Summit WM20 Getting Started Guide
Contents
1. To define a default static route for any unknown address not in the routing table type 0 0 0 0 This is also called as defining the default gateway Type the appropriate subnet mask in the Subnet Mask text box to separate the network portion from the host portion of the IP address typically 255 255 255 0 To define a default static route for any unknown address type 0 0 0 0 Type the IP address of the specific router port or gateway that serves as the next hop for the packets from Summit WM Controller gateway This router port or gateway must be on the same subnet as the Summit WM Controller Click Add The new route is added to the list of routes Summit WM20 Getting Started Guide Software Version 4 2 Select the Override dynamic routes check box to give priority over the OSPF routes that the Summit WM Controller uses for routing By default the Override dynamic routes is enabled If you want to remove priority for static routes so that the routing is always controlled dynamically clear the Override dynamic routes check box To save your changes click Save Viewing the forwarding table You can view the defined routes whether static or OSPF and their current status in the forwarding table To view the forwarding table 1 From the main menu click Reports The Reports amp Displays screen is displayed 2 Click Forwarding Table The Forwarding Table is displayed 3 Extreme Networks Summit2. oO dd note The hot swap lever is not enabled in the current release Pulling the hot swap lever will not affect the normal operation if the Summit WM2O Controller is already running However if you attempt to reboot the Summit WM2O Controller with the hot swap lever pulled out the controller will fail to reboot If you pull the hot swap lever while the Summit WM2O Controller is in operation the Hot Swap LED will light up Summit WM20 Getting Started Guide Software Version 4 2 Figure 7 Summit WM20 Controller LED lights Activity LED Status LED HDD Activity LED Hot Swap LED The description of the LED states is provided below e ACTIVITY LED Indicates the CPU activity including the amount of traffic carried to and from the Wireless APs e STATUS LED Indicates the normal state of the Summit WM Controller as seen by the system s software This LED covers all stages of the Summit WM Controller ranging from restarting to shutting down As long as the Summit WM Controller is running normally this LED will remain lit e HDD Activity LED Is hardware controlled to report Hard Drive Device HDD activity The LED blinks when the HDD is in use read write operation e Hot Swap LED Indicates that the hot swap lever on the Summit WM20 Controller is pulled out Summit WM20 Controller back panel Figure 8 Summit WM20 Controller back panel Power Supply Collecting information for installation You s
3. Spy Country Canada v SNMP Time Zone Region Eastern Time Ontario amp Quebec most locations Network Time Management Users Software TZ America Montreal Maintenance BUNRGBS CS ee to a ee en SS eer Web Settings Use System Time 08 22 2007 16 37 mm dd yyyy hhimm Use NTP Time Server 1 Time Server 2 Time Server 3 Apply WM Summit WM20 1 days 1 50 1 4 From the Continent or Ocean drop down list click the appropriate large scale geographic grouping for the time zone 5 From the Country drop down list click the appropriate country for the time zone The contents of the drop down list change based on the selection in the Continent or Ocean drop down list 6 From the Time Zone Region drop down list click the appropriate time zone region for the selected country 7 Click Apply Time Zone 8 Select the Use System Time radio button You can modify the system s date and time by changing the entries in the Use System Time text box The date is in mm dd yyyy format and the time is in hh mm format 9 Click Apply 10 Reboot the Summit WM Controller The WLAN network time is synchronized in accordance with the Summit WM Controller s time Configuring the network time using the NTP To configure the network time using the NTP 1 Perform Step 1 to Step 7 of Configuring the network time using the system s time on page 28 2 Select Use NTP radio button Summit WM2
4. Switch WM AD Configuration Summit Spy About LOGOUT 192 168 1 21 P Altitude AP Registration WAP Default a R Settings Registration Mode WAP Multi edit Stand alone Client Management Paired Access Approval WAP Maintenance Summit Switch IP Address 0 0 0 0 WAP Registration E current Summit Switch is primary connection point DRM wm20_1 Security Mode Allow all Altitude APs to connect Allow only approved Altitude APs to connect Discovery Timers Number of retries E 1 255 Delay between retries ji 1 10 seconds Telnet Access Password Confirm password View SLP Registration WM Summit WM20 1 days 22 30 1 3 In the Security Mode section select one of the following options oO dd note Security mode is a Summit WM Controller property It defines how the Summit WM Controller behaves when registering new devices During the registration process the Summit WM Controller s approval of the Wireless APs depends on the security mode that has been set e Allow all Altitude APs to connect m Ifthe Summit WM Controller does not recognize the registering serial number a new registration record is automatically created for the Wireless AP The Wireless AP receives a default configuration m Ifthe Summit WM Controller recognizes the serial number it indicates that the registering device is pre registered with the Summit WM Controller The Summi
5. zal ia o najbolji AP 0409920201203946 10 206 1 229 1lLocal 23 10 02 gunga 611058 56398124 87936925 23 09 46 6 100 Auto channel selected by AP Data as of Jan 19 2007 01 36 25 pm Refresh _ _ Export close 10 Locate the Wireless AP for which you are configuring the static IP address in the list and the corresponding IP address 11 From the main menu click Altitude APs The Altitude AP screen is displayed 12 Click the Static Configuration tab 13 In the IP Address Assignment section select Static Values 14 In the IP Address text box type the IP address that you obtained by using the DHCP server or any other assigned IP address Summit WM20 Getting Started Guide Software Version 4 2 15 In the Netmask text box type the appropriate subnet mask to separate the network portion from the host portion of the address 16 In the Gateway text box type the default gateway of the network Oo dd note The value in the Port text box is read only 17 To save your changes click Save The Wireless AP reboots Configuring VLAN tags for Wireless APs You must exercise caution while configuring VLAN ID tag If a VLAN tag is not configured properly the connectivity between the Summit WM Controller and the Wireless AP will be lost oO dd note To configure the VLAN tag for Wireless AP you must connect the Wireless AP to a point on the central office network that does not require VLAN tagging If the VLAN
6. A unique identifier that is assigned during the manufacturing process of the Wireless APs Hardware Version The current version of the Wireless AP hardware Application Version The current version of the Wireless AP software Status The Wireless AP state m Approved Indicates that the Wireless AP has received its binding key from the Summit WM Controller in the discovery process m Pending Indicates that the Wireless AP has not been approved as yet to access the Summit WM Controller Pending Wireless APs will not provide service to client devices until they are approved e Active Clients The number of wireless devices that are currently active on the Wireless AP 4 Modify other properties according to your needs 5 To save your changes click Save Configuring static IP address for Wireless APs Wireless AP static configuration can be used in both central office and branch office deployments In order to ensure that the static IP configuration is done correctly you must use the DHCP initially to obtain an IP address for the Wireless AP Then use these values in the static IP address configuration e Step 1 Use the DHCP Server to acquire the IP address e Step 2 Configure the acquired IP address or any other assigned IP address as the Static IP address for the Wireless AP Summit WM20 Getting Started Guide Software Version 4 2 To configure a static IP address for the Wireless AP 1 From the main menu cli
7. Summit WM Controller s ethernet port to which the Wireless AP is connected Poll Timeout The timeout value for polling the Summit WM Controller The value is in seconds The default value is 10 seconds Poll Interval The time interval during which the polling will occur The value is in seconds The default value is two seconds Telnet Access A feature you must select if the Telnet access to the Wireless AP is enabled or deselect if the Telnet access to the Wireless AP is disabled Maintain client session in event of poll failure Select this option if you want the Wireless AP to remain active in case the link with the Summit WM Controller is lost This allows service for the branch WM ADs to continue during temporary network outages Restart service in the absence of controller Select this option if using a bridged at AP WM AD to ensure that the Wireless APs continue providing service even if their connectivity to the Summit WM Controller is lost User Broadcast for disassociation If you want the Wireless AP to use broadcast disassociation when disconnecting all wireless devices instead of disassociating each client one by one you must select this feature This feature is disabled by default Country Where the Wireless AP operates Summit WM2O Getting Started Guide Software Version 4 2 3 To save your changes click Save The following properties are view only on the AP Properties tab e Serial
8. 00 14 E8 10 00 80 Product Name WM20 Altitude APs 8 Serial Number Unavailable Activation Date 2006 08 08 16 02 36 Regulatory Domain North America Dynamic Radio Management Enabled External Captive Portal Enabled Apply Product Key Step 1 Select a product key file to apply _Browse Apply Now Step 2 Use specified product key WM Summit WM20 1 days 2 01 1 5 Inthe Apply Product Key section click Browse to navigate to the location of the software license file and select the file 6 Click Apply Now The software license key is applied and the Summit WM Controller reboots Now you should configure the Summit WM Controller s physical ports The following chapter describes how to configure the Summit WM Controller s physical ports Summit WM20 Getting Started Guide Software Version 4 2 Summit WM2O Getting Started Guide Software Version 4 2 Physical ports configuration This chapter describes how to configure the Summit WM Controller s physical ports The topics in this chapter are organized as follows e Physical data ports overview on page 31 e Configuring data ports on page 32 Physical data ports overview Port configuration defines the administrative state of each interface By default the data interface states are disabled You must enable each of the data interfaces individually A disabled interface does not allow data to flow recei
9. Digital Network ISDN line Use for wireless LAN connections only C Ethemet Use for Ethernet connections such as connections that use a switch lt Back Cancel 10 Select Wireless and then click Next The User or Group Access window is displayed Summit WM20 Getting Started Guide Software Version 4 2 New Remote Access Policy Wizard User or Group Access You can grant access to individual users or you can grant access to selected groups Grant access based on the following User access permissions are specified in tre user account C Group Individual user permissions override group permissions Group name Add Remove cows 11 Select User or Group and click Next The Authentication Methods window is displayed New Remote Access Policy Wizard Authentication Methods EAP uses different types of security devices to authenticate users Select the EAP type for this policy Type Protected EAP PEAP ba lt Back Next gt Cancel 12 Select Protected EAP PEAP or Smart card or other certificate and click Next 13 Click Finish The new policy is displayed in the right pane 14 In the right pane select and right click the newly configured remote access policy 15 Select Properties The Properties window is displayed 16 Select Grant Remote Access Permission 17 Click Apply and then click OK 18 Click Add The Attributes window is displayed E Summit WM20 Ge
10. Summit WM20 Getting Started Guide Software Version 4 2 Extreme Networks Inc 3585 Monroe Street Santa Clara California 95051 888 257 3000 408 579 2800 http www extremenetworks com Published January 2008 Part number 120411 00 Rev 01 AccessAdapt Alpine BlackDiamond EPICenter ESRP Ethernet Everywhere Extreme Enabled Extreme Ethernet Everywhere Extreme Networks Extreme Standby Router Protocol Extreme Turbodrive Extreme Velocity ExtremeWare ExtremeWorks ExtremeXOS the Go Purple Extreme Solution ScreenPlay Sentriant ServiceWatch Summit SummitStack Unified Access Architecture Unified Access RF Manager UniStack UniStack Stacking the Extreme Networks logo the Alpine logo the BlackDiamond logo the Extreme Turbodrive logo the Summit logos the Powered by ExtremeXOS logo and the Color Purple among others are trademarks or registered trademarks of Extreme Networks Inc or its subsidiaries in the United States and or other countries Adobe Flash and Macromedia are registered trademarks of Adobe Systems Incorporated in the U S and or other countries Avaya is a trademark of Avaya Inc Merit is a registered trademark of Merit Network Inc Internet Explorer is a registered trademark of Microsoft Corporation Mozilla Firefox is a registered trademark of the Mozilla Foundation sFlow is a registered trademark of sFlow org Solaris and Java are trademarks of Sun Microsystems Inc in the U S and other countri
11. Viewing the forwarding table u uuesssenenssneenssnennennennnnnennnnnennnnennnnnnnnnnnnsnnnsen nenn nnnnnnnen 36 Configuring the OSPF routing eiin 8a ae an eher heise 36 Enabling OSPF globally on the Summit WM Controller cccccccecccececeeeeeeeceeeceeeeeeeeaeeeeeeeseeees 37 Defining the global OSPF parameters ccccceccccceeeeceeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeae sees eeeeeeneeeaanees 38 Chapter 5 Configuring DHCP DNS and IAS services ccccccesessesseeeeseeeeeeeeeeneeeeeeesneeeeeeeneeeeeenss 41 DHCP service configuration uusssusssennseennnennnnnnnennnenennnnnennnennnennnnnnnnnnnnennnnnnnnnsnnnnnennnennnennnnnnnnen 41 Configuring DHCP in Windows 2003 Server cccccceccseceseecseeeeeeeee cece eeeeeeseseseeseeeeeseeeaeseaeeesaees 41 Configuring DHCP in Red Hat Linux Server ccccceccseecceceeeeeeeeeee cece eeeeeceeceseeeseeeseeetaeeeeeeenaes 44 Summit WM2O Getting Started Guide Software Version 4 2 IAS service configuration c ccc eecceeceece eee ee eee eee ee eee ese esses eee es esses EEA EEG SEs eG a EE GO EE EEG EEE EEE EEE EEE EEE EES 46 Installing IAS on Windows 2003 Servel cccccccccceeceeceeeceeceeceeeeeeseeseeeeeeeeseeseeseeeeeeeeeaeeseeaeeaes 46 Enabling IAS to authenticate users in active directory ccccceccceccceeceeeceeceeeeeceeeeaeeeeeeeeeeenaeees 46 Configuring IAS Properties ausser 47 Configuring Summit WM Controller as IAS Client ccccc
12. on page 9 e Static IP address configuration Summit WM Controller s IP address is defined in Wireless AP configuration For more information see Configuring static IP address for Wireless APs on page 61 DHCP in Summit WM Controller Access Points and Software system DHCP usage has four scenarios in Summit WM Controller Access Points and Software system e DHCP for Wireless APs e DHCP for WM AD Summit WM2O Getting Started Guide Software Version 4 2 e DHCP relay for WM AD e DHCP for traffic bridged locally at Wireless AP The following sections explain the four scenarios with the help of graphical illustrations DHCP for Wireless APs Figure 2 DHCP for Wireless APs The Wireless AP requests an IP address from the external DHCP server The DHCP server responds by sending the IP address to the Wireless AP DNS Server DHCP Server Summit WM Controller Wireless AP Wireless AP D wW m Wireless Wireless Device Device You can use Windows 2003 server amongst others for deploying DHCP service for Wireless APs For more information see DHCP service configuration on page 41 Summit WM20 Getting Started Guide Software Version 4 2 DHCP for WM AD Figure 3 DHCP for WM AD The wireless device requests an IP address from Wireless AP The Wireless AP forwards the request to Summit WM Controller via WM AD tunnel The built
13. would use this WM AD This text box from and to may populate automatically if you have already provided the range while configuring the APs B cast Address Populates automatically based on the Gateway IP address and the subnet mask of the WM AD Domain Name External enterprise domain name You must type the external enterprise domain name in this text box Lease text box has two sub text boxes default and maximum The two sub text boxes dictate the default and maximum time limits a wireless device can keep the DHCP server assigned IP address The default value for Lease default is 36000 seconds 10 hours the default value for Lease Max is 2539000 seconds DNS Server This text box relates to the IP address of the domain name server on the enterprise network e Use DHCP Relay If you select Use DHCP Relay the local DHCP server on the Summit WM Controller is disabled and the Summit WM Controller instead forwards DHCP requests to the external DHCP server for dynamic IP addresses allocation For more information see DHCP relay for WM AD on page 13 Gateway For more information see Step 5 on page 69 Mask For more information see Step 5 on page 69 Summit WM20 Getting Started Guide Software Version 4 2 m DHCP Server IP address of the external DHCP server on the enterprise network 6 From the Network Assignment drop down list select the network assignment The Network Assignment drop down list
14. Altitude APs to connect If the Summit WM Controller does not recognize the Wireless AP s serial number it prompts you to create a configuration If the Summit WM Controller recognizes the serial number it sends the configuration port and binding key to the Wireless AP This section is organized under the following sub sections e Defining a WM AD with the same SSID on both the Summit WM Controllers on page 90 e Assigning radios to WM AD and changing the poll timeout value on Wireless AP configuration screen on page 90 Assigning the Wireless APs to their home Summit WM Controller on page 91 Enabling availability pair defining primary Summit WM Controller and selecting security mode on page 92 Viewing the Wireless AP availability display on page 93 Viewing the active Wireless APs report on page 93 Defining a WM AD with the same SSID on both the Summit WM Controllers Step lof the availability configuration process is to define WM AD with the same SSID on both the Summit WM Controllers For information see See Chapter 7 WM AD configuration oO eb NOTE You must use the same SSID on both the primary and the secondary Summit WM Controllers Assigning radios to WM AD and changing the poll timeout value on Wireless AP configuration screen Step 2 of the availability configuration process is to assign radios to the WM AD and changing the poll timeout value on Altitude AP configuration
15. Configuration The WM AD Configuration screen is displayed 2 In the left pane click the AAA WM AD for which you want to configure the Dynamic WEP privacy The Topology tab is displayed 3 Click the Privacy tab Select WPA The WPA text boxes are displayed Select one of the following e WPA vi m Auto If you click Auto the Wireless AP will advertise both TKIP and CCMP counter mode with cipher block chaining message authentication code protocol m TKIP only If you click TKIP only the Wireless AP will advertise TKIP as an available encryption protocol It will not advertise CCMP e WPA v2 m Auto For more information see the description of Auto under WPA v1 m TKIP only For more information see the description of TKIP only under WPA v1 If you select WPA v1 its Encryption drop down menu is enabled The Encryption drop down menu offers the following two options 6 For re keying after a time interval select Broadcast re key interval If this feature is not enabled the broadcast encryption key is never changed and the Wireless AP will always use the same broadcast key for broadcast multicast transmissions This will compromise the security for wireless communications 7 In the Broadcast re key interval text box type the time interval after which you want the broadcast encryption key to be changed automatically The default is 3600 8 To save your changes click Save You have completed the WM AD configuration Now y
16. IP address For more information see Resetting the Wireless AP to its factory default settings on page 64 Resetting the Wireless AP to its factory default settings You can reset the Wireless AP to its factory default settings if the Wireless APs were incorrectly configured The Wireless AP boot up sequence includes a random delay interval followed by a vulnerable time interval During the vulnerable time interval 2 seconds the LEDs flash in a particular sequence to Summit WM2O Getting Started Guide Software Version 4 2 indicate that the Summit WM Controller is in the vulnerable time interval For more information see Wireless AP s LED states on page 65 If you power up the Wireless AP and interrupt the power during the vulnerable time interval three consecutive times the fourth time the Wireless AP reboots it will restore its factory defaults including the user password and the default IP settings To reset the Wireless AP to its factory default settings 1 Reboot the Wireless AP 2 Depower and repower the Wireless AP during the vulnerable time interval 3 Repeat Step 2 two more times When the Wireless AP reboots for the fourth time after having its power supply interrupted three consecutive times it restores its factory default settings The Wireless AP then reboots again to put the default settings into effect Reset button Hardware You can also reset the Wireless AP to its factory default settings
