Polycom 2300 User's Manual
Contents
1. If you purchased a Nortel service program contact one of the following Nortel Technical Solutions Centers Europe Middle East and Africa 00800 8008 9009 or 44 0 870 907 9009 North America 800 4NORTEL or 800 466 7835 Asia Pacific 61 2 9927 8800 China 800 810 5000 During VIEW Certification testing the following limitations were discovered e RF Active Scan must be disabled on AP radios that are providing voice services including SpectraLink 8000 Wireless Telephones e You must disable Internet Group Management Protocol IGMP snooping when running SpectraLink Radio Protocol SRP which is used with the SpectraLink 8000 Telephony Gateway SRP uses multicast packets to do an SRP Check In which are not forwarded through the WLAN Security Switch WSS when IGMP snooping is enabled When a tunneled virtual LAN VLAN is configured over a Layer 3 network IGMP snooping must be disabled each time the tunnel is established because the virtual VLAN is established with IGMP snooping turned on by default PN 1725 36082 001_F doc Nortel WLAN Security Switch 2300 Series with AP 2330 Network Topology The following topology was tested during VIEW Certification It is important to note that these do not necessarily represent all Certified configurations Both Layer 2 and Layer 3 roaming were tested Layer 3 roaming of SpectraLink 8000 Wireless Telephones requires the use of a generic routing encapsulation2. Revie ore Create Create VLAN oon fCLS QoS wireless Properties Delete Setup AAA Spanning Tree Properties Enable Uplink Fast Enable Backbone Fast VLAN Members Spanning Tree Restrict L2 Traffic Restrict L3 Traffic Config 0 Errors 2 Warnings Local Changes none Network Changes none Alarms a 10 Inthe VLAN Properties window disable IGMP by clearing the Enabled check box Click the OK button VLAN Properties IGMP LAN IGMP Version Querier Enabled uery Interval seconds Las Query mend scons el Other Querier Present Interval seconds 255 le Query Response Interval 1 10 seconds Last Member Query Interval 1 10 seconds ls Robustness Value 2e Proxy Report v Multicast Router Solicitation Solicitation Interval seconds HEJS Cancel 22 PN 1725 36082 001_F doc Nortel WLAN Security Switch 2300 Series with AP 2330 Service Profile SSID configuration To create a SSID named Voice using WPA PSK or WPA2 PSK that will be advertised on 802 11a b g radios using WMS 1 In WMS click Configuration on the tool bar 2 In the Organizer panel expand the WSS and select Wireless Services 3 In the Network Plan Tasks panel create a new wireless service by selecting Voice Service Profile WMS 6 0 Plan Polycom File Services Tools Help m di E iz E BW L is Back Policies RF Planning i i Verification Devices Monitor Alarms Re
3. Create Mobility Domain Create Nortel Wireless Security 5 Third Party AP Network Domain Setup Network Domain Name Network Domain Seeds Network Domain Members country Code Disable Auto Tune AP Local Switching AirDefense Set Up AirDefense Launch AirDefense UI Create AirDefense Sensor Other Upload w55 Convert Auto AP Remove Auto AP Network Domain Config 0 Errors 2 Warnings Local Changes none Network Changes none Alarms da 4 Inthe IP Address field type the IP address for the WLAN Security Switch PN 1725 36082 001_F doc 15 VIEW Er POLYCOM Certified Configuration Guide 5 In the Enable Password field type the enable password for the WLAN Security Switch The enable password must match the enable password that was defined in the Quick Start Wizard For more information see the Nortel WLAN Security Switch 2300 Series Configuration Guide 6 Click the Next button The uploading progress is shown 7 After the Successfully uploaded device message is displayed click the Next button AP configuration To add a directly connected or distributed AP to a WLAN Security Switch using WMS 1 Connect the AP to the network distributed AP or a free PoE port on the switch directly connected AP 2 In WMS click Configuration on the tool bar 3 Inthe Organizer panel expand the WSS and select Access Points 4 Inthe Network Plan Tasks panel create a new A
4. 36082 001_F doc AP configuration To add a directly connected AP 2330 attached to port 1 on a WSS using CLI set port type ap 1 model 2330 poe enable Defines the port number on the switch that the AP 1S connected to the model number of the AP and enables PoE on the switch port Valid model numbers include the 2330 2330A and 2330B set ap 1 radio 1 tx power 10 mode enable Sets the channel number transmit power and enables the 802 11g radio set ap 1 radio 2 channel 44 tx power 10 mode enable Sets the channel number transmit power and enables the 802 11a radio To add a distributed AP 2330 to a WSS using CLI set dap 1 serial id stpw20kc3 model 2330 Defines the DAP number serial id and model number of the AP Valid model numbers include the 2330 2330A and 2330B set dap 1 radio 1 channel 11 tx power 10 mode enable Sets the channel number transmit power and enables the 802 119 radio set dap 1 radio 2 channel 40 tx power 10 mode enable Sets the channel number transmit power and enables the 802 11a radio VLAN configuration For security and flexibility it is recommended that voice and data be configured on separate VLANs For this example a new VLAN named Voice with a VLAN ID 2 will be created and tagged to the uplink port 8 set vlan 2 name Voice Creates a new VLAN ID and defines the name set vlan 2 port 8 tag 2 Assigns the VLAN to a port and specifies an 802 10 tag value set igmp disa
