Page 1
Nortel WLAN— Management Software 2300 Series Reference Guide *320666-G* Part No. NN47250-102 (320666-G) October 2007 4655 Great America Parkway Santa Clara, CA 95054...
In the interest of improving internal design, operational function, and/or reliability, Nortel Networks reserves the right to make changes to the products described in this document without notice. Nortel Networks does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
Nortel. Exchange Products not returned to Nortel will be invoiced at full Product list prices. Replacement Products may be new, reconditioned or contain refurbished materials. In connection with any warranty services hereunder, Nortel may in its sole discretion modify the Product at no cost to you to improve its reli- ability or performance.
Page 4
Products at its then-prevailing repair rates. The limited warranty for the Product does not apply if, in the judgment of Nortel, the Product fails due to damage from shipment, handling, storage, accident, abuse or misuse, or it has been used or maintained in a manner not conforming to Product manual instructions, has been modified in any way, or has had any Serial Number removed or defaced.
Page 5
A Wireless LAN site survey service captures actual RF data to accurately model RF environments and is the best method to determine correct location of APs, and therefore installation locations of cabling. A WMS network plan is an approximation only and does not substitute for a Wireless LAN site survey. Nortel WLAN—Management Software 2300 Series Reference Guide...
Getting help over the phone from a Nortel solutions center If you don’t find the information you require on the Nortel Technical Support Web site, and have a Nortel support contract, you can also get help over the phone from a Nortel Solutions Center.
To access some Nortel Technical Solutions Centers, you can use an Express Routing Code (ERC) to quickly route your call to a specialist in your Nortel product or service. To locate the ERC for your product or service, go to: http://www.nortel.com/erc...
WLAN with the WLAN Management Software tool suite. Read this guide to learn how to plan wireless services, how to configure and deploy Nortel equipment to provide those services, and how to optimize and manage your WLAN.
Text and Syntax Conventions Nortel manuals use the following text and syntax conventions: Convention Monospace text Bold text Italic text Menu Name > Command [ ] (square brackets) { } (curly brackets) | (vertical bar) Sets off command syntax or sample commands and system responses.
Page 28
28 Introducing the Nortel WLAN 2300 System NN47250-102 (320666-G Version 02.01)
Hardware Requirements for WLAN Management Software Monitoring Service Table 2 shows the minimum and recommended requirements to run the WLAN Management Software monitoring service on Windows and Linux platforms. Table 2: Hardware Requirements for Running WLAN Management Software Monitoring Service on Windows and Linux Systems Processor Hard drive space available Monitor resolution...
The serial number is included with your WLAN Management software packaging. You must request a license key from Nortel for each host on which you plan to use site planning or monitoring. One license allows you to use WLAN Management software planning or install the monitoring service on one system. Depending on the license, you might also have restrictions on the number of APs you can manage using WLAN Management software.
Installation Task Overview You perform the following tasks during installation: • Unpack files. (See “Unpacking Files” (page • Use the installation wizard. (See Note. The installation wizard for the WLAN Management Software client has an option to install the monitoring service on the same machine. You must install the client in order to install the monitoring service.
Page 33
In the shell window, type sh ./install.bin. The Introduction page of the WLAN Management Software installation wizard appears. Click Next to display the Choose Installation Type page of the installation wizard, and go to Installation Wizard” (page 34). Nortel WLAN—Management Software 2300 Series Reference Guide 34). “Using the...
Click Next. The Choose Install Folder page appears. Type the name of the directory in which to install WLAN Management Software, or accept the default. • For Windows, the default installation directory is C:\Program Files\Nortel\WMS. • For Linux, the default installation directory is /opt/WMS.
During installation, an installation log file, WLAN Management Software_InstallLog.log, is created and placed in the WLAN Management Software installation folder. Double-click the log file’s icon to read the log file. Have this log file available if you need to contact the Nortel Enterprise Technical Support (NETS) about an installation problem. 464).)
You do not need to uninstall the previous version before installing a newer version. Before you upgrade, Nortel recommends that you make a backup of the config-db directory in the WLAN Management Software installation directory. As a best practice, back up the config-db directory on a regular basis to ensure that you have copies of your network plans.
Click Continue. The uninstall program reports its progress. Click Done. If you delete an item, the item is permanently lost. For example, if Nortel WLAN—Management Software 2300 Series Reference Guide...
Enabling Keyboard Shortcut Mnemonics (Windows XP Only) ....50 When you start WLAN Management Software client and log on to WMS Services, a network plan is displayed by the WLAN Management Software client. Nortel WLAN—Management Software 2300 Series Reference Guide...
Main WLAN Management Software Window with Open Network Plan Organizer panel Toolbar Content panel The network plan is the workspace in WLAN Management Software you use to design and manage a Nortel network. The network plan defines the following: • Network equipment (WSSs, APs, and third-party access points) •...
Equipment (displayed by the Configuration tool bar option)—The set of devices in your network plan. This includes Mobility Domains, Nortel switches and APs, as well as third-party access points that WMS needs to be aware of while planning or monitoring the network.
• Sites (displayed by the RF Planning tool bar option)—Named sets of buildings and floors where Nortel equipment is deployed. The tree that is displayed depends on the active tool bar option. (See To expand the view of an object in the tree, click on the plus sign next to the object. For example, to display the buildings in a site, click on the plus sign next to the site name.
