Extreme networks Summit wm3000 series User manual

Extreme Networks, Inc.

3585 Monroe Street

Santa Clara, California 95051

(888) 257-3000

(408) 579-2800

http://www.extremenetworks.com

Published: December 2009

Part Number: 100352-00 Rev 01

Summit®WM3000 Series Controller System

Reference Guide, Software Version 4.0

Summit WM3000 Series Controller System Reference Guide2

AccessAdapt, Alpine, Altitude, BlackDiamond, EPICenter, ExtremeWorks Essentials, Ethernet Everywhere, Extreme

Enabled, Extreme Ethernet Everywhere, Extreme Networks, Extreme Standby Router Protocol, Extreme Turbodrive,

Extreme Velocity, ExtremeWare, ExtremeWorks, ExtremeXOS, Go Purple Extreme Solution, ExtremeXOS ScreenPlay,

ReachNXT, Sentriant, ServiceWatch, Summit, SummitStack, Triumph, Unified Access Architecture, Unified Access

RF Manager, UniStack, the Extreme Networks logo, the Alpine logo, the BlackDiamond logo, the Extreme

Turbodrive logo, the Summit logos, and the Powered by ExtremeXOS logo are trademarks or registered trademarks

of Extreme Networks, Inc. or its subsidiaries in the United States and/or other countries.

sFlow is a registered trademark of InMon Corporation.

Specifications are subject to change without notice.

All other registered trademarks, trademarks, and service marks are property of their respective owners.

Summit WM3000 Series Controller System Reference Guide 3

Table of Contents

Chapter 1: About This Guide...................................................................................................................13

Introduction............................................................................................................................................................13

Documentation Set.................................................................................................................................................13

Document Conventions..........................................................................................................................................13

Notational Conventions .........................................................................................................................................14

Chapter 2: Overview .................................................................................................................................15

Hardware Overview...............................................................................................................................................15

Power Protection .....................................................................................................................................15

Cabling Requirements.............................................................................................................................15

Software Overview ................................................................................................................................................16

Infrastructure Features....................................................................................................................................16

Installation Feature..................................................................................................................................17

Licensing Support....................................................................................................................................17

Configuration Management.....................................................................................................................17

Diagnostics..............................................................................................................................................17

Serviceability...........................................................................................................................................18

Tracing / Logging....................................................................................................................................18

Process Monitor.......................................................................................................................................18

Hardware Abstraction Layer and Drivers................................................................................................19

Redundancy.............................................................................................................................................19

Secure Network Time Protocol (SNTP)..................................................................................................19

Wireless Switching.........................................................................................................................................20

Physical Layer Features...........................................................................................................................20

Proxy-ARP ..............................................................................................................................................21

HotSpot / IP Redirect...............................................................................................................................21

IDM (Identity Driven Management) .......................................................................................................21

Voice Prioritization .................................................................................................................................22

Wireless Capacity....................................................................................................................................22

AP Load Balancing..................................................................................................................................22

Wireless Roaming ...................................................................................................................................23

Power Save Polling..................................................................................................................................23

QoS..........................................................................................................................................................23

Wireless Layer 2 Switching.....................................................................................................................24

Automatic Channel Selection..................................................................................................................24

WMM-UPSD...........................................................................................................................................25

Dynamic VLAN Support.........................................................................................................................25

Wired Switching.............................................................................................................................................26

DHCP Servers .........................................................................................................................................26

DHCP User Class Options.......................................................................................................................27

DDNS......................................................................................................................................................27

VLAN Enhancements..............................................................................................................................27

Interface Management.............................................................................................................................27

Management Features.....................................................................................................................................27

Security Features ............................................................................................................................................28

Encryption and Authentication...............................................................................................................28

Table of Contents

Summit WM3000 Series Controller System Reference Guide4

MU Authentication..................................................................................................................................29

Secure Beacon .........................................................................................................................................30

MU to MU Disallow................................................................................................................................30

802.1x Authentication .............................................................................................................................30