5. GRE tunnel SpectraLink 8000 SpectraLink 8000 SVP Server Telephony Gateway ol gegen a Data met Router Voice Data t af AG2 1 14 6 SEY S S SpectraLink 8000 SpectraLink 8000 SpectraLink 8000 Wireless Telephones Wireless Telephones Wireless Telephones b EN miig sm e mm 5 WT aa ag ageet BOZ Tabia Layer 2 Roaming Layer 3 Roaming PN 1725 36082 001_F doc 5 VIEW X POLYCOM Certified Configuration Guide Access Point Capacity and Positioning Each site is unique in its AP requirements Therefore please take the following points into account when determining how many APs are needed and where they should be placed in the facility Handset range There must be WLAN coverage wherever the SpectraLink 8000 Wireless Telephones will be used Adequate coverage for a SpectraLink 8000 Wireless Telephone can be determined by using the Site Survey mode on the handset that displays dBm signal levels and channel when the handset is in range of an AP For setting up the data rates please consult your facility s RF site survey designed for voice traffic to determine if you have sufficient coverage to support all data rates SpectraLink 8000 Wireless Telephones require the following minimum dBm reading to support the corresponding Required data rate setting in the access point 802 11 Minimum Available Radio Standard Signal Strength RSS
6. echt VIEW X POLYCOM Certified VIEW Certified Configuration Guide Nortel WLAN Security Switch 2300 Series with AP 2330 January 2008 Edition 1725 36082 001 Version F VIEW Bie POLYCOM Corte Trademark Information Polycom and the logo designs SpectraLink LinkPlus Link NetLink SVP Are trademarks and registered trademarks of Polycom Inc in the United States of America and various countries All other trademarks used herein are the property of their respective owners Patent Information The accompanying product is protected by one or more US and foreign patents and or pending patent applications held by Polycom Inc Copyright Notice Copyright 2005 to 2008 Polycom Inc All rights reserved under the International and pan American copyright Conventions No part of this manual or the software described herein may be reproduced or transmitted in any form or by any means or translated into another language or format in whole or in part without the express written permission of Polycom Inc Do not remove or allow any third party to remove any product identification copyright or other notices Every effort has been made to ensure that the information in this document is accurate Polycom Inc is not responsible for printing or clerical errors Information in this document is subject to change without notice and does not represent a commitment on the part of Polycom Inc Configura
7. shared Key enter a passphraee Generate Enter the pre shared key in raw hexadecimal Form or enter a passphrase Max Len 63 bo generate a raw key lt Previous Next gt Cancel 14 Specify the VLAN named Voice This determines the VLAN that the WSS will map the handset traffic to Click the Next button Woice Serice Profile VLAN Select a VLAN For clients that connect using this SSID It is recommended that a separate YLAN be used For voice clients VLON Name voice ei Updated TV AN Name Value Voice lt Previous Next gt Finish Cancel 28 PN 1725 36082 001_F doc Nortel WLAN Security Switch 2300 Series with AP 2330 15 A default ACL will be generated which will allow and prioritize IP protocol 119 SVP traffic with the Class of Service level 7 and pass all other IP traffic on the Voice VLAN Woice Serice Profile QoS SpectraLink SVP An ACL SpectraLink 1185471492968 has been generated to classify voice traffic This ACL contains a rule which places all IF protocol 11 SYP traffic on Cos queue 7 and a rule that permits all other data traffic on the mapped LAN default Source IP Destination IF Source Port Destination Port A any E Permit id any Brommt AddRule Updated Protocol Mame Value svp Cree Ces an Je a Optional Modify the default ACL by removing the last statement which will allow and prioritize IP protocol 119 SVP but deny all oth
8. 5 commit security acl SpectraLink set set security acl map SpectraLink vlan Voice in security acl map SpectraLink vlan Voice out 39
9. I Required Data Rate 70 dBm 1 Mb s 802 11b 60 dBm 11 Mb s 63 dBm 6 Mb s 802 119 47 dBm 54 Mb s 60 dBm 6 Mb s 802 11a 45 dBm 54 Mb s ri All SpectraLink 8000 Wireless Telephones on the WLAN network eS must be configured for a single radio standard 802 11a or 802 11b or 802 11g Handsets configured for different radio standards will not work together Number of handset calls per AP The number of handsets that can be in call simultaneously was determined based on call quality within a lab environment Since call quality is impacted by packet retry rate and missed packets test criteria were established for the maximum data rate 11Mb s for handsets in range of the AP As the handsets move near the limits of optimal RF coverage from the AP they will automatically drop to lower Mb s operation SpectraLink 8000 Wireless Telephones require approximately 15 of 6 PN 1725 36082 001_F doc PN 1725 36082 001_F doc Nortel WLAN Security Switch 2300 Series with AP 2330 the available bandwidth per call for 1 Mb s operation approximately 10 of the available bandwidth per call for 2 Mb s operation approximately 7 of the available bandwidth per call for 5 5 Mb s operation and approximately 5 of the available bandwidth per call for 11 Mb s operations LAN bandwidth Estimate anticipated peak call volume to ensure that the LAN has enough bandwidth to handle the network traffic generated by all of the wire