Reviewing and Deploying Switch Configuration Changes WLAN Management Software does not automatically deploy switch configuration changes from the network plan to the actual switches in the network. The following options in the Task List panel allow you to review and deploy changes: •...
When you click on a task in the Task List panel, WLAN Management Software opens a configuration wizard. For example, click on System Setup to open the System Setup wizard for configuring basic switch parameters. Some wizards contain multiple pages. Click the Next and Previous buttons at the bottom of a wizard to navigate among the wizard’s pages.
The larger icons provide access to WLAN Management Software features. The smaller icons underneath the Back and Forward icons apply to the WLAN Management Software application itself. Table 1: Resize Icons Nortel WLAN—Management Software 2300 Series Reference Guide...
Page 46
To perform site-related tasks, click task links in the Task List panel. (See “Planning the Nortel WLAN 2300 System” (page Display the tree of configured devices in the Organizer panel. • To display information about a device or a configuration area within that device, click on it.
Page 47
Configure WLAN Management Software Services Launch WLAN Management Software HTML Help Nortel WLAN—Management Software 2300 Series Reference Guide Description Display information about rogue or interfering devices detected by AP radios. This option also provides tools for tuning rogue detection settings and for issuing countermeasures against rogues.
(error) or should (warning) be corrected before deploying the switch configuration from the network plan to the live network. Click this counter (or select the Verification toolbar option) to open the Verification tab in the Content panel.
When you are finished, the replaced object is removed and the copied object appears under the parent object. Copy and Paste in the Content Panel Select the objects (rows). • To select a single object, click on the row for the object. 49).) Nortel WLAN—Management Software 2300 Series Reference Guide “Copy and...
• To select multiple contiguous objects, click Shift while selecting them. • To select multiple noncontiguous objects, click Ctrl while selecting them. Click the copy icon ( Click the paste icon ( A configuration wizard appears. Edit settings to make the new object unique from the object you copied, then click OK or Finish to save the changes and close the configuration wizard.
Page 51
Uncheck the box labeled Hide underlined letters for keyboard navigation until I press the Alt key. Clearing this option allows programs to show the underlined character for mnemonics in WLAN Management Software. Click OK. In the Display Properties dialog box, click OK. Nortel WLAN—Management Software 2300 Series Reference Guide...
Page 52
52 Working with the WLAN Management Software User Interface NN47250-102 (320666-G Version 02.01)
Starting WLAN Management Software To start WLAN Management Software, do one of the following: • On Windows systems, select Start > Programs > Nortel > WMS > WMS, or double-click the WMS icon on the desktop. • On Linux systems, change directories to WMS_installation_directory/bin, and enter ./WMS.
Page 54
QuickStart—Contains a two-floor building with two WSSs and two APs on each switch. Each switch and its APs provide coverage for a floor. The Nortel equipment is configured to provide both clear (unencrypted) and secure (802.1X) wireless access. (For more information, see the Nortel WLAN Security Switch 2300 Series Quick Start ❍...
Before you can restrict user access to WLAN Management Software, you must create an administrator account. After creating an administrator account, you can create provision or monitor accounts. “Working with Network Plans” (page Nortel WLAN—Management Software 2300 Series Reference Guide 59).)
Page 56
To create an administrator account: Select Services > Setup. The WMS Services Setup page appears. Click Access Control in the left column to display the Access Control page. Under Add User, type a name and password for the administrator (1 to 80 alphanumeric characters, with no spaces or tabs).
To disable access control: Select Services > Setup to access the WMS Services Setup page. Click Access Control in the left column to display the Access Control page. Under Access Control, click Allow all users. Nortel WLAN—Management Software 2300 Series Reference Guide...
Page 58
58 Getting Started NN47250-102 (320666-G Version 02.01)
Creating a Network Domain ..........75 A network plan is the workspace in WLAN Management Software you use to design a Nortel network. In a network plan, you define components of the network (WSSs, APs, and optionally third-party access points).
Page 60
For a complete listing of the access point models and their associated countries please visit the Nortel Support website: Click the box next to open the plan in WLAN Management Software after it is created.
(See Changes” (page 42).) Nortel recommends that you regularly back up the config-db directory so that you have additional copies of your network plans. (In addition to this section, see “Managing Network Plans”...
WLAN Management Software Services host where the plan resides, selecting Services > Plan Management, then specifying the plan’s name in the Switch Plan page. The network plan is then opened in the WLAN Management Software main window.
Page 63
Note. Nortel recommends that you save a backup copy of the plan before importing objects from another plan. To save a backup copy, you can use the Save As page.
You can delete a network plan at any time. Note. You cannot delete the currently active plan. To delete the active plan, first use the Switch Plan page to select another plan to be active, then delete the plan. NN47250-102 (320666-G Version 02.01)
By default, WLAN Management Software sends a message to all users who have the plan open with monitor access to inform them when changes are saved to the plan. In addition, WLAN Management Software sends a message to each monitor user, so that one of them can then edit the plan. Nortel WLAN—Management Software 2300 Series Reference Guide...