17. Remote Access Policy Wizard Welcome to the New Remote Access Policy Wizard This wizard helps you set up a remote access policy which is a set of conditions that determine which connection requests are granted access by this server To continue click Next 7 Click Next The Policy Configuration Method window is displayed Summit WM2O Getting Started Guide Software Version 4 2 New Remote Access Policy Wizard Policy Configuration Method The wizard can create a typical policy or you can create a custom policy How do you want to set up this policy Use the wizard to set up a typical policy for a common scenario Setup a custom policy Type a name that describes this policy Policy name Example Authenticate all VPN connections lt Back Cancel Select Use the wizard to set up a typical policy for a common scenario In the Policy name text box type the name you want to assign to the policy and then click Next The Access Method window is displayed New Remote Access Policy Wizard Access Method Policy conditions are based on the method used to gain access to the network Select the method of access for which you want to create a policy C YPN Use for all VPN connections To create a policy for a specific YPN type go back to the previous page and select Set up a custom policy Dial up Use for dial up connections that use a traditional phone line or an Integrated Services
18. Router ID text box type the IP address of the Summit WM Controller The router ID must be unique across the OSPF area If the Router ID text box is left blank the IP address of one of the Summit WM Controller s will be picked as the router ID 6 Inthe Area ID text box type the area The main area in OSPF depends upon your network configuration You should find out the main area from your network administrator 7 Inthe Area Type drop down list click one of the following Summit WM20 Getting Started Guide Software Version 4 2 8 e Default Acts as the backbone area also known as area zero It forms the core of an OSPF network All other areas are connected to it and inter area routing occurs via a router connected to the backbone area e Stub Does not receive external routes External routes are defined as routes which are distributed in OSPF via another routing protocol Therefore the Stub area relies on a default route to send traffic routes outside the present domain e Not so stubby A type of stub area that can import autonomous system AS external routes and send them to the default backbone area but can not receive AS external routes from the backbone or other areas To save your changes click Save Defining the global OSPF parameters To define the global OSPF parameters PW N e 8 From the main menu click Summit Switch The Summit Switch screen is displayed In the left pane click Routing Prot
19. WPA v 1 Encryption Auto WPA v 2 Encryption Auto v Broadcast re key interval 3600 seconds 30 86400 seconds ELSE DEN SEN RER Pre shared key unmask Fa aa min 8 characters max 63 Add subnet Rename subnet Delete subnet WM Summit WM20 1 days 2 28 1 5 Select WPA v1 If you select WPA v1 its subordinate Encryption drop down menu is enabled The Encryption drop down menu offers you the following two options m Auto If you click Auto the Wireless AP will advertise both TKIP and CCMP counter mode with cipher block chaining message authentication code protocol m TKIP only If you click TKIP only the Wireless AP will advertise TKIP as an available encryption protocol It will not advertise CCMP 6 Select WPA v2 If you select WPA v2 its subordinate Encryption drop down menu is enabled The Encryption drop down menu offers you the following two options Auto and TKIP only For more information see Step 5 on page 86 7 To enable re keying after a time interval select Broadcast re key interval If this feature is not selected the broadcast encryption key is never changed and the Wireless AP will always use the same broadcast key for broadcast multicast transmissions This will compromise the security for wireless communications 8 In the Broadcast re key interval text box type the time interval after which you want the broadcast encryption key to be changed automatically The default
20. action on selected Altitude APs click Approved The state of the selected Wireless APs is changed from Pending to Approved Summit WM20 Getting Started Guide Software Version 4 2 Assigning names to Wireless APs After the Wireless APs are successfully registered you can assign them appropriate names To assign a name to a Wireless AP 1 From the main menu click Altitude APs The Altitude AP screen is displayed 2 In the Wireless AP list click the Wireless AP for which you want to assign a name The AP Properties tab is displayed 3 In the Name text box type the name that you want to assign to the selected Wireless AP 4 To save your changes click Save oO dd note You can modify the Wireless AP s properties that are displayed in the right pane of the Wireless AP screen For more information see Modifying Wireless APs properties on page 60 Modifying Wireless APs properties After the Wireless APs are successfully registered you can modify their properties To assign a name to a Wireless AP 1 From the main menu click Altitude APs The Altitude AP screen is displayed 2 Inthe Wireless AP list click the Wireless AP for which you want to modify the properties The AP Properties tab is displayed The AP Properties displays the following properties Name By default this text box contains the serial number of the Wireless AP Description Short description of the Wireless AP Port
21. address WM AD gateway WM AD gateway If you are using WM AD you will need the for installing WM AD gateway DHCP service Domain name for Domain name Your organization s domain name installing DHCP service Summit WM2O Getting Started Guide Software Version 4 2 Table 1 Information gathering table Continued Configuration data Windows 2003 Server s IP address SLP DA s IP address Internet Protocol configuration for DNS Service in Windows 2003 server Port information for installing IAS in Windows 2003 server Wireless AP s properties Local DHCP Server In Routed WM AD Description IP address The IP address of Windows 2003 Server Hexa values of SLP DA s IP address The Wireless APs use the SLP DA to discover the Summit WM Controller The Mobility Agents use the SLP DA to discover the Mobility Manager The hexa values of the SLP DA s IP address e Static IP address Windows 2003 server s static IP address e Subnet Mask Subnet mask of Windows 2003 server s static IP address e Gateway Windows 2003 server s gateway e ISP s IP address Your ISP s Internet Service Provider IP address e IP address Summit WM Controller s IP address e Authentication Port Summit WM Controller s port used to access the IAS service e Accounting Port Type the Summit WM Controller s port that is used to access the accounting service The va
22. be identified For example the wireless users can be identified by which Wireless AP or WM AD they are using 15 To provide the users with logoff button to signout select Logoff If you select Logoff the users will be provided with a logoff button to signout The logoff button launches a pop up logoff screen empowering the users to control their logoff 16 to provide the users with a status check button select Status check The Status check button enables the users to monitor session statistics such as system usage and time left in a session 17 To save your changes click Save Summit WM20 Getting Started Guide Software Version 4 2 18 To review your Captive Portal page click View Sample Portal The login screen of the portal is displayed This display is the result of what you entered in 4 Welcome to CP_WMAD network Header URL box This display is the result of what you entered in Message box The display of Login and This display is the result of Login myUserlD Password is the result of what you entered in entries you made in Login Footer URL box Password seseeseees J Label and Password boxes yn Configuring external Captive Portal authentication In order to configure the authentication mechanism you must first create and configure a WM AD For more information see the following e WM AD topology overview on page 67 e Creating and configuring a Routed WM AD on p
23. cccceccseceeceeeceeceecseeeeeeeeseeceeeeeeeeeeeeseeeeeeeeeaeeseeeeeenees 16 Collecting information for installation ccccccccceccceeccsecceeceeeeeeeeeee cess seen eeseeeseeeeseeeaeeeseeeaeeeeeeesnees 16 Chapter 2 Summit WM Controller Configuration ccssccccssssecesssseeeeessseeeesseseeeseeseeeeeeesseeeeeeees 23 Accessing the Summit WM Controller for the first time ussusssssssensnnenenennnnnen nennen nennen nenn nennen 23 Connecting the Summit WM Controller to the enterprise network esueesseenseenssennnennnennnennnnennnen nenn 27 Changing the administrator password essueesseessennseensnensnennnennnennnnnnnnennnnnnnnnnnennnennnnennnennnenenen nenne 27 Configuring the networktime scsessiiieneinan Han ana lan an 27 Configuring the network time using the system s time ueaseesseensnensnennnnnenennnennnennnennnnnnn nennen 28 Configuring the network time using the NTP cccccccsecccsecee cece cece eceeeceeeseeeseeeeeeeeeeeeeseeeeeees 28 ApPIying a license Keyan ansasn ae ini nern nee 29 Chapter 3 Physical ports configuration uuusecaa anna na 31 Physical data ports overview esueesseenseensnensnennnennnennnnnenennnnnnnnennnennnnnnnennnnnnnnnsnennnennnnennnennnensnen EEE 31 Configuring data Ports a les 32 Chapter 2 Routing COntE UFANON a a ee 35 Configuring a static route ueeneessessensnnsnenneenennnnennnnnenennennnnnnnnnenennennnnnnnnennnnnennn nennen nnennnnsnnennnnnn 35
24. clients or options can be declared for each client system The configuration file can contain any extra tabs or blank lines for easier formatting The keywords are not case sensitive and lines beginning with a hash mark are considered comments To use the recommended mode add the following line to the top of the configuration file ddns update style interim Read the dhcpd conf man page for details about the different modes There are two types of statements in the configuration file e Parameters State how to perform a task whether to perform a task or what networking configuration options to use to send to the client e Declarations Describe the topology of the network describe the clients provide addresses for the clients or apply a group of parameters to a group of declarations Summit WM2O Getting Started Guide Software Version 4 2 Some parameters must start with the option keyword and are referred to as options Options configure DHCP options whereas parameters configure values that are not optional or control how the DHCP server behaves Parameters including options declared before a section enclosed in curly brackets are considered global parameters Global parameters apply to all the sections below it oO eb NOTE If you change the configuration file the changes will not take effect until you restart the DHCP daemon with the command service dhcpd restart The following is the example of DHCP
25. configuration on a Red Hat Linux Server For Wireless AP subnet subnet 10 209 0 0 netmask 255 255 255 0 option routers 10 209 0 2 This is the network s default gateway address option subnet mask 255 255 255 0 option domain name xyznetworks ca option domain name servers 192 168 1 3 207 236 176 11 range LOe2Z09F 03 LO 2 09s 0r AO default lease time 7200000 The figures are in seconds option slp directory agent true 10 209 0 1 10 209 0 3 The Wireless APs use the SLP DA to discover the Summit WM Controller and the Mobility Agents use it to discover the Mobility Manager authoritative J For WM AD subnets In Summit WM Controller it is configured as Use DHCP Relay if you are utilizing multiple WM ADs you must configure the Red Hat Linux server for every WM AD The following is the example of DHCP configuration in Red Hat Linux for two WM ADs For more information see Chapter 7 WM AD configuration subnet 172 29310 netmask 255 255 255 224 option routers 172 29 31 1 This is the WM AD 1 gateway option subnet mask 255 255 255 0 option domain name toronto xyznetworks com option domain name servers 192 1 1 3 ganger 727 29r I2 2r 1230 default lease time 36000 max lease time 7200000 The figures are in seconds authoritative Summit WM20 Getting Started Guide Software Version 4 2 subnet 172 29 2 0 netmask 255 255 255 224 option routers 172 29 2 1 This is the WM AD 2 gat
26. feature configuring 89 availability pair enabling 92 availability selecting security mode 92 bridge traffic locally at ap WM AD creating and configuring 71 bridge traffic locally at WM WM AD creating and configuring 71 C changing administrator password 27 changing poll time out value 90 collecting information for installation 16 configuring 802 1x authentication 81 configuring a static route 35 configuring authentication mechanism for WM AD 73 configuring availability feature 89 configuring data ports 32 configuring dhcp in red hat linux server 44 configuring dhcp in windows 2003 server 41 53 configuring dns for internet access 53 configuring dns for wireless aps discovery 54 configuring dynamic wep 87 configuring external captive portal authentication 78 assignment authentication Summit WM20 Getting Started Guide Software Version 4 2 configuring filtering rules 81 configuring filtering rules for default filter 83 configuring filtering rules for exception filter 81 configuring filtering rules for filters in aaa network assignment 83 configuring filtering rules for filters in ssid network assignment 81 configuring filtering rules for non authenticated filter 82 configuring ias properties 47 configuring internal captive portal authentication 74 configuring mac based authentication 79 81 configuring network time 27 configuring network time using ntp 28 configuring networ
27. save your changes click Save Now you must confirm that the ports are set for OSPF Summit WM20 Getting Started Guide Software Version 4 2 Confirming the ports are set for OSPF To confirm the ports are set for OSPF 1 From the main menu click Summit Switch The Summit Switch screen is displayed 2 On the Routing Protocols screen click View Forwarding Table The Forwarding Table is displayed 3 Click the OSPF Neighbor tab If OSPF protocol is enabled this report displays the current neighbors for OSPF Extreme Networks Summit WM Series Console j em a O O o Home Logs amp Traces Summit Switch Altitude APs WM AD Configuration Summit Spy About LOGOUT Displays List of Displays Reports Forwarding Table OSPF Neighbor OSPF Linkstate WAP Inventory Neighbor Router ID Router Priority State IP Address I Interface Name 4 Click the OSPF Linkstate tab If OSPF protocol is enabled the report displays the link state advertisement LSAs received by the running OSPF protocol 5 To update the screen click Refresh Now you should configure the DHCP DNS and RADIUS servers on the network The following chapter explains how to configure DHCP DNS and IAS services on Windows 2003 Server Summit WM20 Getting Started Guide Software Version 4 2 Summit WM2O Getting Started Guide Software Version 4 2 amp Configuring DHCP DNS and IAS services This chapter describes
28. screen To assign radios to WM AD change the poll timeout value 1 Login on both the Summit WM Controllers 2 From the main menu of the primary Summit WM Controller click Altitude APs The Altitude AP screen is displayed In the left pane click WAP Default Settings The default settings are displayed 4 Inthe WAP Properties section change the default value to 10 in the Poll Timeout text box Summit WM2O Getting Started Guide Software Version 4 2 oO dd note The Poll Timeout value for availability must be 10 In the WM AD Assignment section select the WM AD that you have defined for availability To assign b g and a radios to the WM AD select the corresponding radio checkboxes To save your changes click Save on CS u From the main menu of the secondary Summit WM Controller click Altitude APs The Altitude AP screen is displayed 9 Repeat Step 3 to 7 Assigning the Wireless APs to their home Summit WM Controller Step 3 of the availability configuration process is to assign the Wireless APs to their home Summit WM Controller 1 Login on both the Summit WM Controllers 2 From the main menu of the primary Summit WM Controller click Altitude APs The Altitude AP screen is displayed 3 In the left pane click WAP Registration The WAP Registration screen is displayed Extreme Networks Summit WM Series Console lt a j vert Home Logs amp Traces Reports Summit Switch WM AD Configura
29. tagging is configured correctly and you are still on the central office network the Wireless AP will lose connection with the Summit WM Controller after it is rebooted the Wireless AP reboots when the configuration settings are saved If the Wireless AP does not lose connection with the Summit WM Controller after the reboot it indicates that the VLAN ID has not been configured correctly This provides a feedback on whether you have configured the VLAN tag correctly After the VLAN is configured correctly you can move the Wireless AP to the target location To configure Wireless APs with a VLAN tag 1 Connect the Wireless AP in the central office to the Summit WM Controller port or to a network point that does not require VLAN tagging In the VLAN Settings section select Tagged VLAN ID In the Tagged VLAN ID text box type the VLAN ID on which the Wireless AP will operate To save your changes click Save The Wireless AP reboots and loses connection with the Summit WM Controller Log out from the Summit WM Controller Disconnect the Wireless AP from the central office network and move it to the target location Power the Wireless AP The Wireless AP connects to the Summit WM Controller If the Wireless AP does not connect to the Summit WM Controller it implies that the Wireless AP was not configured properly To recover from this situation you must reset the Wireless AP to its factory default settings and reconfigure the static
30. you type in the Authentication text box should match the value that you define in the Port text box of Auth section on the Auth amp Acct tab of Summit WM Controller s WM AD screen For more information see Configuring authentication mechanism for WM AD on page 73 of Chapter 7 WM AD configuration Extreme Networks Summit WM Series Console Home Logs amp Traces Reports Summit Switch Altitude APs Global Settings WM Access Domains TrialVNS wm20_1 wm20_1 Add subnet Rename subnet Delete subnet Summit Spy About LOGOUT wm20_1 Topology RF Auth amp Acct RAD Policy Filtering Multicast Privacy QoS Policy RADIUS Freeradius209 luse Auth E Use server for Authentication ee MAC Port 1812 K Config d Servers SA f sie E 21000 Wan Acct of Retries 3 Timeout S seconds NAS IP Address 172 22 224 1 Dawn NAS identifier CNL 209 AAA Recebtolonmany NAS port type Wireless IEEE 802 11 Test M Set as primary server View Summary Incl VSA Attb wap s wm ap s ssIp RADIUS Accounting Interim Interval 30 minutes E Collect Accounting Information of Summit Switch Captive Portal Configure Captive Portal Settings Save Cancel WM Summit WM20 1 days 22 31 1 oO dd note Similarly the values you type in the Accounting text box should match the value that you defi
31. 2O controller front panel 15 Summit WM2O controller s leds 15 T traffic bridged locally at wireless ap dhcp 14 V viewing active wireless aps report 93 viewing forwarding table 36 viewing wireless ap availability display 93 virtualized user segmentation 8 vlan tags for wireless aps configuring 64 W web authentication 8 web based centralized management of wireless aps 7 what is in this guide 5 who should use this guide 5 wi fi protected access wpav1 and wpav2 privacy configuring 87 wireless ap and Summit WM Controller discovery mechanism 10 wireless ap availability display viewing 93 wireless aps discovery configuring dns 54 wireless aps led states 65 wireless aps to their home Summit WM Controller assigning 91 wireless aps assigning names 60 wireless aps assigning them to their home Summit WM Controller 91 wireless aps dhcp 11 wireless aps manually approving pending 59 wireless aps resetting its factory defaults 64 wireless aps properties modifying 60 Summit WM20 Getting Started Guide Software Version 4 2 wireless aps radios to WM AD assigning 72 WM AD with same ssid on both Summit WM Controller defining 90 WM AD assigning radios 90 WM AD configuring authentication mechanism 73 WM AD configuring privacy 84 WM AD dhcp 12 WM AD dhcp relay 13 wpa pask configuring 85 Summit WM2O Getting Started Guide Software Version 4 2
32. ADIUS authentication is used The standard RADIUS attribute can be used to identify a specific filter definition to apply to incoming outgoing user traffic upon successful authentication of the user during authentication For more information see the Summit WM20 User Guide Configuring filtering rules for filters in SSID network assignment The SSID network assignment type offers the following three default filters e Exception e Non authenticated e Default Configuring filtering rules for Exception filter To configure rules for the Exception filter 1 From the main menu click WM AD Configuration The WM AD Configuration screen is displayed 2 In the left pane click the SSID WM AD for which you want to define the filtering rules The Topology tab is displayed 3 Click the Filtering tab Summit WM20 Getting Started Guide Software Version 4 2 From the Filter ID drop down list click Exception Define a filtering rule a In the IP subnet port text box type the destination IP address You can also specify the IP range a port designation or a port range on the IP address in the IP subnet port text box b From the Protocol drop down list click the applicable protocol The default is N A c Click Add The filtering rule is displayed 6 Define a rule to allow access to the default gateway for this WM AD a Select the IP Port of the filtering rule that you defined in Step 5 b In the IP subnet port type the default gateway