10. P by selecting Distributed AP or Directly Connected AP WMS 6 0 Plan Polycom File Services Tools Help r Ep D tet B A Policies RF Planning E ET a e te Verification Devices Monitor Alarms Reports Organizer Se Polycom Network Plan Tasks 16 W552360 E System wireless Wireless Services Radio Profiles Radios RF Detection HAAA Distributed Access Points WS52360 Changes Security Mode Optional Enable Auto AP O Review gt Deploy AP Number Name Serial Create Distributed AP Directly Connected AP Directly Connected Access Points Al Portz Name Auto ap Other Convert Auto AP Remove Auto AP Config O Errors 2 Warnings Local Changes 1 device Network Changes none Alarms PN 1725 36082 001_F doc Nortel WLAN Security Switch 2300 Series with AP 2330 5 For directly connected APs select an available port on the switch from the Available Ports drop down list Click the Next button Create Directly Connected AP AP Port Selection Select an available port Connecting the AF to a port removes the port from all WANS Available Ports POL sei Cancel 6 For distributed APs enter the Name and Serial Number of the AP Click the Next button Create Distributed AP AP Identifier Enter a number unique name and connection For the AP Connecting the Ap to a port re
11. and line interface CLI Web View or WLAN Management Software WMS Configuration examples will be provided for both CLI and WMS If necessary the WLAN Security Switch may be reset to factory defaults To reset the WLAN Security Switch to factory defaults you must issue the clear boot config command via the console PN 1725 36082 001_F doc Nortel WLAN Security Switch 2300 Series with AP 2330 Connecting APs e PN 1725 36082 001_F doc To configure the WLAN Security Switch WSS to support an AP you must first determine how the AP will connect to the switch There are two types of AP to WSS connection direct and distributed Directly connected APs In direct connection an AP connects to one or two 10 100 ports ona WSS The WSS port is then configured specifically for a direct attachment to an AP There is no intermediate networking equipment between the WSS and AP and only one AP is connected to the WSS port The WSS 10 100 port provides power over Ethernet PoE to the AP The WSS also forwards data only to and from the configured AP on that port The port numbers on the WSS which are configured for directly attached APs reference a particular AP Distributed APs An AP that is not directly connected to a WSS is considered a distributed AP There may be intermediate Layer 2 switches or Layer 3 IP routers between the WSS and the AP The WSS may communicate to the distributed AP through any network port A net
12. ble vlan Voice Disables IGMP on Voice VLAN VIEW Xe POLYCOM bi Configuration Guide Service profile SSID configuration To create a SSID named Voice using WPA PSK that will be advertised on 802 11a b g radios using CLI set service profile Voice ssid name Voice Creates a new service profile and SSID named Voice Note 1t s a best practice recommendation to use the Same name for both the service profile and SSID set service profile Voice auth fallthru last resort Sets the authentication type to open authentication With WPA PSK the pre shared key will be used to authenticate the handset set service profile Voice wpa ie enable Enables WPA security set service profile Voice psk phrase lt enter a passphrase gt Defines the passphrase required to access the SSID set service profile Voice auth psk enable Enables pre shared key authentication set service profile Voice auth dotlx disable Disables 802 1x authentication set service profile Voice attr vlan name Voice Specifies the VLAN name to map the voice handsets traffic to To create a SSID named Voice using WPA2 PSK that will be advertised on 802 11a b g radios using CLI set service profile Voice ssid name Voice Creates a new service profile and SSID named Voice Note 1t s a best practice recommendation to use the Same name for both the service profile and SSID set service profile Voice auth fallthru last resort Sets the authentication
13. database on the WSS e 24 PN 1725 36082 001_F doc Nortel WLAN Security Switch 2300 Series with AP 2330 Voice Service Profile Access Types Choose the types of access you want to allow For this SSID Select 802 1 Access to allow clients to connect using the IEEE 802 1 standard For authentication or Select MAC Access to restrict connectivity to known clients based on the client device MAC address or Open Access to allow clients to connect without per device authentication B02 1 Access MAC Access Open Access Updated Open Access Value Yes lt Previous Next gt Cancel 8 Settings for Wireless Security a To support handsets using WPA PSK security select the WPA check box Yoice Serice Profile Wireless Security Select one or more wireless security standards You can configure an SSID to support any combination of RON WPA and non WPA clients RSM sometimes called WPA and WPA provide stronger security than WEP RSN WPAZ WPA Static WEP Updated WPA Value Yes lt Previous Next gt b To support handsets using WPA2 PSK select the RSN WPA2 check box PN 1725 36082 001_F doc 25 VIEW R POLYCOM Critica Configuration Guide Woice Serice Profile Wireless Security Select one or more wireless security standards You can configure an SSID to support any combination of RON WPA and non WPA clients RSW sometimes called WPA and WPA provid