To disable notification In the main WLAN Management Software window, select Tools > Preferences. Click the Persistence tab. To disable change notification, clear Plan Change Notification. Click Close. Defining a Mobility Domain A Mobility Domain is a collection of WSSs that work together to support roaming users. One of the WSSs is defined as a seed device, which distributes information to the other WSSs defined in the Mobility Domain.
802.1X reauthentication interval has not lapsed. Traffic Ports Used by WSS Software When deploying a Nortel wireless network, you might attach Nortel equipment to subnets that have firewalls or access controls between them. Nortel equipment uses various protocol ports to exchange information. To...
Note. The Create Mobility Domain wizard requires you to select the switches to place in the Mobility Domain and to select the seed switch. Add the switches to the network plan before you configure the Mobility Domain. Select the Configuration tool bar option.
In the IP Address box, type the IP address for the access point. If you specify an IP address, you can use Telnet and a Web browser with this access point. Nortel WLAN—Management Software 2300 Series Reference Guide 164).
In the Telnet Port Number box, specify the port number for Telnet service. In the HTTP Port Number box, specify the port number for HTTP service. 10 Click Next. 11 In the AP Model drop-down list, select one of the following: •...
In the Task List panel, select Disable Auto-Tune. The Disable Auto-Tune wizard appears. Select the Auto-RF settings you want to apply. Both channel and power settings are selected by default. Select the scope: • Mobility Domain Nortel WLAN—Management Software 2300 Series Reference Guide...
The AirDefense system is an enterprise-class security solution that allows you to protect against threats and intrusions into your wireless network. The AirDefense solution can be integrated with the Nortel WLAN 2300 System, comple- menting Nortel network security features by providing a centralized server dedicated to security analysis and record keeping.
In the notification profile, the two AP traps, APNonOperStatus and APOperRadioStatus, must be enabled. Create a notification target. See steps. “Configuring a Notification Profile” (page 185) “Configuring a Notification Target” (page 185) Nortel WLAN—Management Software 2300 Series Reference Guide for the configuration for the configuration...
Distributed APs that are not configured on any WSSs in the Mobility Domain can nonetheless be booted and managed by a switch if the switch has a profile for Distributed APs, and has capacity to manage the AP. An AP that is booted and managed using a Distributed AP profile is here called an Auto DAP.
Affinity Value Note. Nortel recommends that you allow WLAN Management Software to automatically assign affinity values instead of using the CLI to manually set them. If you use the CLI to set them, WLAN Management Software does not replace the affinity values it automatically sets with values set on individual switches.
Page 76
In the Available Devices list, select the WSSs you want to use as Network Domain members. Note. Make sure to select the seed switch as a member. For the Network Domain to work properly, the seed must also be configured as a member.
Note. The RF Planning software does not support outdoor installations. Results obtained do not compensate nor account for obstacles and characteristics typically associated with outdoor environments. Nortel does not warrant or support any outdoor deployments or installations of the WLAN 2300 system implemented with the use of this tool.
RF Planning Overview The WLAN Management Software planning tools calculate the Nortel equipment you need, how to configure it, and where to install it, all based on the information you provide about your wireless coverage needs. You can display projected coverage, and even experiment with network changes. You also can optimize the plan based on RF measurements from the live network.
Page 79
Planning the Nortel WLAN 2300 System 79 Table 1 lists the toolbar icons at the top of the floor display area. Table 1: Toolbar icons available in RF Planning Tools Option Description Launch Help. Adjust the paper space (crop the drawing).
Table 1: Toolbar icons available in RF Planning Tools (continued) Option Description Delete selected components. View or change dimensions. Place an RF measurement point. Show 802.11a RF coverage in the floor display area. Show 802.11b RF coverage in the floor display area. Show 802.11g RF coverage in the floor display area.
Series 2332 access point will not operate and an error will be generated. For a complete listing of the Series 2332 access point models and their associated countries please visit the Nortel Support website: http://www.nortel.com/support. In the Channel Set (802.11b/g) list, select the set of operating channels for any 802.11b/g AP radios you plan to use (if different from the default).
Page 82
• If you are creating a new building, click on the site name in the Organizer panel and select Create Building in the Task List panel. A series of dialog boxes prompts you for information about the new building. • If you are modifying an existing building, select the building name in the Content panel for the site, then click Properties.
Creating or Modifying Floors To create or modify a floor in a building Select the RF Planning tool bar option. In the Organizer panel, click the building name. Nortel WLAN—Management Software 2300 Series Reference Guide “Creating or...
Page 84
Do one of the following: • If you are creating a new floor, click on the building name in the Organizer panel and select Create Floor in the Task List panel. A series of dialog boxes prompts you for information about the new floor.
Drawings in DXF format sometimes import more easily into WLAN Management Software. However, Nortel recom- mends that you obtain copies of the drawing in both DWG and DXF formats if possible, so that you can try the other format if the first format you try does not import easily.
Preparing a Drawing Before Importing It WLAN Management Software has a file cleanup feature that can help remove unwanted information from an imported drawing. However, the more cleanup work you do before importing a file, the better the results will be. In addition, cleaning up a file before importing it helps reduce the file size, which in turn enhances performance when handling the file in WLAN Management Software.
Page 87
File >Save As and select the format. Use version R2000 of the format you save as, if available. Do not use Ctrl+A (Select All) in AutoCAD to select the objects to In AutoCAD, you cannot delete a layer if the layer is not empty. Nortel WLAN—Management Software 2300 Series Reference Guide...