WIPS........................................................................................................................................................30

Rogue AP Detection................................................................................................................................31

ACLs........................................................................................................................................................32

Local Radius Server ................................................................................................................................32

IPSec VPN...............................................................................................................................................32

NAT.........................................................................................................................................................33

Certificate Management ..........................................................................................................................33

NAC.........................................................................................................................................................33

Chapter 3: Controller Web UI Access and Image Upgrades ................................................................35

Web UI Requirements ...........................................................................................................................................35

Accessing the Summit WM Controller for the First Time.............................................................................35

Defining Basic Controller Settings.................................................................................................................36

Controller Password Recovery ..............................................................................................................................38

Upgrading the Controller Image............................................................................................................................39

Auto Installation ....................................................................................................................................................39

Configuring Auto Install via the CLI..............................................................................................................40

Chapter 4: Controller Information..........................................................................................................43

Viewing the Controller Interface...........................................................................................................................43

Setting the Controller Country Code..............................................................................................................44

Viewing the Controller Configuration............................................................................................................44

Controller Dashboard Details.........................................................................................................................46

Summit WM3600 Controller Dashboard................................................................................................47

Summit WM3700 Controller Dashboard................................................................................................49

Viewing Controller Statistics..........................................................................................................................51

Viewing Controller Port Information ....................................................................................................................53

Viewing the Port Configuration......................................................................................................................53

Editing the Port Configuration ................................................................................................................55

Viewing the Ports Runtime Status..................................................................................................................57

Reviewing Port Statistics................................................................................................................................57

Detailed Port Statistics ............................................................................................................................59

Viewing the Port Statistics Graph ...........................................................................................................60

Power over Ethernet (PoE).............................................................................................................................61

Editing Port PoE Settings...............................................................................................................................63

Viewing Controller Configurations .......................................................................................................................64

Viewing the Detailed Contents of a Config File ............................................................................................67

Transferring a Config File..............................................................................................................................68

Viewing Controller Firmware Information............................................................................................................69

Editing the Controller Firmware.....................................................................................................................70

Enabling Global Settings for the Image Failover...........................................................................................71

Updating the Controller Firmware..................................................................................................................71

Controller File Management..................................................................................................................................73

Transferring Files............................................................................................................................................73

Transferring a file from Wireless Controller to Wireless Controller ......................................................74

Transferring a file from a Wireless Controller to a Server......................................................................75

Transferring a file from a Server to a Wireless Controller......................................................................76

Table of Contents

Summit WM3000 Series Controller System Reference Guide 5

Viewing Files..................................................................................................................................................77

Configuring Automatic Updates............................................................................................................................78

Viewing the Controller Alarm Log........................................................................................................................81

Viewing Alarm Log Details............................................................................................................................82

Viewing Controller Licenses .................................................................................................................................83

How to use the Filter Option..................................................................................................................................84

Chapter 5: Network Setup........................................................................................................................85

Displaying the Network Interface..........................................................................................................................85

Viewing Network IP Information..........................................................................................................................87

Configuring DNS............................................................................................................................................87

Adding an IP Address for a DNS Server.................................................................................................89

Configuring Global Settings....................................................................................................................89

Configuring IP Forwarding.............................................................................................................................90

Adding a New Static Route.....................................................................................................................91

Viewing Address Resolution..........................................................................................................................93

Viewing and Configuring Layer 2 Virtual LANs..................................................................................................94

Viewing and Configuring VLANs by Port.....................................................................................................94

Editing the Details of an Existing VLAN by Port..........................................................................................95

Viewing and Configuring Ports by VLAN.....................................................................................................96

Configuring Controller Virtual Interfaces .............................................................................................................99

Configuring the Virtual Interface.................................................................................................................100

Adding a Virtual Interface.....................................................................................................................101

Modifying a Virtual Interface................................................................................................................103

Viewing Virtual Interface Statistics..............................................................................................................104

Viewing Virtual Interface Statistics ......................................................................................................106

Viewing the Virtual Interface Statistics Graph .....................................................................................107