14. e stronger security than WEP DON WDAZ wea Static WEP 7 Updated WPA Value Fa Previous Net gt 9 Click the Next button 10 Settings for Wireless Encryption Cipher Suite a To support handsets using WPA PSK with TKIP select the TKIP check box Woice Serice Profile Wireless Encryption Cipher Suites Select one or more cipher suites WPA and BON support the Following cipher suites For packet encryption listed From most secure to least secure AES COMP Counter Mode with Cipher Block Chaining Message Authentication Code Protocol CCMP CCMP provides Advanced Encryption Standard AES data encryption To provide message integrity COMP uses the Cipher Block Chaining Message Authentication Code CBO MAT Temporal Key Integrity Protocol TEIPY TEIP uses the RC4 encryption algorithm a 128 bit encryption key a 48 bit initialization vector IV and a message integrity code MIC called Michael WEP 104 Wired Equivalent Privacy EP with 104 bit keys 104 bit WEP uses the RC4 encryption algorithm with a 104 bit key d 1WEP with 40 bit keys 40 bit WEP uses the RC4 encryption algorithm with a 40 bit key lt Previous Nexk gt Cancel 26 PN 1725 36082 001_F doc Nortel WLAN Security Switch 2300 Series with AP 2330 b To support handsets using WPA2 PSK with AES CCMP select the AES CCMP check box Yoice Semice Profile Wireless Encryption Cipher Suites Select one or more cip
15. er IP traffic on the Voice VLAN Click the Next button Woice Semice Profile QoS SpectraLink SVP An ACL Sperctralink 1185501 188812 has been generated to classify voice traffic This ACL contains a rule which places all IP protocol 119 SYP traffic on CoS queue 7 and a rule that permits all other data traffic on the mapped LAN Voice Source IP Destination IF Destination Part Bary SPemt ig Add Rule Updated Protocol Name Value svp Previous Next gt Finish l Cancel PN 1725 36082 001_F doc 29 POLYCOM VIEW D Certified Configuration Guide 16 Assign the Voice Service Profile to the default Radio Profile This will determine which 802 11a and 802 11g radios will advertise the Voice SSID For this example the default Radio Profile will be used which is assigned to all 802 11a g radios This will provide support for handsets operating in 802 11a 802 11b and 802 11 modes All SpectraLink 8000 Wireless Telephones on the WLAN network eS must be configured for a single radio standard 802 11a or 802 11b or 802 11g Handsets configured for different radio standards will not work together 17 Click the Finish button A Voice Service Profile to support the handsets has now been added to the WSS configuration in WMS Voice Service Profile Radio Profile Selection Select an existing Radio Profile or choose to create a new one bo associate with this Service Profile Each rad
16. file 802 11 Attributes Auto Tune Service Profile Selection Radio Selection Voice Configuration Voice Configuration Qos Mode EI i Cancel 34 PN 1725 36082 001_F doc Nortel WLAN Security Switch 2300 Series with AP 2330 Deploying changes Deploying the changes in WMS will upload and save the configuration to the WSS To deploy the changes in WMS 1 In WMS click Devices on the tool bar 2 In the Local Changes Task List panel select Deploy to upload and save the configuration changes to the WSS You may also Review Schedule and Undo changes in the Local Changes Task List panel Si wms 6 0 Plan Polycom File Services Tools Help m d i E ix E Gd BW te Back Policies RF Planning Configuration Verification Devices Monitor Reports IP Address Managem x Model Version Local St Network Status Deploy St A Managed Devices 1 J w552360 192 168 2 100 3889 2360 5 0 11 4 0 Checking W55 Retrying connection Completed T Review Deploy Schedule Deploy Undo Local Changes Other Refresh Upload wss View Operations Log D amp Device Operations Config 0 Errors 3 Warnings Local Changes 1 device Network Changes none Alarms o EE 2 a PN 1725 36082 001_F doc 35 POLYCOM VIEW SS Certified Configuration Guide 3 When the Deploy option is selected WMS will send apply and save the configuration changes to the WSS E Deploy Configu
17. hat matches protocol 119 SVP and marks it with a CoS 7 commit security acl SpectraLink Commits and applies the ACL set security acl map SpectraLink vlan Voice in set security acl map SpectraLink vlan Voice out Applies the ACL to the Voice VLAN for ingress and egress traffic Saving changes To save the current changes to a WSS using CLI save config Saves all configuration changes to the running configuration file PN 1725 36082 001_F doc Nortel WLAN Security Switch 2300 Series with AP 2330 Configuration Example WLAN Management Software Adding a WLAN Security Switch to the Network Plan Before WLAN Management Software can be used to configure a WLAN Security Switch the WSS must be added to the WMS server To add a WLAN Security Switch to WLAN Management Software 1 Assuming that WMS is installed and a Network Plan has been created launch the WMS client and connect to the WMS server For more information see the Nortel WLAN Management Software 2300 Series User Guide 2 In WMS click Configuration on the tool bar 3 In the Network Plan Tasks panel under Other select Upload WSS WMS 6 0 Plan Polycom File Services Tools Help ECH z e gt amp o Vv E gt G Back orward Policies i i Monitor Alarms Reports Organizer Network Plan Tasks e Sen W552360 Create Network Plan Network Plan Name Country Code United States of America US Channel Set 802 11b g 1 6 11 e
