Extreme Networks Summit WM3000 Series User manual
Extreme Networks, Inc.
3585 Monroe Street
Santa Clara, California 95051
(888) 257-3000
(408) 579-2800
http://www.extremenetworks.com
Published: December 2009
Part Number: 100352-00 Rev 01
Summit®WM3000 Series Controller System
Reference Guide, Software Version 4.0
Summit WM3000 Series Controller System Reference Guide2
AccessAdapt, Alpine, Altitude, BlackDiamond, EPICenter, ExtremeWorks Essentials, Ethernet Everywhere, Extreme
Enabled, Extreme Ethernet Everywhere, Extreme Networks, Extreme Standby Router Protocol, Extreme Turbodrive,
Extreme Velocity, ExtremeWare, ExtremeWorks, ExtremeXOS, Go Purple Extreme Solution, ExtremeXOS ScreenPlay,
ReachNXT, Sentriant, ServiceWatch, Summit, SummitStack, Triumph, Unified Access Architecture, Unified Access
RF Manager, UniStack, the Extreme Networks logo, the Alpine logo, the BlackDiamond logo, the Extreme
Turbodrive logo, the Summit logos, and the Powered by ExtremeXOS logo are trademarks or registered trademarks
of Extreme Networks, Inc. or its subsidiaries in the United States and/or other countries.
sFlow is a registered trademark of InMon Corporation.
Specifications are subject to change without notice.
All other registered trademarks, trademarks, and service marks are property of their respective owners.
© 2009 Extreme Networks, Inc. All Rights Reserved.
Summit WM3000 Series Controller System Reference Guide 3
Table of Contents
Chapter 1: About This Guide...................................................................................................................13
Introduction............................................................................................................................................................13
Documentation Set.................................................................................................................................................13
Document Conventions..........................................................................................................................................13
Notational Conventions .........................................................................................................................................14
Chapter 2: Overview .................................................................................................................................15
Hardware Overview...............................................................................................................................................15
Power Protection .....................................................................................................................................15
Cabling Requirements.............................................................................................................................15
Software Overview ................................................................................................................................................16
Infrastructure Features....................................................................................................................................16
Installation Feature..................................................................................................................................17
Licensing Support....................................................................................................................................17
Configuration Management.....................................................................................................................17
Diagnostics..............................................................................................................................................17
Serviceability...........................................................................................................................................18
Tracing / Logging....................................................................................................................................18
Process Monitor.......................................................................................................................................18
Hardware Abstraction Layer and Drivers................................................................................................19
Redundancy.............................................................................................................................................19
Secure Network Time Protocol (SNTP)..................................................................................................19
Wireless Switching.........................................................................................................................................20
Physical Layer Features...........................................................................................................................20
Proxy-ARP ..............................................................................................................................................21
HotSpot / IP Redirect...............................................................................................................................21
IDM (Identity Driven Management) .......................................................................................................21
Voice Prioritization .................................................................................................................................22
Wireless Capacity....................................................................................................................................22
AP Load Balancing..................................................................................................................................22
Wireless Roaming ...................................................................................................................................23
Power Save Polling..................................................................................................................................23
QoS..........................................................................................................................................................23
Wireless Layer 2 Switching.....................................................................................................................24
Automatic Channel Selection..................................................................................................................24
WMM-UPSD...........................................................................................................................................25
Dynamic VLAN Support.........................................................................................................................25
Wired Switching.............................................................................................................................................26
DHCP Servers .........................................................................................................................................26
DHCP User Class Options.......................................................................................................................27
DDNS......................................................................................................................................................27
VLAN Enhancements..............................................................................................................................27
Interface Management.............................................................................................................................27
Management Features.....................................................................................................................................27
Security Features ............................................................................................................................................28
Encryption and Authentication...............................................................................................................28
Table of Contents
Summit WM3000 Series Controller System Reference Guide4
MU Authentication..................................................................................................................................29
Secure Beacon .........................................................................................................................................30
MU to MU Disallow................................................................................................................................30
802.1x Authentication .............................................................................................................................30
WIPS........................................................................................................................................................30
Rogue AP Detection................................................................................................................................31
ACLs........................................................................................................................................................32
Local Radius Server ................................................................................................................................32
IPSec VPN...............................................................................................................................................32
NAT.........................................................................................................................................................33
Certificate Management ..........................................................................................................................33
NAC.........................................................................................................................................................33
Chapter 3: Controller Web UI Access and Image Upgrades ................................................................35
Web UI Requirements ...........................................................................................................................................35
Accessing the Summit WM Controller for the First Time.............................................................................35
Defining Basic Controller Settings.................................................................................................................36
Controller Password Recovery ..............................................................................................................................38
Upgrading the Controller Image............................................................................................................................39
Auto Installation ....................................................................................................................................................39
Configuring Auto Install via the CLI..............................................................................................................40
Chapter 4: Controller Information..........................................................................................................43
Viewing the Controller Interface...........................................................................................................................43
Setting the Controller Country Code..............................................................................................................44
Viewing the Controller Configuration............................................................................................................44
Controller Dashboard Details.........................................................................................................................46
Summit WM3600 Controller Dashboard................................................................................................47
Summit WM3700 Controller Dashboard................................................................................................49
