . . . . . . . .

381381 381 381 383 385

x

Part 031652-00

May 2005

Defining Roles Using Web UI . . . . . . . . . Role Design . . . . . . . . . . . . . . . . Configuring Roles . . . . . . . . . . . . . Setting Policies Using the CLI . . . . . . . . Defining Service Aliases . . . . . . . . . Defining Source and Destination Aliases Firewall Policies . . . . . . . . . . . . . . Defining Roles Using the CLI . . . . . . . . . Configuring Roles . . . . . . . . . . . . . Defining Access Control Lists in the CLI . . Standard ACLs . . . . . . . . . . . . . . . Extended ACLs . . . . . . . . . . . . . . MAC ACLs . . . . . . . . . . . . . . . . . Ethertype ACLs . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . .

389 389 390 394 394 396 396 398 398 398 398 399 399 399

Chapter 19

Captive Portal Setup . . . . . . . . Overview ................. Add Users to the Database . . . . . . . . Configure RADIUS Server Information . Apply a Server to Captive Portal . . . . . Customize the Logon Role . . . . . . . . Allow Guest Access . . . . . . . . . . . . Configure Other User Roles . . . . . . . Configuring Role Derivation . . . . . . . Import a Server Certificate . . . . . . . . Customize the Login Screen . . . . . . . Sample Configuration . . . . . . . . . . . . . Show Commands . . . . . . . . . . . . . . . Setting Access Rights Introduction .......... Defining Alias . . . . . . . . . . Defining Service Alias . . . Defining Destination Alias . . . . . . Creating Session ACLs and Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. 401 . 401 . 402 . 403 . 404 . 405 . 408 . 409 . 410 . 411 . 413 . 414 . 415 . 419 . 419 . 420 . 420 . 420 . 421 . 421 . 421 . 422 . 422 . 424 . 425 . 426 . 426 . 426 . 427 . 427xi

Chapter 20

Creating A Session ACL for Logon Creating Session ACLs For Users . Role Derivation . . . . . . . . . . . . . . How Role Derivation Works . . . . Show Commands . . . . . . . . . . . .

Chapter 21

Access Point Setup. . . . . . . System Overview . . . . . . . . . . . . Components . . . . . . . . . . . . . Supported Network Topologies . . Access Point Setup . . . . . . . . . . . Requirements . . . . . . . . . . . .


AP Provisioning. . . . . . . . . . . . . . . . . . Plug and Play . . . . . . . . . . . . . . . . . Simplified AP Provisioning . . . . . . . . . AP Programming Mode . . . . . . . . . . . Manual AP Provisioning . . . . . . . . . . . AP Reprovisioning . . . . . . . . . . . . . . Accessing the AP Boot Prompt . . . . . . . Initial Configuration . . . . . . . . . . . . . Advanced AP Configuration. . . . . . . . . GRE Tunnel Configuration . . . . . . . . . . Wireless LAN Switch Setup for APs . . . . . . Configuration Profiles . . . . . . . . . . . . AP Attribute Commands . . . . . . . . . . Wireless Client Station Attributes . . . . . Order of Precedence for Profile Attributes CLI Configuration Examples . . . . . . . . . Viewing AP Attribute Settings . . . . . . . Viewing AP Information and Statistics . . . AP Reprovisioning . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

428 428 429 430 436 436 437 441 444 453 454 454 459 462 463 465 468 471 478

Chapter 22

VPN Setup . . . . . . . . Prerequisites . . . . . . . . . Data Used In The Examples . Network Setup . . . . . . . . RADIUS Server Setup . . . . Internal Database Setup . . .

. . . . . . . L2TP IPSec VPN Server Setup Alcatel Switch VPN Dialer Setup . ........... . VPN Dialer . Before You Begin . . . . . . . Downloading the Client . . . . . Installation . . . . . . . . . . Connecting With VPN . . . . . Alcatel VPN Dialer Features . . . Troubleshooting . . . . . . . Generating a Self-Distributable Alcatel Dialer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . .

. . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

483483 484 484 485 486 487 488 490 490 490 494 497 498 500 502

Chapter 23

VPN Configuration . . . . . Configuring IPSec Using Web UI . Adding Address Pools . . . . . Adding IKE Shared Secrets . . Adding IKE Policies . . . . . . . ............ L2TP

505506 508 508 509 510 510 511 514 515

. . . . . Configuring PPTP Using Web UI . Configuring The VPN Dialer Using Web UI . . Configuring VPN Server Emulation Using Web UI Configuring SecureID Token Caching Using Web UI .

xii

Part 031652-00

May 2005

Configuring IPSec Using the CLI . . . . . . . . . . Configuring PPTP Using the CLI . . . . . . . . . . Configuring the VPN Dialer Using the CLI. . . . . Configuring VPN Server Emulation Using the CLI Configuring SecureID Token Caching Using .................... Web UI VPN Quick Start Guide . . . . . . . . . . . . . . . Requirements From Customer . . . . . . . . . Network Topology In Examples . . . . . . . . Setting Up a VPN . . . . . . . . . . . . . . . . Verification and Troubleshooting . . . . . . . Example VPN Configurations . . . . . . . . . . . . Using Cisco VPN Client on Alcatel Switches . Typical Third-Party VPN Clients . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . .

516 517 518 519 520 521 521 521 521 525 530 530 537

Chapter 24

Switch Maintenance. Switch Level Maintenance . . Image Management . . . . Reboot Switch . . . . . . .

. . . . Reboot Peer Supervisor Card . Clear Config . . . . . . . . . . . Synchronize . . . . . . . . . . . Boot Parameters . . . . . . . . . File Maintenance . . . . . . . . . . . Copy Files . . . . . . . . . . . . Copy Logs . . . . . . . . . . . . Copy Crash Files . . . . . . . . . Backup Flash . . . . . . . . . . . Restore Flash. . . . . . . . . . . Delete Files . . . . . . . . . . . . Wireless LAN Maintenance . . . . . Rebooting Access Points . . . . Managing the WMS Database . Captive Portal Maintenance . . . . Customizing the Login Page . . Upload Certificate . . . . . . . . Upload Custom Login Pages . .

. . . .

. . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. 543 . 543 . 543 . 544 . 545 . 545 . 546 . 546 . 547 . 547 . 549 . 549 . 550 . 550 . 551 . 551 . 552 . 552 . 554 . 555 . 555 . 556559

Part 3Chapter 25

Monitoring and Troubleshooting .Monitoring the Wireless Environment . . . . . . . . . . . Network Monitoring . . . . . . . . . . . . Switch Monitoring . . . . . . . . . . . . . Sample Monitoring Information . . . Events ............... Creating Custom Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. 561 . 562 . 563 . 564 . 573 . 575xiii


Wireless LAN Monitoring . . . . Debug Information . . . . . . . . Creating Custom Logs . . . . . . Reports ........... Example Report: Rogue APs AP Reports . . . . . . . . . . Custom Reports . . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

576 576 577 577 578 579 580

Chapter 26

Firewall Logging . . . . . . . . . . . . . . . . . 583 Log Entries (alphabetical) . . . . . . . . . . . . . . . . 583 Troubleshooting AOS-W Environments. . . . . . . Basic Connectivity . . . . . . . . . General . . . . . . . . . . . . . Client cannot find AP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .587

Chapter 27

Client finds AP, but cannot associate Client associates to AP, but higher-layer authentication fails . . . . . . . . . . . . . Client associates/authenticates, but has no network connectivity . . . . . . . . . . Client initially has network connectivity, then loses connectivity . . . . . . . . . . Client has network connectivity, then loses wireless association . . . . . . . . . . . . Client experiences poor performance . . . . Troubleshooting Access/Grid Points . . . . . . . Authentication . . . . . . . . . . . . . . . . . . . 802.1x . . . . . . . . . . . . . . . . . . . . . . VPN . . . . . . . . . . . . . . . . . . . . . . . Sample Packet Captures. . . . . . . . . . . . . . Broadcast Probe Request Frame . . . . . . . FCS - Frame Check Sequence . . . . . . . . Specific Network Probe Request Frame . . . Beacon Frame . . . . . . . . . . . . . . . . . . Probe Response Frame . . . . . . . . . . . . 802.11 Authenticate Frame . . . . . . . . . . 802.11 Authenticate Response (Success) . . Association Request Frame (includes WPA) Association Response . . . . . . . . . . . . . Packet Sniffing . . . . . . . . . . . . . . . . . . . Packet Capture . . . . . . . . . . . . . . . . . SESSION MIRRORING . . . . . . . . . . . . .

. . . .

587 589 589 592 595 595 596 597 598 599 603 603 606 610 610 611 611 613 615 617 618 619 622 623 624 625

... ... ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Chapter 28

Diagnostic Tools. . . . . . . . . . . . . . . . .

627

xiv

Part 031652-00

May 2005

Network Utilities . . . . . . . . . . Ping . . . . . . . . . . . . . . . Traceroute . . . . . . . . . . . General Information . . . . . . . . Contacting Technical Support Access Point Diagnostics. . . . . Received Configuration . . . . Software Status . . . . . . . . Debug Log . . . . . . . . . . . Detailed Statistics . . . . . . . Web Diagnostic . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

627 627 628 628 628 628 629 629 630 630 631

Part 4Chapter 29

Command Reference . . . . . . . . . . .AOS-W Commands . . . . . . . . . . . Understanding the Command Line Interface . Navigating the CLI . . . . . . . . . . . . . . Tips . . . . . . . . . . . . . . . . . . . . . . Execute Mode Commands . . . . . . . . . . . Privileged Mode Commands . . . . . . . . . . aaa Commands . . . . . . . . . . . . . . . clear Commands . . . . . . . . . . . . . . . . . Configure Terminal Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

633

. 635 . 635 . 635 . 636 . 637 . 639 . 641 . 645 . 672

xv


aaa Commands . . . . . . . . . aaa xml-api client . . . . . . adp Commands . . . . . . . ads Commands . . . . . . ap Commands . . . . . . . arm Commands. . . . . . . arp . . . . . . . . . . . . . . banner motd . . . . . . . . clock Commands . . . . . . crypto Commands . . . . . database synchronize . . . destination . . . . . . . . . dot1x Commands . . . . . enable . . . . . . . . . . . . encrypt . . . . . . . . . . . firewall Commands . . . . foreign-agent . . . . . . . . home-agent . . . . . . . . . hostname . . . . . . . . . . Interface Commands . . . . IP Commands . . . . . . . . key . . . . . . . . . . . . . . location . . . . . . . . . . . logging Commands . . . . loginsession timeout . . . . mac-address-table static . master-redundancy . . . . masterip . . . . . . . . . . . mgmt-role . . . . . . . . . . mgmt-user . . . . . . . . . mobagent . . . . . . . . . . mobility . . . . . . . . . . . mobility-local . . . . . . . . mobmaster primary-subnet mux-address . . . . . . . . mux-vlan . . . . . . . . . . netdestination . . . . . . . newbury . . . . . . . . . . . no . . . . . . . . . . . . . . ntp server . . . . . . . . . . packet-capture-defaults . . ping . . . . . . . . . . . . . pptp . . . . . . . . . . . . . program-ap . . . . . . . . . prompt . . . . . . . . . . . . rap-wml . . . . . . . . . . . router . . . . . . . . . . . . sapm . . . . . . . . . . . . . service . . . . . . . . . . . .xvi Part 031652-00

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

675 696 696 697 698 699 701 701 702 703 712 713 713 720 721 721 725 726 727 728 737 743 744 744 745 745 746 747 748 749 750 750 753 754 755 755 756 757 757 764 765 767 767 768 768 769 771 772 773May 2005

shutdown . . site-survey . . snmp-server . spanning-tree stm . . . . . . syscontact . . syslocation . . telnet cli. . . . time-range . . traceroute . . trusted . . . . udp-port . . . user . . . . . . user-role . . . version . . . . vlan . . . . . . vpdn . . . . . . vpn-dialer . . . vrrp . . . . . . web-server . . web-ui . . . . wms . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . .

774 774 777 778 780 788 788 789 790 791 792 792 792 794 796 798 798 801 803 805 807 807

Chapter 30

Action Commands . . . . . . . . User Mode Commands . . . . . . . . . . Switch Management Commands . . Layer 2/Layer 3 Commands . . . . . Privileged Mode Commands . . . . . . . Switch Management Commands . . Layer 2/Layer 3 Commands . . . . . Air Management Commands . . . . . Authentication Commands . . . . . . Clear Commands . . . . . . . . . . . Debug Commands. . . . . . . . . . . Panic Commands . . . . . . . . . . . Screen Display Commands . . . . . .

