Siemens Scalance w1750d ui Instruction sheet

SIMATIC NET

SCALANCE W1750D UI

Configuration Manual

C79000

-G8976-C451-02

About this guide

Security recommendations

About SCALANCE W

Setting up an AP

Automatic Retrieval of

Configuration

SCALANCE W User

Interface

Initial Configuration Tasks

Customizing AP Settings

VLAN Configuration

IPv6 Support

Wireless Network Profiles

Wired Profiles

Captive Portal for Guest

Access

Authentication and User

Management

Roles and Policies

DHCP Configuration

Configuring Time-Based

Services

Continued on next page

Siemens AG

Division Process Industries and Drives

Postfach 48 48

90026 NÜRNBERG

DEUTSCHLAND

C79000-G8976-C451-02

Ⓟ

02/2018 Änderungen vorbehalten

SCALANCE W1750D UI

Configuration Manual

Continued

Dynamic DNS Registration

VPN Configuration

AP-VPN Deployment

Adaptive Radio Management

Deep Packet Inspection and

Application Visibility

Voice and Video

Services

AP Management and

Monitoring

Uplink Configuration

Intrusion Detection

Mesh AP Configuration

Mobility and Client

Management

Spectrum Monitor

AP Maintenance

Monitoring Devices and Logs

Hotspot Profiles

ClearPass Guest Setup

AP-VPN Deployment

Scenarios

Appendix

Siemens AG

Division Process Industries and Drives

Postfach 48 48

90026 NÜRNBERG

GERMANY

C79000-G8976-C451-02

Ⓟ

021/2018 Subject to change

Legal information

Warning notice system

This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent

damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert

symbol, notices referring only to property damage have no safety alert symbol. These notices shown below are

graded according to the degree of danger.

DANGER

indicates that death or severe personal injury will result if proper precautions are not taken.

WARNING

indicates that death or severe personal injury

may

result if proper precautions are not taken.

CAUTION

indicates that minor personal injury can result if proper precautions are not taken.

NOTICE

indicates that property damage can result if proper precautions are not taken.

If more than one degree of danger is present, the warning notice representing the highest degree of danger will

be used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to

property damage.

Qualified Personnel

The product/system described in this documentation may be operated only by

personnel qualified

for the specific

task in accordance with the relevant documentation, in particular its warning notices and safety instructions.

Qualified personnel are those who, based on their training and experience, are capable of identifying risks and

avoiding potential hazards when working with these products/systems.

Proper use of Siemens products

Note the following:

WARNING

Siemens products may only be used for the applications described in the catalog and in the relevant technical

documentation. If products and components from other manufacturers are used, these must be recommended

or approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and

maintenance are required to ensure that the products operate safely and without any problems. The permissible

ambient conditions must be complied with. The information in the relevant documentation must be observed.

Trademarks

All names identified by ® are registered trademarks of Siemens AG. The remaining trademarks in this publication

may be trademarks whose use by third parties for their own purposes could violate the rights of the owner.

Disclaimer of Liability

We have reviewed the contents of this publication to ensure consistency with the hardware and software

described. Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the

information in this publication is reviewed regularly and any necessary corrections are included in subsequent

editions.

SCALANCE W1750D UI

Configuration Manual, , C79000-G8976-C451-02 5

Table of contents

1 About this guide .................................................................................................................................... 19

2 Security recommendations.................................................................................................................... 21

3 About SCALANCE W ............................................................................................................................ 25

3.1 Overview .................................................................................................................................25

3.2 SCALANCE W UI....................................................................................................................26

3.3 SCALANCE W CLI..................................................................................................................27

4 Setting up an AP................................................................................................................................... 29

4.1 Setting up an SCALANCE W Network....................................................................................29

4.1.1 Connecting an AP...................................................................................................................29

4.1.2 Assigning an IP address to the AP .........................................................................................30

4.2 Provisioning an AP..................................................................................................................31

4.2.1 Zero Touch Provisioning of APs .............................................................................................31

4.2.2 Provisioning APs through Airwave..........................................................................................33

4.3 Logging in to the SCALANCE W UI........................................................................................34

4.4 Accessing the SCALANCE W CLI ..........................................................................................36

5 Automatic Retrieval of Configuration ..................................................................................................... 41

5.1 Managed Mode Operations ....................................................................................................41

5.2 Configuration Managed Mode Parameters.............................................................................42

5.3 Verifying the Configuration .....................................................................................................44

6 SCALANCE W User Interface ............................................................................................................... 45

6.1 Login Screen...........................................................................................................................45

6.2 Main Window ..........................................................................................................................47

6.2.1 Tabs ........................................................................................................................................49

6.2.1.1 Network Tab............................................................................................................................49

