Polycom 1725-36082-001 User's Manual
Contents
1. Query Interval seconds Other Querier Present Interval seconds Query Response Interval 1 10 seconds Last Member Query Interval 1 10 seconds Robustness Value Proxy Report Multicast Router Solicitation Solicitation Interval seconds PN 1725 36082 001_G doc 21 VIEW id POLYCOM eae 22 2 wns 6 0 Plan Polycom File Services Tools Help Service Profile SSID configuration Configuration Guide To create a SSID named Voice using WPA PSK or WPA2 PSK that will be advertised on 802 11a b g radios using WMS 1 In WMS click Configuration on the tool bar 2 Inthe Organizer panel expand the WSS and select Wireless Services 3 In the Network Plan Tasks panel create a new wireless service by selecting Voice Service Profile a Back rwan Policies Organizer Ea Polycom E w552360 System E Wireless Radio Profiles Access Points Radios RF Detection ARA ma E4 RF Planning Configuration Wireless Service Profiles Ei Verification Devices Monitor Name SSID SSID Type Beacon Radio Profile s e Reports Network Plan Tasks WSS2360 Changes Review Deploy Create 302 1X Service Profile Web Portal Service Profile Open Access Service Profile Custom Service Profile Config 1 Error 2 Warnings Local C2. Notice Polycom Inc has prepared this document for use by Polycom personnel and customers The drawings and specifications contained herein are the property of Polycom and shall be neither reproduced in whole or in part without the prior written approval of Polycom nor be implied to grant any license to make use or sell equipment manufactured in accordance herewith Polycom reserves the right to make changes in specifications and other information contained in this document without prior notice and the reader should in all cases consult Polycom to determine whether any such changes have been made No representation or other affirmation of fact contained in this document including but not limited to statements regarding capacity response time performance suitability for use or performance of products described herein shall be deemed to be a warranty by Polycom for any purpose or give rise to any liability of Polycom whatsoever Contact Information Please contact your Polycom Authorized Reseller for assistance Polycom Inc 4750 Willow Road Pleasanton CA 94588 http www polycom com PN 1725 36082 001_G doc Nortel WLAN Security Switch 2300 Series with AP 2330 Introduction Polycom s Voice Interoperability for Enterprise Wireless VIEW Certification Program is designed to ensure interoperability and high performance between SpectraLink Wireless Telephones and wireless LAN WLAN infrastructure products
3. The products listed below have been thoroughly tested in Polycom s lab and have passed VIEW Certification This document details how to configure the Nortel WLAN Security Switch 2300 Series and WLAN AP 2330 2330A 2330B with SpectraLink Wireless Telephones Certified Product Summary Manufacturer Nortel www nortel com Approved products WLAN Security Switches Access points 2380 2330 2361 2330A 2360 2330B 2350 Security WPA PSK and WPA2 PSK 2300 software version certified Release 5 0 11 4 SpectraLink handset models certified 340 h340 i1640 8020 8030 SpectraLink handset software certified 89 119 122 010 or greater SpectraLink radio mode 802 11b 802 11b 802 11a Maximum telephone calls per AP 10 10 12 Recommended network topology Switched Ethernet required t Denotes products directly used in Certification testing Maximum calls tested during VIEW Certification The certified product may actually support a higher number of maximum calls for 802 11a radio modes SpectraLink handset models 8020 8030 e340 h340 i640 and their OEM derivates are VIEW Certified with the WLAN hardware and software identified in the table Throughout the remainder of this document they will be referred to collectively as SpectraLink Wireless Telephones Service Information SVP Contact your AP vendor if you need to upgrade the AP software ey The access point AP must supp
4. VIEW Wy POLYCOM Certified VIEW Certified Configuration Guide Nortel WLAN Security Switch 2300 Series with AP 2330 June 2008 Edition 1725 36082 001 Version G VIEW wy POLYCOM Certified Trademark Information Polycom and the logo designs SpectraLink LinkPlus Link NetLink SVP Are trademarks and registered trademarks of Polycom Inc in the United States of America and various countries All other trademarks used herein are the property of their respective owners Patent Information The accompanying product is protected by one or more US and foreign patents and or pending patent applications held by Polycom Inc Copyright Notice Copyright 2005 to 2008 Polycom Inc All rights reserved under the International and pan American copyright Conventions No part of this manual or the software described herein may be reproduced or transmitted in any form or by any means or translated into another language or format in whole or in part without the express written permission of Polycom Inc Do not remove or allow any third party to remove any product identification copyright or other notices Every effort has been made to ensure that the information in this document is accurate Polycom Inc is not responsible for printing or clerical errors Information in this document is subject to change without notice and does not represent a commitment on the part of Polycom Inc Configuration Guide