33. Accounting e SSID The SSID network assignment type offers the following authentication options e By Captive Portal m By internal Captive Portal m By external Captive Portal m No Captive Portal support e By MAC based authentication oO dd note You must note here that the internal Captive Portal does not substitute the external RADIUS server The RADIUS server is still needed The internal Captive Portal within the Summit WM Controller displays the webpage to enable the users to supply their user name and password The user name and password are sent to the configured RADIUS server for authentication In case of external Captive Portal webpage authentication is performed by the external Captive Portal e AAA The AAA Authentication Authorization and Accounting network assignment type offers the following authentication options Summit WM20 Getting Started Guide Software Version 4 2 e By 802 1x authentication The mobile user is authenticated before gaining access to the network e By MAC based authentication The mobile user is authenticated on the basis of their MAC address The following figure illustrates the authentication options Figure 10 Authentication options Authentication Options for WM AD SSID Network Assignment AAA Network Assignment By MAC based By 802 1x Authentication Authentication No Captive By External By Internal Portal Support Captive Portal Captive Por
34. CHAP Windows specific version of CHAP m MS CHAP v2 Windows specific version of Chap Version 2 e Set as primary server Select to configure the RADIUS server as the primary server 7 Select the appropriate checkbox against Include VSA Attributes Vendor Specific Attributes feature provides you the following three options e APs e WM AD e SSID These VSA are defined on the RADIUS server Summit WM20 Getting Started Guide Software Version 4 2 10 11 To reset the server that you are configuring as the primary server click Reset to Primary button is enabled and you want to reset the server that you are configuring as the primary server click Reset to Primary The Reset to Primary button is enabled in the following RADIUS redundancy set up scenarios e The Summit WM Controller s connection to the primary RADIUS server fails e The Summit WM Controller automatically attempts and is successful in initiating a connection with the alternative RADIUS server e The alternative RADIUS server becomes the primary server If you want the server that you are configuring to be the primary server you must click on the enabled Reset to Primary button To save your changes click Save Test the Summit WM Controller s connection to all configured RADIUS servers To test the connection with the RADIUS servers click Test The RADIUS servers display the message transaction on their screens You must visually verify the state of the serv
35. D on page 71 Creating and configuring a Bridge Traffic Locally at AP WM AD on page 71 Assigning Wireless APs radios to WM AD on page 72 Configuring authentication mechanism for WM AD on page 73 Configuring filtering rules on page 81 Configuring privacy for WM AD on page 84 WM AD topology overview Summit WM Controller Access Points and Software system provides a versatile means of mapping wireless networks to the topology of an existing wired network This is accomplished through the assignment of WM Access Domain Services When you set up WM Access Domain Services WM AD on the Summit WM Controller you are defining subnets for groups of wireless users This WM AD definition creates a virtual IP subnet where the Summit WM Controller acts as a default gateway for wireless devices This technique enables policies and authentication to be applied to the groups of wireless users on a WM AD as well as the collecting of accounting information on user sessions that can be used for billing When a WM AD is set up on the Summit WM Controller e One or more Wireless APs by radio are associated with it e A range of IP addresses is set aside for the Summit WM Controller s DHCP server to assign to wireless devices If routing protocol is enabled the Summit WM Controller advertises the WM AD as a routable network segment to the wired network and routes traffic between the wireless devices and the wired ne
36. DIUS drop down list click the server that you want to use for Captive Portal authentication The selected server is displayed in the list of Config d Servers and a red asterisk is displayed next to Auth indicating that the server has been assigned dd note The RADIUS drop down list reflects the servers that are defined on the Global Settings screen For more information see the Summit WM2O User Guide Use the Up and Down buttons to prioritize the servers for redundancy The servers are prioritized in the sequence they are displayed in the list of Config d Servers You can change the sequence by selecting the server and then clicking on the Up and Down buttons 6 Type the appropriate values in the Auth text boxes e Port Used to access the RADIUS server The default is 1812 o of Retries Number of times the Summit WM Controller will attempt to access the RADIUS server e Timeout Maximum time for which Summit WM Controller will wait for a response from the RADIUS server before making a re attempt e NAS Identifier RADIUS attribute that identifies the server responsible for passing information to the designated servers and then acting on the response returned This is an optional text box e Auth Type Authentication protocol to be used by the RADIUS server to authenticate the wireless device users The four options are m AP Password authentication protocol m CHAP Challenge handshake authentication protocol m MS
37. GOUT Hostname wm A Domain extremenetworks com Management IP Address 192 168 1 21 Subnet mask 255 255 255 0 Management Gateway 192 168 1 1 Primary DNS Secondary DNS WM Summit WM20 1 days 1 49 1 11 Type the following information Hostname Specifies the name of the Summit WM Controller by which it will be known You must assign a unique name for the Summit WM Controller Domain Specifies the IP domain name of the enterprise network Management IP address Specifies the new IP address for the Summit WM Controller s managementport Change the value in this text box to the IP address assigned to the Summit WM Controller s management port by your network administrator Subnet Mask Specifies the subnet mask for the Summit WM Controller s management port Change the value in this text box to the value provided by your network administrator Management Gateway Specifies the default gateway of the network as provided by the network administrator Primary DNS Specifies the primary DNS server used by the network as provided by your network administrator as provided by your network administrator This field is optional Secondary DNS Specifies the secondary DNS server used by the network as provided by your network administrator This field is optional 12 Click OK dd note The Web connection between the computer and the Summit WM Controller is lost The IP addresses are now s
38. Header URL The URL of the file to be displayed in the header of the Captive Portal screen Footer URL The URL of the file to be displayed in the footer of the Captive Portal screen The maximum width allowed for the header and footer is 790 pixels There is no restriction on the height If the width of the header footer is more than 790 pixels the header footer will appear truncated on the Captive Portal screen Message The message that you type in this text box will appear above the Login text box to greet the user You can type a message explaining why the Captive Portal screen is displayed and the instructions for the user Replace Gateway IP with FODN If you are using FODN Fully Qualified Domain Name as the gateway address you must type the FODN in this text box Default Redirection URL The URL to which the wireless devices will be directed after authentication Specific Message URL The URL of a document that will be displayed in a text frame on the Captive Portal login page This text frame can be used to display lengthier messages such as terms and conditions of use for users who have not yet logged in In the right pane select the VSA Vendor Specific Attributes that you want to send to the authentication server along with other authentication details for authentication purpose WAP Serial Number WAP Name WM AD Name SSID MAC Address The selection of these VSAs dictate with what VSA the wireless users will
39. IP address WM AD IP address that you defined in the Topology tab for this WM AD c Click Add The rule is displayed 7 Define more rules by carrying out Step 5 and Step 6 8 Check the Allow feature for every rule you created You may edit the order of the rules by selecting a filter and clicking the Up Down buttons The filtering rules are executed in the order that is displayed on the screen 9 To save your changes click Save The rules for the Exception filter are saved Configuring filtering rules for a Non authenticated filter The rules for a Non authenticated filter enable you to identify and manage the destinations to which a mobile device is allowed to gain access without undergoing an authentication redirection Typically the recommended default rule is to deny all Administrators must define the rules that will permit users to access essential services such as the following e DNS e Default Gateway WM AD interface IP Any HTTP streams requested by the client for denied targets will be redirected to the specified location For more information see the Summit WM20 User Guide To configure rules for the Non authenticated filter 1 From the main menu click WM AD Configuration The WM AD Configuration screen is displayed 2 In the left pane select the SSID WM AD for which you want to configure the Non authenticated filtering rules The Topology tab is displayed 3 Click the Filtering tab 4 From the Filter ID drop down
40. IP address and the End IP address text boxes type the start and end of the IP addresses range that you want to be distributed to the network Range Is the range of addresses that the scope will distribute across the network You must use the range provided by your network administrator In the Length text box type the numeric value of the subnet mask s bits or in the Subnet mask text box type the subnet mask s IP address A subnet mask defines how many bits of an IP address to use for the network subnet IDs and how many bits to use for the host ID You can specify the subnet mask by length or as an IP address You must use the Length or the Subnet mask provided by your network administrator Click Next The Add Exclusions window is displayed In the Start IP address and the End IP address text boxes type the start and end of the IP addresses range that you want to exclude from the distribution You must use the exclusion range provided by your network administrator Click Next The Lease Duration window is displayed The DHCP server assigns a client an IP address for a given amount of time The amount of time for which the IP address can be leased is defined in the Lease Duration window In the Days Hours and Minutes text box type the lease duration You must use the Lease Duration as specified by your network administrator Summit WM2O Getting Started Guide Software Version 4 2 12 Click Next The Configure DHC
41. LAN ID is unique per AP To configure a Bridge traffic locally at AP WM AD 1 From the main menu click WM AD Configuration The WM AD Configuration screen is displayed 2 In the Add subnet text box located in the lower portion of the left pane type the WM AD name 3 Click Add subnet The name is displayed in the WM Access Domains list and the Topology tab is displayed 4 From the WM AD Mode drop down list click Bridge Traffic Locally At AP The VLAN Setting text boxes are displayed 5 To define the VLAN setting select one of the following Summit WM20 Getting Started Guide Software Version 4 2 e Tagged If you select Tagged type the VLAN ID in VLAN ID text box The default value is 1 e Untagged If you select Untagged the VLAN will be untagged 6 To save your changes click Save You have created a WM AD Now you should configure the authentication mechanism for the WM AD The following section explains how to configure the authentication mechanism Assigning Wireless APs radios to WM AD Each radio of the Wireless AP can support up to eight WM ADs Summit WM20 Controllers can support up to eight WM ADs To assign WMs to a WM AD 1 From the main menu click WM AD Configuration The WM AD Configuration screen is displayed 2 In the left pane WM Access Domains list click the WM AD you want to assign to the Wireless APs The Topology tab is displayed 3 Click the RF tab In the SSID box type the SSID that wir
42. M Controller The following chapter describes how to configure the Summit WM Controller s physical ports Summit WM20 Getting Started Guide Software Version 4 2 Summit WM2O Getting Started Guide Software Version 4 2 Routing configuration This chapter explains how to configure static routing and OSPF routing on the Summit WM Controller The topics in this chapter are organized as follows e Configuring a static route on page 35 e Configuring the OSPF routing on page 36 Configuring a static route To configure a static route 1 2 From the main menu click Summit Switch The Summit Switch screen is displayed In the left pane click Routing Protocols The Routing Protocols screen is displayed Extreme Networks Summit WM Series Console f Br i mansana Home Logs amp Traces Reports Altitude APs WM AD Configuration Summit Spy About LOGOUT System Maintenance Yiew Forwarding Table Static Routes I OSPF Routing Protocols IP Addresses Port Exception Route Destination Address Subnet Mask Gateway 0 D Filters Check Point Summit Spy SNMP Network Time Management Users Software Maintenance Utilities Web Settings Destination Address Subnet Mask 255 255 255 0 override dynamic routes WM Summit WM20 1 days 2 05 1 To add a new route type the destination IP address of a packet in the Destination Address text box Gateway
43. O Getting Started Guide Software Version 4 2 3 Inthe Time Server 1 text box type the IP address or FODN Full Qualified Domain Name of a NTP Time Server that is accessible on the enterprise network 4 Repeat Step 3 for Time Server2 and Time Server3 text boxes If the system is not able to connect to the Time Server 1 it will attempt to connect to the additional servers that have been specified in Time Server 2 and Time Server 3 text boxes Click Apply Reboot the Summit WM Controller The WLAN network time is synchronized in accordance with the specified time server Now you should apply a license key to the Summit WM Controller in order to enable its all the functionalities Applying a license key To apply the license Login on the Summit WM Controller From the main menu click Summit Switch The Summit Switch screen is displayed In the left pane click Software Maintenance Click the SWM Product Keys tab PW N e Extreme Networks Summit WM Series Console i Home Logs amp Traces Reports Altitude APs WM AD Configuration Summit Spy About LOGOUT System Maintenance Routing Protocols IP Addresses Port Exception Filters Check Point Summit Spy SNMP SWM Software OS Software Backup Restore SWM Product Keys SWM hardware platform version Revision 1 Current Product Key Settings Network Time Management Users Software Maintenance Utilities Web Settings ethO MAC Address
44. P Options window is displayed 13 Select Yes I want to configure these options now and then click Next The Router Default Gateway window is displayed 14 In the IP address text box type the network s default gateway You must use the default gateway provided by your network administrator New Scope Wizard Router Default Gateway You can specify the routers or default gateways to be distributed by this scope To add an IP address for a router used by clients enter the address below IP address Remove lt Back Cancel 15 Click Next The Domain Name and DNS Servers window is displayed New Scope Wizard Domain Name and DNS Servers The Domain Name System DNS maps and translates domain names used by clients on your network You can specify the parent domain you want the client computers on your network to use for DNS name resolution Parent domain To configure scope clients to use DNS servers on your network enter the IP addresses for those servers Server name IP address i Add Resolve Remove Up Down lt Back Cancel 16 In the Parent domain text box type your company s domain name You must use the Parent Domain provided by your network administrator 17 In the Server name text box type your server name You must use the Server name provided by your network administrator Summit WM20 Getting Started Guide Software Version 4 2 18 In the I
45. P address text box type your server s IP address and click Add 19 Click Next The WINS Servers window is displayed 20 Click Next The Activate Scope window is displayed 21 Select Yes I want to activate this scope now and click Next The wizard displays the following message This server is now a DHCP server 22 Click Start point to Administrative Tool and then click DHCP The DHCP console tree is displayed 23 Select the scope you configured and right click 24 Select Configure Options The Server Options window is displayed 25 Enable 078 SLP DA 26 In the lower pane of the screen type the hexadecimal values of the SLP DA s IP address Oo dd note e The Wireless APs use the SLP DA to discover the Summit WM Controller oO dd note If there is no SLP deployment on the enterprise network the Summit WM Controller is configured to act as a DA by default If you put the Summit WM Controller s IP address es in a DHCP server for Option 78 Wireless APs will interact with the Summit WM Controller for discovery 27 Click Apply and then click OK Configuring DHCP in Red Hat Linux Server You can configure a DHCP server using the configuration file etc dhcpd conf DHCP also uses the file var 1ib dhcp dhcpd leases to store the client lease database The first step in configuring a DHCP server is to create the configuration file that stores the network information for the clients Global options can be declared for all
46. Summit Switch Search List This feature allows the Wireless AP to bypass the discovery process If the Summit Switch Search List is not populated the Wireless AP will use SLP to discover a Summit WM Controller To save your changes click Save The Wireless AP reboots Summit WM20 Getting Started Guide Software Version 4 2 8 From the main menu click Reports The Reports and Displays screen is displayed Extreme Networks Summit WM Series Console E eXtreme Home Logs amp Traces Summit Switch Altitude APs WM AD Configuration Summit Spy About LOGOUT Displays List of Displays Reports Forwarding Table OSPF Neighbor OSPF Linkstate WAP Inventory Active Altitude APs Manufacturing Information Active Clients by Altitude AP Active Clients by WM AD Port amp WM AD Filter Statistics WM AD Interface Statistics Summit Switch Port Statistics Altitude AP Availability Dynamic Authorization Statistics Wired Ethernet Statistics by Altitude AP Wireless Statistics by Altitude AP System Information WM Summit WM20 1 days 2 14 1 9 Click Active Wireless APs A list of active Wireless APs is displayed with the corresponding IP addresses assigned to them by the DHCP server Active Altitude APs 192 168 4 204 No refresh Refresh every 30_ secs z z Tunnel Packets Packets Bytes Bytes A 802 11b g 802 11a apoa Wear e IG Duration Sent Rec d Sent Rec d ee Ch Tx Ch Tx Moj 2d
47. Topology settings required before other attributes can be configured Trial NS wm20_1 WM AD Mode Routed Network Assignment DHCP Option Local DHCP Server Assignment by SSID Gateway Allow mgmt traffic Rene O use 3rd Party AP Address Range from Timeout Disable OSPF Advertisement TrialVNS Add subnet Rename subnet to Idle pre minutes B cast Address minutes Domain Name minutes Lease seconds default 36000 max 2592000 Next Hop Routing DNS Servers Next Hop Address WINS 50000 used if not specified WM Summit WM20 1 days 22 30 1 4 From the WM AD Mode drop down list click Routed 5 From the DHCP drop down list click one of the two options e Local DHCP Server If you select Local DHCP Server the built in DHCP server in Summit WM Controller provides the IP addresses to the devices to the wireless network For more information see DHCP for WM AD on page 12 Gateway The Summit WM Controller advertises this address to the wireless devices when they sign on and get a dynamic IP address The gateway corresponds to the IP address that is communicated to mobile users Mask Subnet mask for this IP address to separate the network portion from the host portion of the address typically 255 255 255 0 Address Range Range from which the IP addresses are provided to the wireless devices that