6.2.1.2 Access Points Tab ..................................................................................................................50

6.2.1.3 Clients Tab..............................................................................................................................51

6.2.2 Links........................................................................................................................................52

6.2.2.1 New Version Available............................................................................................................52

6.2.2.2 System ....................................................................................................................................53

6.2.2.3 RF ...........................................................................................................................................54

6.2.2.4 Security ...................................................................................................................................54

6.2.2.5 Maintenance ...........................................................................................................................55

6.2.2.6 More ........................................................................................................................................56

6.2.2.7 Help.........................................................................................................................................61

6.2.2.8 Logout .....................................................................................................................................61

6.2.2.9 Monitoring ...............................................................................................................................61

6.2.2.10 Client Match ............................................................................................................................72

6.2.2.11 AppRF .....................................................................................................................................73

Table of contents

SCALANCE W1750D UI

6Configuration Manual, , C79000-G8976-C451-02

6.2.2.12 Spectrum................................................................................................................................ 73

6.2.2.13 Alerts ...................................................................................................................................... 74

6.2.2.14 IDS ......................................................................................................................................... 78

6.2.2.15 AirGroup................................................................................................................................. 79

6.2.2.16 Configuration.......................................................................................................................... 79

6.2.2.17 Airwave Setup ........................................................................................................................ 80

6.2.2.18 Pause/Resume....................................................................................................................... 80

6.2.3 Views...................................................................................................................................... 80

7 Initial Configuration Tasks..................................................................................................................... 81

7.1 Configuring System Parameters ............................................................................................ 81

7.2 Changing Password............................................................................................................... 87

8 Customizing AP Settings....................................................................................................................... 89

8.1 Modifying the AP Host Name................................................................................................. 89

8.2 Configuring Zone Settings on an AP ..................................................................................... 90

8.3 Specifying a Method for obtaining IP Address....................................................................... 91

8.4 Configuring Radio Profiles for an AP ..................................................................................... 92

8.5 Configuring Uplink VLAN for an AP ....................................................................................... 94

8.6 Changing USB Port Status .................................................................................................... 95

8.7 Master Election and Virtual Controller ................................................................................... 96

8.8 Adding an AP to the Network................................................................................................. 98

8.9 Removing an AP from the Network........................................................................................ 99

9 VLAN Configuration .............................................................................................................................101

9.1 VLAN Pooling....................................................................................................................... 101

9.2 Uplink VLAN Monitoring and Detection on Upstream Devices............................................ 101

10 IPv6 Support........................................................................................................................................103

10.1 IPv6 Notation........................................................................................................................ 103

10.2 Enabling IPv6 Support for AP Configuration........................................................................ 104

10.3 Firewall Support for IPv6...................................................................................................... 106

10.4 Debugging Commands ........................................................................................................ 107

11 Wireless Network Profiles ....................................................................................................................109

11.1 Configuring Wireless Network Profiles ................................................................................ 109

11.1.1 Configuring WLAN Settings for an SSID Profile .................................................................. 110

11.1.2 Configuring VLAN Settings for a WLAN SSID Profile.......................................................... 117

11.1.3 Configuring Security Settings for a WLAN SSID Profile ...................................................... 120

11.1.4 Configuring Access Rules for a WLAN SSID Profile ........................................................... 131

11.1.5 Configuring Per-AP SSID and Per-AP-VLAN Settings on a Wireless Profile...................... 134

11.2 Configuring Fast Roaming for Wireless Clients ................................................................... 135

11.2.1 Opportunistic Key Caching .................................................................................................. 135

11.2.2 Fast BSS Transition (802.11r Roaming).............................................................................. 137

11.2.3 Radio Resource Management (802.11k)............................................................................. 138

Table of contents

SCALANCE W1750D UI

Configuration Manual, , C79000-G8976-C451-02 7

11.2.4 BSS Transition Management (802.11v)................................................................................141

11.3 Configuring Modulation Rates on a WLAN SSID .................................................................142

11.4 Multi-User-MIMO...................................................................................................................143

11.5 Management Frame Protection ............................................................................................144

11.6 Disabling Short Preamble for Wireless Client.......................................................................144

11.7 Editing Status of a WLAN SSID Profile.................................................................................145

11.8 Deleting a WLAN SSID Profile..............................................................................................145

12 Wired Profiles ..................................................................................................................................... 147

12.1 Configuring a Wired Profile...................................................................................................147

12.1.1 Configuring Wired Settings ...................................................................................................147

12.1.2 Configuring VLAN for a Wired Profile ...................................................................................149

12.1.3 Configuring Security Settings for a Wired Profile .................................................................151

12.1.4 Configuring Access Rules for a Wired Profile.......................................................................153

12.2 Assigning a Profile to Ethernet Ports ....................................................................................155