5. 255 0 0 0 0 255 255 255 255 security acl ip SpectraLink permit 0 0 0 0 255 255 255 commit security acl SpectraLink set set security acl map SpectraLink vlan Voice in security acl map SpectraLink vlan Voice out 37
6. In the Network Plan Tasks panel select Create VLAN E WS52360 Po e i Z E e cy Q RF Planning Configuration verification Devices Monitor Alarms Network Plan Tasks WSS2360 Changes E System LANs Ports Port Groups VLAN Tag Type Management Services VLAN Name VLAN ID IP Address V InterFace En Tunnel Affi VLAN Mem Log 4 Data 1 192 168 1 50 v 5H amp Pos IP Services ACLs Create Create vlan Qos Wireless AAA Spanning Tree Properties Enable Backbone Fast Enable Uplink Fast PN 1725 36082 001_G doc Config 0 Errors 3 Warnings Local Changes none Network Changes none Alarms rw 19 VIEW Bie POLYCOM Corie Configuration Guide 4 For VLAN Name enter Voice 5 For VLAN ID specify 2 Click the Next button Create VLAN VLAN Identifier Enter a unique name to identify the YLAN You can also change the VLAN number VLAN Name yoice VLAN ID 2 fe Updated VLAN Name Value Voice Next gt J Finish Cancel In the Port Port Group list select the 802 1Q tagged uplink port P08 and click the Add button Click the Tag check box and specify the 802 1Q tag value 2 8 Click the Finish button fj Create VLAN Optional VLAN Members You can select one or more ports port groups to be members of the LAN Port Port Group VLAN s Port Po
7. a terminal emulation program such as HyperTerminal or use a VT 100 terminal with the following configuration Bits per second 9600 Data bits 8 Parity None Stop bits 1 Flow control None Power on the WLAN Security Switch The status of the boot process will appear in the console as the switch is powering up Once the switch is operational you will be presented with a login prompt A Quick Start Wizard provides for an easy means to perform initial WLAN Security Switch setup and configuration Refer to the WLAN Security Switch 2300 Series Quick Start Guide found at Nortel s Technical Support site This document contains a detailed explanation of using the Startup Wizard http support nortel com go main jsp cscat DOCDETAIL amp id 583095 amp poid 16021 Once the WLAN Security Switch has been configured via the Quick Start Wizard the remaining configuration can be performed using command line interface CLI Web View or WLAN Management Software WMS Configuration examples will be provided for both CLI and WMS If necessary the WLAN Security Switch may be reset to factory defaults To reset the WLAN Security Switch to factory defaults you must issue the clear boot config command via the console Xg POLYCOM VIEW Certified Configuration Guide Connecting APs To configure the WLAN Security Switch WSS to support an AP you must first determine how the AP will connect to the switch There
8. are two types of AP to WSS connection direct and distributed Directly connected APs In direct connection an AP connects to one or two 10 100 ports ona WSS The WSS port is then configured specifically for a direct attachment to an AP There is no intermediate networking equipment between the WSS and AP and only one AP is connected to the WSS port The WSS 10 100 port provides power over Ethernet PoE to the AP The WSS also forwards data only to and from the configured AP on that port The port numbers on the WSS which are configured for directly attached APs reference a particular AP Distributed APs An AP that is not directly connected to a WSS is considered a distributed AP There may be intermediate Layer 2 switches or Layer 3 IP routers between the WSS and the AP The WSS may communicate to the distributed AP through any network port A network port is any port connecting the switch to other networking devices such as switches and routers and it can also be configured for 802 10 VLAN tagging The WSS contains a configuration for a distributed AP based on the AP s serial number Similar to ports configured for directly connected APs distributed AP configurations are numbered and can reference a particular AP These numbered configurations do not however reference any physical port During VIEW Certification the 2330 access points were tested while directly connected to a port on the WLAN Security Switch e g port 1 but
9. both methods are supported C2 For more information on how to configure the network to support a distributed AP see the Nortel WLAN Security Switch 2300 Series Configuration Guide 8 PN 1725 36082 001_G doc Nortel WLAN Security Switch 2300 Series with AP 2330 Command comment and screen text key In the sections below you will find commands comments and system responses or other screen displayed information involved in the configuration process This key explains the text styles and symbols used to denote them Text Style Denotes XXXXXXXX Typed command lt XXXXXXXX gt Encryption key domain name or other information specific to your system that needs to be entered xxxxxxxx Comment about a command or set of commands XXXXXXXX System response or other displayed information PN 1725 36082 001_G doc POLYCOM VIEW id Certified Configuration Guide Configuration Example CLI AP configuration To add a directly connected AP 2330 attached to port 1 on a WSS using CLI set port type ap 1 model 2330 poe enable Defines the port number on the switch that the AP is connected to the model number of the AP and enables PoE on the switch port Valid model numbers include the 2330 2330A and 2330B set ap 1 radio 1 tx power 10 mode enable Sets the channel number transmit power and enables the 802 11g radio set ap 1 radio 2 channel 44 tx power 10 mode enable Sets the channel nu