. 819 . 819 . 820 . 820 . 821 . 821 . 824 . 825 . 828 . 830 . 831 . 832 . 832

Chapter 31

Show Commands . . . . . . . . . . . . . . . . 833General Switch Management Commands . . . . . . . . . . . . . . . Switch Management Commands . . Configuration Manager Commands . Layer 2/Layer 3 Commands . . . . . . . Layer 2 Commands . . . . . . . . . . Layer 3 Commands . . . . . . . . . . DHCP Commands . . . . . . . . . . . Interface Commands . . . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

. . . . . . . .

833 833 839 840 840 843 845 846

xvii


Local Database Commands . . . . . . . . . . . VPN Commands . . . . . . . . . . . . . . . . . IPSec Commands . . . . . . . . . . . . . . L2TP Commands . . . . . . . . . . . . . . . VPN Dialer Commands . . . . . . . . . . . . PPTP Commands. . . . . . . . . . . . . . . Mobility Commands . . . . . . . . . . . . . . . Air Management Commands . . . . . . . . . . Air Monitor Commands . . . . . . . . . . . WMS Commands . . . . . . . . . . . . . . Site Survey Commands . . . . . . . . . . . Station Management Commands . . . . . Access Point Management Commands . . . . Alcatel Soft AP Commands . . . . . . . . . Authentication Commands . . . . . . . . . . . General Authentication Commands . . . . IEEE 802.1x Commands . . . . . . . . . . . Accounting, Authentication, Authorization Local Database Commands . . . . . . . . . Dialer Commands . . . . . . . . . . . . . . Access Lists Commands . . . . . . . . . . . . MUX Commands . . . . . . . . . . . . . . . . . Enhanced Show Commands . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . .

853 854 854 856 859 860 861 872 872 881 884 885 887 887 891 891 894 896 902 902 903 905 906

Part 5

Appendices . . . . . . . . . . . . . . . . . . . .Glossary

909 911

xviii

Part 031652-00

May 2005

PrefaceThis preface includes the following information: An overview of the sections in this manual A list of related documentation for further reading A key to the various text conventions used throughout this manual Alcatel support and service information

An Overview of this ManualThis manual is for network administrators and operators responsible for configuring and monitoring the Alcatel Wireless LAN Switch. The manual is organized as follows: Part 1, OverviewExplains the Alcatel Wireless LAN Switch interfaces, including the Command-Line Interface (CLI) and the Web UI.

Part 2, DesignExplains the basic network design issues in adding a Wireless LAN switch to a network.

Part 3, ConfigurationExplains the features that can be configured for Alcatel Wireless LAN switches.

Part 4, MonitoringExplains how Alcatel Wireless LAN switches are managed and maintained.

Part 5, Common CLI CommandsExplains the CLI syntax for commands commonly used.

Part 6, AppendixIncludes a glossary of terms used in this document.

Preface

xix


Related DocumentsThe following items are part of the complete documentation for the Alcatel system: Alcatel Wireless LAN Switch Installation Guides (OmniAccess 4308, OmniAccess Wireless LAN, and OmniAccess 6000) Alcatel AOS-W User Guide Alcatel AP Installation Guides (AP60/61 and AP70)

Text ConventionsThe following conventions are used throughout this manual to emphasize important concepts:

TABLE P-1 Text Conventions Type StyleItalics System items

DescriptionThis style is used to emphasize important terms and to mark the titles of books. This fixed-width font depicts the following: Sample screen output System prompts Filenames, software devices, and certain commands when mentioned in the text.

Commands

In the command examples, this bold font depicts text that the user must type exactly as shown. The name of the object (button, link, etc.) on the interface that you click.

Button

xx

Part 031652-00

May 2005

TABLE P-1 Text Conventions In the command examples, italicized text within angle brackets represents items that the user should replace with information appropriate to their specific situation. For example:# send

In this example, the user would type send at the system prompt exactly as shown, followed by the text of the message they wish to send. Do not type the angle brackets. [ Optional ] { Item A | Item B } In the command examples, items enclosed in brackets are optional. Do not type the brackets. In the command examples, items within curled braces and separated by a vertical bar represent the available choices. Enter only one choice. Do not type the braces or bars.

Contacting AlcatelWeb SiteMain Site Support http://www.alcatel.com http://www.alcatel.com/enterprise

Telephone NumbersMain US/Canada Main Outside US (800) 995-2612 (818) 880-3500

Preface

xxi


xxii

Part 031652-00

May 2005

Part

1Overview

1


2

Part 031652-00

May 2005

CHAPTER 1 OverviewThe AOS-W 2.2 Interface Reference is organized by product feature for the Alcatel Wireless LAN switches and access points. This guide also includes best practice recommendations and configuration examples for a number of features.

Key FeaturesPrevention of Layer-2 Bridging between Wireless UsersIn AOS-W, a global firewall feature has been added to deny all L2 bridging between users. Because wireless users enter the switch through GRE tunnels, the feature has been labeled Deny L2 Bridging between Untrusted GRE Tunnels, and can be configured under the global firewall settings.

Wired Port 802.1x AuthenticationIn AOS-W, 802.1x authentication has been extended to wired ports as well. This implementation is different than that found on standard Ethernet switches, as they are designed to authenticate an entire port. Alcatels 802.1x implementation is designed to authenticate individual MAC addresses, regardless of how many MAC addresses are seen on a given port. Port-based 802.1x authentication is automatically enabled on any port configured as untrusted, as long as global 802.1x authentication has been configured.

Overview

3


Enhanced Location ServicesAOS-W 2.2 adds more precise position tracking of wireless devices by utilizing RF triangulation. In previous AOS-W releases, the RF Locate feature would display the nearest APs receiving signals from a wireless user or AP along , with the corresponding signal strength. AOS-W 2.2 adds the ability to triangulate position based on RF signal strength. This algorithm is accurate to within approximately 10 meters. Note that for triangulation to function properly, at least three sources of data are required. If three sources of data are not available, the system will revert to showing the nearest APs receiving signal from the device to be located. An additional restriction on triangulation in release 2.2 is that APs must be present in the network in order to provide live calibration data triangulation will not function in a network with only air monitors in this release.

Web Management Interface EnhancementsMany sections of the Web-based management interface have been changed to improve usability. In addition, all critical features configurable from the CLI are also now available in the Web interface.

Enhanced Network Monitoring InterfaceThe Monitoring section of the Web-based management interface has been enhanced through the separation of network monitoring and switch monitoring. In a network with multiple Alcatel switches, the network monitoring section now provides an easy interface into the network view of the system. When connected to the master switch, all users in the entire network can now be located from the network monitoring section.

SNMPv3Previous releases of AOS-W supported only SNMPv1 and SNMPv2c. When connecting Alcatel components to a network management platform across an insecure network, use of these protocols could lead to unintentional releases of sensitive information. SNMPv3 provides the ability to encrypt SNMP communication.