Viewing Controller Statistics..........................................................................................................................51
Viewing Controller Port Information ....................................................................................................................53
Viewing the Port Configuration......................................................................................................................53
Editing the Port Configuration ................................................................................................................55
Viewing the Ports Runtime Status..................................................................................................................57
Reviewing Port Statistics................................................................................................................................57
Detailed Port Statistics ............................................................................................................................59
Viewing the Port Statistics Graph ...........................................................................................................60
Power over Ethernet (PoE).............................................................................................................................61
Editing Port PoE Settings...............................................................................................................................63
Viewing Controller Configurations .......................................................................................................................64
Viewing the Detailed Contents of a Config File ............................................................................................67
Transferring a Config File..............................................................................................................................68
Viewing Controller Firmware Information............................................................................................................69
Editing the Controller Firmware.....................................................................................................................70
Enabling Global Settings for the Image Failover...........................................................................................71
Updating the Controller Firmware..................................................................................................................71
Controller File Management..................................................................................................................................73
Transferring Files............................................................................................................................................73
Transferring a file from Wireless Controller to Wireless Controller ......................................................74
Transferring a file from a Wireless Controller to a Server......................................................................75
Transferring a file from a Server to a Wireless Controller......................................................................76
Table of Contents
Summit WM3000 Series Controller System Reference Guide 5
Viewing Files..................................................................................................................................................77
Configuring Automatic Updates............................................................................................................................78
Viewing the Controller Alarm Log........................................................................................................................81
Viewing Alarm Log Details............................................................................................................................82
Viewing Controller Licenses .................................................................................................................................83
How to use the Filter Option..................................................................................................................................84
Chapter 5: Network Setup........................................................................................................................85
Displaying the Network Interface..........................................................................................................................85
Viewing Network IP Information..........................................................................................................................87
Configuring DNS............................................................................................................................................87
Adding an IP Address for a DNS Server.................................................................................................89
Configuring Global Settings....................................................................................................................89
Configuring IP Forwarding.............................................................................................................................90
Adding a New Static Route.....................................................................................................................91
Viewing Address Resolution..........................................................................................................................93
Viewing and Configuring Layer 2 Virtual LANs..................................................................................................94
Viewing and Configuring VLANs by Port.....................................................................................................94
Editing the Details of an Existing VLAN by Port..........................................................................................95
Viewing and Configuring Ports by VLAN.....................................................................................................96
Configuring Controller Virtual Interfaces .............................................................................................................99
Configuring the Virtual Interface.................................................................................................................100
Adding a Virtual Interface.....................................................................................................................101
Modifying a Virtual Interface................................................................................................................103
Viewing Virtual Interface Statistics..............................................................................................................104
Viewing Virtual Interface Statistics ......................................................................................................106
Viewing the Virtual Interface Statistics Graph .....................................................................................107
Viewing and Configuring Controller WLANs ....................................................................................................109
Configuring WLANs....................................................................................................................................109
Editing the WLAN Configuration.........................................................................................................113
Assigning Multiple VLANs per WLAN ...............................................................................................118
Configuring Authentication Types........................................................................................................119
Configuring Different Encryption Types ..............................................................................................140
Viewing WLAN Statistics............................................................................................................................145
Viewing WLAN Statistics in Detail......................................................................................................147
Viewing WLAN Statistics in a Graphical Format.................................................................................149
Viewing WLAN Controller Statistics ...................................................................................................150
Configuring WMM.......................................................................................................................................152
Editing WMM Settings..........................................................................................................................155
Configuring the NAC Inclusion List ............................................................................................................156
Adding an Include List to a WLAN......................................................................................................158
Configuring Devices on the Include List...............................................................................................158
Mapping Include List Items to WLANs................................................................................................159
Configuring the NAC Exclusion List...........................................................................................................160
Adding an Exclude List to the WLAN..................................................................................................162
Configuring Devices on the Exclude List .............................................................................................162
Mapping Exclude List Items to WLANs...............................................................................................163
NAC Configuration Examples Using the Controller CLI ............................................................................164
Creating an Include List ........................................................................................................................164
Creating an Exclude List.......................................................................................................................165
Configuring the WLAN for NAC..........................................................................................................165
Table of Contents
Summit WM3000 Series Controller System Reference Guide6
Viewing Associated MU Details .........................................................................................................................166
Viewing MU Status ......................................................................................................................................167
Viewing MU Details..............................................................................................................................169
Configuring Mobile Units ............................................................................................................................170
MAC Naming of Mobile Units..............................................................................................................171
Viewing MU Statistics..................................................................................................................................171
Viewing MU Statistics in Detail............................................................................................................173
View a MU Statistics Graph..................................................................................................................174
Viewing Voice Statistics...............................................................................................................................175
Viewing Access Point Information......................................................................................................................176
Configuring Access Point Radios.................................................................................................................177
Configuring an AP Radio’s Global Settings .........................................................................................180
Editing AP Settings ...............................................................................................................................182