Viewing and Configuring Controller WLANs ....................................................................................................109

Configuring WLANs....................................................................................................................................109

Editing the WLAN Configuration.........................................................................................................113

Assigning Multiple VLANs per WLAN ...............................................................................................118

Configuring Authentication Types........................................................................................................119

Configuring Different Encryption Types ..............................................................................................140

Viewing WLAN Statistics............................................................................................................................145

Viewing WLAN Statistics in Detail......................................................................................................147

Viewing WLAN Statistics in a Graphical Format.................................................................................149

Viewing WLAN Controller Statistics ...................................................................................................150

Configuring WMM.......................................................................................................................................152

Editing WMM Settings..........................................................................................................................155

Configuring the NAC Inclusion List ............................................................................................................156

Adding an Include List to a WLAN......................................................................................................158

Configuring Devices on the Include List...............................................................................................158

Mapping Include List Items to WLANs................................................................................................159

Configuring the NAC Exclusion List...........................................................................................................160

Adding an Exclude List to the WLAN..................................................................................................162

Configuring Devices on the Exclude List .............................................................................................162

Mapping Exclude List Items to WLANs...............................................................................................163

NAC Configuration Examples Using the Controller CLI ............................................................................164

Creating an Include List ........................................................................................................................164

Creating an Exclude List.......................................................................................................................165

Configuring the WLAN for NAC..........................................................................................................165

Table of Contents

Summit WM3000 Series Controller System Reference Guide6

Viewing Associated MU Details .........................................................................................................................166

Viewing MU Status ......................................................................................................................................167

Viewing MU Details..............................................................................................................................169

Configuring Mobile Units ............................................................................................................................170

MAC Naming of Mobile Units..............................................................................................................171

Viewing MU Statistics..................................................................................................................................171

Viewing MU Statistics in Detail............................................................................................................173

View a MU Statistics Graph..................................................................................................................174

Viewing Voice Statistics...............................................................................................................................175

Viewing Access Point Information......................................................................................................................176

Configuring Access Point Radios.................................................................................................................177

Configuring an AP Radio’s Global Settings .........................................................................................180

Editing AP Settings ...............................................................................................................................182

Adding APs ...........................................................................................................................................187

Defining the AP Radios Mesh Configuration .......................................................................................188

Viewing AP Statistics...................................................................................................................................189

Viewing AP Statistics in Detail.............................................................................................................191

Viewing AP Statistics in Graphical Format ..........................................................................................193

Configuring WLAN Assignment..................................................................................................................194

Editing a WLAN Assignment ...............................................................................................................194

Configuring WMM.......................................................................................................................................196

Editing WMM Settings..........................................................................................................................197

Configuring Access Point Radio Bandwidth................................................................................................198

Viewing Mesh Statistics...............................................................................................................................198

Voice Statistics .............................................................................................................................................200

Viewing Access Point Adoption Defaults ...........................................................................................................202

Configuring AP Adoption Defaults..............................................................................................................202

Editing Default Access Point Adoption Settings...................................................................................204

Configuring WLAN Assignment..................................................................................................................209

Configuring WMM.......................................................................................................................................210

Editing Access Point Adoption WMM Settings....................................................................................211

Configuring Access Points...................................................................................................................................212

Viewing Adopted Access Points ..................................................................................................................212

Viewing Unadopted Access Points...............................................................................................................214

Configuring AP Firmware............................................................................................................................215

Adding a New AP Firmware Image......................................................................................................216

Editing an Existing AP Firmware Image...............................................................................................217

Multiple Spanning Tree .......................................................................................................................................217

Configuring a Bridge....................................................................................................................................218

Viewing and Configuring Bridge Instance Details.......................................................................................221

Creating a Bridge Instance ....................................................................................................................223

Associating VLANs to a Bridge Instance .............................................................................................223

Configuring a Port ........................................................................................................................................224

Editing a MSTP Port Configuration......................................................................................................226

Viewing and Configuring Port Instance Details...........................................................................................228