Remote Thin APSome customers reported problems when using Alcatel APs connected to a switch across a low-speed link such as a frame relay connection. The issue with this was that latency in the low-speed link would cause greater than 5ms of delay when responding to 802.11 probe request frames from wireless clients. Certain clients would only wait on a single channel for 5ms, and would be on a new channel by the time the probe response arrived. AOS-W 2.2

4

Part 031652-00

May 2005

Chapter 1

provides the ability to enable local probe responses for remotely connected APs. This feature may be configured under the Wireless LAN Advanced section of the Web-based management interface, or may be configured under the ap location section of the CLI.

Auto-Blacklist Firewall Extended ActionAOS-W 2.2 provides the ability to automatically blacklist (prevent association to any AP) clients who violate a rule in a firewall policy. This is useful for protecting wireless LANs made up of devices that cannot perform authentication, such as Wi-Fi voice handsets or barcode scanners. Devices such as these should be placed into a role with an extremely restrictive firewall policy, for example allowing only SIP traffic to a SIP gateway. If an attacker were to compromise an encryption key or spoof a MAC address on such a network, a single firewall policy violation (i.e. sending an HTTP request or initiating a port scan) would cause the station to be immediately disconnected from the network. This feature may be configured by selecting it as an extended action in any firewall policy.

Enhanced AP-Switch Discovery and Alcatel Discovery ProtocolIn order for thin APs to operate, they must be able to locate and connect to a Wi-Fi switch. Alcatel APs have always had the ability to automatically locate a switch, boot from it, and become operational without requiring any configuration. In the past, this was based on APs obtaining an address through DHCP and performing a DNS lookup on the hostname Alcatel-master. While this method of switch location is still popular, a number of customers requested alternate methods of AP configuration. AOS-W 2.2 adds Alcatel Discovery Protocol (ADP) to provide this functionality. ADP is present in the switch by loading AOS-W. APs will go through the following sequence to locate a switch: Power is applied. If AP does not already contain a pre-configured IP address, it will issue a DHCP request to obtain an address. If DHCP response contains an Alcatel vendor-specific option (see below), it will use this vendor-specific option to contact an Alcatel switch and continue the boot process. If the DHCP response contains a DNS server address, the AP will perform DNS lookup of the hostname Alcatel-master., where was learned from the DHCP server. If this request is successful, the AP will use the returned IP address to contact an Alcatel switch and continue the boot process.

Overview

5


If no DNS information is available, the AP will begin using Alcatel Discovery Protocol (ADP) to locate a switch. It will alternately send out ADP broadcast packets and ADP multicast packets until a response is received. The multicast packet is an IP packet directed to multicast address 224.0.82.11. If a switch is attached to the local L2 segment, it will reply to the ADP broadcast. If a switch has joined the ADP multicast group, the intervening network will forward the AP multicast packets to the switch and it will reply.

DHCP ConfigurationDHCP servers may be configured to return Alcatel vendor-specific options to APs. The vendor class identifier is AlcatelAP, and the vendor-specific option code is 43. A sample configuration for the open-source ISC DHCP server follows. In this example, the Alcatel switch is located at IP address 10.1.1.10. option serverip code 43 = ip-address; class "vendor-class" { match option vendor-class-identifier; } . . . subnet 10.200.10.0 netmask 255.255.255.0 { default-lease-time 200; max-lease-time 200; option subnet-mask 255.255.255.0; option routers 10.200.10.1; option domain-name-servers 10.4.0.12; option domain-name "test.com"; subclass "vendor-class" "AlcatelAP" { option vendor-class-identifier "AlcatelAP";

6

Part 031652-00

May 2005

Chapter 1

option serverip 10.1.1.10; } range 10.200.10.200 10.200.10.252; } To configure Microsofts DHCP server for this feature: 1. Add an option 43 entry to the desired DHCP scope that contains the IP address of the Alcatel switch in text. An example of this is shown in the following figure.

Overview

7


2. From a command prompt, enter:c:\>netsh netsh>dhcp netsh dhcp>server \\ netsh dhcp>add optiondef 60 AlcatelAP String 0 comment=AlcatelSupport netsh dhcp>set optionvalue 60 STRING AlcatelAP netsh dhcp>exit

Multicast ConfigurationA network supporting IP multicast must be in place to make use of the ADP multicast capability. To configure the Alcatel switch for multicast, enter: (config) # adp discovery enable (config) # adp igmp-join enable This configuration will cause the Alcatel switch to send an IGMPv2 join message for multicast group 224.0.82.11.

8

Part 031652-00

May 2005

CHAPTER 2 Management OptionsAOS-W provides a number of methods for managing your Alcatel Wireless LAN Switch.

Command-Line InterfaceThe Command-Line Interface (CLI) provides the most direct method for configuring the switch and collecting system information. The CLI has the following features: Accessible from a local console terminal Optionally available through Telnet or SSH to local management console or remote network connection Comprehensive, industry-standard command system See Command Line Basics on page 13 for more information.

Web InterfaceThe Web interface provides an intuitive, graphical interface to special configuration and design tools. The Web interface provides the following: Compatible with a standard Web browser1 Accessible from the local management console or remote network connection

1.AOS-W requires Internet Explorer 6.0 or higher. Other browsers may work but with limited functionality and are therefore not officially supported.Management Options 9


Configure and manage wireless intrusion prevention and performance policies Monitor the state and performance of the Wireless LAN Perform a site survey to assist deployment of Alcatel Access Points and Air Monitors Monitor air interface security and performance events AP triangulation

General Screen ElementsWhen Web UI is started after a successful login, the browser window will show the default page: the Monitor Summary. For ease of navigation, all of the Web UI pages have a similar page structure:Selected Tool

Tool Bar

Logout Button Page Display

Selected Page Page Tree

FIGURE 2-1 Web UI Page ElementsTool BarThis contains buttons for the various tools available in the Web UI software. Click on a button to select the tool. Selected ToolThis displays the name of the currently selected tool.

10

Part 031652-00

May 2005

Chapter 2

Page TreeEach tool has its own information or configuration pages and sub-pages.The page tree lists all of the pages available when using the currently selected tool. You can navigate to any of the listed pages by clicking on the page name.NOTESome of the items in the page tree are merely headings for their sub-pages and cannot be selected. Selectable pages become highlighted when the mouse cursor is placed over them. Non-selectable items do not react.