12.3 Editing a Wired Profile ..........................................................................................................156

12.4 Deleting a Wired Profile ........................................................................................................156

12.5 Link Aggregation Control Protocol ........................................................................................156

12.5.1 Enabling Port-Channel on a Switch ......................................................................................157

12.5.2 Enabling Static LACP Configuration.....................................................................................158

12.6 Understanding Hierarchical Deployment ..............................................................................159

13 Captive Portal for Guest Access.......................................................................................................... 161

13.1 Understanding Captive Portal...............................................................................................161

13.1.1 Types of Captive Portal.........................................................................................................161

13.1.2 Walled Garden ......................................................................................................................162

13.2 Configuring a WLAN SSID for Guest Access .......................................................................163

13.3 Configuring Wired Profile for Guest Access .........................................................................170

13.4 Configuring Internal Captive Portal for Guest Network.........................................................172

13.5 Configuring External Captive Portal for Guest Network .......................................................176

13.5.1 External Captive Portal Profiles ............................................................................................176

13.5.2 Creating a Captive Portal Profile ..........................................................................................176

13.5.3 Configuring an SSID or Wired Profile to Use External Captive Portal Authentication..........178

13.5.4 External Captive Portal Redirect Parameters.......................................................................181

13.5.5 Configuring External Captive Portal Authentication Using ClearPass Guest.......................181

13.6 Configuring Facebook Login.................................................................................................184

13.6.1 Setting up a Facebook Page ................................................................................................184

13.6.2 Configuring an SSID .............................................................................................................184

13.6.3 Configuring the Facebook Portal Page.................................................................................185

13.6.4 Accessing the Portal Page....................................................................................................186

13.7 Configuring Guest Logon Role and Access Rules for Guest Users .....................................187

13.8 Configuring Captive Portal Roles for an SSID......................................................................190

13.9 Configuring Walled Garden Access......................................................................................194

Table of contents

SCALANCE W1750D UI

8Configuration Manual, , C79000-G8976-C451-02

13.9.1 Disabling Captive Portal Authentication............................................................................... 195

14 Authentication and User Management..................................................................................................197

14.1 Managing AP Users ............................................................................................................. 197

14.1.1 Configuring AP Users .......................................................................................................... 198

14.1.2 Configuring Authentication Parameters for Management Users ......................................... 200

14.1.3 Adding Guest Users through the Guest Management Interface.......................................... 202

14.2 Supported Authentication Methods...................................................................................... 203

14.3 Supported EAP Authentication Frameworks ....................................................................... 205

14.4 Configuring Authentication Servers ..................................................................................... 206

14.4.1 Supported Authentication Servers ....................................................................................... 206

14.4.2 TACACS Servers ................................................................................................................. 208

14.4.3 Configuring an External Server for Authentication............................................................... 209

14.4.4 Enabling RADIUS Communication over TLS....................................................................... 214

14.4.5 Configuring Dynamic RADIUS Proxy Parameters ............................................................... 216

14.4.6 Associate Server Profiles to a Network Profile .................................................................... 218

14.5 Understanding Encryption Types......................................................................................... 220

14.6 Configuring Authentication Survivability .............................................................................. 222

14.7 Configuring 802.1X Authentication for a Network Profile .................................................... 224

14.8 Enabling 802.1X Supplicant Support ................................................................................... 227

14.9 Configuring MAC Authentication for a Network Profile........................................................ 229

14.10 Configuring MAC Authentication with Captive Portal Authentication................................... 231

14.11 Configuring WISPr Authentication ....................................................................................... 233

14.12 Blacklisting Clients ............................................................................................................... 235

14.13 Uploading Certificate............................................................................................................ 238

15 Roles and Policies ...............................................................................................................................243

15.1 Firewall Policies ................................................................................................................... 243

15.1.1 Access Control List Rules .................................................................................................... 243

15.1.2 Configuring ACL Rules for Network Services ...................................................................... 244

15.1.3 Configuring Network Address Translation Rules ................................................................. 247

15.1.4 Configuring ALG Protocols .................................................................................................. 250

15.1.5 Configuring Firewall Settings for Protection from ARP Attacks ........................................... 251

15.1.6 Configuring Firewall Settings to Disable Auto Topology Rules ........................................... 253

15.1.7 Managing Inbound Traffic .................................................................................................... 254

15.2 Content Filtering................................................................................................................... 260

15.3 Configuring User Roles........................................................................................................ 266

15.4 Configuring Derivation Rules ............................................................................................... 270

15.4.1 Understanding Role Assignment Rule................................................................................. 270

15.4.2 Creating a Role Derivation Rule .......................................................................................... 271

15.4.3 Understanding VLAN Assignment ....................................................................................... 273

