Alcatel-Lucent Configuration Guide OV3600 Version 6.3 e d i u G n o i t a r u g i f n o www.alcatel-lucent.com/enterprise C Part Number: 0510614-01 Copyright © 2009 Alcatel-Lucent. Alcatel, Lucent, Alcatel-Lucent, and the Alcatel-Lucent logo are trademarks of Alcatel-Lucent. All rights reserved. All other trademarks are the property of their respective owners. While every effort has been made to ensure technical accuracy, information in this document is subject to change without notice and does not represent a commitment on the part of Alcatel-Lucent. 2 | Copyright Alcatel-Lucent Configuration Guide | OV3600 Version 6.3 Contents Preface7 Document Audience and Organization 7 Related Documents 7 Text Conventions 7 Contacting Alcatel-Lucent 8 Chapter 1 Overview of Alcatel-Lucent Configuration 9 Introduction 9 Requirements and Restrictions for Alcatel-Lucent Configuration 10 Components of Alcatel-Lucent Configuration 10 Global Configuration and Scope 10 Alcatel-Lucent AP Groups 11 AP Overrides 11 WLANs 12 Profiles 13 Security 13 Advanced Services 14 Folders, Users, and Visibility 14 Additional Concepts and Benefits 14 Scheduling Configuration Changes 14 Auditing and Reviewing Configurations 14 Licensing and Dependencies in Alcatel-Lucent Configuration 14 Navigating Alcatel-Lucent Configuration 15 The Primary Pages of Alcatel-Lucent Configuration 15 Device Setup > Alcatel-Lucent Configuration Page Overview 15 Groups > Alcatel-Lucent Config Page Overview 16 APs/Devices > List Page Overview 16 APs/Devices > Manage Page Overview 16 APs/Devices > Monitor Page Overview 17 Groups > Basic Page Overview 17 Embedded Profile Setup in Alcatel-Lucent Configuration 17 Save, Save and Apply, and Revert Buttons 17 Setting Up Initial Alcatel-Lucent Configuration 18 Prerequisites 18 Procedure 18 What Next? 23 Additional Capabilities of Alcatel-Lucent Configuration 23 Chapter 2 Using Alcatel-Lucent Configuration in Daily Operations 25 Introduction 25 General Alcatel-Lucent AP Groups Procedures and Guidelines 26 Guidelines and Pages for Alcatel-Lucent AP Groups in Alcatel-Lucent Configura- tion 26 Selecting Alcatel-Lucent WLAN switch Groups 26 Configuring Alcatel-Lucent AP Groups 26 What Next? 28 Retaining Unreferenced Alcatel-Lucent Configuration Profiles 28 General WLAN Procedures and Guidelines 28 Guidelines and Pages for WLANs in Alcatel-Lucent Configuration 28 Configuring or Editing WLANs with Basic View 28 Alcatel-Lucent Configuration Guide | OV3600 Version 6.3 Contents | 3 Configuring or Editing WLANs with Advanced View 30 General Profiles Guidelines 31 General WLAN Switch Procedures and Guidelines 31 Using Master, Standby Master, and Local WLAN Switches in Alcatel-Lucent Configura- tion 31 Pushing Device Configurations to WLAN switches 31 Supporting APs with Alcatel-Lucent Configuration 32 AP Overrides Guidelines 32 Configuring or Editing AP Overrides 32 Changing Adaptive Radio Management (ARM) Settings 34 Changing SSID and Encryption Settings 34 Changing the Alcatel-Lucent AP Group for an AP Device 34 Visibility in Alcatel-Lucent Configuration 35 Visibility Overview 35 Defining Visibility for Alcatel-Lucent Configuration 35 Appendix A Alcatel-Lucent Configuration Reference 39 Introduction 39 Alcatel-Lucent AP Groups Pages and Field Descriptions 41 Alcatel-Lucent AP Groups 41 WLAN Pages and Field Descriptions 45 Overview of WLANs in Alcatel-Lucent Configuration 45 WLANs 45 WLANs > Basic 46 WLANs > Advanced 47 AP Overrides Pages and Field Descriptions 50 AP Overrides 50 Profiles Pages and Field Descriptions 55 Understanding Alcatel-Lucent Configuration Profiles 55 Profiles > AAA 56 Profiles > AAA 57 Profiles > AAA > Captive Portal Auth 58 Modifying the Initial User Role 60 Profiles > AAA > Mac Auth 60 Profiles > AAA > Stateful 802.1X Auth 61 Profiles > AAA > Wired Auth Profile 62 Profiles > AAA > VPN Auth 62 Profiles > AAA > Management Auth 63 Profiles > AAA > 802.1x Auth 64 Profiles > AP 69 Profiles > AP > System 70 Profiles > AP > Regulatory Domain 73 Profiles > AP > AP Wired 75 Profiles > AP > AP Ethernet Link 76 Profiles > AP > SNMP 77 Profiles > AP > SNMP > SNMP User 77 Alcatel-Lucent WLAN switch Traps 78 Access Point/Air Monitor Traps 79 Profiles > IDS 81 Profiles > IDS > General 83 Profiles > IDS > Signature Matching 84 Profiles > IDS > Signature Matching > Signatures 85 Profiles > IDS > Denial of Service 85 Profiles > IDS > Denial of Service > Rate Threshold 88 Profiles > IDS > Impersonation 90 Profiles > IDS > Unauthorized Device 91 4 | Contents Alcatel-Lucent Configuration Guide | OV3600 Version 6.3 Profiles > Mesh 94 Profiles > Mesh > Radio 94 Profiles > Mesh > Cluster 96 Profiles > QoS 97 Profiles > QoS > Traffic Management 97 Profiles > QoS > VoIP