Adding APs ...........................................................................................................................................187
Defining the AP Radios Mesh Configuration .......................................................................................188
Viewing AP Statistics...................................................................................................................................189
Viewing AP Statistics in Detail.............................................................................................................191
Viewing AP Statistics in Graphical Format ..........................................................................................193
Configuring WLAN Assignment..................................................................................................................194
Editing a WLAN Assignment ...............................................................................................................194
Configuring WMM.......................................................................................................................................196
Editing WMM Settings..........................................................................................................................197
Configuring Access Point Radio Bandwidth................................................................................................198
Viewing Mesh Statistics...............................................................................................................................198
Voice Statistics .............................................................................................................................................200
Viewing Access Point Adoption Defaults ...........................................................................................................202
Configuring AP Adoption Defaults..............................................................................................................202
Editing Default Access Point Adoption Settings...................................................................................204
Configuring WLAN Assignment..................................................................................................................209
Configuring WMM.......................................................................................................................................210
Editing Access Point Adoption WMM Settings....................................................................................211
Configuring Access Points...................................................................................................................................212
Viewing Adopted Access Points ..................................................................................................................212
Viewing Unadopted Access Points...............................................................................................................214
Configuring AP Firmware............................................................................................................................215
Adding a New AP Firmware Image......................................................................................................216
Editing an Existing AP Firmware Image...............................................................................................217
Multiple Spanning Tree .......................................................................................................................................217
Configuring a Bridge....................................................................................................................................218
Viewing and Configuring Bridge Instance Details.......................................................................................221
Creating a Bridge Instance ....................................................................................................................223
Associating VLANs to a Bridge Instance .............................................................................................223
Configuring a Port ........................................................................................................................................224
Editing a MSTP Port Configuration......................................................................................................226
Viewing and Configuring Port Instance Details...........................................................................................228
Editing a Port Instance Configuration...................................................................................................230
Configuring IGMP Snooping...............................................................................................................................230
IGMP Snooping Configuration ....................................................................................................................231
IGMP Snoop Querier Configuration ............................................................................................................233
Chapter 6: Controller Services...............................................................................................................237
Displaying the Services Interface ........................................................................................................................237
Table of Contents
Summit WM3000 Series Controller System Reference Guide 7
DHCP Server Settings .........................................................................................................................................238
Configuring the Controller DHCP Server ....................................................................................................238
Editing the Properties of an Existing DHCP Pool.................................................................................240
Adding a New DHCP Pool....................................................................................................................241
Configuring DHCP Global Options ......................................................................................................243
Configuring DHCP Server DDNS Values ............................................................................................244
Viewing the Attributes of Existing Host Pools ............................................................................................245
Configuring Excluded IP Address Information............................................................................................247
Configuring the DHCP Server Relay ...........................................................................................................248
Viewing DDNS Bindings.............................................................................................................................250
Viewing DHCP Bindings .............................................................................................................................251
Reviewing DHCP Dynamic Bindings..........................................................................................................252
Configuring the DHCP User Class...............................................................................................................253
Adding a New DHCP User Class..........................................................................................................254
Editing the Properties of an Existing DHCP User Class.......................................................................255
Configuring DHCP Pool Class.....................................................................................................................256
Editing an Existing DHCP Pool Class...................................................................................................257
Adding a New DHCP Pool Class..........................................................................................................258
Configuring Secure NTP .....................................................................................................................................259
Defining the SNTP Configuration................................................................................................................259
Configuring Symmetric Keys.......................................................................................................................261
Defining a NTP Neighbor Configuration.....................................................................................................263
Adding an NTP Neighbor.............................................................................................................................265
Viewing NTP Associations...........................................................................................................................266
Viewing NTP Status.....................................................................................................................................268
Configuring Controller Redundancy and Clustering...........................................................................................270
Configuring Redundancy Settings................................................................................................................272
Reviewing Redundancy Status.....................................................................................................................275
Configuring Redundancy Group Membership .............................................................................................277
Displaying Redundancy Member Details..............................................................................................279
Adding a Redundancy Group Member..................................................................................................281
Redundancy Group License Aggregation Rules...........................................................................................282
Managing Clustering Using the Web UI......................................................................................................283
Layer 3 Mobility..................................................................................................................................................284
Configuring Layer 3 Mobility ......................................................................................................................284
Defining the Layer 3 Peer List......................................................................................................................287
Reviewing Layer 3 Peer List Statistics.........................................................................................................288
Reviewing Layer 3 MU Status .....................................................................................................................290
Configuring Controller Discovery.......................................................................................................................291
Configuring Discovery Profiles....................................................................................................................292
Adding a New Discovery Profile ..........................................................................................................295
Viewing Discovered Controllers ..................................................................................................................296
Locationing..........................................................................................................................................................298
RTLS Overview............................................................................................................................................298
SOLE - Smart Opportunistic Location Engine.............................................................................................298
Defining Site Parameters..............................................................................................................................299