Useful AutoCAD Operations and Naming-Conventions Table 2 Table 3 provide AutoCAD operating tips and naming conventions that can be helpful as you prepare your floor plans for WLAN Management Software. Operation Zoom Extension— Arranges all items in the drawing view. Explode—...
Page 89
The imported drawing is displayed in the Content panel. Figure 1: Floor Plan After Importing At this point, you can edit the floor contents. Go to “Cropping the Paper Space” (page Nortel WLAN—Management Software 2300 Series Reference Guide (“Adjusting the Scale of a Drawing” 90), next, to begin.
Cropping the Paper Space You can crop the paper space of a drawing to remove unneeded space and objects around the floor. For example, if the drawing includes parking lot information, you can easily remove the parking lot by cropping. Caution! All objects that are outside the area you select to keep, are permanently removed.
WLAN Management Software uses a building’s origin point to understand what is above or below a given floor. When calculating RF coverage, WMS needs to understand where APs on adjacent floors are located so that WMS can take RF from those APs into account when assigning channels. Nortel WLAN—Management Software 2300 Series Reference Guide...
Page 92
If an imported drawing has an origin point defined, WLAN Management Software tries to use that origin point. Other- wise, WMS places the origin point in the upper left corner of the drawing by default. You are not required to use the upper left corner of the building as the origin point. You can select an easily identifiable feature on all floors, such as an elevator shaft.
WLAN Management Software displays a message offering to make layer 0 visible again. For best performance and simpler planning, Nortel recommends that you hide or remove unnecessary layers and remove unnecessary objects. The Clean Layout option automatically deletes all objects that meet the cleanup criteria, which you can modify.
Hiding Layers With the drawing displayed in the Content panel, click Layers in the Organizer panel to bring up a list of the layers in the drawing. Click the checkbox next to the layer name to show or hide the layer. Figure 3 shows the same floor plan as Figure 3:...
“Adding or removing a layer” (page To clean up a drawing Display the floor plan in the Content panel. In the Task List panel, under RF Planning, click Clean Layout. The Floor Plan Clean Up wizard appears. 94). Nortel WLAN—Management Software 2300 Series Reference Guide...
Page 96
In the Remove Lines and Remove Objects group boxes, click next to any items you do not want WLAN Management Software to remove from the drawing during cleanup. WLAN Management Software removes all these items by default. To change the short line length, type the new length in the Short Line Length box. WLAN Management Software removes all lines that are this length or shorter.
Page 97
Click Next. The Before Cleanup tab appears. The progress of the cleanup is listed in the message area below the floor plan. When cleanup is finished, the After Cleanup tab appears. (The example below shows a cleanup in progress.) Click the After Cleanup tab. The cleaned up drawing appears. Nortel WLAN—Management Software 2300 Series Reference Guide...
Page 98
10 Do one of the following: • Click Finish to accept the changes. • Click Previous to change the cleanup constraints. Go back to • Click Cancel to cancel the changes. NN47250-102 (320666-G Version 02.01) step 3 on page...
For a polygon with n sides, click n-1 additional times at the vertices. For example, to draw a 7-sided polygon, click at 6 vertices. 3. At the last vertex before completing the shape, Right-click to complete the polygon. Nortel WLAN—Management Software 2300 Series Reference Guide “Drawing...
You can use this method alone or in combination with the methods above. (See Data from a Site Survey” (page Note. You also can use site survey data to optimize a network plan after you install Nortel equipment. (See Recommendations Consider the following when creating RF obstacles: •...
Page 101
(group objects) icon on the toolbar. The grouped objects now appear as one object group. Right-click and select Create RF Obstacle. The Create RF Obstacle dialog box appears. See Create RF Obstacle Dialog box” (page 102). Nortel WLAN—Management Software 2300 Series Reference Guide 102). 102). 102).
Page 102
To use the Create RF Obstacle Dialog box The Create RF Obstacle dialog box is shown in Figure 4: Create RF Obstacle Dialog Box In the Description box, type a description for the RF obstacle (1 to 60 characters, with no tabs). In the Obstacle Type list, select the material of which the RF obstacle is made.
180 degrees. 1. Click at the start of the line. 2. Drag the cursor to the end of the line. 3. Click to finish. 1. Click to exit RF obstacle mode. Nortel WLAN—Management Software 2300 Series Reference Guide...
Note. Using an object other than a line to represent an RF obstacle’s dimensions does not materially affect the calculation of RF attenuation. When WLAN Management Software calculates attenuation along any vector passing through the obstacle, it counts the obstacle’s RF attenuation only once, regardless of the floor space it occupies.
Display the floor plan in the Content panel. In the Task List panel, click RF Planning. Under Site Survey, click Import Points. The Import AP Placement Points dialog is displayed. 112).) Nortel WLAN—Management Software 2300 Series Reference Guide “Importing 113).) “Defining Wireless Coverage...
Page 106
Click Yes next to File. In the File Format listbox, select Ekahau. Click Choose to navigate to the csv file that contains the LOS points. Click Next. The MAC addresses of the LOS points appear. NN47250-102 (320666-G Version 02.01)
Page 107
11 Place the LOS points on the floor plan. Click Objects to Place in the Organizer panel to display the LOS points for each MAC address you selected. Click on an LOS point to select it, then move the cursor to the floor location and click again to place the LOS point. Nortel WLAN—Management Software 2300 Series Reference Guide...