48. U The MTU of the ports on either sides of the OSPF link must match You must remember here that the MTU for ports is set to 1500 on the Summit WM Controller is when configuring the physical data ports on IP addresses screen The value of 1500 matches the MTU in standard routers Enabling OSPF globally on the Summit WM Controller To enable the OSPF globally on the Summit WM Controller 1 From the main menu click Summit Switch The Summit Switch screen is displayed 2 In the left pane click Routing Protocols The Routing Protocols screen is displayed 3 Click the OSPF tab Extreme Networks Summit WM Series Console ee Home Logs amp Traces Reports Altitude APs WM AD Configuration Summit Spy About LOGOUT System Maintenance Yiew Forwarding Table Static Routes OSPF Routing Protocols IP Addresses gt PorkiException Global Settings Filters Check Point OSPF Status y Area id 0 0 0 0 _ Summit Spy Router id Area Type Default v SNMP Network Time Management Users Software Maintenance Port Settings Utilities Web Settings None of the Ports are configured for Router use Port Status Enabled Hello Interval s Link Cost Dead Interval s Authentication No Retransmit Interval s Password Transmit Delay s WM Summit WM20 1 days 2 07 1 From the OSPF Status drop down list click ON to enable OSPF In the
49. WM Controller s management port by your network administrator Subnet Mask The subnet mask for the IP address to separate the network portion from the host portion of the address typically 255 255 255 0 Management Gateway The default gateway of the network Primary DNS The primary DNS server used by the network Secondary DNS The secondary DNS server used by the network MAC Address MAC address of the Summit WM Controller s management port Serial The Summit WM Controller s serial An xmi file that is provided along with the product This file must be applied to the product to enable all the functionalities Summit WM20 Getting Started Guide Software Version 4 2 Table 1 Information gathering table Continued Configuration data Description Your entry Data Ports e IP address IP address of the physical ethernet port information e Subnet mask Subnet mask for the IP address which separates the network portion from the host portion of the address typically 255 255 255 0 e MTU The maximum transmission unit or maximum packet size for this port The default setting is 1500 If you change this setting and are using OSPF you must make sure that the MTU of each port in the OSPF link matches e Function The port s function gt Host Port A port for connecting Wireless APs with no dynamic routing gt Third party AP Port A port to which the third party AP is co
50. WM Series Console r a Home Logs amp Traces Summit Switch Altitude APs WM AD Configuration Summit Spy About LOGOUT Displays List of Displays Reports Forwarding Table OSPF Neighbor OSPF Linkstate WAP Inventory Route Destination 1 10 10 0 0 10 30 0 0 127 0 0 0 Gateway Interface Type Status Jesar Connected Active esa2 Connected Active lo Connected Active tapo Connected Active jetho Connected Active fasone ry x an a z o WM Summit WM20 1 days 2 06 1 To update the display click Refresh Configuring the OSPF routing To configure the OSPF routing you must Define one data port as a router port on the IP addresses screen Enable OSPF globally on the Summit WM Controller For more information see Enabling OSPF globally on the Summit WM Controller on page 37 Define the global OSPF parameters For more information see Defining the global OSPF parameters on page 38 Ensure that the OSPF parameters defined for the Summit WM Controller are consistent with the adjacent routers in the OSPF area The consistency includes the following Summit WM20 Getting Started Guide Software Version 4 2 e Timer Settings If the peer router has different timer settings the protocol timer settings in the Summit WM Controller must be changed to the peer router to match in order to achieve OSPF adjacency e MT
51. Wireless AP will correct their MTU settings 5 From the Function drop down list click one of the three functions Summit WM2O Getting Started Guide Software Version 4 2 e Host Port Specifies a port for connecting Wireless APs with no dynamic routing e Third party AP Port Specifies a port to which the third party AP is connected e Router Port Specifies a port that connects to an upstream next hop router in the network 6 To enable management traffic on the port select the Mgmt checkbox Enabling management provides access to the Summit WM Controller through the selected port using SNMP get only SSH and HTTPS management services 7 To enable the SLP protocol select the SLP checkbox Selecting the SLP checkbox will enable the Summit WM Controller to advertise this port to the network for Wireless APs discovery 8 Select either of the two VLAN options e Untagged Select Untagged if you are not using VLAN e Tagged Select Tagged and specify the VLAN ID in the VLANID text box if you are using VLAN 9 To allow multicast support click Enabled from the drop down list When you enable the multicast support the interface is used for relaying multicast traffic between core and wireless devices You must define only one port for the multicast traffic 10 To save your changes click Save 11 Repeat Step 3 to Step 10 for every port that is to be enabled Now you should configure the routing on the Summit W
52. X XX XXi XX XX WPA PSK wm20_1 Add subnet Rename subnet Delete subnet 4 Select Static Keys WEP 5 Type the values in the following text boxes o WEP Key Length Size of a WEP Key e Input Hex If you enable Input Hex the WEP Key text box is displayed Type the WEP Key manually in this text box e Input String If you select Input String the following two text boxes are displayed Strings and WEP Key Type the secret WEP Key string in the WEP Key String text box The WEP Key text box is automatically filled by the corresponding Hex code 6 To save your changes click Save Configuring WPA PSK To configure WPA PSK privacy 1 From the main menu click WM AD Configuration The WM AD Configuration screen is displayed 2 In the left pane click the SSID WM AD for which you want to configure WPA PSK privacy The Topology tab is displayed 3 Click the Privacy tab Summit WM20 Getting Started Guide Software Version 4 2 4 Select WPA PSK Extreme Networks Summit WM Series Console gt nenn Home Logs amp Traces Reports Summit Switch Altitude APs Summit Spy About LOGOUT Global Settings Modification of WM AD privacy settings may cause associated WAP s to reboot wm20_ WM Access Domains __ Topology RF Auth amp Acct RAD Policy Filtering I Multicast Privacy QoS Policy TrialVNS wm20_1 None Static Keys WEP WPA PSK
53. ace Interface The name of the interface to which the VLAN is mapped Interface IP address The interface s IP address Mask The subnet mask of the WM AD VLAN ID The ID of VLAN that is mapped to a Summit WM Controller interface Port Used to access the RADIUS server The default is 1812 of Retries The number of times the Summit WM Controller will attempt to access the RADIUS server Timeout The maximum time for which Summit WM Controller will wait for a response from the RADIUS server before making a re attempt NAS Identifier A RADIUS attribute that identifies the server responsible for passing information to the designated servers and then acting on the response returned This is optional Summit WM2O Getting Started Guide Software Version 4 2 Table 1 Information gathering table Continued Configuration data Internal captive portal settings information Shared Secret Password for external captive Description Login Label The text that will appear as a label for the user name Password Label The text that will appear as a label for the user password text box Header URL The URL of the file to be displayed in the header of the Captive Portal screen Footer URL The URL of the file to be displayed in the footer of the Captive Portal screen Message The message that you type in this text box will be displayed above the Login text box to greet the us
54. age 68 e Creating and configuring a Bridge Traffic Locally at WM WM AD on page 71 To configure external Captive Portal 1 Configure internal captive portal authentication For more information see Step 1 to Step 10 of Configuring internal Captive Portal authentication on page 74 Click Configure Captive Portal option The Captive Portal Configuration screen is displayed Select the External Captive Portal option In the SWM Connection drop down list click the Summit WM Controller s IP address In the Port text box type the Summit WM Controller s port In the Shared Secret text box type the password for encrypting the information exchanged between the Summit WM Controller and the external Captive Portal server 7 Inthe Redirection URL text box type the URL to which the wireless user will be directed before the authentication a aT FW NY 8 To save your changes click Save Summit WM2O Getting Started Guide Software Version 4 2 No Captive Portal support By default anew WM AD with SSID network assignment type is assigned None authentication A SSID WM AD with this set up circumvents all authentication mechanisms and the Summit WM Controller accepts all wireless devices without any authentication However even with None authentication option you can still control access to the network by defining appropriate filtering rules for Non authenticated filters For more information see Configuring filtering rule
55. ain click OK Summit WM2O Getting Started Guide Software Version 4 2 Configuring IAS properties To configure the IAS properties 1 Click Start point to Programs point to Administrative Tools and then click Internet Authentication Service Right click Internet Authentication Service Local and then click Properties In the Description text box type a name that you want to assign to this IAS server If you do not want to record the rejected authentication requests clear the Log rejected or discarded authentication requests checkbox oO dd note You can use the log file to determine if unauthorized users are attempting to authenticate themselves in the domain If you do not want to record the successful authentication requests clear the Log successful authentication requests checkbox Oo d note You can use the log file to determine the usage patterns of wireless users Click the Ports tab Internet Authentication Service Local Properties General Ports Enter the RADIUS authentication and accounting port numbers Authentication Accounting fi 813 20202 In the Authentication text box type the Summit WM Controller s port that is used to access the authentication IAS service In the Accounting text box type the Summit WM Controller s port that is used to access the accounting service Summit WM20 Getting Started Guide Software Version 4 2 dd note The values
56. by pressing and holding the Reset button on the Wireless AP for approximately five seconds Not all models of the Wireless APs have the Reset button The following figure illustrates the location of the Reset button on the Wireless APs AC DC Power Supply Reset Button Ethernet Port Wireless AP s LED states When the Wireless AP is powered on and boots you can follow its progress through the registration process by observing the LED sequence described below The Status LED center also indicates power unlit when unit is off and green solid when the Wireless AP has completed discovery and is operational Summit WM20 Getting Started Guide Software Version 4 2 Figure 9 Wireless AP LEDs Left LED 4 GHz radio activity Status LED Right LED 5 GHz radio activi Left LED Status Off Table 2 Wireless AP LED status Center LED Status Off Right LED Status Off Wireless AP status Powered off Off Green Off Beginning of Power on Self Test POST 0 5 seconds Off Off Off Power on Self Test POST Off Red Off Failure during POST Green Off Green Random delay State displayed only after a vulnerable reset Green Off Off Green Green Off Vulnerable time interval The Wireless AP resets to factory default if powered off for three consecutive times during this state No vulnerable period when Wireless AP is resetting to factory defaults Green Off Off Off Green O
57. cccceeeeee cess eeeee esse eeeeeeseeeseeesaeeeneeenaes 49 Configuring Remote Access Policies een 50 DNS service Configuration gps nagtesacneee E Eae A TE NOE TADA AFCE TETEN KELNA 53 Configuring DNS for internet ACCESS cccccccccececeeeceeeceeceseeeeeeeeeeeeeeeeeeeseeeeseeeseeeseeeaeeeeaeeenaeeees 53 Configuring DNS for Wireless APS discovery cccccccececcsseeeeeeeeeeeeeeseeeseeceseeeseeeseeeseeeeneeenaeeees 54 Chapter 6 Wireless AP s CONfIQUIatiON s ccccssssseesessseecesesseeeessseeesesssanessesseeeeenssseeeesensoneesees 57 Wireless AP overview cccccecceeee cece eee a eee eee a nese teenie acca ee caeeaae saa san essa eesaaesaa essa eesaeesaeeseesaaeaaaessaees 57 Configuring the Wireless APs for the first time cccccccecceccecee eee eeeeeeeeeeeeeeeeesseeeeeeeeeeesseeeeeegeaeeges 57 Manually approving pending Wireless APS cccccccccecesseceeeeeeeeeeeesee esse eeseeeseeesseeeaeeeeeeeaeeesneees 59 Assigning names to Wireless APS cccccccceseceeeeceeseeeceeeceeeeeeeeeeeeee esse eeeeeeeeeeseeeseeesaeeeseeeaeeeaaeeeness 60 Modifying Wireless APS PropertieS cccccccecccceeceeeeseeeceeeeeeeeeeeeeeeeeeeeeeeeseeeseeeseeeseeeeaeeeaeeeaeeeeaeees 60 Configuring static IP address for Wireless APS cccccccscccceeeeeceeeeeeceseeeceeceeeeeseeeseeeseeeseeeseeeeneeenes 61 Configuring VLAN tags for Wireless APS cccccccecseeceeceeceeeeeeeeeceeeeeeeeeeeeceeeeeeeeeeeeeeeeeeeseeeeeaeeae
58. ck Altitude APs The Altitude AP screen is displayed 2 Click the Static Configuration tab The Static Configuration screen is displayed Extreme Networks Summit WM Series Console extreme een Home Logs amp Traces Reports Summit Switch WM AD Configuration Summit Spy About LOGOUT 192 168 1 21 F j0409920201202778 wap properties 502 11b0 0 502 118 static Configuration vee p109920201203633 Changing static configuration settings will cause the WAP to reboot Reboots g caused by static configuration changes may make the WAP unreachable from this WAP Multi edit Swm een En VLAN Settings ccess Approval WAP Maintenance Tagged vLANID 1 4094 WAP Registration Untagged DRM wm20_1 IP Address Assignment Use DHCP Static Values IP Address 10 20 0 59 Netmask 255 255 255 0 Gateway 10 20 01 Summit Switch Search List Up Dowr Delete add Copy to Defaults Reset to Defaults Add Altitude AP Save WM Summit WM20 1 days 2 12 1 In the IP Address Assignment section select Use DHCP In the Add text box type the IP address of the Summit WM Controller that will manage this Wireless AP Click Add The IP address is added to the list Repeat Steps 4 to 5 to add additional Summit WM Controllers The Wireless AP attempts to connect to the IP addresses of the Summit WM Controllers in the order in which they are listed in the
59. cluding centralized management and configuration of Wireless APs user authentication and advanced radio frequency management The Summit WM Controller is driven by Summit WM Controller Access Points and Software system The software resides on the Summit WM Controller and provides an intuitive web based interface Summit WM Graphical User Interface GUI to enable you to manage the entire wireless network from a wired laptop or a PC connected to the network A command line interface is also available to manage the wireless network The Summit WM Controller is a full functioning dynamic router that aggregates and coordinates all Wireless APs and manages client devices Some key features of the Summit WM Controller are provided in the following sections Web based centralized management of Wireless APs The Summit WM Controller enables you to monitor and manage Wireless APs from a centralized web based interface called the Summit WM GUI You can separately configure enable or disable each Wireless AP from the Summit WM Controller using the Summit WM GUI The Summit WM GUI also allows you to group the APs of similar attributes into one of ten upgrade profiles for the purpose of deploying software upgrades You can initiate the software updates on a profile and the updates will be deployed to each AP in the profile This saves you from the cumbersome task of deploying the updates to each AP individually Summit WM20 Getting Started Gui
60. d secret key that is to be used between the wireless device and the Wireless AP e The shared secret key is used to generate the 256 bit key Dynamic WEP Broadcast re key interval The time interval in seconds after privacy which you want the broadcast encryption key to be changed information automatically The default is 3600 Summit WM20 Getting Started Guide Software Version 4 2 Table 1 Information gathering table Continued Configuration data Description Your entry Availability e Primary Summit WM Controller s IP address information e Secondary Summit WM Controller s IP address e P address of primary Summit WM Controller s physical port e P address of secondary Summit WM Controller s physical port Summit WM2O Getting Started Guide Software Version 4 2 D Summit WM Controller configuration This chapter explains how to configure the Summit WM Controller s settings to make it operational The topics in this chapter are organized as follows Accessing the Summit WM Controller for the first time on page 23 Connecting the Summit WM Controller to the enterprise network on page 27 Changing the administrator password on page 27 Configuring the network time on page 27 Applying a license key on page 29 Accessing the Summit WM Controller for the first time You can access the Summit WM Controller by using a laptop computer with a Web browser To access the Summit WM Control
61. de Software Version 4 2 Virtualized user segmentation The Summit WM Controller allows you to create and manage unique WM Access Domain Services WM AD that enables you to group specific mobile users devices and applications on the basis of policy class in order to provide unique levels of service access permissions encryption and device authorization A WM AD segment is a virtual network and each Wireless Access Points can support multiple WM AD segments WM AD optimizes the dynamic nature of WLAN mobility as WM AD groups can follow users without depending on the physical configuration of the network The following is the list of Summit WM Controllers and the number of WM ADs they can support e Summit WM20 Controller 8 WM ADs Authentication and encryption The Summit WM Controller and Wireless AP work together to support comprehensive authentication encryption and intrusion detection capabilities A range of robust security features based upon the 802 11 and WPA2 standards ensure that your network stays protected 802 1X mechanism in conjunction with RADIUS and pre shared key authentication ensure that only authorized users can access the network Other features include Captive Portal for redirected web based authentication Intrusion detection The Summit WM Controller allows you to configure Wireless APs to detect rogue access points on the network by scanning the radio frequency RF space at specific intervals Scan
62. documentation feedback 6 dynamic wep configuring 87 E enabling availability pair 92 enabling ias to authenticate users in active directory 46 enabling ospf globally on Summit WM Controller 37 encryption and authentication 8 extgernal captive portal authentication configuring 78 F filtering rules for default filter configuring 83 filtering rules for exception filter configuring 81 filtering rules for filters in aaa network assignment configuring 83 filtering rules for filters in ssid network assignment configuring 81 filtering rules for non authenticated filter configuring 82 filtering rules configuring 81 first time configuring wireless aps 57 first time Summit WM Controller 23 formatting conventions 6 forwarding table viewing 36 front panel Summit WM2O controller 15 G global ospf parameters defining 38 guide sho should use this 5 guide what is in this 5 las properties configuring 47 las configuring Summit WM Controller as client 49 las enabling to authenticate users in active directory 46 ias installing on windows 2003 46 installation collecting information 16 installing ias on windows 2003 server 46 internal captive portal authentication configuring 74 intrusion detection 8 L leds Summit WM2O controller 15 leds wireless aps 65 license key applying 29 M mac based authentication configuring 79 81 manually approving pending wire
63. e A network connection exists between the two Summit WM Controllers This connection is used to enable the availability link between the Summit WM Controllers The availability link is established on port 13907 e A DHCP server for the Wireless AP subnets is setup to support Option 78 for SLP so that it points to the IP addresses of the physical interfaces on both the Summit WM Controllers High level overview of the availability configuration process The following is a high level overview of the availability configuration process e Step 1 Define a WM AD with the same SSID on each Summit WM Controller For more information on how to define a WM AD see Chapter 7 WM AD configuration e Step 2 Associate radios and change poll timeout to 15 seconds in WM AD of Wireless AP default settings screen Step 3 Assign the Wireless APs to their home Summit WM Controllers Step 4 Enable both the Summit WM Controllers as an availability pair Summit WM20 Getting Started Guide Software Version 4 2 e Step 5 Define a primary Summit WM Controller e Step 6 Select one of the security mode options e Allow all Altitude APs to connect If the Summit WM Controller does not recognize the Wireless AP s serial number it sends a default configuration to the Wireless AP If the Summit WM Controller recognizes the serial number it sends the specific configuration port and binding key set to the Wireless AP e Allow only approved