Adding AP Location Information..........................................................................................................301
Configuring SOLE Parameters.....................................................................................................................302
Configuring Aeroscout Parameters...............................................................................................................304
Configuring Ekahau Parameters...................................................................................................................306
Chapter 7: Controller Security...............................................................................................................309
Table of Contents
Summit WM3000 Series Controller System Reference Guide8
Displaying the Main Security Interface...............................................................................................................309
AP Intrusion Detection ........................................................................................................................................310
Enabling and Configuring AP Detection......................................................................................................311
Adding or Editing an Allowed AP ........................................................................................................313
Approved APs...............................................................................................................................................315
Unapproved APs (Reported by APs)............................................................................................................316
Unapproved APs (Reported by MUs)...........................................................................................................317
Configuring Firewalls and Access Control Lists.................................................................................................319
ACL Overview..............................................................................................................................................319
Router ACLs..........................................................................................................................................320
Port ACLs..............................................................................................................................................321
Wireless LAN ACLs .............................................................................................................................322
ACL Actions..........................................................................................................................................322
Precedence Order...................................................................................................................................322
Configuring the Firewall...............................................................................................................................323
Adding a New ACL...............................................................................................................................324
Adding a New ACL Rule ......................................................................................................................325
Editing an Existing Rule........................................................................................................................327
Attaching an ACL on a WLAN Interface/Port.............................................................................................328
Adding or Editing a New ACL WLAN Configuration.........................................................................329
Attaching an ACL Layer 2/Layer 3 Configuration.......................................................................................330
Adding a New ACL Layer 2/Layer 3 Configuration.............................................................................331
Configuring the Role Based Firewall...........................................................................................................332
Creating a Role Based Firewall Rule ....................................................................................................333
Configuring a Role .......................................................................................................................................334
Creating a New Role .............................................................................................................................336
Configuring Wireless Filters.........................................................................................................................338
Editing an Existing Wireless Filter...............................................................................................................340
Adding a new Wireless Filter.......................................................................................................................341
Associating an ACL with a WLAN..............................................................................................................342
L2 Level Attack Detection and Mitigation...................................................................................................343
Port Level Configuration.......................................................................................................................345
Configuring WLAN Firewall Rules .............................................................................................................346
WLAN Level Configuration..................................................................................................................348
Configuring Denial of Service (DoS) Attack Firewall Rules.......................................................................350
Configuring Firewall Logging Options........................................................................................................352
Reviewing Firewall and ACL Statistics .......................................................................................................353
Reviewing ACL Statistics .....................................................................................................................353
Viewing DHCP Snoop Entry Statistics.................................................................................................355
Viewing Role Based Firewall Statistics................................................................................................356
Configuring NAT Information.............................................................................................................................356
Defining Dynamic NAT Translations ..........................................................................................................357
Adding a New Dynamic NAT Configuration .......................................................................................359
Defining Static NAT Translations................................................................................................................360
Adding a New Static NAT Configuration.............................................................................................362
Configuring NAT Interfaces.........................................................................................................................363
Viewing NAT Status.....................................................................................................................................365
Configuring IKE Settings ....................................................................................................................................366
Defining the IKE Configuration...................................................................................................................367
Setting IKE Policies......................................................................................................................................369
Viewing SA Statistics...................................................................................................................................373
Configuring IPSec VPN.......................................................................................................................................374
Table of Contents
Summit WM3000 Series Controller System Reference Guide 9
Defining the IPSec Configuration ................................................................................................................375
Editing an Existing Transform Set........................................................................................................377
Adding a New Transform Set................................................................................................................379
Defining the IPSec VPN Remote Configuration..........................................................................................380
Configuring IPSEC VPN Authentication.....................................................................................................382
Configuring Crypto Maps.............................................................................................................................384
Crypto Map Entries ...............................................................................................................................385
Crypto Map Peers..................................................................................................................................387
Crypto Map Manual SAs.......................................................................................................................389
Crypto Map Transform Sets..................................................................................................................392
Crypto Map Interfaces...........................................................................................................................393
Viewing IPSec Security Associations ..........................................................................................................394
Configuring the Radius Server ............................................................................................................................396
Radius Overview ..........................................................................................................................................396
User Database........................................................................................................................................398
Authentication of Terminal/Management User(s).................................................................................398
Access Policy.........................................................................................................................................398
Proxy to External Radius Server ...........................................................................................................398
LDAP.....................................................................................................................................................398
Accounting ............................................................................................................................................398
Using the Controller’s Radius Server Versus an External Radius ...............................................................398
Defining the Radius Configuration...............................................................................................................399
Radius Client Configuration..................................................................................................................400
Radius Proxy Server Configuration.......................................................................................................401
Configuring Radius Authentication and Accounting ...................................................................................402
Configuring Radius Users.............................................................................................................................404
Configuring Radius User Groups .................................................................................................................407
Viewing Radius Accounting Logs................................................................................................................410