18. her suites WPA and RSN support the Following cipher suites For packet encryption listed From most secure to least secure AES CCMP Counter Mode with Cipher Block Chaining Message Authentication Code Protocol CCMP CCMP provides Advanced Encryption Standard AES data encryption To provide message integrity COMP uses the Cipher Block Chaining Message Authentication Code CBC MAC LI Temporal Key Integrity Protocol CTEIPI TEIP uses the RC4 encryption algorithm a 128 bit encryption key a 48 bit initialization vector IV and a message integrity code MIC called Michael WEP 104 Wired Equivalent Privacy WEP with 104 bit keys 104 bit WEP uses the BC encryption algorithm with a 104 bit key d 1WEP with 40 bit keys 40 bit WEP uses the RC4 encryption algorithm with a 40 bit key Updated TKIP Value Ha Previous I Net gt Cancel 11 Click the Next button PN 1725 36082 001_F doc 27 POLYCOM MIEN SS Certified Configuration Guide 12 Enter a hexadecimal pre shared key or passphrase a Ifa passphrase is entered click the Generate button to generate the hexadecimal pre shared key 13 Click the Next button The pre shared key must match on both the WSS and handsets or the handsets will not be able to associate with the Voice SSID Voice Serice Profile Pre shared Key Enter the pre shared key to use For client authentication To generate a key enter a pass phrase and click on Generate Pre
19. iguration 1s recommended to provide a stable and optimum RF environment for the handsets set radio profile default active scan disable Disables active scanning which prevents the radios from going off channel and disrupting voice services set radio profile default qos mode svp Sets the QoS mode to SVP WMM support is not currently available on the SpectraLink 8000 Wireless Telephones Access control list To create an access control list ACL that allows and prioritizes IP protocol 119 SVP with a Class of Service CoS 7 and allows all other IP traffic on the Voice VLAN using CLI set security acl ip SpectraLink permit cos 7 119 0 0 0 0 255 255 255 255 0 0 0 0 255 255 255 255 Creates an ACL that matches protocol 119 SVP and marks 1t with a CoS 7 set security acl ip SpectraLink permit 0 0 0 0 255 255 255 255 Creates an ACL that matches all traffic and ports commit security acl SpectraLink Commits and applies the ACL set security acl map SpectraLink vlan Voice in set security acl map SpectraLink vlan Voice out we POLYCOM VIEW Certified Configuration Guide Applies the ACL to the Voice VLAN for ingress and egress traffic To create an ACL that allows and prioritizes IP protocol 119 SVP with a Class of Service CoS 7 and denies all other IP traffic on the Voice VLAN using CLI set security acl ip SpectraLink permit cos 7 119 0 0 0 0 255 255 255 255 0 0 0 0 255 255 255 255 Creates an ACL t
20. io is associated to a single Radio Profile which can associate to multiple Service Profiles This allows a radio to support multiple wireless services Create new Radio Profile Radio Profiles Properties lt Previous Finish Cancel 30 PN 1725 36082 001_F doc Nortel WLAN Security Switch 2300 Series with AP 2330 Radio Profile configuration The default Radio Profile needs to be modified to disable certain features to support the handsets To modify the default Radio Profile using WMS 1 In WMS click Configuration on the tool bar 2 In the Organizer panel expand the WSS and select Radio Profiles 3 In the Radio Profiles list highlight the default Radio Profile and click the Properties button OO WMS 6 0 Plan Polycom Back Policies RF Planning i i Verification Devices Monitor Reports Organizer Network Plan Tasks Se Polycom Ww552360 System wireless Wireless Services SSC a pe O Access Points Radios RF Detection AAA WSS2360 Changes Review Tune Transmit P wi Tune Channel Associated Ser QoS Mode El e Deploy Create Create Radio Profile Properties Config O Errors 2 Warnings Local Changes 1 device Network Changes none Alarms P PN 1725 36082 001_F doc 31 POLYCOM VIEW D Certified Configuration Guide 4 In the Radio Profile Properties window click the Radio Profile tab 5 Clear the Enable Active Scan check box This di
21. less devices WLAN bandwidth The SpectraLink 8000 Wireless Telephones share bandwidth with other wireless devices To ensure adequate RF bandwidth availability consider the number of wireless data devices in use per AP when estimating the necessary number of devices VIEW Wy POLYCOM Orie Configuration Guide Configuring a New WLAN Security Switch Starting from Factory Defaults 1 Using the supplied DB 9 male to DB 9 female standard RS 232 cable connect the WLAN Security Switch to the serial port of a terminal or PC Run a terminal emulation program such as HyperTerminal or use a VT 100 terminal with the following configuration Bits per second 9600 Data bits 8 Parity None Stop bits 1 Flow control None Power on the WLAN Security Switch The status of the boot process will appear in the console as the switch is powering up Once the switch is operational you will be presented with a login prompt A Quick Start Wizard provides for an easy means to perform initial WLAN Security Switch setup and configuration Refer to the WLAN Security Switch 2300 Series Quick Start Guide found at Nortel s Technical Support site This document contains a detailed explanation of using the Startup Wizard http support nortel com go main jsp cscat DOCDETAIL amp id 983095 amp poid 16021 Once the WLAN Security Switch has been configured via the Quick Start Wizard the remaining configuration can be performed using comm