10. on the SpectraLink Wireless Telephones 9 Click the OK button Radio Profile Properties Radio Profile 802 11 Attributes Auto Tune Service Profile Selection Radio Selection oice Configuration QoS Mode Syp v OK Cancel 32 PN 1725 36082 001_G doc Nortel WLAN Security Switch 2300 Series with AP 2330 Deploying changes Deploying the changes in WMS will upload and save the configuration to the WSS To deploy the changes in WMS 1 In WMS click Devices on the tool bar 2 Inthe Local Changes Task List panel select Deploy to upload and save the configuration changes to the WSS You may also Review Schedule and Undo changes in the Local Changes Task List panel WMS 6 0 Plan Polycom Eile Services Tools Help Te wry i EA r g a Ny iZ Z e y 12 Back orwa Policies RF Planning Configuration Verification Devices Reports osr wss IP Address Managem x Model Version Local St Network Status Deploy St A Managed Devices 1 Ww552360 192 168 2 100 8889 Managed Checking WSS Retrying connection Completed T Review Deploy Schedule Deploy Undo Local Changes Network Changes Orve Other Refresh upload wss View Operations Log o 2 Device Operations Config 0 Errors 3 Warnings Local Changes 1 device Network Changes none Alarms o E 2 ra PN 1725 36082 001
11. profile Voice auth fallthru last resort set service profile Voice rsn ie enable set service profile Voice cipher tkip disable set service profile Voice cipher ccmp enable set service profile Voice psk phrase enter a passphrase set service profile Voice auth psk enable set service profile Voice auth dot1x disable set service profile Voice attr vlan name Voice set enablepass password enable password set user admin password admin password set radio profile default service profile Voice set radio profile default dtim interval 3 set radio profile default auto tune channel config disable set radio profile default active scan disable set radio profile default qos mode svp set dap 1 serial id stpw20kc3 model 2330 set dap 1 name WAP 2330 2 set dap 1 radio 1 channel 11 tx power 10 mode enable PN 1725 36082 001_G doc PN 1725 36082 001_G doc set set set set set set set set set set set set set set 255 set 255 Nortel WLAN Security Switch 2300 Series with AP 2330 dap 1 radio 2 channel 40 tx power 10 mode enable port type ap 1 model 2330 poe enable ap 1 name WAP 2330 1 ap 1 radio 1 tx power 10 mode enable ap 1 radio 2 channel 44 tx power 10 mode enable ip https server enable port poe 1 enable vlan 1 name Data vlan 1 port 8 tag 1 vlan 2 name Voice vlan 2 port 8 tag 2 igmp disable vlan Voice interface 1 ip 192 168 1 50 255 255 255 0 security acl ip SpectraLink permit cos 7 119 0 0 0 0 255 255
12. radio should use as determined by the site survey performed on the facility Click the Next button Create Directly Connected AP 802 11g Radio Configure the 802 119 radio Number Enabled Radio Profile Channel Number Transmit Power dBm g M default 6 v 18 PN 1725 36082 001_G doc lt Previous Next gt J Finish Cancel 17 POLYCOM VIEW id Certified Configuration Guide 9 To configure the 802 11a Radio Select default for the Radio Profile b Specify the Channel Number and Transmit Power the radio should use as determined by the site survey performed on the facility 10 Click the Finish button fj Create Directly Connected AP 802 11a Radio Configure the 802 114 radio Number Enabled Radio Profile defaut Channel Number 36 Transmit Power dBm 19 2 lt Previous l Finish l Cancel 11 The AP has now been added to the WLAN Security Switch 18 PN 1725 36082 001_G doc WMS 6 0 Plan Polycom File Services Tools Help Nortel WLAN Security Switch 2300 Series with AP 2330 VLAN configuration For security and flexibility it is recommended that voice and data be on separate VLANs For this example anew VLAN named Voice with a VLAN ID 2 will be created and tagged to the uplink port 8 1 In WMS click Configuration on the tool bar 2 Inthe Organizer panel expand the WSS and select VLANs 3
13. without per device authentication 802 1 Access MAC Access Open Access Updated Open Access Value Yes lt Previous Next gt j Cancel 8 Settings for Wireless Security a To support handsets using WPA PSK security select the WPA check box Voice Service Profile Wireless Security Select one or more wireless security standards You can configure an SSID to support any combination of RSN WPA and non WPA clients RSN sometimes called WPA2 and WPA provide stronger security than WEP RSN WPA2 wra V Static WEP Updated WPA Value Yes lt Previous Next gt Cancel 24 PN 1725 36082 001_G doc Nortel WLAN Security Switch 2300 Series with AP 2330 b To support handsets using WPA2 PSK select the RSN WPA2 check box 9 Click the Next button aj Voice Service Profile Wireless Security Select one or more wireless security standards You can configure an SSID to support any combination of RSN WPA and non WPA clients RSN sometimes called WPA2 and WPA provide stronger security than WEP RSN WPA2 wea Static WEP Updated WPA Value No lt Previous Next gt Cancel 10 Settings for Wireless Encryption Cipher Suite a To support handsets using WPA PSK with TKIP select the TKIP check box Voice Service Profile Wireless Encryption Cipher Suites Select one or more cipher suite