Creating Server Certificates.................................................................................................................................411
Using Trustpoints to Configure Certificates.................................................................................................412
Creating a Server / CA Root Certificate................................................................................................413
Configuring Trustpoint Associated Keys.....................................................................................................419
Adding a New Key................................................................................................................................420
Transferring Keys..................................................................................................................................421
Chapter 8: Controller Management ......................................................................................................423
Displaying the Management Access Interface.....................................................................................................423
Configuring Access Control ................................................................................................................................424
Configuring SNMP Access..................................................................................................................................426
Configuring SNMP v1/v2 Access ................................................................................................................426
Editing an Existing SNMP v1/v2 Community Name............................................................................427
Configuring SNMP v3 Access......................................................................................................................428
Editing a SNMP v3 Authentication and Privacy Password...................................................................430
Setting SNMP Access Message Parameters.................................................................................................430
Accessing SNMP v2/v3 Statistics ................................................................................................................431
Configuring SNMP Traps....................................................................................................................................433
Enabling Trap Configuration........................................................................................................................433
Configuring E-mail Notifications..........................................................................................................435
Configuring Trap Thresholds .......................................................................................................................436
Wireless Trap Threshold Values...........................................................................................................438
Configuring SNMP Trap Receivers.....................................................................................................................439
Editing SNMP Trap Receivers.....................................................................................................................441
Table of Contents
Summit WM3000 Series Controller System Reference Guide10
Adding SNMP Trap Receivers.....................................................................................................................441
Configuring Management Users..........................................................................................................................442
Configuring Local Users...............................................................................................................................442
Creating a New Local User ...................................................................................................................443
Modifying an Existing Local User........................................................................................................445
Creating a Guest Admin and Guest User ..............................................................................................447
Configuring Controller Authentication.........................................................................................................448
Modifying the Properties of an Existing Radius Server........................................................................450
Adding an External Radius Server........................................................................................................452
External Radius Server Settings............................................................................................................453
Chapter 9: Diagnostics............................................................................................................................455
Displaying the Main Diagnostic Interface...........................................................................................................455
Controller Environment................................................................................................................................455
CPU Performance.........................................................................................................................................457
Controller Memory Allocation.....................................................................................................................458
Controller Disk Allocation ...........................................................................................................................459
Controller Memory Processes.......................................................................................................................460
Other Controller Resources ..........................................................................................................................460
Configuring System Logging...............................................................................................................................461
Log Options..................................................................................................................................................461
File Management..........................................................................................................................................463
Viewing the Entire Contents of Individual Log Files ...........................................................................464
Transferring Log Files...........................................................................................................................466
Reviewing Core Snapshots..................................................................................................................................467
Transferring Core Snapshots ........................................................................................................................468
Reviewing Panic Snapshots.................................................................................................................................468
Viewing Panic Details .................................................................................................................................470
Transferring Panic Files................................................................................................................................470
Debugging the Applet..........................................................................................................................................471
Configuring a Ping...............................................................................................................................................472
Modifying the Configuration of an Existing Ping Test................................................................................474
Adding a New Ping Test...............................................................................................................................475
Viewing Ping Statistics.................................................................................................................................476
Appendix A: Customer Support.............................................................................................................479
Registration..........................................................................................................................................................479
Documentation.....................................................................................................................................................479
Appendix B: AP Management from Controller ...................................................................................481
Where to Go From Here...............................................................................................................................481
AP Management ...........................................................................................................................................482
Licensing.......................................................................................................................................................482
Controller Discovery ....................................................................................................................................482
Auto Discovery using DHCP ................................................................................................................482
Securing a Configuration Channel Between Controller and AP..................................................................483
AP WLAN Topology....................................................................................................................................483
Configuration Updates..................................................................................................................................484
Securing Data Tunnels between the Controller and AP...............................................................................484
Managing an AP’s Controller Failure...........................................................................................................484
If a new controller is located, the AP synchronizes its configuration with the located controller once adopted.
Table of Contents
Summit WM3000 Series Controller System Reference Guide 11
If Remote Site Survivability (RSS) is disabled, the independent WLAN is also disabled in the event of a con-
troller failure.................................................................................................................................................484
Remote Site Survivability (RSS)..................................................................................................................484
Mesh Support................................................................................................................................................485
AP Radius Proxy Support.............................................................................................................................485
Supported AP Topologies....................................................................................................................................486
Topology Deployment Considerations.........................................................................................................486
Extended WLANs Only................................................................................................................................487
Independent WLANs Only...........................................................................................................................487
Extended WLANs with Independent WLANs.............................................................................................487
Extended VLAN on Mesh Networking........................................................................................................487
How the AP Receives its Configuration..............................................................................................................488