Selected PageThe name of the currently selected page is highlighted in the page tree. Page DisplayThis area displays all the information and/or input fields relevant to the current page of the current tool. Logout ButtonClick on this button to end your Web UI session.

Page ElementsEach tool in the Web UI has its own unique information or configuration pages, each with specialized data and control fields. Some of the page items appear on multiple pages in multiple tools and provide a similar navigation or configuration function in each.

Navigation ItemsScroll-barsIn some cases, there will be more fields than can be conveniently displayed on one window. When this occurs, standard Windows scroll-bars will be available to let you access the rest of the page. Page TabsSome pages feature a row of tabs near the top of the page display area. Each tab represents a different form available from the current page. LinksItems which are underlined are linked to other pages. By clicking on the item, the relevant items configuration or information page will be displayed.

FieldsInformation FieldsThese fields are used only for displaying information. The data in these fields cannot be edited directly on the displayed screen. Data Entry FieldsBoxed text fields contain user-configurable data. To enter or edit the information, click inside the field box. Pull-down MenusThese fields allow you to select an item from a preset list. The currently selected item is displayed in the box. When the arrow button is selected, a list of available options appears. You can change the current selection by clicking on any item in the options list. Scrolling MenusThese fields allow you to select an item from a preset list. Use the scroll arrows to view the available options. To select a specific item from the list, click on the item when displayed.

Management Options

11


Check BoxesRepresented as small squares in front of the item text. These fields allow you to turn items on or off by clicking on the check box. A feature or option will be turned on, selected, or enabled (as appropriate) when the box is checked. A feature or option will be turned off, unselected, or disabled when the box is empty. Radio ButtonsRepresented as small circles in front of the item text. When a group of these items appears together, only one can be selected at any given time. An item is selected when its circle is filled. An item is unselected when the circle is empty.

Action ButtonsThe following buttons are generally available on configuration pages. ApplyAccept all configuration changes made on the current page and send the completed form to the Wireless LAN switch. ClearReset all options on the current page to their last applied or saved settings. AddAdd a new item to the current page. This generally displays a set of relevant configuration fields for the added item. EditEdit the configuration of the selected item. DeleteRemove the selected item from the page configuration. Save ConfigurationSave all applied configuration changes made since during this configuration session. Saved settings will be retained when the switch is rebooted or turned off. Unsaved configuration changes will be permanently lost.

12

Part 031652-00

May 2005

CHAPTER 3 Command Line BasicsThe Command Line Interface (CLI) is the most direct and comprehensive method for managing the Alcatel Wireless LAN Switch. The CLI can be used to gather information about the switch configuration, collect switch performance statistics, and make configuration changes. The CLI uses a simple, text-based interface with a Cisco-like command structure. The format is compatible with standard terminals and PC terminal emulation software, and can be accessed locally or over the network using Telnet.

Connecting to the SwitchLocal Serial ConsoleThe CLI is always available using a local terminal or a computer running terminal emulation software. Attach your terminal directly to the serial port on the supervisor card and set the terminal to use the following communications setting:

TABLE 3-1 Console Terminal Settings Baud Rate9600

Data Bits8

ParityNone

Stop Bits1

Flow ControlNone

Press a few times.to establish the connection and access the login prompt. NOTEThe serial port accepts an RS-232 serial cable with an RJ-45 male connector (see the Alcatel 6000 Installation Guide for more port and cable specifications).

Command Line Basics

13


Local or Remote TelnetIf properly set up, the CLI can be accessed locally or remotely using Telnet. You can use Telnet (or SSH or the Web GUI) to access any IP interface on an Alcatel Wireless LAN switch.

Enabling Telnet AccessThe default CLI management method is SSH. To enable Telnet, from configuration terminal mode, enter:

> telnet cliTelnet access requires that the switch management interface and default gateway be defined. This is usually done during initial setup (see Step 3 on page 11) but can also be done manually using the local serial console: 1 2

Use the local serial console to log in as the administrator. Enter configuration mode and select the management interface sub-mode:(Alcatel) # configure terminal Enter Configuration commands, one per line. End with CNTL/Z (Alcatel) (config) # interface mgmt

3

Set the management interface IP address and subnet mask:(Alcatel) (config-mgmt)# ip address The management interface is active by default.

4

Exit the sub-mode:(Alcatel) (config-mgmt)# exit

5

Configure the default gateway for the management interface:(Alcatel) (config) # ip default-gateway mgmtNOTEIf no default gateway is configured, remote access is available only for devices on the same subnet as the management interface.

14

Part 031652-00

May 2005

Chapter 3

Using Telnet to ConnectUse a Telnet client on your management workstation to connect to the Alcatel Wireless LAN Switch management interface IP address. The connection command may vary depending on the specific software used, but commonly appears as follows:

> telnet When the connection is established, the login prompt will be displayed.

Logging InOnce connected, the system displays its host name (Alcatel if not configured), followed by the log in prompts. Log in using the administrator account. For example:

(Alcatel) user: admin password: admin

(password is displayed as asterisks)

As shown above, the default administrator user name is admin, and the default password is also admin. If the password has been changed, use the correct one. When properly logged in, the user mode CLI prompt will be displayed:

(host) > _

Access ModesOnce logged in, there are two levels of access to the switch: user mode and privileged mode. User ModeUser mode provides only limited access for basic operational testing, such as running ping and traceroute. User mode is entered immediately upon login and is shown with the following prompt:

(host) >where host is the host name of the switch if configured, or Alcatel if not configured. User mode commands are documented starting on page 819.Command Line Basics 15


Privileged ModeAll configuration and management functions are available in privileged mode. To move from user mode to privileged mode requires an additional password:

(Alcatel) > enable (Alcatel) #When successfully promoted to privileged mode, the > prompt is replaced by the # prompt. The numerous privileged mode commands are divided into groups according to their context as outlined in the next section.

Command ContextThe commands available while in the privileged mode are divided into a number of context groups: Action CommandsThe Action Commands take effect as soon as they are entered. They affect the current behavior or operation of the switch, but are not saved as part of the permanent configuration. The Immediate commands are documented starting on page 819.

Master CommandsOne Alcatel Wireless LAN Switch on the network is responsible for loading software and configuration files to the Alcatel Access Points and for managing enhanced Wireless LAN switching features (such as air management and wireless load balancing). In a system with only one switch, the single switch always acts as the master. In a system with more than one switch, one (and only one) switch is selected as the master. The master switch has an extended command set for handling Access Points and enhanced Wireless LAN features. The master commands are documented starting on page 797.