22. model 2330 set dap 1 name WAP 2330 2 set dap 1 radio 1 channel 11 tx power 10 mode enable set dap 1 radio 2 channel 40 tx power 10 mode enable set port type ap 1 model 2330 poe enable set ap 1 name WAP 2330 1 set ap 1 radio 1 tx power 10 mode enable set ap 1 radio 2 channel 44 tx power 10 mode enable set ip https server enable set port poe 1 enable set vlan 1 name Data set vlan 1 port 8 tag 1 set vlan 2 name Voice 37 SE POLYCOM 38 VIEW Certified set set set set 255 set 255 vlan 2 port 8 tag 2 Configuration Guide 1gmp disable vlan Voice interface 1 ip 192 168 1 50 255 255 255 0 security acl 1p SpectraLink permit cos 7 119 0 0 0 0 255 255 255 0 0 0 0 255 255 255 255 security acl ip SpectraLink permit 0 0 0 0 AS 222096299 commit security acl SpectraLink set security acl map SpectraLink vlan Voice in set security acl map SpectraLink vlan Voice out The following configuration file provides an example configuration to support SpectraLink 8000 Wireless Telephones using WPA2 PSK Configuration nvgen d at 2007 7 26 22 53 41 Image 5 0 11 4 0 Model 2360 Last change occurred at 2007 7 26 22 53 34 auth fallthru last resort psk phrase enter a passphrase attr vlan name Voice service profile Voice auto tune channel config 11 tx power 10 mode enable 40 tx power 10 mode enable set 1p route default 192 168 1 1 1 set system name WSS2360 set system ip address 192 168 1 50 set sy
23. moves the port From all Las DAD Number Mame Serial Number Fingerprint H WwAP 2330 1 sto1w20kr3 Enter the serial number of the OP E Enter the Fingerprint A Fingerprint is required if a secure connection is used between the W55 and the AF Enter the 16 byte Fingerprint using colons 31 to separate each byte Next gt Finish Cancel PN 1725 36082 001_F doc POLYCOM VIEW D Certified Configuration Guide 7 Specify the model of the Nortel AP you are configuring Valid models include 2330 2330A and 2330B Click the Next button Create Directly Connected AP AP Type Select the AP type lt Previous i Next gt f Finish Cancel 8 To configure the 802 11g Radio a Select default for the Radio Profile b Specify the Channel Number and Transmit Power the radio should use as determined by the site survey performed on the facility Click the Next button Create Directly Connected AP 802 11g Radio Configure the 802 119 radio Number Enabled Radio Profile Channel Number Transmit Power dBm lt Previous Next gt Finish Cancel 18 PN 1725 36082 001_F doc Nortel WLAN Security Switch 2300 Series with AP 2330 9 To configure the 802 11a Radio a b Select default for the Radio Profile Specify the Channel Number and Transmit Power the radio should use as determined by the site survey performed on the facility 10 Click the Finish butt
24. on Create Directly Connected AP 602 11a Radio Configure the 802 114 radio Humber Enabled Radio Profile default Channel Number 36 Transmit Power dem DES lt Previous Finish Cancel 11 The AP has now been added to the WLAN Security Switch PN 1725 36082 001_F doc 19 POLYCOM VIEW D Certified Configuration Guide VLAN configuration For security and flexibility it is recommended that voice and data be on separate VLANs For this example a new VLAN named Voice with a VLAN ID 2 will be created and tagged to the uplink port 8 1 In WMS click Configuration on the tool bar 2 Inthe Organizer panel expand the WSS and select VLANs 3 In the Network Plan Tasks panel select Create VLAN WMS 6 0 Plan Polycom File Services Tools Help di di 3 L K D e d Back Policies RF Planning i i Devices Monitor Alarms Reports Organizer Network Plan Tasks BE Polycom W552360 EI System LANs Ports VLAN Tag Type 802 10 Port Groups Management Services VLAN Name VLAN ID IP Address V Interface En Tunnel Affi VLAN Mem Log 11 Data 1 192 168 1 50 a SC Pos IP Services Create VLAN ACLS QoS Wireless AAA Spanning Tree Properties Create Enable Uplink Fast Enable Backbone Fast Config 0 Errors 3 Warnings Local Changes none Network Changes none Alarms o EE De 20 PN 1725 36082 001_F doc Nortel WLAN Securit
25. ports Organizer Network Plan Tasks Se Polycom WSS2360 System wireless Service Profiles Review 7 Wireless Name SSID Type 1 Beacon Radio Profile s e Sa Radio Profiles WSS2360 Changes Access Points d Create Radios RF Detection 802 1 Service Profile AAA Voice Service Profile web Portal Service Profile Open Access Service Profile custom Service Profile Config 1 Error 2 Warnings Local Changes 1 device Network Changes none Alarms a 4 Inthe New Voice Service Profile introduction screen click the Next button 5 Specify a Name and SSID for the Voice Service Profile PN 1725 36082 001_F doc 23 POLYCOM VIEW D Certified Configuration Guide 6 Set the SSID Type to Encrypted and use the default Vendor type SpectraLink Click the Next button rf Selecting the vendor SpectraLink tells WMS what ACLs to create to prioritize the voice traffic later in the wizard Woice Semice Profile Voice SSID Enter a unique name to identify the Service Profile and specify the SSID Also select the voice vendor Mame voice SSID voice SSID Type Encrypted vendor SpectraLink e Updated 551D Value voice lt Previous Net gt Cancel 7 Select the Open Access check box Click the Next button MAC authentication may optionally be selected but will require that the MAC addresses for each handset be defined in the local AAA