AP Adoption Pre-requisites..........................................................................................................................488
Configuring the AP for Adoption by the Controller.....................................................................................488
Configuring the Controller for AP Adoption................................................................................................489
Establishing Controller Managed AP Connectivity.............................................................................................489
AP Configuration..........................................................................................................................................489
Adopting an AP Using a Configuration File.........................................................................................489
Adopting an AP Using DHCP Options.................................................................................................490
Controller Configuration ..............................................................................................................................490
AP Deployment Considerations ...................................................................................................................493
Sample Controller Configuration File for IPSec and Independent WLAN..................................................494
Appendix C: Troubleshooting Information ..........................................................................................499
General Troubleshooting .....................................................................................................................................499
Wireless Controller Issues............................................................................................................................499
Controller Does Not Boot Up................................................................................................................499
Controller Does Not Obtain an IP Address through DHCP..................................................................500
Unable to Connect to the Controller using Telnet or SSH....................................................................500
Web UI is Sluggish, Does Not Refresh Properly, or Does Not Respond..............................................501
Console Port is Not Responding............................................................................................................501
Access Point Issues.......................................................................................................................................502
Access Points are Not Adopted.............................................................................................................502
Access Points are Not Responding........................................................................................................502
Sensor Port frequently goes up and down.............................................................................................503
Mobile Unit Issues........................................................................................................................................503
Access Point Adopted, but MU is Not Being Associated.....................................................................503
MUs Cannot Associate and/or Authenticate with Access Points..........................................................503
Poor Voice Quality Issues.....................................................................................................................504
Miscellaneous Issues ....................................................................................................................................504
Excessive Fragmented Data or Excessive Broadcast............................................................................504
Excessive Memory Leak .......................................................................................................................504
System Logging Mechanism ........................................................................................................................505
Troubleshooting SNMP Issues ............................................................................................................................505
MIB Browser not able to contact the agent..................................................................................................505
Not able to SNMP WALK for a GET ..........................................................................................................505
MIB not visible in the MIB browser.............................................................................................................506
SNMP SETs not working .............................................................................................................................506
Not receiving SNMP traps............................................................................................................................506
Additional Configuration..............................................................................................................................506
Security Issues .....................................................................................................................................................506
Controller Password Recovery.....................................................................................................................506
Table of Contents
Summit WM3000 Series Controller System Reference Guide12
RADIUS Troubleshooting............................................................................................................................507
Radius Server does not start upon enable..............................................................................................507
Radius Server does not reply to my requests.........................................................................................508
Radius Server is rejecting the user ........................................................................................................508
Time of Restriction configured does not work......................................................................................508
Authentication fails at exchange of certificates.....................................................................................508
When using another Summit WM3700 (controller 2) as RADIUS server, access is rejected..............508
Authentication using LDAP fails..........................................................................................................508
VPN Authentication using onboard RADIUS server fails....................................................................509
Accounting does not work with external RADIUS Accounting server ................................................509
Troubleshooting RADIUS Accounting Issues..............................................................................................509
Rogue AP Detection Troubleshooting.................................................................................................................509
Troubleshooting Firewall Configuration Issues ..................................................................................................510
A Wired Host (Host-1) or Wireless Host (Host-2) on the untrusted side is not able to connect to the Wired
Host (Host-3) on the trusted side..................................................................................................................510
A wired Host (Host-1) on the trusted side is not able to connect to a Wireless Host (Host-2) or Wired Host
(Host-3) on the untrusted side.......................................................................................................................511
Disabling of telnet, ftp and web traffic from hosts on the untrusted side does not work......................511
How to block the request from host on untrusted to host on trusted side based on packet classification...
511
Summit WM3000 Series Controller System Reference Guide 13
1About This Guide
Introduction
This guide provides information about using the following Extreme Networks®wireless LAN
controllers:
●Summit®WM3600 wireless LAN controller
●Summit WM3700 wireless LAN controller
NOTE
Screens and windows pictured in this guide are samples and can differ from actual screens.
Documentation Set
The documentation set for the Extreme Networks wireless LAN controllers is partitioned into the
following guides to provide information for specific user needs.
●Installation Guides - Each controller has a unique Installation Guide which describes the basic
hardware setup and configuration required to transition to more advanced configuration of the
controllers.
●Summit WM3000 Series Controller System Reference Guide - Describes configuration of the Extreme
Networks Summit Wireless LAN Controllers using the Web UI.
●Summit WM3000 Series Controller CLI Reference Guide - Describes the Command Line Interface (CLI)
and Management Information Base (MIB) commands used to configure the Extreme Networks Summit
Wireless LAN Controllers.
Document Conventions
The following conventions are used in this document to draw your attention to important information:
NOTE
Indicate tips or special requirements.
CAUTION
Indicates conditions that can cause equipment damage or data loss.
About This Guide
Summit WM3000 Series Controller System Reference Guide14
WARNING!
Indicates a condition or procedure that could result in personal injury or equipment damage.
Notational Conventions
The following additional notational conventions are used in this document:
●Italics are used to highlight the following:
●Chapters and sections in this and related documents
●Dialog box, window and screen names
●Drop-down list and list box names
●Check box and radio button names
●Icons on a screen.
●GUI text is used to highlight the following:
●Screen names
●Menu items
●Button names on a screen.
●bullets (•) indicate:
●Action items
●Lists of alternatives
●Lists of required steps that are not necessarily sequential
●Sequential lists (e.g., those that describe step-by-step procedures) appear as numbered lists.
Summit WM3000 Series Controller System Reference Guide 15
2Overview
An Extreme Networks wireless LAN controller is a centralized management solution for wireless
networking. The wireless data to and from wireless client devices can be locally bridged at the AP and/
or tunneled to the controller. System configuration and intelligence for the wireless network resides
with the controller once an AP is adopted and connects to an Extreme Networks Summit WM3600 or
Summit WM3700 wireless LAN controller and receives its configuration.
Access point configuration is managed by the controller through a Web UI Graphical User Interface (GUI),
SNMP or the controller Command Line Interface (CLI).
NOTE
The discussion of the controller Web UI within this guide is presented generically, making it equally relevant to both
the Summit WM3600 and Summit WM3700 controller platforms. However, some subtle differences do exist
between these baselines. These differences are noted within the specific GUI elements impacted. When these
differences are noted, the options available to each controller baseline are described in detail.
Hardware Overview
The Summit WM3600 and Summit WM3700 are rack-mountable devices that manage all inbound and
outbound traffic on the wireless network. They provide security, network service and system
management applications.
Access points are 48V Power-over-Ethernet devices. The Altitude 3510 AP is powered by standard
802.3af POE source. The Altitude 3550 outdoor AP must by powered by a special Extreme Networks
POE injector (Power Tap). the AP receives configurations from the controller once it is adopted. The AP
firmware upgrade may be accomplished centrally from the controller or locally at the AP.
Power Protection
To best protect the controller from unexpected power surges or other power-related problems, ensure
the controller installation meets the following guidelines:
●If possible, use a dedicated circuit to protect data processing equipment. Commercial electrical contractors
are familiar with wiring for data processing equipment and can help with the load balancing of
dedicated circuits.