15.4.4 Configuring VLAN Derivation Rules..................................................................................... 275

15.5 Using Advanced Expressions in Role and VLAN Derivation Rules..................................... 277

15.6 Configuring a User Role for VLAN Derivation...................................................................... 279

Table of contents

SCALANCE W1750D UI

Configuration Manual, , C79000-G8976-C451-02 9

16 DHCP Configuration............................................................................................................................ 281

16.1 Configuring DHCP Scopes ...................................................................................................281

16.1.1 Configuring Local DHCP Scopes..........................................................................................281

16.1.2 Configuring Distributed DHCP Scopes .................................................................................284

16.1.3 Configuring Centralized DHCP Scopes ................................................................................288

16.2 Configuring the Default DHCP Scope for Client IP Assignment...........................................291

17 Configuring Time-Based Services ....................................................................................................... 295

17.1 Time Range Profiles .............................................................................................................295

17.2 Configuring a Time Range Profile.........................................................................................296

17.3 Applying a Time Range Profile to a WLAN SSID .................................................................297

17.4 Verifying the Configuration ...................................................................................................298

18 Dynamic DNS Registration.................................................................................................................. 299

18.1 Enabling Dynamic DNS ........................................................................................................299

18.2 Configuring Dynamic DNS Updates for Clients ....................................................................301

18.3 Verifying the Configuration ...................................................................................................302

19 VPN Configuration .............................................................................................................................. 303

19.1 Understanding VPN Features...............................................................................................303

19.2 Configuring a Tunnel from an AP to a Mobility Controller ....................................................305

19.2.1 Configuring an IPsec Tunnel ................................................................................................305

19.2.2 Configuring an L2-GRE Tunnel ............................................................................................308

19.2.3 Configuring an L2TPv3 Tunnel .............................................................................................313

19.3 Configuring Routing Profiles .................................................................................................323

20 AP-VPN Deployment........................................................................................................................... 327

20.1 Understanding AP-VPN Architecture....................................................................................327

20.2 Configuring AP and Controller for AP-VPN Operations........................................................331

20.2.1 Configuring an AP Network for AP-VPN Operations ............................................................331

20.2.2 Configuring a Controller for AP-VPN Operations .................................................................334

21 Adaptive Radio Management .............................................................................................................. 341

21.1 ARM Overview ......................................................................................................................341

21.2 Configuring ARM Features on an AP ...................................................................................343

21.2.1 Band Steering .......................................................................................................................343

21.2.2 Airtime Fairness Mode ..........................................................................................................343

21.2.3 Client Match ..........................................................................................................................344

21.2.4 Access Point Control.............................................................................................................347

21.2.5 Verifying ARM Configuration ................................................................................................348

21.3 Configuring Radio Settings ...................................................................................................351

22 Deep Packet Inspection and Application Visibility ................................................................................ 357

22.1 Deep Packet Inspection........................................................................................................357

22.2 Enabling Application Visibility ...............................................................................................358

Table of contents

SCALANCE W1750D UI

10 Configuration Manual, , C79000-G8976-C451-02

22.3 Application Visibility ............................................................................................................. 359

22.4 Enabling URL Visibility......................................................................................................... 366

22.5 Configuring ACL Rules for Application and Application Categories .................................... 367

22.6 Configuring Web Policy Enforcement Service ..................................................................... 371

23 Voice and Video...................................................................................................................................375

23.1 Wi-Fi Multimedia Traffic Management ................................................................................. 376

23.2 Media Classification for Voice and Video Calls ................................................................... 380

23.3 Enabling Enhanced Voice Call Tracking.............................................................................. 382

24 Services...............................................................................................................................................383

24.1 Configuring AirGroup ........................................................................................................... 383

24.1.1 Multicast DNS and Bonjour® Services ................................................................................ 384

24.1.2 DLNA UPnP Support ........................................................................................................... 385

24.1.3 AirGroup Features ............................................................................................................... 386

24.1.4 AirGroup Components ......................................................................................................... 388

24.1.5 Configuring AirGroup and AirGroup Services on an AP...................................................... 389

24.1.6 Configuring AirGroup and ClearPass Policy Manager Interface in SCALANCE W............. 393

24.2 Configuring an AP for RTLS Support................................................................................... 395

24.3 Configuring an AP for Analytics and Location Engine Support ........................................... 397

24.4 Managing BLE Beacons ...................................................................................................... 400

24.5 Configuring OpenDNS Credentials ...................................................................................... 402

24.6 Integrating an AP with Palo Alto Networks Firewall............................................................. 403

24.7 Integrating an AP with an XML API Interface ...................................................................... 406

24.8 CALEA Integration and Lawful Intercept Compliance.......................................................... 409

25 AP Management and Monitoring ..........................................................................................................417