64. e Wireless AP is configured on the Summit WM Controller but is currently not connected not available to service this Summit WM Controller Altitude AP Availability 192 168 4 204 No refresh Refresh every 50_ Data as of Mar 06 2007 01 53 48 pm To view the Wireless AP availability display 1 From the main menu click Reports amp Display The Reports amp Displays screen is displayed 2 Inthe List of Displays click Altitude AP Availability The Altitude AP Availability Display appears Viewing the active Wireless APs report To view the active Wireless APs report 1 From the main menu click Reports amp Displays The Reports amp Display screen is displayed 2 Inthe List of Displays click Active Altitude APs The Active Altitude APs display appears Summit WM20 Getting Started Guide Software Version 4 2 Summit WM2O Getting Started Guide Software Version 4 2 index A aaa network mechanism 80 active wireless aps report viewing 93 administrator password changing 27 applying license key 29 aps web based centralized management 7 assigning names to wireless aps 60 assigning radios to WM AD 90 assigning wireless aps to their home Summit WM Controller 91 assigning wireless aps radios to WM AD 72 authentication and encryption 8 authentication mechanism for aaaa network assignment 80 authentication mechanism for ssid network assignment 74 authentication web 8 availability
65. e for your network and then click Next The Dynamic Update window is displayed The zone name is identical to the DNS domain for small organization or branch office In the Dynamic Update window click Allow both nonsecure and secure dynamic updates and then click Next The Forwarders window is displayed In the Forwarders window click Yes it should forward queries to DNS servers with the following IP addresses When you select this feature all DNS queries for DNS names are forwarded to a DNS at either your ISP or central office In the IP addresses text box type one or more IP addresses that either your ISP or central office DNS servers use and click Next 10 Click Finish The wizard displays the following message This server is Now a DNS Server Configuring DNS for Wireless APs discovery To configure DNS for Wireless APs discovery SU fF WO NY Click Start point to All Programs point to Administrative Tools and then click DNS Select the domain In the Action menu select New Domain The New DNS Domain window is displayed In the New DNS Domain window type the name for the new domain Restart the service The new domain is displayed as the child domain Right click the new domain name and select New Host The New Host window is displayed Name uses parent domain name f blank Fully qualified domain name FQDN IP address T Create associated pointer PTR record T Allow any authenticated user to upda
66. ed MAC addresses If the client device s MAC address matches one in the list of allowed MAC addresses in the RADIUS server the user is granted access to the network To set up the RADIUS server for MAC based authentication you must set up a user account with User ID MAC and Password MAC or a password defined by the administrator for each user To define MAC based authentication for a WM AD 1 From the main menu click WM AD Configuration The WM AD Configuration is displayed 2 In the left pane select the SSID WM AD for which you want to configure the authentication mechanism The Topology tab is displayed 3 Click the Auth amp Acct tab Click MAC From the RADIUS drop down list click the server that you want to use for MAC authentication Summit WM20 Getting Started Guide Software Version 4 2 6 Click Use The selected server is displayed in the list of Config d Servers and a red asterisk is displayed next to MAC indicating that the server has been assigned oO dd note The RADIUS drop down list reflects the servers that are defined on the Global Settings screen For more information see Summit WM2O User Guide 7 If your RADIUS server is being used for another type of authentication or accounting select Use server for MAC Authorization 8 Type the values in the MAC text boxes e Port Port used to access the RADIUS server The default is 1812 e of Retries Number of times the Summit WM Controller will attempt
67. eeees 64 Resetting the Wireless AP to its factory default settings 2u222usssseessenneenneennnennnennnen nennen 64 Wireless AP s LED States u a else 65 Chapter 7 WM AD configuration uuuuunnnnnsnennnnnnnnnnnnnnnunnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnennannnnnnnnnnnnnnnnnn 67 WM AD topology overview aeeeennennseennnennnensnennnennnnnnnnnnnennnennnennnnennnennnennnensnnnsnennnnenneensnensnensnennnnnenn 67 Creating and configuring a Routed WM AD c ccccsccceeeeeeeeeeeeee cece cece eceeeeseeeseeeseeeeseeeaeeeaaeeaeeees 68 Creating and configuring a Bridge Traffic Locally at WM WM AD cccceccecceeceeeeeeceeeeeeeeeaseaeeeees 71 Creating and configuring a Bridge Traffic Locally at AP WM AD cccccecceecceeceseeeaeecaeeeeeeeeneeenes 71 Assigning Wireless APs radios to WM AD ccccccceececeeeceeceeceeeeeeeeeeeeeeeeeeeeeeseeseeeeeeeeeaeeseeeeeaeeaaes 72 Configuring authentication mechanism for WM AD ccccecccecccceceseceeceeeeseeeseeeseeeeeeeeaeeeeeeeeneeens 73 Authentication mechanism for SSID network assignment cccceeeceececeecceeceaeeeaeeeaeeeeeeeeneesnnes 74 Authentication mechanism for AAA network aSSiQNMent cccccceececeseceecceeceaeeeaeeeeeeeeeeeeneeenaes 80 Configuring filtering TUES ass een nen Anhieb isane arena i REE edane dit aeinn iis koida EE 81 Configuring filtering rules for filters in SSID network assignment uusssessensenseneneenennennnnen een 81 C
68. eless devices will use to access the WM In the Advanced RF Settings select the following e Suppress SSID Select to prevent this SSID from appearing in the beacon message sent by the Summit WM Controller The wireless device user seeking network access will not see this SSID as an available choice and will need to specify it e Enable proprietary IE Select to enable radio channel reports to be sent to the Summit WM Controller for improving roaming time and reliability as well as improving client power consumption The Wireless AP channel report lists all channels on which the WM AD can be found all channels used by all APs that have been assigned to the WM AD The Wireless AP will provide this list in a proprietary information element to be included in Beacon and Probe response packets By default this option is disabled It is recommended to enable this option e Enable 11h support Select to enable TPC Transmission Power Control reports By default this option is disabled It is recommended to enable this option m Apply power back off Select to enable the Wireless AP to use reduced power as does the 11h client By default this option is disabled It is recommended to enable this option e Process client IE requests Select to enable the Wireless AP to accept IE requests sent by clients via Probe Request frames and responds by including the requested IE s in the corresponding Summit WM2O Getting Started Guide Software Ve
69. er You can type a message explaining why the Captive Portal screen is used and the instructions for the user Replace Gateway IP with FQDN If you are using FQDN Fully Qualified Domain Name as the gateway address document the FQDN Default Redirection URL The URL to which the wireless devices will be directed after authentication Password This password encrypts the information exchanged between the Summit WM Controller and the external Captive Portal server portal configuration MAC based e Port The port used to access the RADIUS server The authentication default is 1812 information Exception filter rules information of Retries Number of times the Summit WM Controller will attempt to access the RADIUS server Timeout The maximum time for which Summit WM Controller will wait for a response from the RADIUS server before making a re attempt NAS IP Address IP address of the network access server NAS IP subnet The destination IP address You can also specify the IP range a port designation or a port range on the IP address Your entry here Static WEP e WEP Key Length Size of a WEP key privacy ee o maen e Strings This is the secret WEP key string WPA PSK privacy Broadcast re key interval The time interval in seconds after information which you want the broadcast encryption key to be changed automatically The default is 3600 e Pre shared Key The share
70. er connection and the user authentication Click Configure Captive Portal Settings The Captive Portal Configurations screen is displayed PFextreme Captive Portal Settings No Captive Portal Support Internal Captive Portal Login Label Login Header and footer width is 790 pixels Include l g 4 Extra contents will be cropped out Attributes TE POSE Password Label Password Please keep them in reasonable heights WAP Serial Header URL WAP Name Footer URL WM AD Name Message D MAC Address Provide button for users Replace Gateway IP with FQDN Default Redirection URL Specific Message URL View Sample Portal Page External Captive Portal SWM Connection 192 168 1 21 z External authentication server a oP ort range 3 Shared Secret Shared secret should be between 16 64 characters Redirection URL Note token lt integer_ will be APPENDED to the r lt original_target_url gt tion URL Save Close 12 Select the Internal Captive Portal option 13 Type the values in the following text boxes Summit WM2O Getting Started Guide Software Version 4 2 14 oO dd note Login Label The text that will appear as a label for the user name Password Label The text that will appear as a label for the user password text box
71. es Specifications are subject to change without notice All other registered trademarks trademarks and service marks are property of their respective owners 2008 Extreme Networks Inc All Rights Reserved Summit WM2O Getting Started Guide Software Version 4 2 m Table of Contents About CIS Guide ee een 5 Who should se this g lde u 08 u a anna a naeh nee ea 5 What s gt in this gulde rc else ren enn 5 Formatting conventions uueessessseenseenseenenennnennnennnennnnnennnnnnennnennnennnensnennnnnsnnnsnnsnnnsnnnennnennnensnensnnnnn 6 Documentation feedback nenn anne 6 Chapter 1 Summit WM Controller Access Points and Software system unnnnnuunennnnnennnnnnennnnnnnnnnnnnnnn 7 Conceptual Model arseenin inscedensts era a ansehen 7 SUMMIEWIM Controller ed digas dagen ee Eee denen Le retten nn 7 Wireless AP ea een arena EEOAE 9 Summit WM Controller Access Points and Software system topology and network elements 9 Discovery mechanism in Summit WM Controller Access Points and Software system 10 DHCP in Summit WM Controller Access Points and Software system ccccccseeceeeeeeeeeeeeaeeees 10 Summit WM Controller s physical A SCriptiOn ccccccccseceeeeceeeceeeeeeceseeeseeeseeceseeeseeeseeeaeeeeeeeenees 14 Summit WM2O Controller front panel cccceccseceeceeeceeceeceeeeeeeeeceeseeeeeeeeseseeeeeeeeeeaeeaeeeseeeeees 15 Summit WM2O Controller back panel
72. et to the network you defined Now you should connect the Summit WM Controller to the enterprise network The following section explains how to connect the Summit WM Controller to the enterprise network Summit WM20 Getting Started Guide Software Version 4 2 Connecting the Summit WM Controller to the enterprise network To connect the Summit WM Controller to the enterprise network 1 Disconnect your laptop computer from the Summit WM Controller management port 2 Connect the Summit WM Controller management port to the enterprise Ethernet LAN The Summit WM Controller resets automatically 3 Log on to the Summit WM GUI from any computer on the enterprise network Type the following URL in a browser to access the Summit WM GUI https lt IP Address gt 5825 Before you proceed further you should change the default administrator password The following section explains how to change the default administrator password Changing the administrator password To change the administrator password Login on the Summit WM Controller using the default administrator password From the main menu click Summit Switch The Summit Switch screen is displayed In the left click Management Users In the user_admin table click admin In the Modify User Password text box type the new administrator password In the Modify User Confirm Password text box retype the new administrator password N FD UOU RA WN Click Change Password Configu
73. every scope you define A scope is a collection of IP addresses meant to be distributed by the DHCP server to the client devices on a subnet The SLP DA is used by e The Wireless APs to discover the Summit WM Controller e The Mobility Agents to discover the Mobility Manager Summit WM20 Getting Started Guide Software Version 4 2 To configure DHCP in Window 2003 Server 10 11 Click Start point to Administrative Tool and then click DHCP In the console tree right click the DHCP server on which you want to create the new DHCP scope and then click New Scope Click Next The Scope Name window is displayed In the Name and Description text boxes type the scope s name and the description respectively This can be any name that you want but it should be descriptive enough so that you can identify the purpose of the scope on your network Click Next The IP Address Range window is displayed New Scope Wizard IP Address Range You define the scope address range by identifying a set of consecutive IP addresses Enter the range of addresses that the scope distributes Start IP address 10 209 0 3 End IP address 10 209 0 40 4 subnet mask defines how many bits of an IP address to use for the network subnet IDs and how many bits to use for the host ID You can specify the subnet mask by length or as an IP address Lenath 24 Subnet mask 255 255 255 D lt Back Cancel In the Start
74. eway option subnet mask 255 255 255 0 option domain name toronto xyznetworks com option domain name servers 192 1 1 3 rangem i2 r292 7515 2929925 307 default lease time 36000 max lease time 7200000 The figures are in seconds authoritative IAS service configuration Microsoft Internet Authentication Service IAS can run as a Remote Authentication Dial in User Service RADIUS server You can use IAS for centralized authentication and accounting of multiple client devices IAS configuration involves the following steps e Step 1 Installing IAS on Windows 2003 Server on page 46 Step 2 Enabling IAS to authenticate users in active directory on page 46 Step 3 Configuring IAS properties on page 47 Step 4 Configuring Summit WM Controller as IAS client on page 49 Step 5 Configuring Remote Access Policies on page 50 Installing IAS on Windows 2003 Server You must install IAS on Windows 2003 Server according to the documentation provided with the server You may also visit http support microsoft com to learn how to install IAS on Windows 2003 Enabling IAS to authenticate users in active directory To enable IAS to authenticate users in active directory 1 Click Start point to Programs point to Administrative Tools and then click Internet Authentication Service 2 In the Action menu click Register Service in Active Directory 3 To confirm the IAS registration in the local dom
75. ff Off Off Green Resetting to factory defaults announcement replaces vulnerable period This pattern is repeated twice to notify the operator when the factory configuration is restored Off Orange Off Attempting to obtain an IP address via DHCP Green Red Off Red Orange Off No DHCP reply has been received Off Green Orange Off Failed discovery SLP Off Off Orange Off Summit WM Controller has been discovered Registering the Wireless AP Off Off Red Off Registration of the Wireless AP has failed Off Off Green Off Standby registered with a Summit WM Controller waiting for configuration Green when Green Green when Radios enabled per user settings 802 11 b g 802 11la enabled enabled Off otherwise Off otherwise Off Red Green Off Upgrading firmware oO dd note Random delays do not occur during normal reboot A random delay only occurs after vulnerable period power down Now you should configure the WM AD via the Summit WM Controller using the Summit WM GUI The following chapter explains how to configure the WM AD Summit WM20 Getting Started Guide Software Version 4 2 D WN AD configuration This chapter explains how to configure the WM AD through the Summit WM Controller using the Summit WM GUI The topics in this chapter are organized as follows WM AD topology overview on page 67 Creating and configuring a Routed WM AD on page 68 Creating and configuring a Bridge Traffic Locally at WM WM A
76. for the WM AD The following section explains how to configure privacy Configuring privacy for WM AD Privacy is a mechanism that protects data over wireless and wired networks using encryption techniques The Summit WM Controller provides several privacy mechanism to protect data over the WLAN The privacy mechanism can be classified on the basis of network assignment types SSID and AAA Configuring privacy for SSID network assignment The SSID network assignment provides three privacy options e None e Static WEP e WPA pre shared key PSK Configuring Static WEP To configure Static WEP 1 From the main menu click WM AD Configuration The WM AD Configuration screen is displayed 2 In the left pane click the SSID WM AD for which you want to configure the Static WEP privacy The topology tab is displayed Summit WM2O Getting Started Guide Software Version 4 2 3 Click the Privacy tab Extreme Networks Summit WM Series Console en mais Home Logs amp Traces Reports Summit Switch Altitude APs Summit Spy About LOGOUT Global Settings wm20 i Modification of WM AD privacy settings may cause associated WAP s to reboot WM Access Domains Topology RF Auth amp Acct RAD Policy Filtering Multicast Privacy QoS Policy Trial NS wm20_1 None Static Keys WEP WEP Key Length 64 bit x Input Method Input Hex Input String WEP Key R format X
77. gives you two options SSID and AAA To learn more about SSID and AAA see WM AD topology overview on page 67 e SSID network assignment a Allow mgmt traffic If the management traffic is enabled it overrides the built in exception filters that prohibit traffic on the Summit WM Controller data interfaces For more information on filters see Configuring Filtering Rules for a WM AD in the Summit WM20 User Guide m Allow 3rd Party AP If Allow 3rd Party AP is enabled it allows for the specification of a segregated subnet for non WM Wireless APs for providing RF services to the users while still utilizing the Summit WM Controller for user authentication and the user policy enforcement The definition of third party AP identification parameters allows the system to be able to differentiate the third party AP device and the corresponding traffic from the user devices on that segment Devices identified as third party APs are considered pre authenticated and are not required to complete the corresponding authentication verification stages defined for the users in that segment 7 Type the values in the following three Timeout text boxes e Idle Pre Timeout Number of seconds a user is allowed to be idle on the WM AD before authentication e Idle Post Timeout Number of seconds a user is allowed to idle on the WM AD after authentication e Session Maximum amount of time a session is allowed on the system If you leave t
78. he DNS service it first determines whether the IP address for this server is static or the server is configured to secure it automatically If your server is currently configured to obtain its IP address the wizard prompts you to configure the server with a static IP address instead of displaying the Select Configuration Action window To configure the server with a static IP address a In the Local Area Connection Properties click Internet Protocol TCP IP and then click Properties The Internet Protocol TCP IP Properties window is displayed b In the Internet Protocol TCP IP Properties window click Use the following IP address c In the Static IP address Subnet mask and the Default gateway text boxes type the static IP address the subnet mask and the IP address of the default gateway respectively d Inthe Preferred DNS text box type the IP address of the server Summit WM20 Getting Started Guide Software Version 4 2 e Inthe Alternate DNS text box type the IP address of another internal DNS server The Alternate DNS text box is optional f Click OK and then click Close In the Select Configuration Action window select the Create a forward lookup zone checkbox and then click Next The Primary Server Location window is displayed In the Primary Server Location window select This server maintains the zone and then click Next The Zone name window is displayed In the Zone name text box type the name of the DNS zon
79. he client applications are user agents and services that are advertised by a service agent In larger installations a directory agent collects information from service agents and creates a central repository SLP is one of the several modes that the Summit WM Controller uses to discover the Wireless APs e Domain Name Server A server that translates the domain names into IP addresses The DNS is used as an alternative mechanism for the automatic discovery process The Summit WM Controller its software and the APs rely on the DNS for Layer 3 deployments In addition DNS is utilized for the static configuration of APs The Summit WM Controller can be registered in DNS to provide DNS assisted AP discovery Discovery mechanism in Summit WM Controller Access Points and Software system The Summit WM Controller Access Points and Software system provides auto discovery capabilities between the following components e Wireless APs and Summit WM Controller Discovery mechanism between Wireless AP and Summit WM Controller The Wireless APs discover the Summit WM Controller by one of the following modes e SLP Multicast and Unicast For more information see SLP s description in Summit WM Controller Access Points and Software system topology and network elements on page 9 e DNS For more information see Domain Name Server s description in Summit WM Controller Access Points and Software system topology and network elements