14. CMP uses the Cipher Block Chaining Message Authentication Code CBC MAC a Temporal Key Integrity Protocol TKIP TKIP uses the RC4 encryption algorithm a 128 bit encryption key a 48 bit initialization vector IV and a message integrity code MIC called Michael WEP 104 Wired Equivalent Privacy WEP with 104 bit keys 104 bit WEP uses the RC4 encryption algorithm with a 104 bit key 1WEP with 40 bit keys 40 bit WEP uses the RC4 encryption algorithm with a 40 bit key Updated TKIP Value No lt Previous Next gt 11 Enter a hexadecimal pre shared key or passphrase a Ifa passphrase is entered click the Generate button to generate the hexadecimal pre shared key The pre shared key must match on both the WSS and handsets or the handsets will not be able to associate with the Voice SSID Voice Service Profile Pre shared Key Enter the pre shared key to use for client authentication To generate a key enter a pass phrase and click on Generate Pre shared Key enter a passphrase Generate Enter the pre shared key in raw hexadecimal form or enter a passphrase Max Len 63 to generate a raw key lt Previous Next gt Cancel 26 PN 1725 36082 001_G doc 12 13 14 fj Voice Service Profile VLAN Nortel WLAN Security Switch 2300 Series with AP 2330 Click the Next button Specify the VLAN named Voice This determines the VLAN that the WSS will
15. Type __ AP Number Directly Connected Access Points Porte Y O Name Model il Type 7 D0w E Reports Network Plan Tasks W552360 Changes Review Deploy Create Distributed AP Directly Connected AP Setup a 2 Auto AP Other a Convert Auto AP Remove Auto AP PN 1725 36082 001_G doc 15 POLYCOM V EW wy Certified Configuration Guide 5 For directly connected APs select an available port on the switch from the Available Ports drop down list Click the Next button Create Directly Connected AP AP Port Selection Select an available port Connecting the AP to a port removes the port from all VLANs 6 For distributed APs enter the Name and Serial Number of the AP Click the Next button E Create Distributed AP AP Identifier Enter a number unique name and connection for the AP Connecting the AP to a port removes the port from all VLANs WAP 2330 1 16 PN 1725 36082 001_G doc 7 Specify the model of the Nortel AP you are configuring Valid models include 2330 2330A and 2330B Click the Next button Nortel WLAN Security Switch 2300 Series with AP 2330 Create Directly Connected AP AP Type Select the AP type AP Model Radio Type lt Previous Next gt Ji Finish Cancel 8 To configure the 802 11g Radio a Select default for the Radio Profile b Specify the Channel Number and Transmit Power the
16. _G doc 33 POLYCOM VIEW we Certified Configuration Guide 3 When the Deploy option is selected WMS will send apply and save the configuration changes to the WSS U Depo rted WSS2360 Sending configuration changes WS82360 Applied configuration changes WSS2360 Saving WSS configuration 552360 Deploy completed 34 PN 1725 36082 001_G doc Nortel WLAN Security Switch 2300 Series with AP 2330 Example Configuration Files For Reference Only PN 1725 36082 001_G doc The following configuration file provides an example configuration to support SpectraLink Wireless Telephones using WPA PSK Configuration nvgen d at 2007 7 26 22 51 55 Image 5 0 11 4 0 Model 2360 Last change occurred at 2007 7 26 22 36 12 set ip route default 192 168 1 1 1 set system name WSS2360 set system ip address 192 168 1 50 set system countrycode US set timezone EST 5 0 set service profile Voice ssid name Voice set service profile Voice auth fallthru last resort set service profile Voice wpa ie enable set service profile Voice psk phrase enter a passphrase set service profile Voice auth psk enable set service profile Voice auth dot1x disable set service profile Voice attr vlan name Voice set enablepass password enable password set user admin password admin password set radio profile default service profile Voice set radio profile default dtim interval 3 set radio profile default auto tune channel config disable s
17. ck the Radio Profile tab 5 Clear the Enable Active Scan check box This disables active scanning which prevents the radios from going off channel and disrupting voice services Radio Profile Properties Radio Profile 802 11 Attributes Auto Tune Service Profile Selection Radio Selection Voice Configuration Radio Profile Name Countermeasures Mode None v Enable Active Scan Enable RFID Enable U APSD _ 6 Click the Auto Tune tab 7 Clear the Tune Channel and Tune Transmit Power check boxes This disables automatic channel assignment for radios assigned to the radio profile A static channel configuration is recommended to provide a stable and optimum RF environment for the handsets z iO Radio Profile Properties Radio Profile 802 11 Attributes Auto Tune Serves Profile Selection Radio Selection voice Configuration Auto Tune Tune Channel Tune Transmit Power Channel Tuning Interval seconds 3600 Tx Power Tuning Interval seconds 600 a gt Power Ramp Interval seconds 60 Channel Tuning Halddown seconds 300 l f Tx Power Backoff Timer seconds 10 a gt PN 1725 36082 001_G doc 3 POLYCOM VIEW id Certified Configuration Guide 8 Click the Voice Configuration tab Verify that the QoS Mode is set to SVP WMM support is not currently available