25.1 Managing an AP from AirWave............................................................................................ 417

25.2 Configuring Organization String........................................................................................... 421

25.3 Alternate Method for Defining Vendor Specific DHCP Options ........................................... 424

26 Uplink Configuration.............................................................................................................................425

26.1 Uplink Interfaces .................................................................................................................. 425

26.2 Ethernet Uplink..................................................................................................................... 426

26.3 Cellular Uplink ...................................................................................................................... 429

26.4 Wi-Fi Uplink.......................................................................................................................... 431

26.5 Uplink Preferences and Switching ....................................................................................... 434

26.5.1 Enforcing Uplinks ................................................................................................................. 434

26.5.2 Setting an Uplink Priority...................................................................................................... 435

26.5.3 Enabling Uplink Preemption................................................................................................. 435

26.5.4 Switching Uplinks Based on VPN and Internet Availability.................................................. 436

26.5.5 Viewing Uplink Status and Configuration............................................................................. 438

27 Intrusion Detection ...............................................................................................................................441

Table of contents

SCALANCE W1750D UI

Configuration Manual, , C79000-G8976-C451-02 11

27.1 Detecting and Classifying Rouge APs..................................................................................441

27.2 OS Fingerprinting..................................................................................................................442

27.3 Configuring Wireless Intrusion Protection and Detection Levels..........................................443

27.4 Configuring IDS.....................................................................................................................448

28 Mesh AP Configuration ....................................................................................................................... 451

28.1 Mesh Network Overview.......................................................................................................451

28.2 Setting up SCALANCE W Mesh Network.............................................................................453

28.3 Configuring Wired Bridging on Ethernet 0 for Mesh Point....................................................454

29 Mobility and Client Management ......................................................................................................... 455

29.1 Layer-3 Mobility Overview ....................................................................................................455

29.2 Configuring L3-Mobility .........................................................................................................457

30 Spectrum Monitor................................................................................................................................ 461

30.1 Understanding Spectrum Data .............................................................................................461

30.2 Configuring Spectrum Monitors and Hybrid APs ..................................................................467

31 AP Maintenance.................................................................................................................................. 471

31.1 Upgrading an AP...................................................................................................................471

31.2 Backing up and Restoring AP Configuration Data................................................................473

31.3 Converting an AP to a Remote AP and Campus AP............................................................474

31.4 Resetting a Remote AP or Campus AP to an AP.................................................................478

31.5 Rebooting the AP..................................................................................................................479

32 Monitoring Devices and Logs .............................................................................................................. 481

32.1 Configuring SNMP ................................................................................................................481

32.2 Configuring a Syslog Server .................................................................................................486

32.3 Configuring TFTP Dump Server ...........................................................................................489

32.4 Running Debug Commands .................................................................................................490

32.5 Uplink Bandwidth Monitoring ................................................................................................495

33 Hotspot Profiles .................................................................................................................................. 497

33.1 Understanding Hotspot Profiles ............................................................................................497

33.2 Configuring Hotspot Profiles .................................................................................................500

33.2.1 Creating Advertisement Profiles for Hotspot Configuration ..................................................500

33.2.2 Creating a Hotspot Profile.....................................................................................................509

33.2.3 Associating an Advertisement Profile to a Hotspot Profile ...................................................511

33.2.4 Creating a WLAN SSID and Associating Hotspot Profile .....................................................512

33.3 Sample Configuration ...........................................................................................................514

34 ClearPass Guest Setup....................................................................................................................... 519

34.1 Configuring ClearPass Guest ...............................................................................................519

Table of contents

SCALANCE W1750D UI

12 Configuration Manual, , C79000-G8976-C451-02

34.2 Verifying ClearPass Guest Setup ........................................................................................ 526

34.3 Troubleshooting ................................................................................................................... 527

35 AP-VPN Deployment Scenarios ...........................................................................................................529

35.1 Scenario 1 - IPsec: Single Datacenter Deployment with No Redundancy .......................... 530

35.2 Scenario 2 - IPsec: Single Datacenter with Multiple controllers for Redundancy................ 535

35.3 Scenario 3 - IPsec: Multiple Datacenter Deployment with Primary and Backup

Controllers for Redundancy ................................................................................................. 541

35.4 Scenario 4 - GRE: Single Datacenter Deployment with No Redundancy ........................... 547

A Appendix .............................................................................................................................................553

A.1 Terms ................................................................................................................................... 553

A.2 Acronyms and Abbreviations ............................................................................................... 556

A.3 Glossary ............................................................................................................................... 566

Tables

Table 1- 1 Typographical Conventions..........................................................................................................19

Table 5- 1 Managed Mode Commands.........................................................................................................42