●Install surge protection. Use a surge protection device between the electricity source and the controller.
●Install an Uninterruptible Power Supply (UPS). A UPS provides continuous power during a power
outage. Some UPS devices have integral surge protection. UPS equipment requires periodic
maintenance to ensure reliability.
Cabling Requirements
A minimum of one category 6 Ethernet cables (not supplied) is required to connect the controller to the
LAN. The cable(s) are used with the Ethernet ports on the front panel of the controller.
Overview
Summit WM3000 Series Controller System Reference Guide16
NOTE
A category 5 Ethernet cable will work with the controller, but it is not recommended because it does not provide the
gigabit support the controller optimally requires.
NOTE
Extreme Networks recommends connecting via the Management Ethernet (ME) interface to better ensure secure and
easy controller management. The ME interface is connected to the management VLAN, and is therefore separate
from production VLANs.
NOTE
On the Summit WM3600, the Uplink (UP) port is the preferred method of connecting the controller to the network.
The Uplink port has its own dedicated 1Gbps connection which is unaffected by internal traffic across the GE ports.
The console cable included with the controller connects the controller to a computer running a serial
terminal emulator program to access the controller’s Command Line Interface (CLI) for initial
configuration. An initial configuration is described within the Installation Guide shipped with each
controller.
Software Overview
The controller includes a robust set of features. The features are listed and described in the following
sections:
●Infrastructure Features on page 16
●Wireless Switching on page 20
●Wired Switching on page 26
●Management Features on page 27
●Security Features on page 28
NOTE
The Extreme Networks Wireless LAN Controller Wireless Management Suite (WMS) is a recommended utility to plan
the deployment of the controller and view its configuration once operational in the field. Extreme Networks WMS can
help optimize the positioning and configuration of a controller in respect to a WLAN’s Mobile Unit (MU) throughput
requirements and can help detect rogue devices. For more information, refer to the Extreme Networks documentation
website at: http://www.extremenetworks.com/go/documentation.
Infrastructure Features
The controller includes the following Infrastructure features:
●Installation Feature
●Licensing Support
●Configuration Management
Summit WM3000 Series Controller System Reference Guide 17
●Diagnostics
●Serviceability
●Tracing / Logging
●Process Monitor
●Hardware Abstraction Layer and Drivers
●Redundancy
●Secure Network Time Protocol (SNTP)
Installation Feature
The upgrade/downgrade of the controller can be performed using one of the following methods:
●Web UI
●DHCP
●CLI
●SNMP
●Patches
The controller has sufficient non-volatile memory to store two firmware images. Having a second
firmware image provides a backup in case of failure of the primary image. It also allows for testing of
new firmware on a controller with the ability to easily revert to a previous image.
Licensing Support
The following licensing information is utilized when upgrading the controller:
●The maximum numbers of AP licenses a controller can adopt is dependant on the number purchased
Configuration Management
The controller supports the redundant storage of configuration files to protect against corruption during
a write operation and ensure (at any given time) a valid configuration file exists. If writing the
configuration file fails, it is rolled back and a pre-write file is used.
Text Based Configuration
The configuration is stored a in human readable format (as a set of CLI commands).
Diagnostics
The following diagnostics are available:
1In-service Diagnostics – In-service diagnostics provide a range of automatic health monitoring features
ensuring both the system hardware and software are in working order. In-service-diagnostics
Overview
Summit WM3000 Series Controller System Reference Guide18
continuously monitor available physical characteristics (as detailed below) and issue log messages
when warning or error thresholds are reached. There are three types of in-service diagnostics:
●Hardware – Ethernet ports, chip failures, system temperature via the temperature sensors
provided by the hardware, etc.
●Software – CPU load, memory usage, etc.
●Environmental – CPU and air temperature, fans speed, etc.
2Out-of-service Diagnostics – Out-of-service diagnostics are a set of intrusive tests run from the user
interface. Out-of-service diagnostics cannot be run while the controller is in operation. Intrusive tests
include:
●Ethernet loopback tests
●RAM tests, Real Time Clock tests, etc.
3Manufacturing Diagnostics – Manufacturing diagnostics are a set of diagnostics used by
manufacturing to inspect quality of hardware.
Serviceability
A special set of Service CLI commands are available to provide additional troubleshooting capabilities
for service personnel (access to Linux services, panic logs, etc.). Only authorized users or service
personnel are provided access to the Service CLI. Contact Extreme Networks support at
https://esupport.extremenetworks.com for information on accessing the controller’s service CLI.
A built-in Packet Sniffer enables service personnel and users to capture incoming and outgoing packets
in a buffer.
The controller also collects statistics for RF activity, Ethernet port activity etc. RF statistics include
roaming stats, packet counters, octets tx/rx, signal, noise SNR, retry, and information for each MU.
Tracing / Logging
Log messages are well-defined and documented system messages with various destinations. They are
numbered and referenced by ID. Each severity level group, can be configured separately to go to either
the serial console, telnet interface, log file or remote syslog server.
Trace messages are more free-form and are used mainly by support personnel for tracking problems.
They are enabled or disabled via CLI commands. Trace messages can go to a log file, the serial console,
or the current tty.
Log and trace messages are interleaved in the same log file, so chronological order is preserved. Log
and trace messages from different processes are similarly interleaved in the same file for the same
reason.