Call Admission Control 98 Profiles > RF 101 Profiles > RF > 802.11a/g Radio 101 Profiles > RF > 802.11a/g Radio > ARM 103 Profiles > RF > 802.11a/g Radio > High-Throughput (HT) Radio 106 Profiles > RF > Event Thresholds 107 Profiles > RF > Optimization Profiles 109 Profiles > SSID 111 Profiles > EDCA AP 111 Profiles > SSID > EDCA AP 115 Profiles > SSID > EDCA Station 118 Profiles > SSID > HT SSID 121 Security Pages and Field Descriptions 123 Security > User Roles 124 Security > User Roles > BW Contracts 126 Security > User Roles > VPN Dialers 127 Security > Policies 130 Security > Policies > Destinations 130 Security > Policies > Services 131 Security > Server Groups 132 Server Groups Page Overview 132 Supported Servers 132 Adding a New Server Group 133 Security > Server Groups > LDAP 134 Security > Server Groups > RADIUS 135 Security > Server Groups > TACACS 136 Security > Server Groups > Internal 137 Security > Server Groups > XML API 138 Security > Server Groups > RFC 3576 139 Security > TACACS Accounting 139 Security > Time Ranges 140 Security > User Rules 141 Advanced Services Pages and Field Descriptions 143 Overview of IP Mobility Domains 143 Advanced Services > IP Mobility 144 Advanced Services > IP Mobility > Mobility Domain 147 Advanced Services > VPN Services 148 Advanced Services > VPN Services > IKE 149 Advanced Services > VPN Services > L2TP 150 Advanced Services > VPN Services > PPTP 151 Advanced Services > VPN Services > IPSEC 152 Advanced Services > VPN Services > IPSEC > Dynamic Map 153 Advanced Services > VPN Services > IPSEC > Dynamic Map > Transform Set 154 Groups > Alcatel-Lucent Config Page and Section Information 155 Index157 Alcatel-Lucent Configuration Guide | OV3600 Version 6.3 Contents | 5 6 | Contents Alcatel-Lucent Configuration Guide | OV3600 Version 6.3 Preface Document Audience and Organization This user guide is intended for wireless network administrators and helpdesk personnel who deploy AOS-W on the network and wish to manage it with the OmniVista 3600 Air Manager (OV3600), Version 6.3 or later. This document provides instructions for using Alcatel-Lucent Configuration and contains the following chapters: Table 1 Document Organization and Purposes Chapter Description Chapter 1, “Overview of Alcatel-Lucent Configuration” Introduces the concepts, components, navigation, and initial setup of Alcatel-Lucent Configuration. Chapter 2, “Using Alcatel-Lucent Configuration in Daily Provides a series of procedures for configuring, modifying, and using Operations” Alcatel-Lucent Configuration once initial setup is complete. This chapter is oriented around the most common tasks in Alcatel-Lucent Configuration. Appendix A, “Alcatel-Lucent Configuration Reference” Provides an encyclopedic reference to the fields, settings, and default values of all Alcatel-Lucent Configuration components, to include a few additional procedures supporting more advanced configurations. Related Documents The following documentation supports the OmniVista 3600 Air Manager (OV3600), Version 6.3, and is viewable from the Home > Documentation page in OV3600:  Quickstart Guide  User Guide  Supported APs/Devices  Supported Firmware Versions Text Conventions The following conventions are used throughout this manual to emphasize important concepts: Table 2 Text Conventions Type Style Description Italics This style is used to emphasize important terms and to mark the titles of books. System items This fixed-width font depicts the following:  Sample screen output  System prompts  Filenames, software devices, and specific commands when mentioned in the text Commands In the command examples, this bold font depicts text that you must type exactly as shown. <Arguments> In the command examples, italicized text within angle brackets represents items that you should replace with information appropriate to your specific situation. For example: # send <text message> In this example, you would type “send” at the system prompt exactly as shown, followed by the text of the message you wish to send. Do not type the angle brackets. Alcatel-Lucent Configuration Guide | OV3600 Version 6.3 Preface | 7 Table 2 Text Conventions Type Style Description [Optional] In the command examples, items enclosed in brackets are optional. Do not type the brackets. {Item A | Item B} In the command examples, items within curled braces and separated by a vertical bar represent the available choices. Enter only one choice. Do not type the braces or bars. This document uses the following notice icons to emphasize advisories for certain actions, configurations, or concepts: Indicates helpful suggestions, pertinent information, and important things to remember. NOTE ! Indicates a risk of