Editing a Port Instance Configuration...................................................................................................230

Configuring IGMP Snooping...............................................................................................................................230

IGMP Snooping Configuration ....................................................................................................................231

IGMP Snoop Querier Configuration ............................................................................................................233

Chapter 6: Controller Services...............................................................................................................237

Displaying the Services Interface ........................................................................................................................237

Table of Contents

Summit WM3000 Series Controller System Reference Guide 7

DHCP Server Settings .........................................................................................................................................238

Configuring the Controller DHCP Server ....................................................................................................238

Editing the Properties of an Existing DHCP Pool.................................................................................240

Adding a New DHCP Pool....................................................................................................................241

Configuring DHCP Global Options ......................................................................................................243

Configuring DHCP Server DDNS Values ............................................................................................244

Viewing the Attributes of Existing Host Pools ............................................................................................245

Configuring Excluded IP Address Information............................................................................................247

Configuring the DHCP Server Relay ...........................................................................................................248

Viewing DDNS Bindings.............................................................................................................................250

Viewing DHCP Bindings .............................................................................................................................251

Reviewing DHCP Dynamic Bindings..........................................................................................................252

Configuring the DHCP User Class...............................................................................................................253

Adding a New DHCP User Class..........................................................................................................254

Editing the Properties of an Existing DHCP User Class.......................................................................255

Configuring DHCP Pool Class.....................................................................................................................256

Editing an Existing DHCP Pool Class...................................................................................................257

Adding a New DHCP Pool Class..........................................................................................................258

Configuring Secure NTP .....................................................................................................................................259

Defining the SNTP Configuration................................................................................................................259

Configuring Symmetric Keys.......................................................................................................................261

Defining a NTP Neighbor Configuration.....................................................................................................263

Adding an NTP Neighbor.............................................................................................................................265

Viewing NTP Associations...........................................................................................................................266

Viewing NTP Status.....................................................................................................................................268

Configuring Controller Redundancy and Clustering...........................................................................................270

Configuring Redundancy Settings................................................................................................................272

Reviewing Redundancy Status.....................................................................................................................275

Configuring Redundancy Group Membership .............................................................................................277

Displaying Redundancy Member Details..............................................................................................279

Adding a Redundancy Group Member..................................................................................................281

Redundancy Group License Aggregation Rules...........................................................................................282

Managing Clustering Using the Web UI......................................................................................................283

Layer 3 Mobility..................................................................................................................................................284

Configuring Layer 3 Mobility ......................................................................................................................284

Defining the Layer 3 Peer List......................................................................................................................287

Reviewing Layer 3 Peer List Statistics.........................................................................................................288

Reviewing Layer 3 MU Status .....................................................................................................................290

Configuring Controller Discovery.......................................................................................................................291

Configuring Discovery Profiles....................................................................................................................292

Adding a New Discovery Profile ..........................................................................................................295

Viewing Discovered Controllers ..................................................................................................................296

Locationing..........................................................................................................................................................298

RTLS Overview............................................................................................................................................298

SOLE - Smart Opportunistic Location Engine.............................................................................................298

Defining Site Parameters..............................................................................................................................299

Adding AP Location Information..........................................................................................................301

Configuring SOLE Parameters.....................................................................................................................302

Configuring Aeroscout Parameters...............................................................................................................304

Configuring Ekahau Parameters...................................................................................................................306

Chapter 7: Controller Security...............................................................................................................309

Table of Contents

Summit WM3000 Series Controller System Reference Guide8

Displaying the Main Security Interface...............................................................................................................309

AP Intrusion Detection ........................................................................................................................................310

Enabling and Configuring AP Detection......................................................................................................311

Adding or Editing an Allowed AP ........................................................................................................313

Approved APs...............................................................................................................................................315

Unapproved APs (Reported by APs)............................................................................................................316

Unapproved APs (Reported by MUs)...........................................................................................................317

Configuring Firewalls and Access Control Lists.................................................................................................319