Page 108
LOS points in Organizer Panel After you place an LOS point onto the floor plan, the icon disappears from the Organizer Panel. To create LOS points in WLAN Management Software Display the floor plan in the Content panel. In the Task List panel, click Tools. Under Site Survey, click the On the floor plan, click on the location for the LOS.
Page 109
AP (Dual Radio) for a dual-radio AP or AP (Single Radio) for a single-radio AP. In the Radio Type listbox, select the 802.11 radio type. The radio types that are available depend on the AP model or type you selected. Click Next. The radio configuration page appears. Nortel WLAN—Management Software 2300 Series Reference Guide...
Page 110
In the Channel Number listbox, specify the channel number on which the AP radio will be operating. 10 In the Transmit Power listbox, specify the transmit power of the AP’s radio. 11 In the MAC Address box, type the MAC address you want to use for this position of the AP. Note.
To specify the output directory for the site survey order, click the button below Output Directory, and navigate to the directory where you want WLAN Management Software to place the site survey order. Click Generate. 111).) Nortel WLAN—Management Software 2300 Series Reference Guide “To...
WLAN Management Software generates the site survey order. When the order is complete, a hyperlink becomes available. To view the site survey order, click the link. A browser window opens. Select a floor to display LOS point information for that floor. Scroll down to view the MAC address assignments for the LOS points.
If the measurements came from a site survey file, they are measurements between the portable AP (LOS point) and the PC running the site survey tool. If the measurements came from AP radios in the network, they are measurements between AP radios. Nortel WLAN—Management Software 2300 Series Reference Guide...
However, a floor is not required to have a wiring closet if APs will be indirectly attached through the network. In this case, if you do not create a wiring closet, WLAN Management Software assumes the switch that will manage the Distributed APs will be located in a wiring closet on another floor in the building.
Page 115
Management Software checks switches for free ports. If there are no free ports on the switches listed, WLAN Management Software creates and inserts a new switch in the wiring closet. Select a WSS and click the Up or Down buttons to change the order of the switches.
Defining a Coverage Area Using the coverage area drawing tool, you can specify the coverage area graphically on your floor plan. You perform the following tasks to define a coverage area: “Drawing a Coverage Area” (page 117) “Specifying the Wireless Technology for a Coverage Area” (page 119) “Specifying Coverage Area Properties”...
WMS accounts for the external walls when computing how many APs are required for the coverage area. This might lead to an inaccurate AP count. Display the floor plan in the Content panel. In the Task List panel, click Tools. Area 2 Nortel WLAN—Management Software 2300 Series Reference Guide Figure 7. Also make sure start and end...
Page 118
In the Create area under Coverage Area, click one of the icons and draw the object as described in the following table. Object (circle) (square) (parallelogram) (polygon) (line) (cursor) The Create Coverage Area wizard appears. NN47250-102 (320666-G Version 02.01) Action Diagonally drag the cursor over the area where you want the circle to appear.
The wizard presents properties and association pages for the technology you chose in following example shows the wizard for 802.11a and 802.11g technologies. Area”. 117).) To specify wireless technology for a coverage Nortel WLAN—Management Software 2300 Series Reference Guide step 1. The...
Specifying Coverage Area Properties To specify coverage area properties: In the Name box for each technology, type a name for the coverage area (1 to 60 characters long, with no tabs). In the Rate [Mb/s] list for each technology, select the average desired association rate for typical clients in this coverage area.
To change the ceiling height, specify the new height in the Height of the Ceiling box. To change the height where APs are mounted, specify the new mounting height in the AP Placement Height box. Click Next. The Default Device Settings page appears. Nortel WLAN—Management Software 2300 Series Reference Guide...
Specifying Default Device Settings for the Coverage Area You can optionally specify the WSS or AP models that WLAN Management Software uses when calculating the devices to include in the coverage area. To change the WSS model, select the model from the WSS Model list. To change the default AP model, select the model from the Default AP Model list.
Page 123
They receive their configuration automatically using a profile that assigns a Distributed AP number and name to the AP from among the unused valid AP numbers available on the switch. The profile also configures the AP with the AP and radio parameter settings in the profile. See information on creating a profile.
Specifying Redundancy Computation for APs in the Coverage Area You can optionally configure WLAN Management Software to compute redundant connections for the APs in the coverage area. To plan for redundant AP connections to WSSs, select Compute Redundancy. Note. Only AP models that have two Ethernet ports can support redundant direct connections.
(Kbps) for a station. The throughput value cannot exceed the value you selected for the baseline association rate. Note. Nortel recommends that per-station throughput values do not exceed 1 Mbps for 802.11b technology and 5 Mbps for 802.11a/g technology.
Configuring Capacity Calculation for Voice WLAN Management Software can perform multiple calculations for AP placement. One is based on coverage only. Another is based on capacity for voice over IP service, using the capacity for voice parameters. WLAN Management Software compares the results of the calculations and selects the calculation that results in more APs. To calculate AP placement and configuration based on both coverage and on capacity for voice over IP, enable Use Capacity Calculation for Voice.