Local CommandsIn a system with two or more switches, only one acts as the master. The others act as local switches with a more limited command set. Commands on local switches mostly affect Layer 2/Layer 3 configuration (such as physical ports and routing interfaces). The local commands are documented starting on page 445.

16

Part 031652-00

May 2005

Chapter 3

Show CommandsThe show commands list information about the switch configuration and performance and are invaluable for debugging system configuration. The show commands are documented starting on page 833.

Saving Configuration ChangesConfiguration changes made using the CLI affect only the current state of the switch. Unless saved, the changes will be lost when the system is rebooted. To save your changes so that they will be retained after a reboot, use the following privileged mode CLI command:

(Alcatel) # write memory Saving Configuration... Saved Configuration

Viewing the ConfigurationThere are two configuration images which can be viewed from the CLI: startup-configThis holds the configuration options which will be used the next time the system is rebooted. It contains all the options last saved using the write memory command. Presently unsaved changes are not included. To view the startup-config, use the following command:

(Alcatel) # show startup-configrunning-configThis holds the current switch configuration, including all pending changes which have yet to be saved. To view the running-config, use the following command:

(Alcatel) # show running-configBoth configurations can also be saved to a file or sent to a TFTP server for backup or transfer to another system. See Making Configuration Backups on page 126 for details.

Command Line Basics

17


ShortcutsCommand CompletionTo make command input easier, you can usually abbreviate each key word in the command. You need type only enough of each keyword to distinguish it from similar commands. For example:

(Alcatel) # configure terminalcould also be entered as:

(Alcatel) # con tThree characters (con) represent the shortest abbreviation allowed for configure. Typing only c or co would not work because there are other commands (like copy) which also begin with those letters. The configure command is the only one that begins with con. As you type, you can press the spacebar or tab to move to the next keyword. The system will then attempt to expand the abbreviation for you. If there is only command keyword that matches the abbreviation, it will be filled in for you automatically. If the abbreviation is too vague (too few characters), the cursor will not advance and you must type more characters or use the help feature to list the matching commands.

Command HelpYou can use the question mark (?) to get various types of command help.

List Available CommandsWhen typed at the beginning of a line, the question mark lists all the commands available in your current mode or sub-mode. A brief explanation follows each command. For example:

(host) > ? enable logout ping traceroute Turn on Privileged commands Exit this session. Any unsaved changes are lost. Send ICMP echo packets to a specified IP address. Trace route to specified IP address.

18

Part 031652-00

May 2005

Chapter 3

List Matching CommandsWhen typed at the end of a possible command or abbreviation, the question mark lists the commands that match (if any). For example:

(host) # c? clear clock configure copy Clear configuration Configure the system clock Configuration Commands Copy Files

If more than one item is shown, type more of the keyword characters to distinguish your choice. However, if only one item is listed, the keyword or abbreviation is valid and you can press tab or the spacebar to advance to the next keyword.

List Next ParameterWhen typed in place of a parameter, the question mark list the available options. For example:

(host) # write ? erase file memory terminal

Erase Write Write Write

and start from scratch to a file in the file system to memory to terminal

The entry (carriage return, or the enter key) indicates that the command can be entered without additional parameters. Any other parameters are optional.

Command HistoryThe system records your most recently entered commands. You can review the history of your actions, or reissue a recent command easily, without having to retype it. To view items in the command history, use the to move back through the list and key to forward. To reissue a specific command, press when it appears. You can even use the command line editing feature to make changes to the command prior to entering it.

Command Line Basics

19


Command Line EditingThe command line editing feature allows you to make corrections or changes to a command without retyping. Table 3-2 lists the editing controls:

TABLE 3-2 Line Editing Keys Key or or or or

EffectHome Back Delete Right End Forward

DescriptionMove the cursor to the beginning of the line. Move the cursor one character left. Delete the character to the right of the cursor. Move the cursor to the end of the line. Move the cursor one character right.

Kill Right Next

Delete all characters to the right of the cursor. Display the next command in the command history. Display the previous command in the command history. Swap the character to the left of the cursor with the character to the right of the cursor. Clear the line. Delete the characters from the cursor up to and including the first space encountered. Delete all characters to the left of the cursor.

Previous Transpose Clear Delete Word Kill Left

Alpha-numeric characters are always inserted into the line at the cursor position.

Command SyntaxCLI commands use basic notations for the parameters that modify a command. These include: Brackets [ ]denotes that the object(s) inside are optional. Braces { }denotes that the object(s) inside are required. If more than one object is included inside a brace, one of the objects must be specified. Angles < >denotes the parameter is required and must be specified.

20

Part 031652-00

May 2005

Chapter 3

Pipe | denotes a two or more parameters, separated one from the other by the | symbol. For example:

crypto ipsec transform-set {esp-des|esp-3des} {esp-md5-hmac|esp-sha-hmac}means you have to specify the set name, then choose either esp-des or esp3des, then choose either esp-md5-hmac or esp-sha-hmac.

client configuration dns [|no]means you have to specify the server1 address, but you do not have to specify anything about server2. In general, italics indicates a value you have to enter. For example address means you have to specify an IP address or MAC address. You cannot just enter address. Bold, like no, means you enter that string. In this case, just type no.

Command Line Basics

21


22

Part 031652-00

May 2005

Part

2Design and Planning

23


24

Part 031652-00

May 2005

CHAPTER 4 RF DesignThe Alcatel RF Plan ToolRF Plan is a three-dimensional wireless deployment modeling tool that enables Network Administrators to design an efficient Wireless Local Area Network (Wireless LAN) for their corporate environment, optimizing coverage and performance, and eliminating complicated Wireless LAN network setup. RF Plan provides the following critical functionality: Defines Wireless LAN coverage Defines Wireless LAN environment security coverage Assesses equipment requirements Optimizes radio resources Creates an exportable Wireless LAN profile that may be imported into an Alcatel switch and be used to configure and deploy the Wireless LAN. AP validation Rogue AP triangulation RF Plan provides a view of each floor, allowing Network Administrators to specify how Wi-Fi coverage should be provided. RF Plan then provides coverage maps and AP/AM placement locations.

Unlike other static site survey tools that require administrators to have intricate knowledge of building materials and other potential Radio Frequency (RF) hazards, RF Plan calibrates coverage on the fly through a sophisticated RF calibration algorithm. This real-time calibration lets administrators characterize the indoor propagation of RF signals in order to determine the best channel and transmission power set-

RF Design

25


tings for each AP Real-time calibration can be automatically . programmed or manually undertaken at any time in order to quickly adapt to changes in the wireless environment.