ACL Overview..............................................................................................................................................319

Router ACLs..........................................................................................................................................320

Port ACLs..............................................................................................................................................321

Wireless LAN ACLs .............................................................................................................................322

ACL Actions..........................................................................................................................................322

Precedence Order...................................................................................................................................322

Configuring the Firewall...............................................................................................................................323

Adding a New ACL...............................................................................................................................324

Adding a New ACL Rule ......................................................................................................................325

Editing an Existing Rule........................................................................................................................327

Attaching an ACL on a WLAN Interface/Port.............................................................................................328

Adding or Editing a New ACL WLAN Configuration.........................................................................329

Attaching an ACL Layer 2/Layer 3 Configuration.......................................................................................330

Adding a New ACL Layer 2/Layer 3 Configuration.............................................................................331

Configuring the Role Based Firewall...........................................................................................................332

Creating a Role Based Firewall Rule ....................................................................................................333

Configuring a Role .......................................................................................................................................334

Creating a New Role .............................................................................................................................336

Configuring Wireless Filters.........................................................................................................................338

Editing an Existing Wireless Filter...............................................................................................................340

Adding a new Wireless Filter.......................................................................................................................341

Associating an ACL with a WLAN..............................................................................................................342

L2 Level Attack Detection and Mitigation...................................................................................................343

Port Level Configuration.......................................................................................................................345

Configuring WLAN Firewall Rules .............................................................................................................346

WLAN Level Configuration..................................................................................................................348

Configuring Denial of Service (DoS) Attack Firewall Rules.......................................................................350

Configuring Firewall Logging Options........................................................................................................352

Reviewing Firewall and ACL Statistics .......................................................................................................353

Reviewing ACL Statistics .....................................................................................................................353

Viewing DHCP Snoop Entry Statistics.................................................................................................355

Viewing Role Based Firewall Statistics................................................................................................356

Configuring NAT Information.............................................................................................................................356

Defining Dynamic NAT Translations ..........................................................................................................357

Adding a New Dynamic NAT Configuration .......................................................................................359

Defining Static NAT Translations................................................................................................................360

Adding a New Static NAT Configuration.............................................................................................362

Configuring NAT Interfaces.........................................................................................................................363

Viewing NAT Status.....................................................................................................................................365

Configuring IKE Settings ....................................................................................................................................366

Defining the IKE Configuration...................................................................................................................367

Setting IKE Policies......................................................................................................................................369

Viewing SA Statistics...................................................................................................................................373

Configuring IPSec VPN.......................................................................................................................................374

Table of Contents

Summit WM3000 Series Controller System Reference Guide 9

Defining the IPSec Configuration ................................................................................................................375

Editing an Existing Transform Set........................................................................................................377

Adding a New Transform Set................................................................................................................379

Defining the IPSec VPN Remote Configuration..........................................................................................380

Configuring IPSEC VPN Authentication.....................................................................................................382

Configuring Crypto Maps.............................................................................................................................384

Crypto Map Entries ...............................................................................................................................385

Crypto Map Peers..................................................................................................................................387

Crypto Map Manual SAs.......................................................................................................................389

Crypto Map Transform Sets..................................................................................................................392

Crypto Map Interfaces...........................................................................................................................393

Viewing IPSec Security Associations ..........................................................................................................394

Configuring the Radius Server ............................................................................................................................396

Radius Overview ..........................................................................................................................................396

User Database........................................................................................................................................398

Authentication of Terminal/Management User(s).................................................................................398

Access Policy.........................................................................................................................................398

Proxy to External Radius Server ...........................................................................................................398

LDAP.....................................................................................................................................................398

Accounting ............................................................................................................................................398

Using the Controller’s Radius Server Versus an External Radius ...............................................................398

Defining the Radius Configuration...............................................................................................................399

Radius Client Configuration..................................................................................................................400

Radius Proxy Server Configuration.......................................................................................................401

Configuring Radius Authentication and Accounting ...................................................................................402

Configuring Radius Users.............................................................................................................................404