If the APs will be directly connected to WSSs, a wiring closet is required. If all the APs in the coverage area will be indirectly connected to WSSs through the network, a wiring closet is not required. Nortel WLAN—Management Software 2300 Series Reference Guide step...
In the Redundant Wiring Closet list, select the wiring closet that will provide redundant connection to the APs. This is required for directly connected APs, if you require the APs to have redundant connections. Otherwise, this is not required. Note. Only AP models that have two Ethernet ports can support redundant direct connections.
Page 129
In the Expected Station Count list, specify the number of clients you expect to be in the coverage area. • In the Station Oversubscription Ratio list, select the ratio for the average transmit behavior of the stations. Nortel WLAN—Management Software 2300 Series Reference Guide...
Page 130
The station oversubscription ratio is the ratio of active clients compared to total clients. For example, the ratio 5:1 indicates that, statistically, 20 percent of the clients are active at any given time. • To calculate AP placement and configuration based on coverage and on capacity for voice over IP, enable Use Capacity Calculation for Voice.
They receive their configuration automatically using a profile that assigns a Distributed AP number and name to the AP from among the unused valid AP numbers available on the switch. The profile also configures the AP with the AP and radio parameter settings in the profile.
• You also can add third-party access points in RF Planning. (See Access Point”.) Moving a Third-Party AP Icon to its Floor Location If you added a third-party access point while using the Configuration tool bar option, the access point is on the Objects to Place tab.
Page 133
In the Telnet Port Number box, specify the port number for Telnet service. 10 In the HTTP Port Number box, specify the port number for HTTP service. 11 Click Next. The following dialog appears: Nortel WLAN—Management Software 2300 Series Reference Guide...
Page 134
12 In the AP Model drop-down list, select one of the following: • AP (Dual Radio)—802.11a and 802.11b or 802.11b/g • AP (Single Radio)—802.11a, 802.11b, or 802.11g 13 In the Radio Type drop-down list, select one of the following: 11a, 11b, 11g. The choices available depend on the selection you made in 14 Click Next.
Page 135
22 If the access point has only one radio, click Finish. Otherwise, go to 23 Click Next. The Radio A page appears. 24 Repeat step 15 through step 21 25 Click Finish to save the changes. Nortel WLAN—Management Software 2300 Series Reference Guide for the 802.11a radio. step...
Objects To Place panel to its location on the floor. Computing AP Placement After you provide information about floor plans, RF obstacles, and wireless coverage requirements, WLAN Manage- ment Software can design your Nortel wireless network for this floor using the following process: • Compute and place APs (See •...
In the Task List panel, click Floor. Under Edit Floor, click Constraints. The Manage Constraints dialog is displayed. “To specify design constraints” (page “To compute and place APs” (page “To review coverage area computation” (page Nortel WLAN—Management Software 2300 Series Reference Guide 137).) 140).) 141).)
Page 138
They receive their configuration automatically using a profile that assigns a Distributed AP number and name to the AP from among the unused valid AP numbers available on the switch. To allow locked APs to be deleted when Compute and Place determines that they are no longer required, select Allow Deletion of Locked APs.
Page 139
15 Click Next. The Manage Constraints Progress page is active. 16 When the Completed Applying Constraints message is displayed in the Manage Constraints Progress page, click Finish to save the changes. Nortel WLAN—Management Software 2300 Series Reference Guide...
Page 140
To compute and place APs Display the floor plan in the Content panel. In the Task List panel, click RF Planning. Under RF Planning, click Compute and Place. The Compute and Place wizard appears. To remove a coverage area from AP placement and computation, clear the area’s Compute Layout box. To specify the primary wiring closet for a coverage area, click in the Wiring Closet column to display the wiring closet list and select a wiring closet from the list.
Page 141
Review the number of APs required for each coverage area, and the overriding criterion used (coverage or capacity). Click Finish to apply the changes. Icons for the suggested AP locations appear on the floor plan. Nortel WLAN—Management Software 2300 Series Reference Guide computation”.
Page 142
To see the RF coverage area for an area, right-click on the area (either in the organizer panel or on the floor) and select Show RF Coverage. If the area supports more than one radio technology, you also need to select the technology. The choices available depend on the wireless technology you chose for the coverage area.
If you need an AP to be located at a fixed location on the floor, you can lock its current location when you recompute the necessary coverage. A dual-radio AP model that is part of two coverage areas and is not locked can be placed in the shared coverage area. “Computing Optimal Power” (page Nortel WLAN—Management Software 2300 Series Reference Guide 147).
To lock an AP Select the AP you want to lock. Right-click and select Lock. You can no longer move the AP. Assigning AP Channels If you do not plan to use the RF Auto-Tuning feature to automatically set the channels on the APs after deployment and installation, use the Assign Channels to APs option to assign channels to the APs.
Page 145
Click Next. The Channel Assignment Progress page appears. Review the results. The 802.11a channel assignments are listed on the 802.11a Radio(s) tab. The 802.11b/ g channel assignments are listed on the 802.11b/g Radio(s) tab. Nortel WLAN—Management Software 2300 Series Reference Guide...