Log message format is similar to the format used by syslog messages (RFC 3164). Log messages include
message severity, source (facility), the time the message was generated and a textual message describing
the situation triggering the event. For more information on using the controller logging functionality,
see “Configuring System Logging” on page 461.
Process Monitor
The controller Process Monitor checks to ensure processes under its control are up and running. Each
monitored process sends periodic heartbeat messages. A process that is down (due to a software crash
Summit WM3000 Series Controller System Reference Guide 19
or stuck in an endless loop) is detected when its heartbeat is not received. Such a process is terminated
(if still running) and restarted (if configured) by the Process Monitor.
Hardware Abstraction Layer and Drivers
The Hardware Abstraction Layer (HAL) provides an abstraction library with an interface hiding
hardware/platform specific data. Drivers include platform specific components such as Ethernet, Flash
Memory storage and thermal sensors.
Redundancy
Using the controller redundancy, up to 12 controllers can be configured in a redundancy group or
cluster (and provide group monitoring). In the event of a controller failure, an existing cluster member
assumes control. Therefore, the controller supported network is always up and running even if a
controller fails or is removed for maintenance or a software upgrade.
The following redundancy features are supported:
●Up to 12 controller redundancy members are supported in a single group. Each member is capable
of tracking statistics for the entire group in addition to their own.
●Each redundancy group is capable of supporting an Active/Active configuration responsible for
group load sharing.
●Members within the same redundancy group can be deployed across different subnets.
●APs are load balanced across members of the group.
●Licenses are aggregated across the group. When a new member joins the group, the new member
can leverage the Access Point adoption license(s) of existing members.
●Each member of the redundancy group (including the reporting controller) is capable of displaying
cluster performance statistics for all members in addition to their own.
●Centralized redundancy group management using the controller CLI.
For more information on configuring the controller for redundancy support, see
“Configuring Controller Redundancy and Clustering” on page 270.
Secure Network Time Protocol (SNTP)
Secure Network Time Protocol (SNTP) manages time and/or network clock synchronization within the
controller managed network. SNTP is a client/server implementation. The controller (a SNTP client)
periodically synchronizes its clock with a master clock (an NTP server). For example, the controller
resets its clock to 07:04:59 upon reading a time of 07:04:59 from its designated NTP server. Time
synchronization is recommended for the controller’s network operations. The following holds true:
●The controller can be configured to provide NTP services to NTP clients.
●The controller can provide NTP support for user authentication.
●Secure Network Time Protocol (SNTP) clients can be configured to synchronize controller time with an
external NTP server.
For information on configuring the controller to support SNTP, see “Configuring Secure NTP” on
page 259.
Overview
Summit WM3000 Series Controller System Reference Guide20
Wireless Switching
The controller includes the following wireless switching features:
●Physical Layer Features
●Proxy-ARP
●HotSpot / IP Redirect
●IDM (Identity Driven Management)
●Voice P rior itizatio n
●Wireless Capacity
●AP Load Balancing
●Wireless Roaming
●Power Save Polling
●QoS
●Wireless Layer 2 Switching
●Automatic Channel Selection
●WMM-UPSD
●Dynamic VLAN Support
Physical Layer Features
802.11a
●DFS Radar Avoidance – Dynamic Frequency Selection (DFS) is mandatory for WLAN equipment
intended to operate in the frequency bands 5150 MHz to 5350 MHz and 5470 MHz to 5725 MHz
when in countries of the EU.
The purpose of DFS is:
●Detect interference from other systems and avoid co-channeling with those systems (most notably
radar systems).
●Provide uniform spectrum loading across all devices.
This feature is enabled automatically when the country code indicates that DFS is required for at
least one of the frequency bands that are allowed in the country.
●TPC – Tr a n sm i t P o we r C o n t ro l (TPC) meets the regulatory requirement for maximum power and
mitigation for each channel. TPC functionality is enabled automatically for every AP that operates
on the channel.
802.11bg
●Dual mode b/g protection – (Effective Radiated Power) ERP builds on the payload data rates of 1 and 2
Mbit/s that use direct-sequence spread spectrum (DSSS) modulation and builds on the payload data
rates of 1, 2, 5.5, and 11 Mbit/s, that use DSSS, complementary code keying (CCK), and optional
packet binary convolutional coding (PBCC) modulations. ERP provides additional payload data rates
of 6, 9, 12, 18, 24, 36, 48, and 54 Mbit/s. The transmission and reception capability for 1, 2, 5.5, 11, 6,
12, and 24 Mbit/s data rates is mandatory.
Two additional optional ERP-PBCC modulation modes with payload data rates of 22 and 33 Mbit/s
are defined. An ERP-PBCC station may implement 22 Mbit/s alone or 22 and 33 Mbit/s. An optional
modulation mode (known as DSSS-OFDM) is also incorporated with payload data rates of 6, 9, 12,
18, 24, 36, 48, and 54 Mbit/s.
This manual suits for next models
2
Table of contents
Other Extreme Networks Controllers manuals
Extreme Networks
Extreme Networks Summit WM20 User manual
Extreme Networks
Extreme Networks Summit WM200 User manual
Extreme Networks
Extreme Networks Summit WM3700 User manual
Extreme Networks
Extreme Networks ExtremeCloud E3125 User manual
Extreme Networks
Extreme Networks Campus Controller E2122 User manual