Table 6- 1 Types of Alerts .............................................................................................................................75

Table 6- 2 Types of Alerts .............................................................................................................................76

Table 7- 1 System Parameters......................................................................................................................81

Table 13- 1 External Captive Portal Redirect Parameters ............................................................................181

Table 14- 1 User Privileges ...........................................................................................................................197

Table 14- 2 WPA and WPA-2 Features ........................................................................................................220

Table 14- 3 Recommended Authentication and Encryption Combinations...................................................221

Table 15- 1 Regular Expressions ..................................................................................................................277

Table 16- 1

DHCP Relay and Option 82 ......................................................................................................289

Table 19- 1 VPN Protocols............................................................................................................................304

Table 20- 1 AP-VPN Scalability.....................................................................................................................327

Table 20- 2 DHCP Scope and VPN Forwarding Modes Matrix.....................................................................330

Table 20- 3 Branch Details............................................................................................................................339

Table 23- 1 WMM AC to 802.1p Priority Mapping.........................................................................................376

Table 23- 2

WMM AC-DSCP Mapping.........................................................................................................377

Table 23- 3 SNMP Trap Details for VoIP Calls .............................................................................................382

Table 24- 1 SCALANCE W, ClearPass Policy Manager, and ClearPass Guest Requirements...................388

Table 24- 2 AirGroup Filtering Options..........................................................................................................389

Table 24- 3 XML API Command ...................................................................................................................407

Table 24- 4 XML API Command Options ......................................................................................................408

Table of contents

SCALANCE W1750D UI

Configuration Manual, , C79000-G8976-C451-02 13

Table 30- 1 Device Summary and Channel Information ...............................................................................462

Table 30- 2 Non-Wi-Fi Interferer Types ........................................................................................................463

Table 30- 3 Channel Details Information.......................................................................................................464

Table 30- 4 Channel Metrics .........................................................................................................................466

Table 32- 1 SNMP Parameters for AP ..........................................................................................................481

Table 33- 1

NAI Realm Profile Configuration Parameters ...........................................................................502

Table 33- 2 Venue Types ..............................................................................................................................503

Table 33- 3

Hotspot Profile Configuration Parameters ................................................................................510

Table 33- 4 Advertisement Profile Association Parameters..........................................................................512

Table 34- 1 Troubleshooting .........................................................................................................................527

Table 35- 1 AP Configuration for Scenario 1—IPsec: Single Datacenter Deployment with No

Redundancy...............................................................................................................................532

Table 35- 2

AP Configuration for Scenario 2—IPsec: Single Datacenter with Multiple controllers for

Redundancy...............................................................................................................................537

Table 35- 3 AP Configuration for Scenario 3—IPsec: Multiple Datacenter Deployment ..............................543

Figures

Figure 4-1 Login Screen................................................................................................................................34

Figure 6-1 Connectivity Summary .................................................................................................................45

Figure 6-2 SCALANCE W Main Window.......................................................................................................47

Figure 6-3

VPN Window for IPsec Configuration

..........................................................................................56

Figure 6-4

IDS Window: Intrusion Detection

.................................................................................................57

Figure 6-5

IDS Window: Intrusion Protection

................................................................................................57

Figure 6-6

Wired Window

..............................................................................................................................58

Figure 6-7

Services Window: Default View

...................................................................................................59

Figure 6-8

DHCP Servers Window

................................................................................................................60

Figure 6-9

RF Dashboard in the Monitoring Pane

........................................................................................64

Figure 6-10

RF Trends for Access Point

.........................................................................................................66

Figure 6-11

RF Trends for Clients

...................................................................................................................66

Figure 6-12

Usage Trends Graphs in the Default View

..................................................................................68

Figure 6-13

Client Distribution on AP Radio

....................................................................................................72

Figure 6-14 Channel Availability Map for Clients ............................................................................................72

Figure 6-15

Alerts Link

....................................................................................................................................74

Figure 6-16 Client Alerts..................................................................................................................................75

Table of contents

SCALANCE W1750D UI

14 Configuration Manual, , C79000-G8976-C451-02

Figure 6-17 Active Faults.................................................................................................................................76

Figure 6-18 Fault History .................................................................................................................................76

Figure 6-19 Intrusion Detection .......................................................................................................................78

Figure 6-20 AirGroup Link ...............................................................................................................................79

Figure 6-21 Configuration Link ........................................................................................................................79

Figure 8-1 AP Settings - Provisioning Master AP..........................................................................................97

Figure 9-1 Uplink VLAN Detection...............................................................................................................101

Figure 11-1 WLAN Settings Tab....................................................................................................................110

Figure 11-2 VLAN Tab...................................................................................................................................117

Figure 11-3 Security Tab: Enterprise.............................................................................................................121