26. rations SBE 0 39 Deploy completed 3EU Deploy started WSS2360 Sending configuration changes WSS2360 Applied configuration changes WSS2380 Saving WSS configuration WiSS2360 Deploy completed 36 PN 1725 36082 001_F doc Nortel WLAN Security Switch 2300 Series with AP 2330 Example Configuration Files For Reference Only PN 1725 36082 001_F doc The following configuration file provides an example configuration to support SpectraLink 8000 Wireless Telephones using WPA PSK Configuration nvgen d at 2007 7 26 22 51 55 Image 5 0 11 4 0 Model 2360 Last change occurred at 2007 7 26 22 36 12 set ip route default 192 168 1 1 1 set system name WSS2360 set system ip address 192 168 1 50 set system countrycode US set timezone EST 5 0 set service profile Voice ssid name Voice set service profile Voice auth fallthru last resort set service profile Voice wpa ie enable set service profile Voice psk phrase enter a passphrase set service profile Voice auth psk enable set service profile Voice auth dot1ix disable set service profile Voice attr vlan name Voice set enablepass password enable password set user admin password admin password set radio profile default service profile Voice set radio profile default dtim interval 3 set radio profile default auto tune channel config disable set radio profile default active scan disable set radio profile default qos mode svp set dap 1 serial id stpw20kc3
27. sables active scanning which prevents the radios from going off channel and disrupting voice services Radio Profile Properties i Radio Profile 802 11 Attributes Auto Tune Service Profile Selection Radio Selection Voice Configuration Radio Profile Mame default Countermeasures Mode None Enable Active Scan Enable RFID Enable L APSD OK Cancel l 32 PN 1725 36082 001_F doc Radio Profile Properties Nortel WLAN Security Switch 2300 Series with AP 2330 6 Click the Auto Tune tab 7 Clear the Tune Channel and Tune Transmit Power check boxes This disables automatic channel assignment for radios assigned to the radio profile A static channel configuration is recommended to provide a stable and optimum RF environment for the handsets Ne Radio Profile 802 11 Attributes Service Profile Selection Radio Selection Voice Configuration Auto Tune Tune Channel E Tune Transmit Power Channel Tuning Interval seconds z600 Tx Power Tuning Interval seconds Power Ramp Interval seconds Channel Tuning Holddown seconds 300 4 Tx Power Backoff Timer seconds me PN 1725 36082 001_F doc 33 POLYCOM VIEW D Certified Configuration Guide 8 Click the Voice Configuration tab Verify that the QoS Mode is set to SVP WMM support is not currently available on the SpectraLink 8000 Wireless Telephones 9 Click the OK button Radio Profile Properties Radio Pro
28. stem countrycode US set timezone EST 5 0 set service profile Voice ssid name Voice set service profile Voice set service profile Voice rsn ie enable set service profile Voice cipher tkip disable set service profile Voice cipher ccmp enable set service profile Voice set service profile Voice auth psk enable set service profile Voice auth dot1x disable set service profile Voice set enablepass password enable password set user admin password admin password set radio profile default set radio profile default dtim interval 3 set radio profile default disable set radio profile default active scan disable set radio profile default qos mode svp set dap 1 serial id stpw20kc3 model 2330 set dap 1 name WAP 2330 2 set dap 1 radio 1 channel set dap 1 radio 2 channel set port type ap 1 model 2330 poe enable PN 1725 36082 001_F doc PN 1725 36082 001_F doc set set set set set set Set set set set Set set 255 set 255 Nortel WLAN Security Switch 2300 Series with AP 2330 ap 1 name WAP 2330 1 ap 1 radio 1 tx power 10 mode enable ap 1 radio 2 channel 44 tx power 10 mode enable 1p https server enable port poe 1 enable vlan 1 name Data vlan 1 port 8 tag 1 vlan 2 name Voice vlan 2 port 8 tag 2 1gmp disable vlan Voice interface 1 ip 192 168 1 50 255 255 255 0 security acl 1p SpectraLink permit cos 7 119 0 0 0 0 255 255 255 0 0 0 0 255 255 255 255 security acl ip SpectraLink permit 0 0 0 0 255 255 25
29. tion Guide Notice Polycom Inc has prepared this document for use by Polycom personnel and customers The drawings and specifications contained herein are the property of Polycom and shall be neither reproduced in whole or in part without the prior written approval of Polycom nor be implied to grant any license to make use or sell equipment manufactured in accordance herewith Polycom reserves the right to make changes in specifications and other information contained in this document without prior notice and the reader should in all cases consult Polycom to determine whether any such changes have been made No representation or other affirmation of fact contained in this document including but not limited to statements regarding capacity response time performance suitability for use or performance of products described herein shall be deemed to be a warranty by Polycom for any purpose or give rise to any liability of Polycom whatsoever Contact Information Please contact your Polycom Authorized Reseller for assistance Polycom Inc 4750 Willow Road Pleasanton CA 94588 http www polycom com PN 1725 36082 001_F doc Nortel WLAN Security Switch 2300 Series with AP 2330 Introduction Polycom s Voice Interoperability for Enterprise Wireless VIEW Certification Program is designed to ensure interoperability and high performance between SpectraLink 8000 Wireless Telephones and wireless LAN WLAN infrastruc