Page 146
10 Click Finish to accept the channel assignments. The new channel assignments are reflected in the Coverage Areas panel. 11 Do one of the following: • To verify the RF network, see • Click Finish to save the changes and close the wizard. For APs that are in the network plan but are not yet deployed and managed by WLAN Management Software, the channel number is changed to match the results of channel assignment.
Transmit power levels must be high enough to adequately cover an area, but also low enough to minimize co-channel interference. WLAN Management Software factors in these considerations when calculating optimal power. Note. Nortel recommends that you assign channels before you compute optimal power, to ensure successful power computation.
Page 148
To optimize the AP count, select Optimize AP Count. This option checks for coverage overlaps and removes an AP if neighboring APs provide enough coverage to make the AP unnecessary. Note. This option applies only to coverage areas that are configured for coverage, not capacity.
In the Coverage Areas section of the Organizer panel, navigate to the floor. Expand the floor to display its coverage areas. Right-click on a coverage area, and select Show RF Coverage. Nortel WLAN—Management Software 2300 Series Reference Guide...
In most situations, increasing transmit power levels to close the holes will generate more co-channel interference. Nortel recommends that you allow these small holes during the planning process.
Page 151
In the RSSI Options box, select display options for the dialog box: • To list access points that cannot be detected from this RF measurement point, select Show Unreachable APs. • To list disabled access points, select Show Disabled APs. Nortel WLAN—Management Software 2300 Series Reference Guide (Insert Measurement Point)
• To list access on other floors that can be detected from this RF measurement point, select Show APs on Other Floors. “Reading the RF Measurement Table” (page 152) Click OK to save the changes and close the box. Do one of the following: •...
Page 153
Distance between AP and RF measurement point. Channel of the AP or third-party access point. Signal strength from the AP at the RF measurement point. Whether the AP is active (OK) or disabled. Nortel WLAN—Management Software 2300 Series Reference Guide...
After WMS has calculated the number of APs required to provide wireless coverage, you can generate a work order report. The work order report provides all of the necessary information for the physical installation of the Nortel WLAN 2300 System. A work order shows where the APs should be installed, WSS initial setup configuration information, and projected RSSI information that is useful when verifying the installation.
Page 155
10 Select a floor from the Select Floor list and click View Work Order. The work order is displayed starting at the floor you specified. You can scroll to view additional information. 11 Click Close to close the dialog. Nortel WLAN—Management Software 2300 Series Reference Guide...
Page 156
156 Planning the Nortel WLAN 2300 System NN47250-102 (320666-G Version 02.01)
WSS Configuration Objects Configuration objects for WSSs are organized into the following categories: • System • Wireless • You can access configuration wizards for these object types by clicking on tasks in the Task List panel, or by selecting the object type under a WSS in the Organizer panel. Table 1 lists the WSS object types.
Page 159
(See “Viewing and Configuring 802.1X Network Access Rules” (page 292).) Access rules for MAC clients (See “Viewing and Configuring MAC Network Access Rules” (page 295).) Nortel WLAN—Management Software 2300 Series Reference Guide 196).) 208).) 217).) 221).) 245).) 250).) 252).) 272).) 273).)
Adding a WSS to the Network Plan You can use any of the following methods to add a WSS to a network plan: • Allow WLAN Management Software to create the switch as part of RF planning. • Use the Create WLAN—Security Switch wizard.
“Using the Create WLAN—Security Switch Wizard” (page Creating a New WSS Based on a Configured Switch in the Network Plan You can copy and modify a switch that is already in the network plan, by copying and pasting the switch in the Organizer panel.
Adding a Switch by Uploading its Configuration from the Network If you have already deployed a WSS in the network and you want to add the switch to the network plan, you can upload the switch’s configuration into WLAN Management Software, edit the switch, then redeploy the switch with the new parameters.
Reviewing and Deploying Changes WLAN Management Software does not automatically deploy switch configuration changes from the network plan to the actual switches in the network. The following options in the Task List panel allow you to review and deploy changes: •...
WSS. In the Enable Password box, type the enable password for the WSS. This password must match the enable password that was defined on the switch using the CLI command set enablepass. For more information, see the Guide.
Mobility Domain, finish creating the switch, then create the Mobility Domain. Select the switch in the Organizer panel to display its basic settings in the Content panel, and select the Mobility Domain from the Mobility Domain drop-down list.
Page 166
The default is 1. Click OK. Configure SNMP settings: Select the minimum level of security to allow for any SNMP communication with the switch from the Security Level drop-down list: ❍ Unsecured—SNMP message exchanges are not secure. This is the default, and is the only value supported for SNMPv1 and SNMPv2c.
Page 167
❍ read-notify—An SNMP management application using the string can get object values on the switch but cannot set them. The switch can use the string to send notifications. ❍ notify-only—The switch can use the string to send notifications. ❍ read-write-notify—An SNMP management application using the string can get and set object values on the switch.
❍ 11 Click Finish. Modifying Basic Switch Parameters Basic switch parameters are displayed in the Content panel when you select a switch in the Organizer panel. Select the Configuration tool bar option. In the Organizer panel, select the WSS. Basic parameters for the switch appear in the Content panel.
Domain drop-down list. To leave the switch out of all Mobility Domains, select Not Assigned. 10 To change the switch’s wiring closet membership, select the closet from the Wiring Closet drop-down list. To leave the switch out of all wiring closets, select Not Assigned.