Figure 11-4 Security Tab: Personal...............................................................................................................122

Figure 11-5 Security Tab: Open ....................................................................................................................123

Figure 12-1 Hierarchical Deployment............................................................................................................160

Figure 13-1 Captive Portal Rule for Internal Splash Page Type ...................................................................191

Figure 13-2 Captive Portal Rule for External Splash Page Type ..................................................................191

Figure 14-1 Adding a User ............................................................................................................................199

Figure 14-2 Configuring WISPr Authentication .............................................................................................233

Figure 14-3 Loading Certificate through AirWave .........................................................................................240

Figure 14-4 Server Certificate .......................................................................................................................240

Figure 14-5 Selecting the Group ...................................................................................................................241

Figure 15-1 Firewall Settings - ALG Protocols ..............................................................................................250

Figure 15-2 Firewall Settings - Protection Against Wired Attacks.................................................................251

Figure 15-3 Inbound Firewall Rules - New Rule Window..............................................................................255

Figure 15-4 Firewall Settings -Management Subnets ..................................................................................258

Figure 15-5 Roles - New Rule .......................................................................................................................262

Figure 15-6 Configuring RADIUS Attributes on the RADIUS Server ............................................................274

Figure 15-7 VLAN Assignment Rule Window................................................................................................275

Figure 16-1 New DHCP Scope: Distributed DHCP Mode .............................................................................285

Figure 16-2 DHCP Servers Window..............................................................................................................292

Figure 19-1 IPsec Configuration....................................................................................................................306

Figure 19-2 Manual GRE Configuration ........................................................................................................309

Figure 19-3 Aruba GRE Configuration ..........................................................................................................312

Figure 19-4 L2TPv3 Tunneling ......................................................................................................................314

Figure 19-5 Tunnel Configuration..................................................................................................................315

Figure 19-6 Session Configuration ................................................................................................................316

Figure 19-7 Tunneling— Routing ..................................................................................................................323

Table of contents

SCALANCE W1750D UI

Configuration Manual, , C79000-G8976-C451-02 15

Figure 22-1 AppRF Dashboard .....................................................................................................................359

Figure 22-2 Application Categories Chart: Client View .................................................................................360

Figure 22-3 Application Categories List: Client View ....................................................................................360

Figure 22-4 Application Categories Chart: AP View .....................................................................................361

Figure 22-5 Applications Chart: Client View..................................................................................................361

Figure 22-6 Applications List: Client View .....................................................................................................362

Figure 22-7 Application Chart: Access Point View........................................................................................362

Figure 22-8 Web Categories Chart: Client View ...........................................................................................363

Figure 22-9 Web Categories List: Client View...............................................................................................363

Figure 22-10 Web Categories Chart: Access Point View................................................................................364

Figure 22-11 Web Reputation Chart: Client View ...........................................................................................364

Figure 22-12 Web Reputation List: Client View..............................................................................................365

Figure 22-13 Web Reputation Chart: AP View................................................................................................365

Figure 22-14 Web Policy Enforcement...........................................................................................................371

Figure 24-1 AirGroup Enables Personal Device Sharing..............................................................................384

Figure 24-2 Bonjour Services and AirGroup Architecture .............................................................................385

Figure 24-3 DLNA UPnP Services and AirGroup Architecture .....................................................................386

Figure 24-4 AirGroup in a Higher-Education Environment............................................................................387

Figure 24-5 AirGroup Configuration ..............................................................................................................390

Figure 24-6 RTLS Window ............................................................................................................................395

Figure 24-7 Services Window - ALE Integration ...........................................................................................398

Figure 24-8 Services Window: Network Integration Tab...............................................................................404

Figure 24-9 AP to CALEA Server..................................................................................................................410

Figure 24-10 AP to CALEA Server through VPN ............................................................................................411

Figure 25-1 Adding an AP in VisualRF..........................................................................................................419

Figure 26-1 Uplink Types ..............................................................................................................................425

Figure 26-2 Uplink Status ..............................................................................................................................426

Figure 27-1 Intrusion Detection .....................................................................................................................441

Figure 27-2 Wireless Intrusion Detection ......................................................................................................443

Figure 27-3 Wireless Intrusion Protection .....................................................................................................445

Figure 27-4 Containment Methods................................................................................................................447

Figure 29-1 Routing of traffic when the client is away from its home network ..............................................455

Figure 29-2 L3 Mobility Window ....................................................................................................................458

Figure 30-1 Device List..................................................................................................................................462

Figure 30-2 Channel Details..........................................................................................................................464

Figure 30-3 Channel Metrics for the 2.4 GHz Radio Channel.......................................................................465