30. ture products The products listed below have been thoroughly tested in Polycom s lab and have passed VIEW Certification This document details how to configure the Nortel WLAN Security Switch 2300 Series and WLAN AP 2330 2330A 2330B with SpectraLink 8000 Wireless Telephones Certified Product Summary Approved products WLAN Security Switches t Denotes products directly used in Certification testing Maximum calls tested during VIEW Certification The certified product may actually support a higher number of maximum calls for 802 11a radio modes Service Information eS The access point AP must support SpectraLink Voice Priority SVP Contact your AP vendor if you need to upgrade the AP software PN 1725 36082 001_F doc 3 SE POLYCOM Known Limitations VIEW Certified Configuration Guide Contacting Nortel Technical Support If you purchased a service contract for your Nortel product from a distributor or authorized reseller contact the technical support staff for that distributor or reseller for assistance Additional information about the Nortel Technical Solutions Centers is available from http www nortel com contactus An Express Routing Code ERC is available for many Nortel products and services When you use an ERC your call is routed to a technical support person who specializes in supporting that product or service To locate an ERC for your product or service go to http www nortel com erc
31. type to open authentication With WPA PSK the pre shared key will be used to authenticate the handset set service profile Voice rsn ie enable Enables WPA2 security set service profile Voice cipher tkip disable Disables TKIP encryption set service profile Voice cipher ccmp enable Enables AES CCMP encryption set service profile Voice psk phrase lt enter a passphrase gt Defines the passphrase required to access the SSID set service profile Voice auth psk enable Enables pre shared key authentication PN 1725 36082 001_F doc PN 1725 36082 001_F doc Nortel WLAN Security Switch 2300 Series with AP 2330 set service profile Voice auth dotlx disable Disables 802 1x authentication set service profile Voice attr vlan name Voice Specifies the VLAN name to map the voice handsets traffic to Radio Profile configuration The default Radio Profile needs to be modified to disable certain features to support the handsets To modify the default Radio Profile using CLI set radio profile default service profile Voice Maps the voice service profile and SSID to the radio profile This determines which 802 11 radios advertise and can support voice handsets set radio profile default dtim interval 3 Sets the DTIM interval to support push to talk set radio profile default auto tune channel config disable Disables automatic channel assignment for radios assigned to the radio profile A static channel conf
32. work port is any port connecting the switch to other networking devices such as switches and routers and it can also be configured for 802 10 VLAN tagging The WSS contains a configuration for a distributed AP based on the AP s serial number Similar to ports configured for directly connected APs distributed AP configurations are numbered and can reference a particular AP These numbered configurations do not however reference any physical port During VIEW Certification the 2330 access points were tested while directly connected to a port on the WLAN Security Switch e g port 1 but both methods are supported For more information on how to configure the network to support a distributed AP see the Nortel WLAN Security Switch 2300 Series Configuration Guide POLYCOM tr SS Certified Configuration Guide Command comment and screen text key In the sections below you will find commands comments and system responses or other screen displayed information involved in the configuration process This key explains the text styles and symbols used to denote them Text Style XXXXXXXX Typed command lt XXXXXXXX gt Encryption key domain name or other information specific to your system that needs to be entered Comment about a command or set of commands System response or other displayed information 10 PN 1725 36082 001_F doc Nortel WLAN Security Switch 2300 Series with AP 2330 Configuration Example CLI PN 1725
33. y Switch 2300 Series with AP 2330 4 For VLAN Name enter Voice 5 For VLAN ID specify 2 Click the Next button Create VLAN VLAN Identifier Enter a unique name to identify the VLA You can also change the VLAN number YLA ID 2E Updated YLAN Mame Value Voice Next gt Finish Cancel 6 In the Port Port Group list select the 802 10 tagged uplink port POS and click the Add button 7 Click the Tag check box and specify the 802 10 tag value 2 8 Click the Finish button Create VLAN Optional VLAN Members You can select one or more ports port groups to be members of the LAM Port Port Group LAMESI Port Pork Group Tag Value bz IPOS Updated Is LAN Tagged Value Yes lt Previous Next gt Finish Cancel PN 1725 36082 001_F doc 21 SE POLYCOM VIEW Certified Configuration Guide 9 The Voice VLAN 2 is now 802 10 tagged to the uplink port P08 a Highlight the Voice VLAN b In the Network Plan Tasks panel select IGMP WMS 6 0 Plan Polycom File Services Tools Help da gt di z E BW e S Policies i i verification Devices Monitor Alarms Reports Organizer Network Plan Tasks Se Polycom WS552360 WSS2360 Changes E System LANs Ports VLAN Tag Type 802 10 Port Groups Management Services VLANName VLANID IP Address C Interface E Tunnel Affi VAN Mem Log 1 192 168 1 50 EI 5 pos Ee 2 ENE EN DG EEN
Download Pdf Manuals
Related Search