80. his text box blank there will be no time limit 8 Type the values in the Next Hop Routing text boxes e Next Hop Address The next hop IP identifies the target device to which all WM AD user traffic will be forwarded to Next hop definition supersedes any other possible definition in the routing table e OSPF Route Cost The OSPF cost value provides a relative cost indication to allow upstream routers to calculate whether or not to use the Summit WM Controller as a better fit or lowest cost path to reach the devices in a particular network The higher the cost the less likely that the Summit WM Controller will be chosen as a route for traffic unless that Summit WM Controller is the only possible route for that traffic e Disable OSPF Advertisement To disable the OSPF advertisement on the WM AD select Disable OSPF Advertisement 9 To save your changes click Save As a next step you should configure the authentication mechanism for the WM AD For more information see Configuring authentication mechanism for WM AD on page 73 Summit WM2O Getting Started Guide Software Version 4 2 Creating and configuring a Bridge Traffic Locally at WM WM AD To configure a bridge traffic locally at WM WM AD 1 From the main menu click WM AD Configuration The WM AD Configuration screen is displayed 2 In the Add subnet text box type the WM AD name 3 Click Add subnet The name is displayed in the WM Access Domains list and the T
81. hould use the following table to document all the pertinent information about the Summit WM Controller before starting the installation process Summit WM2O Getting Started Guide Software Version 4 2 Some of the information listed in the table may not be relevant to your network configuration You should only record the information that is pertinent to your network configuration Table 1 Information gathering table Configuration data Accessing the Summit WM Controller for the first time Management Port information Hardware information License Key File Description Your entry Unused IP address in the 192 168 10 0 24 subnet This IP address must be assigned to the Ethernet port of your laptop computer You can use any IP address between 192 168 10 2 and 192 168 10 255 Factory default IP address of Summit WM Controller The factory default IP address is https 192 168 10 1 5825 You must type this IP address in the address bar of your Web browser when you access the Summit WM Controller for the first time Login Information The login information is as follows gt User Name admin gt Password abc123 Hostname Specifies the name of the Summit WM Controller Domain Specifies the IP domain name of the enterprise network Management IP Address The new IP address for the Summit WM Controller s management port Change the value in this text box to the IP address assigned to the Summit
82. how to configure DHCP DNS and IAS services on Windows 2003 Server In addition the chapter explains how to configure DHCP service on a Linux based server Note that your Windows 2003 or Linux server may have a different configuration process than what is described here You should refer to your manufacturer s document to know the configuration process that is specific to your server The configuration processes described in this chapter should be used as examples The topics in this chapter are organized as follows e DHCP service configuration on page 41 e IAS service configuration on page 46 e DNS service configuration on page 53 DHCP service configuration Before you can configure the DHCP service you must install it on the server DHCP is not installed by default during a typical installation of Windows Standard Server 2003 or Windows Enterprise Server 2003 You can install DHCP either during the initial installation of Windows Server 2003 or after the initial installation is completed You may also include 078 SLP DA Option The 078 SLP DA Option is not included by default during a typical installation of DHCP service You may visit http support microsoft com to learn how to install DHCP and 078 SLP DA Option on Windows 2003 The following section describes how to configure DHCP for Summit WM Wireless LAN WLAN Solution Configuring DHCP in Windows 2003 Server You must also enable 078 SLP DA Option for
83. ick Save Authentication mechanism for AAA network assignment The AAA Authentication Authorization and Accounting network assignment provides the following two authentication options e 802 1x authentication e MAC based authentication The following sections explain the above two authentication options Summit WM2O Getting Started Guide Software Version 4 2 Configuring 802 1x authentication For more information see Configuring privacy for AAA network assignment on page 87 dd note Since Section 8 7 2 Privacy for AAA network assignment is part of Privacy policies configuration you can configure 802 1x authentication after you complete the configurations for authentication and filtering rules Configuring MAC based authentication MAC based authentication can be used in both SSID network assignment and AAA network type assignment For more information see Configuring MAC based authentication on page 79 Now you must configure the WM AD for filters The following section describes how to configure the WM AD filters Configuring filtering rules On a per WM AD basis the Summit WM Controller can be configured to apply a specific filtering policy on the user traffic that is routed through it The filtering policies are applied after the authentication is returned The filter definition can be static on the Summit WM Controller itself or the filter definition can be set to dynamically provisioned if R
84. in DHCP server in Summit WM Controller responds by sending the IP address to Wireless AP The Wireless AP sends the IP address to the wireless device DNS Server DHCP Server Summit WM Controller ey US S QS Wireless AP Na Wireless Wireless Device Device The DHCP configuration for WM AD is done via Summit WM Controller For more information see Creating and configuring a Routed WM AD on page 68 Summit WM20 Getting Started Guide Software Version 4 2 DHCP relay for WM AD Figure 4 DHCP relay for WM AD DNS Server A wireless device sends a request for IP address to Wireless AP The Wireless AP forwards the request to Summit WM Controller via WM AD tunnel The Summit WM Controller relays the request to the DHCP server Summit WM Controller The DHCP server responds by sending the IP address to the Summit WM Controller The Summit WM Controller relays the IP address to the Wireless AP The Wireless AP sends the IP address to the wireless device DHCP Server Wireless AP Wireless AP Wireless Device Wireless Device The DHCP relay configuration is done via Summit WM Controller For more information see Creating and configuring a Routed WM AD on page 68 Summit WM20 Getting Started Guide Software Version 4 2 DHCP for traffic bridged locally at Wireless AP Figure 5 DHCP for traffic bridged locally at Wirele
85. interface is directly attached to an existing VLAN you must specify which VLAN the port belongs to by tagging the VLAN ID to the port When you tag the VLAN ID to the port all packets associated with the port would be tagged with the corresponding VLAN This enables the Summit WM Controller to directly connect to a VLAN network without the need to remove VLAN tags at the connection port Summit WM20 Getting Started Guide Software Version 4 2 Configuring data ports To configure the data port interfaces on the Summit WM Controller 1 From the main menu click Summit Switch The Summit Switch screen is displayed 2 In the left pane click IP Addresses The Management Port Settings screen is displayed Extreme Networks Summit WM Series Console a ee Home Logs amp Traces Reports Altitude APs WM AD Configuration Summit Spy About LOGOUT System Maintenance Management Port Settings Routing Protocols IP Addresses Hostname WM Management Gateway 192 168 1 1 Port Exception Domain extremenetworks com Primary DNS Filters IP Address 192 1 Secondary DNS Check Point Subnet k 25 Summit Spy ubnet mask 255 95 0 ae Network Time Modify Management Users EERTE Software ee Enable Port VID IP address MAC Subnet mask Port Func MTU Mgmt SLP oe ae a a AN T ee D 102004 om Qo esal U 10 10 0 1 00 1A E8 10 01 C9 255 255 255 0 HostPort 1500 v IP address h0 20 0 1 zij Function Host Port Subnet mas
86. ireless Device Summit WM20 Getting Started Guide Software Version 4 2 Control amp Routing The Summit Switch authenticates wireless user The Summit Switch forwards the IP packet to the wired network Tunnelling Altitude AP sends data traffic to the Summit Switch through the UDP tunnel called CTP The Summit Switch controls the APs through the CTP tunnel Wireless Device The Summit WM Controller supports the following network elements e RADIUS Server Remote Access Dial in User Service An authentication server that assigns and manages ID and Password protection throughout the network The RADIUS server system can be set up for certain standard attributes such as filter ID and for the vendor specific attributes VSAs The Summit WM Controller supports external RADIUS server e DHCP Server Dynamic Host Configuration Protocol A server that assigns the IP addresses gateways and subnet masks dynamically The external DHCP server depicted in Figure 2 1 is primarily utilized to provide addresses to infrastructure equipment such as APs The IP addresses to the mobile devices are provided by the built in DHCP server of Summit WM Controller You can also configure the Summit WM Controller to relay DHCP requests to the external DHCP server e SLP Service Location Protocol A service discovery protocol that allows computers and other devices to find services in a local area network without prior configuration T
87. is 3600 9 In the Pre shared Key text box type the shared secret key that is to be used between the wireless device and the Wireless AP The shared secret key is used to generate the 256 bit key 10 To confirm your entry click Unmask The shared key entry is displayed You must always unmask the shared secret key before you save your settings 11 To save your changes click Save Summit WM2O Getting Started Guide Software Version 4 2 Configuring privacy for AAA network assignment The AAA Authentication Authorization and Accounting assignment provides following privacy mechanisms e Static keys WEP e Dynamic WEP keys e Wi fi Protected Access WPA version 1 with encryption by temporal key integrity protocol TKIP Wi fi Protected Access WPA version 2 with encryption by advanced encryption standard with counter mode CBC MAC protocol AES CCMP Configuring Static WEP To configure Static WEP 1 From the main menu click WM AD Configuration The WM AD Configuration screen is displayed 2 In the left pane click the AAA WM AD for which you want to configure the Static WEP privacy The topology tab is displayed 3 Click the Privacy tab Repeat Step 4 to Step 6 of Configuring Static WEP on page 84 Configuring Dynamic WEP The dynamic key WEP mechanism changes the key for each user and each session To set up Dynamic WEP privacy 1 From the main menu click WM AD Configuration The WM AD Configuration sc
88. k 255 255 255 0 MTU 1500 LAN ID Tagged ID untagged Internal YLAN ID 1 Multicast Support Disabled Save Cancel WM Summit WM20 1 days 2 02 1 The lower part of the screen displays the two ethernet ports and each MAC address is displayed under the MAC column The lowest part of the screen displays the text boxes for IP address MAC address Subnet mask and MTU You can edit these values 3 To enable the port select the checkbox under the Enable column a gt NOTE You must disable all the interfaces that are not in use in order to avoid routing loops 4 Type the following e IP address The IP address of the physical ethernet port e Subnet mask The subnet mask for the IP address which separates the network portion from the host portion of the address typically 255 255 255 0 e MTU The maximum transmission unit or maximum packet size for this port The default setting is 1500 If you change this setting and are using OSPF you must make sure that the MTU of each port in the OSPF link matches a gt NOTE The Summit WM Controller and Wireless AP are capable of participating in MTU discovery During the MTU discovery process the Summit WM Controller and Wireless AP automatically learn the correct MTU and then correct their settings accordingly If the routed connection to an Wireless AP travels a link that imposes a lower MTU than the configured MTU the Summit WM Controller and
89. k time using system s time 28 configuring privacy for aaa network assignment 87 configuring privacy for WM AD 84 configuring static ip address for wireless aps 61 configuring static wep 84 87 configuring Summit WM controller as ias client 49 configuring vlan tags for wireless aps 64 configuring wi fi protected access wpavl and wpa v2 privacy 87 configuring wireless aps for the first time 57 configuring wpa psk 85 configuring remote access policies 50 confirming ports set for ospf 39 connecting the Summit WM Controller to the enterprise network 27 conventions formatting 6 creating and configuring bridge traffic locally at ap WM AD 71 creating and configuring bridge traffic locally at WM WN AD 71 creating and configuring routed WM AD 68 data ports configuring 32 defining global ospf parameters 38 defining primary Summit WM Controller 92 defining WM AD with same ssid on both the Summit WM Controller 90 detection intrusion 8 dhcp for traffic bridged locally at wireless ap 14 dhcp for wireless aps 11 dhcp for WM AD 12 dhcp in Summit WM Controller Access Points and Software system 10 dhcp relay for WM AD 13 dhcp configuring in red hat linux server 44 dhcp configuring in windows 2003 41 discovery mechanism between wireless ap and Summit WM Controller 10 discovery mechanism in Summit WM Controller access points and software system 10 dns configuring for internet access 53
90. ler using a web enabled laptop 1 Connect the Summit WM Controller s management port to the web enabled laptop computer with a cross over RJ 45 Ethernet cable Statically assign an unused IP address in the 192 168 10 0 24 subnet for the Ethernet port of the laptop computer You can use any IP address from 192 168 10 2 to 192 168 10 255 Launch your web browser In the address bar type https 192 168 10 1 5825 The The Summit WM GUI login screen is displayed Extreme Networks Summit WM Series Console er inneren Extreme Networks Summit WM Series WLAN Switch Software Please Login to access pages of Summit WM Series WLAN Switch Software If you do not have the login information please contact your administrator User Name Password Login In the User Name text box type admin In the Password text box type abc123 Summit WM20 Getting Started Guide Software Version 4 2 7 Click Login The Summit WM GUI is displayed Extreme Networks Summit WM Series Console i en J _ Ten Logs amp Traces Reports amp Displays Summit Switch Configuration Altitude AP Configuration WM Access Domain Configuration Summit Spy WM Summit WM20 1 days 1 26 1 amp b note In the footer of the Summit WM GUI the following is displayed e host name product name up time e For example WM2O 01 days 19 54 If there is no key unlicensed UNLICENSED is displayed besides the software
91. less aps 59 modifying wireless aps properties 60 network elements Summit WM Controller access points and software system topology 9 network time configuring 27 network time configuring using ntp 28 network time configuring using system s time 28 no captive portal 79 0 ospf on Summit WM Controller enabling globally 37 ospf confirming 39 P physical description Summit WM Controller 14 poll timeout value changing 90 primary Summit WM Controller defining 92 privacy for aaa network assignment configuring 87 privacy for ssid network assignment configuring 84 R remote access policies configuring 50 resetting wireless ap to its factory default settings 64 routed WM AD creating and configuring 68 S ssid network assignment authentication Summit WM2O Getting Started Guide Software Version 4 2 mechanism 74 static ip address for wireless aps configuring 61 static route configuring 35 static wep configuring 84 87 Summit WM Controller for the first time 23 Summit WM Controller access points and software system topology and network elements 9 Summit WM Controller access points and software system dhcp 10 Summit WM Controller configuring as ias client 49 Summit WM Controller connecting to the enterprise network 27 Summit WM Controller enabling ospf globally 37 Summit WM Controller s physical description 14 Summit WM2O controller back panel 16 Summit WM
92. list click Non authenticated 5 Define a filtering rule a In the IP subnet port text box type the destination IP address You can also specify the IP range a port designation or a port range on the IP address in the IP subnet port text box b From the Protocol drop down list click the applicable protocol The default is N A Summit WM2O Getting Started Guide Software Version 4 2 6 For Captive Portal assignment define a rule to allow access to the default gateway for this WM AD a Select the IP Port of the filtering rule that you defined in Step 5 b In the IP subnet port type the default gateway IP address WM AD IP address that you defined in the Topology screen for this WM AD 7 Click Add The rule is displayed in the middle of the screen 8 If applicable define more rules by repeating Steps 5 and 6 9 To allow the traffic between the wireless device and the network Select In and Out 10 Select the Allow feature for every rule you created 11 To save your changes click Save Configuring filtering rules for Default filter The Default filter is applied by default automatically after the authentication of the wireless device under the following circumstances e No match is found in the Exception filter rules e No filter attribute value is returned by the authentication server for the device e No match is found in the filter ID values In order to ensure that a packet is not dropped entirely under the above circu
93. lues you record here should match what you define in the Port text box of Auth section in the Acc amp Acct tab of Summit WM Controller s WM AD screen e Summit WM Controller s Port Summit WM Controller s ethernet port to which the Wireless AP is connected e Country The country where the Wireless AP operates e Serial A unique identifier that is assigned during the manufacturing process of the Wireless APs e Hardware version The current version of the Wireless AP hardware e Application version The current version of the Wireless AP software e VLAN ID The ID of the VLAN on which the Wireless AP operates e Gateway The Summit WM Controller advertises this address to the wireless devices when they sign on and get a dynamic IP address The gateway corresponds to the IP address that is communicated to mobile users e Subnet mask Subnet mask for the gateway IP address to separate the network portion from the host portion of the address typically 255 255 255 0 e Address range The range from which the IP addresses are provided to the wireless devices that use the WM AD e External enterprise domain name The external enterprise domain name e DNS Server IP address The IP address of the domain name server on the enterprise network Summit WM20 Getting Started Guide Software Version 4 2 Your entry Table 1 Information gathering table Continued Configuration data Descri
94. m PoE Injector e Power by AC adaptor For more information see the Wireless AP Installation Guide Manually approving pending Wireless APs If the Summit WM Controller does not recognize the Wireless AP the Wireless AP s registration record is created in pending state You must manually approve a pending Wireless AP As long as the Wireless AP is in pending state it receives minimum configuration that only allows it to maintain an active link with the Summit WM Controller for future state change To manually approve pending Wireless APs 1 From the main menu click Altitude APs The Altitude AP screen is displayed 2 In the left pane click Access Approval The Access Approval screen is displayed Extreme Networks Summit WM Series Console f extreme d areant Home Logs amp Traces Reports Summit Switch WM AD Configuration Summit Spy About LOGOUT 192 168 1 21 P Access Approval WAP Default a Settings Altitude APs Home Status Select Altitude APs nn en i 0409920201202778 00 0F C8 F0 17 0C Local Approved Approved ient Managemen S ee obs beces Anorov 0409920201204633 00 0F C8 F0 1D 51 Local Approved g WAP Maintenance Foreign a U ceran DRM Clear All wm20_1 Perform action on selected Altitude APs Approved Pending Release Delete WM Summit WM20 1 days 22 21 1 3 Inthe Select Altitude APs section click Pending The pending Wireless APs are selected 4 In the Perform