Getting StartedThe RF Plan application is available on the Alcatel Wireless LAN switch or as a standalone Windows application. This chapter describes the functionality for both versions of RF Plan. Where there are differences in how the two difference versions are used, they are noted.

System Requirements for Standalone RF PlanThe standalone Alcatel RF Plan application requires: Windows 2000 or Windows XP Microsoft Internet Explorer 6.0 or later1 Macromedia Flash 6.0 or later plug-in for Internet Explorer Intel Pentium III 800Mhz (min) or equivalent 128MB RAM 10MB available hard drive space

Installing RF PlanTo install RF Plan, follow the three steps below:NOTERF Plan only runs on Windows 2000 and WindowsXP .

1. Locate the file named Alcatel RF Plan.zip.

2. Unzip the file. 3. Launch setup.exe.By default, the installer places the files in C:\Program Files\Alcatel RF Plan directory. To install the application in a different directory, specify the appropriate location.

1.Other browsers may work with AOS-W but with limited capability and are therefore unsupported.26 Part 031652-00 May 2005

Chapter 4

Launching RF PlanTo open RF Plan select: Start > All Programs > Alcatel Offline RF Plan> Alcatel RF Plan.

RF Plan BasicsPage SummaryThe following is a brief summary of the functionality of each of the pages in RF Plan. Building List Page The Building List page provides a list of buildings that you have created and saved. You may use this page to add or delete buildings from you saved database. You may also import or export buildings here. The Building Overview page allows you to see all the dimensional data and modeling parameters for your buildings. Specify the dimensions of your building and name it in the Building Specifications page. Specify the AP Modeling parameters on this page. Specify the AM Modeling parameters on this page. Use this page to import and export building database files. The Planning Floors page allows you to see approximate coverages of APs and AMs, as well as any floor plans you may have imported as background images. Use this page to upload background images for each floor, name the floor and delete floors.

Building Overview Page

Building Specification Page AP Modeling Page AM Modeling Page Import and Export Planning Floors Page

Floor Editor Page

NOTEYou cannot have more than one browser window open when you are trying to upload images.

RF Design

27


Area Editor Page

Use this page to specify areas on each floor where coverage is not desirable or where Access Points/Air Monitors may not be physically deployed. Use this page to manually create, position, or configure Access Points or Air Monitors. The AP Plan page is used to initialize the position of Access Points and launch RF Plans positioning algorithm. The AP Plan page is used to initialize the position of Air Monitors and launch RF Plans positioning algorithm.

Access Editor Page AP Plan

AM Plan

Page FieldsEach tool in the RF Plan has its own unique information or configuration pages, each with specialized data and control fields. Some of the page items appear on multiple pages and provide a similar navigation or configuration function in each. Information FieldsThese fields are used only for displaying information. The data in these fields cannot be edited directly on the displayed screen. Data Entry FieldsBoxed text fields contain user-configurable data. To enter or edit the information, click inside the field box. Pull-down MenusThese fields allow you to select an item from a preset list. The currently selected item is displayed in the box. When the arrow button is selected, a list of available options appears. You can change the current selection by clicking on any item in the options list. Scrolling MenusThese fields allow you to select an item from a preset list. Use the scroll arrows to view the available options. To select a specific item from the list, click on the item when displayed. Check BoxesThese fields are represented as small squares in front of the item text. These fields allow you to turn items on or off by clicking on the check box. A feature or option will be turned on, selected, or enabled (as appropriate) when the box is checked. A feature or option will be turned off, unselected, or disabled when the box is empty. Radio ButtonsThese fields are represented as small circles in front of the item text. When a group of these items appears together, only one can be selected at any given time. An item is selected when its circle is filled. An item is unselected when the circle is empty.

28

Part 031652-00

May 2005

Chapter 4

NavigationThe RF Plan tool is a wizard in that it logically guides you through the process of defining radio coverage for all the buildings on your campus. The left pane of the wizard screens shows the progression you follow each time you click Apply. The button on the top, right corner also takes you to the next logical step. You can also click the link on the left pane to go to any screen in the wizard. Regardless of your current location, you can always return to the opening window by clicking Plan on the menu bar.

Applying and SavingWhen you edit information on any of the RF Plan pages you need to apply that information before it is effective. However, applying the information doesnt save it to your hard drive. You must click on the Save button to permanently save the information. The following buttons are generally available on configuration pages. ApplyAccept all configuration changes made on the current page (does not save changes). SaveSave all applied configuration changes made since during this configuration session to a database file. Unsaved configuration changes will be lost when the RF Plan tool is exited. NOTEAlways Apply. If you advance to the next step without clicking on the Apply button the information will be lost.

Next Step ButtonRF Plan will sequence you through all the pages as you setup your Wireless LAN. When you have finished entering the information for each page, click Next Step located in the upper right-hand portion of the page.

RF Design

29


Opening ScreenWhen RF Plan opens, the browser window will show the default page: the RF Plan Building List page.

Building List PageThe Building list page contains all the buildings you have defined using the RF Plan software. The first time you run the application, there should be no buildings in the list.

FIGURE 4-1 Building List PageNew Building Edit Buildings Use this button to create a new building. See Adding a New Building to the Plan on page 32. Use this button to edit existing buildings in the building list. See Adding a New Building to the Plan on page 32 Use this button to delete existing buildings in the building list. Use this button to export a database file with all the specifications and background images of a selected building(s) in the building list. See Import and Export on page 39 Use this button to import database files defining pre-existing buildings into the RF Plan building list. See Import and Export on page 39 Use this button to find the specified building.

Delete Buildings Export

Import

Locate

30

Part 031652-00

May 2005

Chapter 4

Search

When the database of buildings has been created, use this feature to find a specific building, on a specific campus, or search for a name string.

You may add, edit, and delete buildings using this window. You may also import and export buildings using the import and export buttons.

Using RF PlanTask OverviewBefore you begin take a minute to review this section, it explains the general steps in the order they should be taken to create a building and plan the Wireless LAN for it. Gather information about your buildings dimensions and floor plan. Determine the level of coverage you want for your Access Points and Air Monitors. Create a new building and add its dimensions. Enter the parameters of your Access Point coverage. Enter the parameters of your Air Monitor coverage. Add floors to your building and import the floor plans. Define special areas. Generate suggested AP and AM tables by executing the AP/AM Plan features. Export the building.