18. doc 5 WMS 6 0 Plan Polycom File Services Tools Help amp Back Policies Organizer Se Polycom Eb W552360 System E Wireless Wireless Services Radio Profiles Radios RF Detection aaa Nortel WLAN Security Switch 2300 Series with AP 2330 4 Inthe IP Address field type the IP address for the WLAN Security Switch 5 In the Enable Password field type the enable password for the WLAN Security Switch The enable password must match the enable password that was defined in the Quick Start Wizard For more information see the Nortel WLAN Security Switch 2300 Series Configuration Guide 6 Click the Next button The uploading progress is shown 7 After the Successfully uploaded device message is displayed click the Next button AP configuration To add a directly connected or distributed AP to a WLAN Security Switch using WMS 1 Connect the AP to the network distributed AP or a free PoE port on the switch directly connected AP 2 In WMS click Configuration on the tool bar In the Organizer panel expand the WSS and select Access Points 4 In the Network Plan Tasks panel create a new AP by selecting Distributed AP or Directly Connected AP oy S RF Planning E4 amp Configuration Polycom Verification T my Alarms Devices Monitor Distributed Access Points Security Mode Optional Enable Auto AP Name Serial Model
19. et radio profile default active scan disable set radio profile default qos mode svp set dap 1 serial id stpw20kc3 model 2330 set dap 1 name WAP 2330 2 set dap 1 radio 1 channel 11 tx power 10 mode enable set dap 1 radio 2 channel 40 tx power 10 mode enable set port type ap 1 model 2330 poe enable set ap 1 name WAP 2330 1 set ap 1 radio 1 tx power 10 mode enable set ap 1 radio 2 channel 44 tx power 10 mode enable set ip https server enable set port poe 1 enable set vlan 1 name Data set vlan 1 port 8 tag 1 35 X POLYCOM 36 VIEW Certified Configuration Guide set vlan 2 name Voice set vlan 2 port 8 tag 2 set igmp disable vlan Voice set interface 1 ip 192 168 1 50 255 255 255 0 set security acl ip SpectraLink permit cos 7 119 0 0 0 0 255 255 255 255 0 0 0 0 255 255 255 255 set security acl ip SpectraLink permit 0 0 0 0 255 255 255 255 commit security acl SpectraLink set security acl map SpectraLink vlan Voice in set security acl map SpectraLink vlan Voice out The following configuration file provides an example configuration to support SpectraLink Wireless Telephones using WPA2 PSK Configuration nvgen d at 2007 7 26 22 53 41 Image 5 0 11 4 0 Model 2360 Last change occurred at 2007 7 26 22 53 34 set ip route default 192 168 1 1 1 set system name WSS2360 set system ip address 192 168 1 50 set system countrycode US set timezone EST 5 0 set service profile Voice ssid name Voice set service
20. guration Guide Configuration Example WLAN Management Software Adding a WLAN Security Switch to the Network Plan Before WLAN Management Software can be used to configure a WLAN Security Switch the WSS must be added to the WMS server To add a WLAN Security Switch to WLAN Management Software 1 Assuming that WMS is installed and a Network Plan has been created launch the WMS client and connect to the WMS server For more information see the Nortel WLAN Management Software 2300 Series User Guide 2 In WMS click Configuration on the tool bar 3 In the Network Plan Tasks panel under Other select Upload WSS WMS 6 0 Plan Polycom 0g File Services Tools Help e amp gi ix amp e Back Forward Policies RF Planning Configuration Verification Devices Reports Organizer Network Plan Tasks epson E W552360 iss Network Plan Network Plan Name Country Code Channel Set 802 1 1b 9 Network Domain Setup Network Domain Name Network Domain Seeds Network Domain Members Create Mobility Domain Create Nortel Wireless Security S Third Party AP Country code Disable Auto Tune AP Local Switching AirDefense Set Up AirDefense Launch AirDefense UI Create AirDefense Sensor Other Upload wss Convert auto AP Remove Auto AP Network Domain Config 0 Errors 2 Warnings Local Changes none Network Changes none Alarms E 14 PN 1725 36082 001_G
21. hanges 1 device Network Changes none Alarms PN 1725 36082 001_G doc Nortel WLAN Security Switch 2300 Series with AP 2330 4 Inthe New Voice Service Profile introduction screen click the Next button 5 Specify a Name and SSID for the Voice Service Profile 6 Set the SSID Type to Encrypted and use the default Vendor type SpectraLink Click the Next button Selecting the vendor SpectraLink tells WMS what ACLs to create to prioritize the voice traffic later in the wizard Voice Service Profile Voice SSID Enter a unique name to identify the Service Profile and specify the SSID Also select the voice vendor Name SSID SSID Type vendor Voice voice Encrypted SpectraLink Y Updated SSID Value Voice PN 1725 36082 001_G doc lt Previous J Next gt Cancel 23 POLYCOM VIEW id Certified Configuration Guide 7 Select the Open Access check box Click the Next button MAC authentication may optionally be selected but will require that the MAC addresses for each handset be defined in the local AAA database on the WSS Voice Service Profile Access Types Choose the types of access you want to allow For this SSID Select 802 1 Access to allow clients to connect using the IEEE 802 1 standard for authentication or Select MAC Access to restrict connectivity to known clients based on the client device MAC address or Open Access to allow clients to connect