95. me text box type the name that you want to assign to the Summit WM Controller and then click Next In the Client address IP or DNS text box type the IP address of the Summit WM Controller and then click Verify Click Resolve If the IP address is correct it appears in the Search results text box Click Use this IP In the Client Vendor list click RADIUS Standard In the Shared secret text box type a password that both the IAS server and the Summit WM Controller will use to mutually authenticate oO dd note This password is case sensitive You can use alphanumeric characters You must configure the same shared secret password for WM AD Global Settings For more information see WM AD Global Settings in the Summit WM2O User Guide Retype the password in the Confirm shared secret box and then click Finish Summit WM20 Getting Started Guide Software Version 4 2 Configuring Remote Access Policies To configure Remote Access Policy 1 Click Start point to Administrative Tool and then click Internet Authentication Service 2 Click Remote Access Policies 3 In the right pane of the Internet Authentication Service click Allow access if dial in permission is enabled and then right click Allow access if dial in permission is enabled Click Delete A dialogue box is displayed Click Yes on the dialogue box On the Action menu click New Remote Access Policy The New Remote Access Policy Wizard is displayed New
96. mstances the final rule in the Default filter must be Allow All To configure rules for the Default filter 1 From the main menu click WM AD Configuration The WM AD Configuration screen is displayed 2 Inthe left pane click the WM AD for which you want to configure the Default filtering rules The Topology tab is displayed 3 Click the Filtering tab 4 From the Filter ID drop down list click Default The default rule in the Default filter is displayed The default rule in the Default filter displays a Deny All configuration You can modify the configuration to Allow All if it is appropriate for the network needs of the WM AD If applicable you can create more rules for the Default filter 5 Configure filtering rules for the Exception filter For more information see Step 5 to Step 8 of Configuring filtering rules for Exception filter on page 81 6 To save your changes click Save Configuring filtering rules for filters in AAA network assignment The AAA network assignment type offers the following two default filters e Default e Exception In AAA network assignment type a Non authenticated filter becomes unnecessary because the users are already authenticated Summit WM20 Getting Started Guide Software Version 4 2 For more information see Configuring filtering rules for Exception filter on page 81 and Configuring filtering rules for Default filter on page 83 Now you should configure privacy
97. mware image via the Summit WM GUI All communication with the Summit WM Controller is carried out using a UDP based protocol The protocol encapsulates the IP traffic from the Wireless AP and directs it to the Sammit WM Controller The Summit WM Controller decapsulates the packets and routes them to the appropriate destinations while managing sessions and applying policy The Wireless APs are available in two models e Altitude 350 2i Equipped with dual internal multimode diversity antennas e Altitude 350 2d Equipped with dual external antennas that use RP SMA connectors The Wireless APs have two radios e 2 4 GHz radio supporting the 802 11b g standards e 5 GHz radio supporting the 802 11a standard The radios on the Wireless APs are enabled or disabled through the Summit WM GUI For more information see the Chapter 3 of the Summit WM20 User Guide Configuring the Wireless APs for the first time Before you start configuring the Wireless APs ensure that you have e Set up installed and configured the Summit WM Controller Summit WM20 Getting Started Guide Software Version 4 2 e Installed the Wireless APs at the location indicated by your site survey To configure the Wireless APs for the first time 1 From the main menu click Altitude APs The Altitude AP screen is displayed 2 In the left pane click WAP Registration Extreme Networks Summit WIM Series Console on oe ar Home Logs amp Traces Reports Summit
98. ne in the Port text box of Acct section in the Acc amp Acct tab of Summit WM Controller s WM AD screen For more information see Configuring authentication mechanism for WM AD on page 73 of Chapter 7 WM AD configuration Summit WM2O Getting Started Guide Software Version 4 2 Extreme Networks Summit WM Series Console i a Home Logs amp Traces Reports Summit Switch Altitude APs Summit Spy About LOGOUT Global Settings wm20 1 WM Access Domains Topology RF Auth amp Acct I RAD Policy Filtering Multicast Privacy 005 Policy TrialVNS CNL 209 AAA RADIUS Freeradius209 w Use Auth Bl Use server for RADIUS Accounting ee MAC Port 1813 Config d Servers Y Na ae aaa Acct of Retries 3 Timeout Is seconds j ft a RE u NAS IP Address 172 22 224 1 Down NAS identifier CNL 209 AAA en an Reset to primary Test RADIUS Accounting idee behead iedee erence etal Interim Interval 30 minutes O collect Accounting Information of Summit Switch CNL 209 AAA MTS Captive Portal Configure Captive Portal Settings J Delete subnet WM mm WM2O da Configuring Summit WM Controller as IAS client To configure Summit WM Controller as IAS client 1 2 3 o N a a Click Start point to Administrative Tool and then click Internet Authentication Service Right click Clients and then New Client In the Friendly na
99. nnected gt Router Port A port that connects to an upstream next hop router in the network e VLAN ID The ID of the VLAN to which the AP is connected Static Routing Static IP address The static IP address that is assigned to the Summit WM Controller when it is configured for static routing OSPF Routing e Router ID The router ID is its own IP address You must record the Summit WM Controller s IP address here e Area ID of OSPF Id of OSPF s area 0 0 0 0 is the main area in OSPF e OSPF Authentication Password If you select Authentication type as Password then you will need a password DHCP Service e IP address range This is the range from which the IP address will be distributed across the network gt Start IP address This is the start IP address of the range gt End IP address This is the end IP address of the range e Lease duration The DHCP server assigns a client an IP address for a given amount of time The amount of time for which the IP address can be given is called lease duration gt Days The number of days for which the lease can be given gt Hours The number of hours for which the lease can be given gt Minutes The number of minutes for which the lease can be given IP Address for IP Address If you are using WM AD you will need the WM AD installing DHCP IP address an If you are not using WM AD you will need the Summit WM Controller s IP
100. ocols The Routing Protocols screen is displayed Click the OSPF tab From the Port Status drop down list click Enabled The OSPF is enabled on the port dd note Only the interfaces defined as router type are available for OSPF neighborhood establishment In the Link Cost text box type the OSPF standard for your network for this port The Link Cost is the cost of sending a data packet on the interface The lower the cost the more likely the interface will be used to forward the data traffic e dd note If more than one port is enabled for OSPF you must prevent the Summit WM Controller from serving as a router for the other traffic In order to do this you must set the Link Cost to its maximum value of 65535 From the Authentication drop down list click the authentication type of OSPF on your network e None The default is None If None is selected leave the Password text box blank e Password If Password is selected type the password in the Password text box in the Type the values in the following text boxes e Hello Interval Specifies the time in seconds displays OSPF default The default setting is 10 e Dead Interval Specifies the time in seconds displays OSPF default The default setting is 40 e Retransmit Interval Specifies the time in seconds displays OSPF default The default setting is D e Transmit Delay Specifies the time in seconds displays OSPF default The default setting is 1 To
101. onfiguring filtering rules for filters in AAA network assignment ueesssseensnnennennenennennennennennen 83 Configuring privacy for WM AD ana ne nenne tied es kenn 84 Configuring privacy for SSID network assignment enueeeenssneenssnennennennenennennennnnnennenennennnennennn 84 Configuring privacy for AAA network ASSIENMENL ccccecceecseeee cece eeseeeseseeeeesseeeseeeaeeegeeeeaees 87 Chapter 8 Availability configuration ccccccesssssseeessseeeeesseeeeeeeseeeeesssaeeeeeeeeesseeesnaeeesensaaeeeeees 89 Availabilty overview Tin a linie ren nut dar ebene rer 89 Configuring availability feature uessueeseeesseensennneensnennnennnennnennnnnnnnennnnnnnnnnnennnennnennnennnnnnnn essen 89 Defining a WM AD with the same SSID on both the Summit WM Controllers 0cceeeeeeeees 90 Assigning radios to WM AD and changing the poll timeout value on Wireless AP configuration screen 90 Assigning the Wireless APs to their home Summit WM Controller ccecseeeeeeeeeeeeeeeaeeeeeeeeaees 91 Enabling availability pair defining primary Summit WM Controller and selecting security mode 92 Viewing the Wireless AP availability display cccccccsssecceseceeeeeeeeeeeeeeeeeeeeeseeeeeseeeaeeeseeeesaeees 93 Viewing the active Wireless APS r port ccccccecceeseececeeceeeceeceeeeeeeeeseeesesseeeeaeeeeeseeeeeaeeaeegees 93 MINOX svcss ci cesses sesacnacesssascssssssssusvseaseassetesssdesassdasecsssascsssscsssscss
102. opology tab is displayed 4 From the WM AD Mode drop down list click Bridge Traffic Locally At SWM The following text boxes are displayed e DHCP Option Provides you the option of either using the external DHCP server or the local DHCP server on the Summit WM Controller For more information see Step 5 of Creating and configuring Routed WM AD VLAN ID The ID of VLAN that is mapped to a Summit WM Controller interface Interface The name of the interface to which the VLAN is mapped Interface IP address The interface s IP address Mask The subnet mask of the WM AD 5 From the Network Assignment drop down list click the network assignment For more information on network assignment see Step 6 of Creating and configuring Routed WM AD 6 Type the values in the following three Timeout text boxes Idle Pre Idle Post and Session For more information on Timeout text boxes see Step 7 of Creating and configuring Routed WM AD 7 To save your changes click Save As anext step you should configure the authentication mechanism for the WM AD For more information see Configuring authentication mechanism for WM AD on page 73 Creating and configuring a Bridge Traffic Locally at AP WM AD This configuration enables the WM AD to provide branch office mode The VLAN ID for the branch office is assigned by the office network administrator The Wireless AP will operate correctly only when the V
103. ou should configure the Summit WM Controller s availability and mobility features The following chapter describes how to configure the Summit WM Controller s availability and mobility features Summit WM2O Getting Started Guide Software Version 4 2 Availability configuration The chapter describes how to configure the Summit WM Controller s availability and mobility features The topics in this chapter are organized as follows e Availability overview on page 89 e Configuring availability feature on page 89 Availability overview The Summit WM Wireless LAN WLAN Solution s availability feature maintains service availability in the event of a Summit WM Controller outage The availability feature links two Summit WM Controllers to form a pair in order to share information about their Wireless APs If one Summit WM Controller fails its Wireless APs are allowed to connect to the other Summit WM Controller The Wireless APs that connect to a backup Summit WM Controller during a failover are assigned to the WM AD that is defined in the Summit WM Controller s default Wireless AP configuration If the default Wireless AP configuration has no WM AD assigned the failover Wireless APs will not provide service Therefore it is very important to define a default Wireless AP configuration on all Summit WM Controllers Configuring availability feature Before you begin the availability configuration you must ensure
104. ove them 11 From the main menu of the secondary Summit WM Controller click Altitude APs The Altitude AP screen is displayed 12 Repeat Step 9 to Step 10 13 To save your changes click Save oO dd note After you have assigned Wireless APs to their home Summit WM Controllers you must check Active Wireless APs Report screen to ensure that all those approved APs are indeed connected to their home Summit WM Controller For more information see Viewing the active Wireless APs report on page 93 Enabling availability pair defining primary Summit WM Controller and selecting security mode Steps 4 5 and 6 of the availability configuration process involve enabling availability pair defining primary Summit WM Controller and selecting security mode To enable the availability pair define the primary Summit WM Controller and select the security mode 1 Login on both the Summit WM Controllers 2 From the main menu of the primary Summit WM Controller click Altitude APs The Altitude AP Registration screen is displayed 3 In the left pane click WAP Registration The WAP Registration screen is displayed 4 In the Registration mode section click Paired 5 From the main menu of the secondary Summit WM Controller click Altitude APs The Altitude AP screen is displayed 6 In the Registration mode section click Paired From the main menu of the primary Summit WM Controller click Altitude APs 8 In the Summit WM Cont
105. p Traces Reports Summit Switch Altitude APs Summit Spy About LOGOUT Global Settings wm20_1 WM Access Domains Topology RF Auth amp Acct RAD Policy Filtering Multicast I Privacy QoS Policy wm20_1 WM AD Mode Routed Network Assignment DHCP Option Local DHCP Server v Assignment by SSID Gateway 110 30 0 1 O Allow mgmt traffic Mask 255 255 255 0 DES IO ROW AR Address Range from 10 30 0 2 Timeout to 10 30 0 254 Idle pre 5 minutes Exclusion s post 30 minutes B cast Address 10 30 0255 Session 0 minutes Domain Name Next Hop Routing Next Hop Address Lease seconds default 36000 max 2592000 DNS Servers OSPF Route Cost 50000 WINS routing table default cost used if not specified T mza O R Disable OSPF Advertisement wm20_1 Delete subnet WM Summit WM20 1 days 2 19 1 2 Inthe Add subnet text box type the WM AD name 3 Click Add subnet The name is displayed in the WM Access Domains list and the Topology tab is displayed Summit WM2O Getting Started Guide Software Version 4 2 Extreme Networks Summit WM Series Console a ee Goaigiranon Home Logs amp Traces Reports Summit Switch Altitude APs Summit Spy About LOGOUT Global Settings TrialVYNS WM AccessiDaiiaing Topology
106. ption Your entry DHCP Relay in Routed WM AD Next Hop Routing for Routed WM AD VLAN Information for Bridge Traffic Locally at WM WM AD VLAN ID for Bridge traffic locally at AP WM AD Authentication and Accounting information for captive portal configuration Gateway The Summit WM Controller advertises this address to the wireless devices when they sign on and get a dynamic IP address The gateway corresponds to the IP address that is communicated to mobile users Subnet mask Subnet mask for the gateway IP address to separate the network portion from the host portion of the address typically 255 255 255 0 DHCP Server IP address es IP addresses of the external DHCP servers on the enterprise network Next hop IP address The next hop IP identifies the target device to which all WM AD user traffic will be forwarded to Next hop definition supersedes any other possible definition in the routing table OSPF routing cost The OSPF cost value provides a relative cost indication to allow upstream routers to calculate whether or not to use the Summit WM Controller as a better fit or lowest cost path to reach the devices in a particular network The higher the cost the less likely that the Summit WM Controller will be chosen as a route for traffic unless that Summit WM Controller is the only possible route for that traffic VLAN ID The ID of VLAN that is mapped to a Summit WM Controller interf
107. reen is displayed 2 In the left pane click the AAA WM AD for which you want to configure the Dynamic WEP privacy The Topology tab is displayed 3 Click the Privacy tab Select Dynamic Keys To save your changes click Save Configuring Wi fi Protected Access WPA v1 and WPA v2 privacy WPA v1 and WPA v2 adds authentication to WEP encryption and key management The authentication portion of WPA for AAA is in enterprise mode Key features of WPA privacy include e Specifies 802 1x with extensible authentication protocol EAP e Uses RADIUS protocols for authentication and key distribution therefore requires a RADIUS or other authentication server e Centralizes management of user credentials The WPA authentication process involves the following steps e Step 1 The wireless device associates with Wireless AP Summit WM20 Getting Started Guide Software Version 4 2 e Step 2 The Wireless AP blocks the wireless device s network access while the authentication process is carried out The Summit WM Controller sends the authentication request to the RADIUS authentication server e Step 3 The wireless device provides credentials that are forwarded to the authentication server through the Summit WM Controller e Step 4 If the wireless device is not authenticated the device remains blocked from the network For more information see the Summit WM20 User Guide To configure WPA privacy 1 From the main menu click WM AD
108. results are then forwarded to the Summit WM Controller the Summit WM Controller processes and presents the data centrally Rogue detection data can be viewed via the Summit WM GUI Automatic assignment of IP addresses to the client devices The Summit WM Controller has built in DHCP server that assigns IP addresses to the client devices The Summit WM Controller is also capable of working with an external DHCP server Web authentication The Summit WM Controller has a built in Captive Portal capability that allows Web authentication Web redirection to take place The Summit WM Controller is also capable of working with external Captive Portal Summit WM2O Getting Started Guide Software Version 4 2 Wireless AP Wireless APs are wireless LAN access points that bridge the network traffic between wireless devices and the Ethernet LAN Summit WM Controller Access Points and Software system topology and network elements The following figure illustrates a typical configuration with a single Summit WM Controller and two Wireless APs each supporting a wireless device A RADIUS server on the network provides user authentication and a DHCP server assigns IP addresses to the Wireless APs Network inter connectivity is provided by the infrastructure routing and switching devices Figure 1 Summit WM Wireless LAN topology Summit WM Series WLAN Topology Summit WM Controller Etherne EZD Ethernet Altitude Access Points
109. ring the network time The internal clocks of the Summit WM Controller and Wireless APs on a network may differ You must synchronize the clocks of the Summit WM Controller and the Wireless APs in order for the system to operate properly The synchronization of clocks ensures accuracy in usage logs of the Summit WM Controller The Summit WM Controller provides you the following two options to synchronize the clocks of Summit WM Controller and the Wireless APs e Using the system s time The system s time is the Summit WM Controller s time e Using the network time protocol NTP The Network Time Protocol is a protocol for synchronizing the clocks of computer systems over packet switched data networks Summit WM20 Getting Started Guide Software Version 4 2 Configuring the network time using the system s time To configure the network time using the system s time 1 Login on the Summit WM Controller The Summit WM GUI screen is displayed 2 Click Summit Switch The Summit Switch screen is displayed 3 In the left pane click Network Time The Network Time screen is displayed Extreme Networks Summit WM Series Console m sen a z Home Logs amp Traces Reports Altitude APs WM AD Configuration Summit Spy About LOGOUT System Maintenance Network Time Routing Protocols IP Addresses Port Exception Filters Time Zone Settings Check Point Continent or Ocean Americas he Summit
110. roller IP Address text box type the IP address of the physical port of the secondary Summit WM Controller 9 Select Current Summit WM Controller is primary connection point 10 From the main menu of the secondary Summit WM Controller click Altitude APs The Altitude AP screen is displayed 11 In the Summit WM Controller IP Address type the IP address of the management port or physical port of the primary Summit WM Controller 12 Clear the Current Summit WM Controller is primary connection point checkbox 13 From the main menu of the primary Summit WM Controller click Altitude APs The Altitude AP screen is displayed Summit WM2O Getting Started Guide Software Version 4 2 14 In the Security Mode select one of the security mode options For more information see page 90 15 To save your changes in the primary Summit WM Controller click Save 16 Open the Altitude AP Configuration of the secondary Summit WM Controller 17 In the Security Mode select one of the security mode options For more information see page 90 18 To save your changes in the secondary Summit WM Controller click Save Viewing the Wireless AP availability display The Wireless AP availability display provides the active connection state of an Wireless AP The display depicts the Wireless APs as color coded boxes Green and Red on the screen e Green The Wireless AP is configured on the Summit WM Controller and is currently connected e Red Th