Configuring Radius User Groups .................................................................................................................407

Viewing Radius Accounting Logs................................................................................................................410

Creating Server Certificates.................................................................................................................................411

Using Trustpoints to Configure Certificates.................................................................................................412

Creating a Server / CA Root Certificate................................................................................................413

Configuring Trustpoint Associated Keys.....................................................................................................419

Adding a New Key................................................................................................................................420

Transferring Keys..................................................................................................................................421

Chapter 8: Controller Management ......................................................................................................423

Displaying the Management Access Interface.....................................................................................................423

Configuring Access Control ................................................................................................................................424

Configuring SNMP Access..................................................................................................................................426

Configuring SNMP v1/v2 Access ................................................................................................................426

Editing an Existing SNMP v1/v2 Community Name............................................................................427

Configuring SNMP v3 Access......................................................................................................................428

Editing a SNMP v3 Authentication and Privacy Password...................................................................430

Setting SNMP Access Message Parameters.................................................................................................430

Accessing SNMP v2/v3 Statistics ................................................................................................................431

Configuring SNMP Traps....................................................................................................................................433

Enabling Trap Configuration........................................................................................................................433

Configuring E-mail Notifications..........................................................................................................435

Configuring Trap Thresholds .......................................................................................................................436

Wireless Trap Threshold Values...........................................................................................................438

Configuring SNMP Trap Receivers.....................................................................................................................439

Editing SNMP Trap Receivers.....................................................................................................................441

Table of Contents

Summit WM3000 Series Controller System Reference Guide10

Adding SNMP Trap Receivers.....................................................................................................................441

Configuring Management Users..........................................................................................................................442

Configuring Local Users...............................................................................................................................442

Creating a New Local User ...................................................................................................................443

Modifying an Existing Local User........................................................................................................445

Creating a Guest Admin and Guest User ..............................................................................................447

Configuring Controller Authentication.........................................................................................................448

Modifying the Properties of an Existing Radius Server........................................................................450

Adding an External Radius Server........................................................................................................452

External Radius Server Settings............................................................................................................453

Chapter 9: Diagnostics............................................................................................................................455

Displaying the Main Diagnostic Interface...........................................................................................................455

Controller Environment................................................................................................................................455

CPU Performance.........................................................................................................................................457

Controller Memory Allocation.....................................................................................................................458

Controller Disk Allocation ...........................................................................................................................459

Controller Memory Processes.......................................................................................................................460

Other Controller Resources ..........................................................................................................................460

Configuring System Logging...............................................................................................................................461

Log Options..................................................................................................................................................461

File Management..........................................................................................................................................463

Viewing the Entire Contents of Individual Log Files ...........................................................................464

Transferring Log Files...........................................................................................................................466

Reviewing Core Snapshots..................................................................................................................................467

Transferring Core Snapshots ........................................................................................................................468

Reviewing Panic Snapshots.................................................................................................................................468

Viewing Panic Details .................................................................................................................................470

Transferring Panic Files................................................................................................................................470

Debugging the Applet..........................................................................................................................................471

Configuring a Ping...............................................................................................................................................472

Modifying the Configuration of an Existing Ping Test................................................................................474

Adding a New Ping Test...............................................................................................................................475

Viewing Ping Statistics.................................................................................................................................476

Appendix A: Customer Support.............................................................................................................479

Registration..........................................................................................................................................................479

Documentation.....................................................................................................................................................479

Appendix B: AP Management from Controller ...................................................................................481

Where to Go From Here...............................................................................................................................481

AP Management ...........................................................................................................................................482

Licensing.......................................................................................................................................................482

Controller Discovery ....................................................................................................................................482

Auto Discovery using DHCP ................................................................................................................482

Securing a Configuration Channel Between Controller and AP..................................................................483

AP WLAN Topology....................................................................................................................................483

Configuration Updates..................................................................................................................................484

Securing Data Tunnels between the Controller and AP...............................................................................484

Managing an AP’s Controller Failure...........................................................................................................484