22. hru last resort Sets the authentication type to open authentication With WPA PSK the pre shared key will be used to authenticate the handset set service profile Voice wpa ie enable Enables WPA security set service profile Voice psk phrase lt enter a passphrase gt Defines the passphrase required to access the SSID set service profile Voice auth psk enable Enables pre shared key authentication set service profile Voice auth dot1x disable Disables 802 1x authentication set service profile Voice attr vlan name Voice Specifies the VLAN name to map the voice handsets traffic to To create a SSID named Voice using WPA2 PSK that will be advertised on 802 11a b g radios using CLI set service profile Voice ssid name Voice Creates a new service profile and SSID named Voice Note it s a best practice recommendation to use the same name for both the service profile and SSID set service profile Voice auth fallthru last resort Sets the authentication type to open authentication With WPA PSK the pre shared key will be used to authenticate the handset set service profile Voice rsn ie enable Enables WPA2 security set service profile Voice cipher tkip disable Disables TKIP encryption set service profile Voice cipher ccmp enable Enables AES CCMP encryption set service profile Voice psk phrase lt enter a passphrase gt Defines the passphrase required to access the SSID set service profile Voice au
23. k 1185501198312 has been generated to classify voice traffic This ACL contains a rule which places all IP protocol 119 SYP traffic on CoS queue 7 and a rule that permits all other data traffic on the mapped LAN Voice Source IP Destination IP Protocol Source Port Destination Port DSCP Action CoS t svp o H any E Permit 7E e Updated Protocol Name Value svp lt Previous Next gt J Finish Cancel 28 PN 1725 36082 001_G doc Nortel WLAN Security Switch 2300 Series with AP 2330 17 Assign the Voice Service Profile to the default Radio Profile This will determine which 802 11a and 802 11g radios will advertise the Voice SSID For this example the default Radio Profile will be used which is assigned to all 802 11a g radios This will provide support for handsets operating in 802 11a 802 11b and 802 11g modes configured for a single radio standard 802 11a or 802 11b or 802 11g Handsets configured for different radio standards will not work together C2 All SpectraLink Wireless Telephones on the WLAN network must be 18 Click the Finish button A Voice Service Profile to support the handsets has now been added to the WSS configuration in WMS 4 Voice Service Profile Radio Profile Selection Select an existing Radio Profile or choose to create a new one to associate with this Service Profile Each radio is associated to a single Radio Profile
24. loying SpectraLink 8020 8030 Wireless Telephones This document identifies issues and solutions based on Polycom s extensive experience in enterprise class Wi Fi telephony and provides recommendations for ensuring that a network environment is adequately optimized for use with SpectraLink 8020 8030 Wireless Telephones For setting up the data rates please consult your facility s RF site survey designed for voice traffic to determine if you have sufficient coverage to support all data rates SpectraLink Wireless Telephones require the following minimum dBm reading to support the corresponding Required data rate setting in the access point 802 11 Minimum Available Maximum Radio Standard Signal Strength RSSI Required Data Rate 70 dBm 1 Mb s 802 11b 60 dBm 11 Mb s 63 dBm 6 Mb s 802 119 47 dBm 54 Mb s 60 dBm 6 Mb s 802 11a 45 dBm 54 Mb s All SpectraLink Wireless Telephones on the WLAN network must be configured for a single radio standard 802 11a or 802 11b or 802 11g Handsets configured for different radio standards will not work together 6 PN 1725 36082 001_G doc Nortel WLAN Security Switch 2300 Series with AP 2330 Configuring a New WLAN Security Switch Starting from Factory Defaults PN 1725 36082 001_G doc 1 Using the supplied DB 9 male to DB 9 female standard RS 232 cable connect the WLAN Security Switch to the serial port of a terminal or PC Run
25. map the handset traffic to Click the Next button Select a VLAN for clients that connect using this SSID It is recommended that a separate VLAN be used for voice clients VLAN Name yoce Mi Updated VLAN Name Value Voice Voice Service Profile QoS SpectraLink SVP pass all other IP traffic on the Voice VLAN lt Previous Next gt Finish 15 A default ACL will be generated which will allow and prioritize IP protocol 119 SVP traffic with the Class of Service level 7 and Cancel An ACL SpectraLink 1185471492968 has been generated to classify voice traffic This ACL contains a rule which places all IP protocol 119 SYP traffic on CoS queue 7 and a rule that permits all other data traffic on the mapped YLAN default Source IP Destination IP Protocol Source Port Destination Port DSCP Action svp any H any E Permit H any E Permit Updated Protocol Name Value svp Add Rule PN 1725 36082 001_G doc lt Previous Next gt Finish Cancel 27 POLYCOM VIEW id Certified Configuration Guide a Optional Modify the default ACL by removing the last statement which will allow and prioritize IP protocol 119 SVP but deny all other IP traffic on the Voice VLAN 16 Click the Next button Voice Service Profile QoS SpectraLink SVP An ACL SpectraLin