111. rsion 4 2 Probe Response frames By default this option is disabled It is recommended to enable this option 6 From the Wireless APs list select the APs and their radios that you want to assign to the WM AD You can also use the Select APs list to select APs and their radios by grouping All radios Select to assign all of the APs radios a radios Select to assign only the APs a radios b g radios Select to assign only the APs b g radios local APs all radios Select to assign only the local APs local APs a radios Select to assign only the local APs a radios local APs b g radios Select to assign only the local APs b g radios foreign APs all radios Select to assign only the foreign APs foreign APs a radios Select to assign only the foreign APs a radios foreign APs b g radios Select to assign only the foreign APs b g radios clear all selections Select to clear all of the AP radio assignments original selections Select to return to the AP radio selections prior to the most recent save 7 To save your changes click Save You can view the WM ADs that each radio is assigned to by clicking on each radio tab in the WM AD Configuration screen Configuring authentication mechanism for WM AD The Summit WM Controller offers several authentication options The options can be classified under network assignment types SSID and AAA Authentication Authorization and
112. s for a Non authenticated filter on page 82 None authentication does not mean that no authentication will take place Instead the default filter is applied for the authentication For more information see No Captive Portal support on page 79 To configure None authentication 1 From the main menu click WM AD Configuration The WM AD Configuration screen is displayed 2 In the left pane select the SSID WM AD for which you want to configure the authentication mechanism The Topology tab is displayed Click the Auth amp Acct tab Click Configure Captive Portal The Captive Portal Configuration screen is displayed Select the No Captive Portal Support option a oT A Q To save your changes click Save oO dd note In order to control network access of the wireless device users on this WM AD you must define appropriate rules in Default filter The rules in the Default filter should be very restrictive when you use None authentication mechanism You must configure the final rule in the Default filter a deny all rule For more information see Configuring filtering rules for Default filter on page 83 Configuring MAC based authentication MAC based authentication restricts wireless device s access to the network based on its MAC addresses The Summit WM Controller relays the client devices MAC address to a RADIUS server on your network following which the RADIUS server checks the address against a list of allow
113. s to perform a task amp CAUTION Cautionary notes identify essential information which if ignored can adversely affect the operation of your equipment or software WARNING Warning notes identify essential information which if ignored can lead to personal injury or harm Documentation feedback If you have any problems using this document please contact your next level of support e Customers should contact the Extreme Networks Technical Assistance Center When you call please have the following information ready This will help us to identify the document that you are referring to e Title Summit WM20 Getting Started Guide Software Version 4 2 e Part Number 120411 00 Rev 01 Summit WM2O Getting Started Guide Software Version 4 2 gt Summit WM Controller Access Points and Software system This chapter describes the essential concepts of Summit WM Controller Access Points and Software system The topics in this chapter are organized as follows e Conceptual model on page 7 e Collecting information for installation on page 16 Conceptual model The Summit WM Controller Access Points and Software system is an enterprise WLAN solution that consists of the following components e Summit WM Controller WM e Wireless AP e Summit WM Controller Access Points and Software system Summit WM Controller The Summit WM Controller is a high performance server that provides several functions in
114. ss AP A wireless device sends a request for IP address to Wireless AP The Wireless AP forwards the request to the DHCP server DNS Server Summit WM Controller The DHCP server responds by sending the IP address to the Wireless AP The Wireless AP sends the IP address to the wireless device Wireless AP Wireless Wireless Device Device DHCP Server The DHCP relay configuration is done via Summit WM Controller For more information see Creating and configuring a Bridge Traffic Locally at AP WM AD on page 71 Summit WM Controller s physical description This section provides a physical description of the Summit WM Controller Summit WM20 Getting Started Guide Software Version 4 2 Summit WM20 Controller front panel Figure 6 Summit WM20 Controller front panel LAN Ports USB Server Reset Button LEDs Management USB Control Power Switch Summit WM20 Controller data port cabling specification The Summit WM20 Controller s data ports have copper connectors eb NOTE If your infrastructure does not allow the copper connection you must get a Gigabit Media Converter to convert the copper connection to a fibre optic connection For example you can use Netgear GC102 converter that receives the copper connection and outputs traffic via the fibre optic connector Summit WM20 Controller s LEDs The Summit WM20 Controller has four lights on its front panel
115. ssnescupcenssececeecdenseeseepesceseesesuesstensersberss 95 Summit WM2O Getting Started Guide Software Version 4 2 About this Guide The purpose of the Getting Started Guide is to assist you in deploying the Summit WM Wireless LAN WLAN solution by mapping preparation installation and configuration tasks into a logical and efficient flow You can use this guide independently of other documents However if you are looking for detailed information on any aspect of the system s installation configuration or management use this guide in conjunction with the Summit WM20 User Guide This guide is based on the following product families e Summit WM20 Controller Who should use this guide This guide is written for the users of Summit WM Wireless LAN WLAN Solution You must be familiar with computer networking concepts to use this guide What is in this guide This contents in this guide are organized under the following chapters e About this Guide describes the purpose the target audience and the architecture of this guide e Chapter 1 Summit WM Controller Access Points and Software system captures the essential concepts of the solution e Chapter 2 Summit WM Controller configuration explains how to configure the Summit WM Controller s settings in order to make it operational e Chapter 3 Physical ports configuration describes how to configure the Summit WM Controller s physical ports e Chap
116. t WM Controller uses the existing registration record and existing configuration record to authenticate and configure the Wireless AP respectively e Allow only approved Altitude APs to connect m Ifthe Summit WM Controller does not recognize the Wireless AP the Wireless AP s registration record is created in pending state You must manually approve a pending Wireless AP As long as the Wireless AP is in pending state it receives minimum configuration that only allows it to maintain an active link with the Summit WM Controller for future state change For more information see Manually approving pending Wireless APs on page 59 m Ifthe Summit WM Controller recognizes the serial number it uses the existing registration record to authenticate the Wireless AP Following the successful authentication the Wireless AP is configured according to its stored configuration record Summit WM2O Getting Started Guide Software Version 4 2 4 In the Discovery Timers section type the discovery timer values in the following text boxes e Number of retries Limited to 255 in a five minute discovery period The default value is 3 e Default between retries The default value is 1 second 5 To save your changes click Save 6 To initiate the discovery and registration process connect the Wireless AP to a power source The Wireless APs can be connected and powered in the following ways e Power over Ethernet 802 3af m PoE enabled with port
117. t and reboot Halt system shutdown power Apply Now WM Summit WM20 1 days 1 41 1 9 Inthe left pane click IP Addresses The factory default settings for the Summit WM Controller are displayed Extreme Networks Summit WM Series Console a ESftresme Tresen Home Logs amp Traces Reports Altitude APs WM AD Configuration Summit Spy About LOGOUT f System Maintenance Management Port Settings Routing Protocols IP Addresses Hostname WM Management Gateway 192 168 1 1 Port Exception Domain extremenetworks com Primary DNS eier IP Address 192 168 1 21 Secondary DNS Chack FUN Subnet mask 255 255 255 0 Summit Spy Network Time Management Users Software ee ee Enable Port YID IP address Mac Subnet mask Port Func MTU Mgmt SLP ities Web Settings o o z vV esai U 10 10 0 1 00 1A E8 10 01 C9 255 255 255 0 HostPort 1500 Interfaces IP address 10 20 0 1 Function Host Port v Subnet mask 255 255 255 0 MTU 1500 YLAN ID Tagged ID untagged Internal LAN ID 1 Multicast Support Disabled w Save Cancel WM Summit WM20 1 days 6 10 In the Management Port Settings section click Modify The System Port Configuration screen is displayed Summit WM20 Getting Started Guide Software Version 4 2 Extreme Networks Summit WM Series Console F treme 4 System Port Configuration About LO
118. tal MAC based authentication can be used in both SSID network assignment and AAA network type assignment Authentication mechanism for SSID network assignment The SSID network assignment provides the following authentication options e Captive Portal authentication e Internal Captive Portal e External Captive Portal e No Captive Portal Support e MAC based authentication Configuring internal Captive Portal authentication In order to configure the authentication mechanism you must first create and configure a WM AD For more information see the following e WM AD topology overview on page 67 e Creating and configuring a Routed WM AD on page 68 e Creating and configuring a Bridge Traffic Locally at WM WM AD on page 71 Summit WM2O Getting Started Guide Software Version 4 2 To configure internal Captive Portal 1 From the main menu click WM AD Configuration The WM AD Configuration screen is displayed 2 In the left pane select the SSID WM AD for which you want to configure the authentication mechanism The Topology tab is displayed 3 Click the Auth amp Acct tab The Auth amp Acct text boxes are displayed in the right pane The Auth amp Acct tab offers you the following thee options e Auth Defines the authentication servers e MAC Defines the servers for MAC based authentication e Acct Defines the accounting servers Click Auth The authentication text boxes are displayed From the RA
119. te DNS records with the same owner name Add Host Cancel Summit WM20 Getting Started Guide Software Version 4 2 7 Inthe Name text box type the Summit WM Controller s name 8 In the IP address text box type the Summit WM Controller s IP address 9 Select Create associated pointer PTR record checkbox 10 Click Add Host The new host is displayed in the right pane of the screen 11 Quit DNS Now you must configure the Wireless APs via the Summit WM Controller Summit WM20 Getting Started Guide Software Version 4 2 Summit WM2O Getting Started Guide Software Version 4 2 Wireless AP s configuration This chapter describes how to configure and manage the Wireless APs The topics in this chapter are organized as follows Wireless AP overview on page 57 Configuring the Wireless APs for the first time on page 57 Assigning names to Wireless APs on page 60 e Modifying Wireless APs properties on page 60 e Configuring static IP address for Wireless APs on page 61 e Configuring VLAN tags for Wireless APs on page 64 e Wireless AP s LED states on page 65 Wireless AP overview Wireless APs bridge network traffic between wireless devices and the Ethernet LAN The Wireless APs by default do not have a graphical user interface GUI they are configured and managed by the Summit WM GUI In addition you can centrally manage verify and upgrade the Wireless AP fir
120. ter 4 Routing configuration explains how to configure the static and OSPF routings on the Summit WM Controller s physical ports e Chapter 5 Configuring DHCP DNS and IAS services describes how to configure DHCP DNS and IAS services on Windows 2003 Server In addition the chapter explains how to configure DHCP service on a Linux based server e Chapter 6 Wireless AP s configuration explains how to configure and manage the Wireless APs through the Summit WM Controller e Chapter 7 WM AD configuration describes how to create and configure WM AD via the Summit WM Controller e Chapter 8 Availability configuration explains how to configure availability features via the Summit WM Controller Summit WM20 Getting Started Guide Software Version 4 2 Formatting conventions The document uses the following formatting conventions to make it easier to find information and follow procedures e Bold text is used to identify components of the management interface such as menu items and section of pages as well as the names of buttons and text boxes e For example Click Logout e Monospace font is used in code examples and to indicate text that you type e For example Type https lt wM address gt mgmt port gt e The following symbols are used to draw your attention to additional information oO dd note Notes identify useful information that is not essential such as reminders tips or other way
121. tion Summit Spy About LOGOUT 192 168 1 21 P Altitude AP Registration WAP Default 5 B Settings Registration Mode WAP Multi edit Stand alone Client Management Paired Access Approval WAP Maintenance Summit Switch IP Address 0 0 0 0 WAP Registration E Current Summit Switch is primary connection point DRM wm20_1 Security Mode Allow all Altitude APs to connect Allow only approved Altitude APs to connect Discovery Timers Number of retries 3 1 255 Delay between retries 1 1 10 seconds Telnet Access Password Confirm password View SLP Registration WM Summit WM20 1 days 2 30 1 4 In the Registration Mode section click Stand alone In the Security Mode section click Allow only approved Altitude AP to connect From the main menu of the secondary Summit WM Controller click Altitude APs The Altitude AP screen is displayed Repeat Step 3 to Step 5 From the main menu of the primary Summit WM Controller click Altitude APs The Altitude AP screen is displayed Summit WM20 Getting Started Guide Software Version 4 2 9 In the left menu click Access Approval The Access Approval screen is displayed 10 Check the status of every Wireless AP and approve all those that should be connected to the primary Summit WM Controller Oo dd note You must delete all such Wireless APs that are in pending state and you do not intend to appr
122. to access the RADIUS server e Timeout Maximum time for which Summit WM Controller will wait for a response from the RADIUS server before making a re attempt NAS IP Address IP address of the network access server NAS NAS Identifier RADIUS attribute that identifies the server responsible for passing information to the designated servers This is an optional text box e Auth Type Provides four options for the authentication protocol to be used by the RADIUS server to authenticate the wireless device users m PAP Password authentication protocol m CHAP Challenge handshake authentication protocol m MS CHAP Windows specific version of CHAP m MS CHAP Windows specific version of Chap Version 2 e Password Password you want to use for MAC based authentication requests The password is forwarded by the Summit WM Controller to the authentication server If the Password box is left empty the MAC address will act as the default password Toggle between Mask Unmask to view and hide the defined password e Set as primary server To set the RADIUS server as the primary server select Set as the primary server e MAC based authentication on roam check To ensure that the client devices are authorized every time they roam to another AP select MAC based authentication on roam check If you don t select this feature the client devices will be authenticated only at the start of their sessions 9 To save your changes cl
123. tting Started Guide Software Version 4 2 19 Select IP address The Client IP Address window is displayed 20 In the Client IP Address window type the Summit WM Controller s IP address 21 Click OK DNS service configuration The domain name system DNS stores and associates many types of information with domain names but most importantly it translates domain names computer hostnames to IP addresses You must install DNS on Windows 2003 Server according to the documents provided with the server Visit http support microsoft com to learn how to install DNS on Windows 2003 The DNS configuration involves two steps e Step 1 Configuring the DNS for internet access e Step 2 Configuring DNS for Wireless APs discovery Configuring DNS for internet access To configure DNS for internet access 1 Click Start point to All Programs point to Administrative Tools and then click Configure Your Server Wizard 2 Click Next The Summary of Selections window is displayed oO dd note The Summary of Selections window should list the following two items Install DNS and Run the Configure a DNS Wizard to configure DNS If the Summary of Selections window does not list these two items you must e Click Back to return to DNS Server Roles window e Click DNS e Click Next 3 Inthe Summary of Selections window click Next The Select Configuration Action window is displayed When the Configure Your Server wizard installs t
124. twork Each radio on a Wireless AP can participate in up to eight WM ADs via the multi SSID function The WM AD topologies are classified on the basis of the following WM AD types e Routed WM AD The user traffic is tunneled to the Summit WM Controller This is the default set up e Bridge at the APWM AD Bridge Traffic Locally at AP The user traffic is directly bridged with VLAN at the AP s point of access switch port Summit WM20 Getting Started Guide Software Version 4 2 e VLAN bridged WM AD Bridge Traffic Locally at SWM The user traffic is tunneled to the Summit WM Controller and is directly bridged with it to a specific VLAN SSID and AAA determine the WM AD network assignment These network assignments define a framework for carrying out the authentication of the mobile devices Creating a new WM AD involves the following three steps 1 Assigning a name to the proposed WM AD 2 Defining the topology parameters 3 Assigning Wireless AP s radios to WM AD 4 Configuring the WM AD for authentication and privacy Creating and configuring a Routed WM AD The user traffic is tunneled to the Summit WM Controller in Routed WM AD type This is the default set up To create and configure a Routed WM AD type 1 From the main menu click WM AD Configuration The WM AD Configuration screen is displayed Extreme Networks Summit WM Series Console on niet Cg Home Logs am
125. ve transmit You can define the data ports to function as one of the following three types e Host Port You must use a Host Port definition to connect the Access Points with dynamic routing disabled The dynamic routing is disabled to ensure that the port does not participate in dynamic routing operations to advertise the availability of WM Access Domain Services WM AD hosted by the WM Host ports may still be used as the target for static route definitions e Third party AP Port You must use a Third party AP Port definition for a port to which you will be connecting the third party APs The third party APs must be deployed within a segregated network for which the Summit WM Controller becomes the single point of access to the network When you define a port as the third party AP port the interface segregates the third party AP from the remaining network Only one port can be configured for the third party APs e Router Port You must use a Router Port definition for a port that you will be connecting to an upstream next hop router in the network When you define a port as the router port the system knows that the particular interface is eligible to participate in dynamic routing protocol exchanges The Summit WM Controller supports OSPF as the dynamic routing protocol The Summit WM Controller is shipped from the factory with all of its data ports set up as host ports You must set up or configure how each port should function If the
126. version e User is the user id you used to login in For example admin e Port Status is the connectivity state of the port M is for the Management interface which is on ethO and the numbered lights reflect the esa ports on the system Green indicates the interface is active and running Red indicates the interface is down Summit WM2O Getting Started Guide Software Version 4 2 8 From the main menu click Summit Switch The Summit Switch screen is displayed Extreme Networks Summit WM Series Console ieee f Tarnesa Home Logs amp Traces Reports Altitude APs WM AD Configuration Summit Spy About LOGOUT f System Maintenance System Log Level Routing Protocols 1P Addresses Summit Switch Log Level Information K Port Exception Altitude AP Log Level Critical v Filters Er Check Point Health Checking Sumit SY Poll Timer 60 seconds SNMP Network Time Syslog Management Users m g 3 Gufiware el Syslog Server IP Port 514 Maintenance Syslog Server IP Port 514 Utilities O syslog Server IP Port 514 Web Settings m Include all service messages O Include audit messages Facilities Application Logs local O v Service Logs local 3 Audit Logs local 6 Apply System Shutdown Halt system reboot Halt system reset database to factory default and reboot Halt system reset to factory defaul
Download Pdf Manuals
Related Search