Table of contents

SCALANCE W1750D UI

16 Configuration Manual, , C79000-G8976-C451-02

Figure 30-4 Channel Metrics for the 5 GHz Radio Channel..........................................................................466

Figure 31-1 Maintenance—Convert Tab .......................................................................................................475

Figure 31-2 Converting an AP to Campus AP...............................................................................................476

Figure 31-3 Stand-Alone AP Conversion ......................................................................................................477

Figure 31-4 Rebooting the AP .......................................................................................................................479

Figure 32-1 Monitoring Tab: SNMP Configuration Parameters ....................................................................482

Figure 32-2 SNMPv3 User ............................................................................................................................483

Figure 32-3 Syslog Server.............................................................................................................................486

Figure 34-1 Configure AirGroup Services .....................................................................................................519

Figure 34-2 Add a New Controller for AirGroup Services .............................................................................520

Figure 34-3 Configure AirGroup Services: Controller Settings .....................................................................521

Figure 34-4 Configuration > Identity > Local Users Selection.......................................................................522

Figure 34-5 Create an AirGroup Administrator..............................................................................................523

Figure 34-6 Create an AirGroup Operator.....................................................................................................524

Figure 34-7 Local Users UI Screen ...............................................................................................................524

Figure 34-8 Create a Device .........................................................................................................................525

Figure 34-9 ClearPass Guest- Register Shared Device................................................................................525

Figure 35-1 Scenario 1 - IPsec: Single datacenter Deployment with No Redundancy.................................531

Figure 35-2 Scenario 2 - IPsec: Single Datacenter with Multiple controllers for Redundancy......................536

Figure 35-3 Scenario 3 - IPsec: Multiple Datacenter Deployment with Primary and Backup Controllers

for Redundancy..........................................................................................................................542

Figure 35-4 Scenario 4 - GRE: Single Datacenter Deployment with No Redundancy .................................548

SCALANCE W1750D UI

Configuration Manual, 02/2018 , C79000-G8976-C451-02 17

Security information

Siemens provides products and solutions with industrial security functions that support the

secure operation of plants, systems, machines and networks.

In order to protect plants, systems, machines and networks against cyber threats, it is

necessary to implement – and continuously maintain – a holistic, state-of-the-art industrial

security concept. Siemens’ products and solutions constitute one element of such a concept.

Customers are responsible for preventing unauthorized access to their plants, systems,

machines and networks. Such systems, machines and components should only be

connected to an enterprise network or the internet if and to the extent such a connection is

necessary and only when appropriate security measures (e.g. firewalls and/or network

segmentation) are in place.

For additional information on industrial security measures that may be implemented, please

visit: https://www.siemens.com/industrialsecurity

Siemens’ products and solutions undergo continuous development to make them more

secure. Siemens strongly recommends that product updates are applied as soon as they are

available and that the latest product versions are used. Use of product versions that are no

longer supported, and failure to apply the latest updates may increase customer’s exposure

to cyber threats.

To stay informed about product updates, subscribe to the Siemens Industrial Security RSS

Feed under https://www.siemens.com/industrialsecurity

About this guide

SCALANCE W1750D UI

18 Configuration Manual, 02/2018, C79000-G8976-C451-02

SCALANCE W1750D UI

Configuration Manual, 02/2018, C79000-G8976-C451-02 19

About this guide

This User Guide describes the features supported by SCALANCE W and provides detailed

instructions for setting up and configuring the SCALANCE W network

Intended Audience

This guide is intended for administrators who configure and use APs.

Popular Wireless Access Point manuals by other brands

AirLive

AirLive WLA-5000APv2 Quick setup guide

AirLive

AirLive WL-5450AP Quick setup guide

AirLive

AirLive WHA-5500CPE-NT user manual

Planet

Planet WAP-4036 Quick installation guide

MachPower

MachPower WL-CPE5G24-064 user manual

Planet

Planet WNAP-7300 user manual

NetComm Wireless

NetComm Wireless NP731 user guide

Onq

Onq 364711-01 owner's manual

Planet

Planet WAP-900 user manual

EMW

EMW EVB-A100 user manual

Abocom

Abocom WAP354H specification

Comtrend Corporation

Comtrend Corporation WAP-EN1200 user manual

Moxa Technologies

Moxa Technologies AirWorks AWK-3251A-M12-RCC Series Quick installation guide

SonicWALL

SonicWALL APL29-0B6 Safety and regulatory information

Relay2

Relay2 RA300 Series Hardware installation guide

Intermec

Intermec MobileLAN access 2102 S user guide

ZyXEL Communications

ZyXEL Communications NWA3000-N Series quick start guide

Cisco

Cisco Aironet 3700 Series Deployment guide

Siemens SCALANCE W1750D UI Instruction sheet

Popular Wireless Access Point manuals by other brands