26. mber transmit power and enables the 802 11a radio To add a distributed AP 2330 to a WSS using CLI set dap 1 serial id stpw20kc3 model 2330 Defines the DAP number serial id and model number of the AP Valid model numbers include the 2330 2330A and 2330B set dap 1 radio 1 channel 11 tx power 10 mode enable Sets the channel number transmit power and enables the 802 11g radio set dap 1 radio 2 channel 40 tx power 10 mode enable Sets the channel number transmit power and enables the 802 11a radio VLAN configuration For security and flexibility it is recommended that voice and data be configured on separate VLANS For this example a new VLAN named Voice with a VLAN ID 2 will be created and tagged to the uplink port 8 set vlan 2 name Voice Creates a new VLAN ID and defines the name set vlan 2 port 8 tag 2 Assigns the VLAN to a port and specifies an 802 10 tag value set igmp disable vlan Voice Disables IGMP on Voice VLAN 10 PN 1725 36082 001_G doc PN 1725 36082 001_G doc Nortel WLAN Security Switch 2300 Series with AP 2330 Service profile SSID configuration To create a SSID named Voice using WPA PSK that will be advertised on 802 11a b g radios using CLI set service profile Voice ssid name Voice Creates a new service profile and SSID named Voice Note it s a best practice recommendation to use the same name for both the service profile and SSID set service profile Voice auth fallt
27. ort SpectraLink Voice Priority PN 1725 36082 001_G doc 3 Xg POLYCOM VIEW Certified Configuration Guide Contacting Nortel Technical Support If you purchased a service contract for your Nortel product from a distributor or authorized reseller contact the technical support staff for that distributor or reseller for assistance Additional information about the Nortel Technical Solutions Centers is available from http www nortel com contactus An Express Routing Code ERC is available for many Nortel products and services When you use an ERC your call is routed to a technical support person who specializes in supporting that product or service To locate an ERC for your product or service go to http www nortel com erc If you purchased a Nortel service program contact one of the following Nortel Technical Solutions Centers Europe Middle East and Africa 00800 8008 9009 or 44 0 870 907 9009 North America 800 4NORTEL or 800 466 7835 Asia Pacific 61 2 9927 8800 China 800 810 5000 Known Limitations During VIEW Certification testing the following limitations were discovered e RF Active Scan must be disabled on AP radios that are providing voice services including SpectraLink Wireless Telephones e You must disable Internet Group Management Protocol IGMP snooping when running SpectraLink Radio Protocol SRP which is used with the SpectraLink 8000 Telephony Gateway SRP uses multicas
28. rt Group Tag Tag Value 2 POB v a Updated Is VLAN Tagged value Yes lt Previous Next gt J Finish Cancel 20 PN 1725 36082 001_G doc WMS 6 0 Plan Polycom File Services Tools Help 9 The Voice VLAN 2 is now 802 1Q tagged to the uplink port P08 Nortel WLAN Security Switch 2300 Series with AP 2330 a Highlight the Voice VLAN b In the Network Plan Tasks panel select IGMP Back Forward Policies Organizer SE Polycom Ge ws52360 E System Ports Port Groups Management Services Log IP Services ACLs Qos Wireless HAAA ve lore iZ w RF Planning Configuration LANs Verification B Devices Monitor VLAN Tag Type VLAN Name VLAN ID IP Address Interface E Tunnel Affi VLAN Mem 1 192 168 1 50 u E 5 Spanning Tree Properties Enable Uplink Fast Enable Backbone Fast Network Plan Tasks WS52360 Changes Orevi Deploy Create Create vLan Setup VLAN Members Spanning Tree Restrict L2 Traffic Restrict L3 Traffic Config 0 Errors 2 Warnings Local Changes none Network Changes none Alarms Po 10 In the VLAN Properties window disable IGMP by clearing the Enabled check box Click the OK button iO VLAN Properties LAN IGMP Enabled Version Version2 v Querier Enabled
29. rvice CoS 7 and allows all other IP traffic on the Voice VLAN using CLI set security acl ip SpectraLink permit cos 7 119 0 0 0 0 255 255 255 255 0 0 0 0 255 255 255 255 Creates an ACL that matches protocol 119 SVP and marks it with a CoS 7 set security acl ip SpectraLink permit 0 0 0 0 255 255 255 255 Creates an ACL that matches all traffic and ports commit security acl SpectraLink Commits and applies the ACL PN 1725 36082 001_G doc PN 1725 36082 001_G doc Nortel WLAN Security Switch 2300 Series with AP 2330 set security acl map SpectraLink vlan Voice in set security acl map SpectraLink vlan Voice out Applies the ACL to the Voice VLAN for ingress and egress traffic To create an ACL that allows and prioritizes IP protocol 119 SVP with a Class of Service CoS 7 and denies all other IP traffic on the Voice VLAN using CLI set security acl ip SpectraLink permit cos 7 119 0 0 0 0 255 255 255 255 0 0 0 0 255 255 255 255 Creates an ACL that matches protocol 119 SVP and marks it with a CoS 7 commit security acl SpectraLink Commits and applies the ACL set security acl map SpectraLink vlan Voice in set security acl map SpectraLink vlan Voice out Applies the ACL to the Voice VLAN for ingress and egress traffic Saving changes To save the current changes to a WSS using CLI save config Saves all configuration changes to the running configuration file POLYCOM VIEW id Certified Confi