RF Design

31


Planning RequirementsYou should collect the following information before beginning to plan your network. Having the information below readily available will expedite your planning efforts. Building Dimensions Number of floors Distance between floors Number of users and number of users per AP Radio type(s) Overlap Factor Desired data rates for access points Desired monitoring rates for air monitors Areas of your building(s) that you dont necessarily want coverage Areas of your building(s) where you dont want to, or cannot, deploy an AP or AM Any area where you want to deploy a fixed AP or AM.

Building DimensionsHeight: Number of Floors: Width:

User InformationNumber of Users: Radio Types: Overlap Factor: Users per AP:

AP Desired Rates802.11b|g: 802.11a:

AM Desired Rates802.11b|g: 802.11a:

Dont Care/Deploy Areas

Adding a New Building to the PlanTo define a new building, click New Building.

32

Part 031652-00

May 2005

Chapter 4

The Overview page shows the default values for your new building, most of which you can change in the following pages.

On Building Overview Page you will be able to view the specifications for the following: Your buildings dimensions. Access Point modeling parameters. Air Monitor modeling parameters. To define your building, click Building Dimensions. The Specification page displays.

RF Design

33


Building Specification PageThe Building Specification Page enables you to specify the identity of your building and its dimensions.

Enter the appropriate values in the text boxes in the Dimension window.Building ID This consists of two decimal numbers separated by a dot. The first is the campus ID. The campus ID will always be 1 if there is only one campus. The second is the building number. The valid range for these fields is any integer from 1 to 255. Building Name Enter a user friendly name for the building. The Building Name may be an alpha-numeric string up to 64 characters in length. Width and Height Enter the rectangular exterior dimensions of the building. The valid range for this field is any integer from 1 to a 12 value corresponding to 1 10 . Inter-floor Height This is the distance between floor surfaces in the building. The valid range for this field is any integer from 1 to a 12 value corresponding to 1 10 .NOTEThis is NOT the distance from floor to ceiling. Some buildings have a large space between the interior ceilings and the floor above.

34

Part 031652-00

May 2005

Chapter 4

Floors

Enter the number of floors in your building here. The valid range for this field is any integer from 1 to a 12 value corresponding to 1 10 .

Units

Specify the units of measurement for the dimensions you specified on the page. The choices are feet and meters.

A Word About Building DimensionsThe dimensions you specify for building width and height should be the major dimensions (maximum height and width) of the overall footprint of the building as illustrated below.

Maximum Width

When height and width are specified, RF Plan creates a rectangular area in the Planning feature pages that represent the overall area covered by the building. You will need to import an appropriate background image (see, Floor Editor Page on page 44.) to aid you in defining areas that dont require coverage or areas in which you do not wish to deploy Access Points and Air Monitors (see,Area Editor Page on page 45). Define your first building on this campus and click Apply. The AM Modeling page displays.

Maximum Height

RF Design

35


AP Modeling PageThe AP Modeling page allows you to specify all the information necessary for RF Plan to determine the appropriate placement of your APs.

Controls on this page allow you to select or control the following functions: Radio Type AP Type Coverage Use this pull-down menu to specify the radio type in the appropriate combination of a, b, and or g configuration. Specify AP 52 or AP 60. Use this option to let RF Plan automatically determine the number of APs based on desired data rates and the configuration of your building. The desired rate is selectable from 1 to 54 Mbps in both the Coverage and Capacity models. Use this option to let RF Plan determine the number of APs based upon the total number of users, ratio of users to APs, and desired data rates. The desired rate is selectable from 1 to 54 Mbps in both the Coverage and Capacity models. Use this option to simply specify a fixed number of APs. Use this field and pull-down to specify an overlap factor. Use these pull-down to specify the data rates desired on your Access Points. Selectable for Capacity or Custom models. Selectable for Capacity or Custom models.

Capacity

Custom Overlap Factor Rates Users/AP APs

36

Part 031652-00

May 2005

Chapter 4

Radio TypeSpecify the radio type(s) of your APs using the pull-down Radio Type menu on the Modeling Parameters page.Available Radio Type Choices:

801.11a 802.11b 802.11g

5GHz, Orthogonal Frequency Division Multiplexing (OFDM) with data rates up to 54Mbps. 2.4GHz, Direct Spread Spectrum (DSSS) multiplexing with data rates up to 11Mbps. 2.4GHZ, OFDM/CCK (Complementary Code Keying) with data rates up to 54Mbps.

Overlap FactorThe Overlap Factor is the amount of signal area overlap that you want when the APs are operating. Overlap is important if an AP fails. It allows the network to self-heal with adjacent APs powering up to assume some of the load from the failed device. Although there may be no holes in coverage in this scenario, there will likely be a loss of throughput. Increasing the overlap will allow for higher throughputs when an AP has failed and will allow for future capacity as the number of users increases. The valid range of values for the overlap factor are from 100% to 1000%.

UsersNOTEThe Users text boxes are active only when the Capacity model is selected.

Enter the number of users you expect to have on your Wireless LAN in the Users text box. Enter the number of users per access point you expect in the Users/AP text box. The numbers entered in the these two text boxes must be no-zero integers between 1-255 inclusive.

RatesNOTEThe Rate pull-down menus are active only when the Coverage or Capacity design models are selected.

Select the desired data rates from the pull-down menus for 802.11b/g and 802.11a. High data transmission rates will require an increased number of AP to be placed in your building. You should carefully evaluate your users data rate needs.

RF Design

37


Click Apply and the AM Modeling page displays.

AM Modeling PageThe AM Modeling page allows you to specify all the information necessary for RF Plan to determine the appropriate placement of your AMs.

Controls on this page allow you to select or control the following functions: Monitor Rate AMs Design Model Use this pull-down menu to specify the desired monitor rate for your Air Monitors. Use this field to manually specify the number of Air Monitors to deploy (Custom Model only). Use these radio buttons to specify a design model to use in the placement of Air Monitors.

Design ModelsTwo radio buttons on the page allow you to control the kind of model which will be used to determine the number and type of APs.Design Model Radio Button Options:

Coverage

Use this option to let RF Plan automatically determine the number of AMs based on desired monitor rates and the configuration of your building. Desired rate is selectable from 1 to 54 Mbps in the Coverage model.

Custom

Use this option to simply specify a fixed number of AMs. When the AM Plan portion of RF Plan is executed, RF Plan will make an even distribution of the AMs.

38

Part 031652-00

May 2005

Chapter 4

NOTEThe monitor rates you select for the AMs should be less than the data rates you selected for the APs. If you set the rate for the AMs at a value equal to that specified for the corresponding PHY type AP RF Plan will allocate one AM per , AP If you specify a monitor r