damage to your hardware or loss of data. CAUTION Indicates a risk of personal injury or death. WARNING Contacting Alcatel-Lucent Online Contact and Support Main Website http://www.alcatel-lucent.com/enterprise Support Website https://service.esd.alcatel-lucent.com Alcatel-Lucent Enterprise Service and OmniVista [email protected] 3600 Email Support 8 | Preface Alcatel-Lucent Configuration Guide | Version 6.2 Chapter 1 Overview of Alcatel-Lucent Configuration Introduction AOS-W is the operating system, software suite, and application engine that operates OmniAccess WLAN switches and centralizes control over the entire mobile environment. The AOS-W Wizards, the AOS-W command-line interface (CLI), and the AOS-W WebUI are the primary means by which to configure and deploy AOS-W. For a complete description of AOS-W, refer to the AOS-WUser Guide for release 3.3.2.10. Commencing with the OmniVista 3600 Air Manager (OV3600) Version 6.3, the Alcatel-Lucent Configuration feature consolidates AOS-W configuration and pushes global Alcatel-Lucent Configurations from one utility. This chapter introduces the components and initial setup of Alcatel-Lucent Configuration with the following topics: Requirements and Restrictions for Alcatel-Lucent Configuration Components of Alcatel-Lucent Configuration  Global Configuration and Scope  Alcatel-Lucent AP Groups  Profiles  WLANs  Security  Advanced Services  Folders, Users, and Visibility  Scheduling Configuration Changes Navigating Alcatel-Lucent Configuration  The Primary Pages of Alcatel-Lucent Configuration  Device Setup > Alcatel-Lucent Configuration Page Overview  Groups > Alcatel-Lucent Config Page Overview  APs/Devices > List Page Overview  Groups > Basic Page Overview  Embedded Profile Setup in Alcatel-Lucent Configuration  Save, Save and Apply, and Revert Buttons Setting Up Initial Alcatel-Lucent Configuration OV3600 6.3 supports device Groups as in prior OV3600 versions. However, OV3600 6.3 introduces Alcatel-Lucent AP Groups, and these are distinct and must not be confused with standard OV3600 Device Groups. This document provides information about the configuration and use of Alcatel-Lucent AP Groups, and describes how NOTE Alcatel-Lucent AP Groups interoperate with standard OV3600 Device Groups. Alcatel-Lucent Configuration Guide | OV3600 Version 6.3 Overview of Alcatel-Lucent Configuration | 9 Requirements and Restrictions for Alcatel-Lucent Configuration Alcatel-Lucent Configuration has the following requirements in OV3600 Version 6.3:  OV3600 6.3 or a later OV3600 version must be installed and operational on the network.  OmniAccess WLAN switches on the network must have AOS-W installed and operational. OV3600 Version 6.3 supports AOS-W release 3.3.2.10 or later 3.3.x releases.  Ensure you have Telnet/SSH credentials (configuration only) and the “enable” password (configuration only). Without proper Telnet/SSH credentials a user is not able to fetch the running configuration, nor acquire license and serial information from WLAN switches. Alcatel-Lucent Configuration has the following restrictions in OV3600 Version 6.3:  Alcatel-Lucent Configuration in OV3600 Version 6.3 does not support certain AOS-W Network components, such as the Management components, the WLAN switch IP address, VLANs, or interfaces. Support for these components will be available with later OV3600 versions. OV3600 Version 6.3 supports only IP Mobility and VLANs in Advanced Services.  Future versions of OV3600 will support Alcatel-Lucent AP Group and Profile distribution from the Master Console. Components of Alcatel-Lucent Configuration Alcatel-Lucent Configuration emphasizes the following components and network management concepts:  Global Configuration and Scope  Alcatel-Lucent AP Groups  AP Overrides  WLANs  Profiles  Security  Advanced Services  Folders, Users, and Visibility  Additional Concepts and Benefits Global Configuration and Scope Alcatel-Lucent Configuration supports AOS-W as follows:  OV3600 supports global configuration from both a master-local WLAN switch deployment and an all- master WLAN switch deployment as follows:  In a master-local WLAN switch deployment, AOS-W is the agent that pushes global configurations from master WLAN switches to local WLAN switch. OV3600 supports this AOS-W functionality.  In an all-master-WLAN switch scenario, every master WLAN switch operates independent of other master WLAN switch. OV3600 provides the ability to push configuration to all master WLAN switch in this scenario.  Alcatel-Lucent Configuration supports all AOS-W profiles, Alcatel-Lucent AP Profiles, Servers, and User Roles. 10 | Overview of Alcatel-Lucent Configuration Alcatel-Lucent Configuration Guide | OV3600 Version 6.3