30. s WPA and RSN support the following cipher suites for packet encryption listed from most secure to least secure AES CCMP C Counter Mode with Cipher Block Chaining Message Authentication Code Protocol CCMP CCMP provides Advanced Encryption Standard AES data encryption To provide message integrity CCMP uses the Cipher Block Chaining Message Authentication Code CBC MAC v Temporal Key Integrity Protocol TKIP TKIP uses the RC4 encryption algorithm a 128 bit encryption key a 48 bit initialization vector IV and a message integrity code MIC called Michael WEP 104 Wired Equivalent Privacy WEP with 104 bit keys 104 bit WEP uses the RC4 encryption algorithm with a 104 bit key 1WEP with 40 bit keys 40 bit WEP uses the RC4 encryption algorithm with a 40 bit key lt Previous Next gt Cancel PN 1725 36082 001_G doc 25 POLYCOM VIEW id Certified Configuration Guide b To support handsets using WPA2 PSK with AES CCMP select the AES CCMP check box and click the Next button Voice Service Profile Wireless Encryption Cipher Suites Select one or more cipher suites WPA and RSN support the following cipher suites for packet encryption listed From most secure to least secure AES CCMP v Counter Mode with Cipher Block Chaining Message Authentication Code Protocol CCMP CCMP provides Advanced Encryption Standard 4ES data encryption To provide message integrity C
31. t packets to do an SRP Check In which are not forwarded through the WLAN Security Switch WSS when IGMP snooping is enabled When a tunneled virtual LAN VLAN is configured over a Layer 3 network IGMP snooping must be disabled each time the tunnel is established because the virtual VLAN is established with IGMP snooping turned on by default PN 1725 36082 001_G doc Nortel WLAN Security Switch 2300 Series with AP 2330 Network Topology The following topology was tested during VIEW Certification It is important to note that these do not necessarily represent all Certified configurations Both Layer 2 and Layer 3 roaming were tested Layer 3 roaming of SpectraLink Wireless Telephones requires the use of a generic routing encapsulation GRE tunnel SpectraLink 8000 SpectraLink 8000 SVP Server Telephony Gateway pore J F 3A lt if eS SpectraLink Wireless Telephones Layer 2 Roaming Layer 3 Roaming PN 1725 36082 001_G doc 5 POLYCOM VIEW id Certified Configuration Guide Access Point Capacity and Positioning Please refer to the Polycom Deploying Enterprise Grade Wi Fi Telephony white paper This document covers the security coverage capacity and QoS considerations necessary for ensuring excellent voice quality with enterprise Wi Fi networks For more detailed information on wireless LAN layout network infrastructure QoS security and subnets please see the Best Practices Guide for Dep
32. th psk enable Xg POLYCOM VIEW Certified Configuration Guide Enables pre shared key authentication set service profile Voice auth dot1x disable Disables 802 1x authentication set service profile Voice attr vlan name Voice Specifies the VLAN name to map the voice handsets traffic to Radio Profile configuration The default Radio Profile needs to be modified to disable certain features to support the handsets To modify the default Radio Profile using CLI set radio profile default service profile Voice Maps the voice service profile and SSID to the radio profile This determines which 802 11 radios advertise and can support voice handsets set radio profile default dtim interval 3 Sets the DTIM interval to support push to talk set radio profile default auto tune channel config disable Disables automatic channel assignment for radios assigned to the radio profile A static channel configuration is recommended to provide a stable and optimum RF environment for the handsets set radio profile default active scan disable Disables active scanning which prevents the radios from going off channel and disrupting voice services set radio profile default gqos mode svp Sets the QoS mode to SVP WMM support is not currently available on the SpectraLink Wireless Telephones Access control list To create an access control list ACL that allows and prioritizes IP protocol 119 SVP with a Class of Se
33. which can associate to multiple Service Profiles This allows a radio to support multiple wireless services Create new Radio Profile Radio Profiles default Properties lt Previous Finish Cancel PN 1725 36082 001_G doc 29 VIEW Bie POLYCOM oie 2 wms 6 0 Plan Polycom File Services Tools Help Configuration Guide Radio Profile configuration The default Radio Profile needs to be modified to disable certain features to support the handsets To modify the default Radio Profile using WMS 1 In WMS click Configuration on the tool bar 2 Inthe Organizer panel expand the WSS and select Radio Profiles 3 In the Radio Profiles list highlight the default Radio Profile and click the Properties button Eh WS52360 System Wireless Wireless Services Access Points Radios RF Detection AAA Policies it PA ats Vy RF Planning Configuration E Verification Reports Network Plan Tasks WSS2360 Changes Radio Profiles Review Name Tune Transmit P Tune Channel Associated Ser QoS Mode E Deploy 4 default P G Create Create Radio Profile 30 Config 0 Errors 2 Warnings Local Changes 1 device Network Changes none Alarms E PN 1725 36082 001_G doc Nortel WLAN Security Switch 2300 Series with AP 2330 4 In the Radio Profile Properties window cli
Download Pdf Manuals
Related Search