The Change Model wizard appears. Select the model from the drop-down list. Click OK. Changing Time zone Properties You can specify the number of hours (and optionally the minutes) that the WSS’s real-time clock is offset from Coordi- nated Universal Time (UTC)—also known as Greenwich Mean Time (GMT). The time zone information is used by Network Time Protocol (NTP) if you enabled it.
Distributed APs that are not configured on any WSSs in the Mobility Domain can nonetheless be booted and managed by a switch if the switch has a profile for Distributed APs, and has capacity to manage the AP. An AP that is booted and managed using a Distributed AP profile is here called an Auto DAP.
Launching a Telnet Management Session with the Switch Note. This option is available only if the switch is running and can be reached through the network by WLAN Management Software Services. This option also requires the Managed option for the switch to be enabled. (See Parameters”...
Launching a Web View Management Session with the Switch Note. This option is available only if the switch is running and can be reached through the network by WLAN Management Software Services. This option also requires the Managed option for the switch to be enabled. (See Parameters”...
For a gigabit Ethernet port (if supported by the switch), to disable auto-negotiation, clear Auto-Negotiation. This option is enabled by default. For a gigabit Ethernet port (if supported by the switch), select the interface you want to enable. • GBIC—Enables the fiber interface and disables the copper interface.
In the Channel Number list, select the channel number for the radio. Note. If RF Auto-Tuning for channel configuration is enabled, setting this value has no effect. The channel number is controlled by RF Auto-Tuning. “Viewing and Configuring APs” (page Nortel WLAN—Management Software 2300 Series Reference Guide 252).
In the Transmit Power box, specify the transmit power for the radio. Note. If RF Auto-Tuning for power configuration is enabled, setting this value has no effect. The power level is controlled by RF Auto-Tuning. 10 Click Finish. Configure a Port for Wired Authentication A wired authentication port is an Ethernet port that has 802.1X authentication enabled for access control.
Page 177
If you select PEAP, the EAP Sub-Protocol is MS-CHAPV2. For other protocols, the EAP Sub-Protocol is None. (For information, see “EAP Type (802.1X Only)” (page Click Next. Select the authentication and accounting method. Nortel WLAN—Management Software 2300 Series Reference Guide “Viewing and Changing 181).) step “Access Rules” (page 225).)
Page 178
2, you are finished with this procedure. step 2, go to step step 2, go to step step 2, select the VLAN to which you want the switch to assign Web Portal step “Viewing and Configuring ACLs” (page “Access Rules” step 208).)
Page 179
12 Click Next. If you selected LOCAL as an authentication method, the users in the switch’s local database are listed. For convenience, you can add, modify, or delete users on this page. To add a user, click Create and see “Creating a Named User”...
(You can add, modify, or delete users at any time, even after this wizard is closed. See Configuring Users in the Local Database” (page 13 Click Finish. Viewing and Changing Port Groups A port group is a set of physical ports that function together as a single link and provide load sharing and link redun- dancy.
To enable or disable a management service, select or deselect it by clicking the checkbox next to the service name. For example, to enable Telnet, click the checkbox to place a checkmark in the box. You can individually enable or disable the following management services: Nortel WLAN—Management Software 2300 Series Reference Guide...
0, or 30 seconds, or 60 seconds, or 90 seconds, and so on. If you enter an interval that is not divisible by 30, the switch rounds up to the next 30-second increment. For example, if you enter 31, the switch rounds up to 60.
Community string names are transmitted in clear text. Note. If you enable SNMP service on the WSS, Nortel recommends that you do not use the well-known strings public (for READ) or private (for WRITE). These strings are commonly used and can easily be guessed.
Page 184
(write) them. This is the default. • read-notify—An SNMP management application using the string can get object values on the switch but cannot set them. The switch can use the string to send notifications. • notify-only—The switch can use the string to send notifications.
Configuring a Notification Profile A notification profile is a named list of all the notification types that can be generated by a switch, and for each notifica- tion type, the action to take (drop or send) when an event occurs.
Page 186
Select the Configuration tool bar option. In the Organizer panel, click the plus sign next to the WSS. Click the plus sign next to System. Select Management Services. In the Task List panel, select Notification Target. Specify the target ID. Type the IP address of the target.
Page 187
Community string names are transmitted in clear text. Note. If you enable SNMP service on the WSS, Nortel recommends that you do not use the well-known strings public (for READ) or private (for WRITE). These strings are commonly used and can easily be guessed.
15 To change the acknowledgement settings for informs, specify the following: In the Timeout box, specify the number of seconds you want the switch to wait for acknowledgement of a notification. You can specify from 1 to 5 seconds. The default is 2.
Page 189
Community string names are transmitted in clear text. Note. If you enable SNMP service on the WSS, Nortel recommends that you do not use the well-known strings public (for READ) or private (for WRITE). These strings are commonly used and can easily be guessed.
Caution! Setting traces can have adverse effects on system performance. Nortel recommends that you use the lowest levels possible for initial trace commands, and slowly increase the levels to get the data you need.
The default severity level is Error. Note. The debug level produces a lot of messages, many of which can appear to be somewhat cryptic. Debug messages are used primarily by Nortel for troubleshooting and are not intended for administrator use. Configure logging to the console: To specify that logging messages be sent to the console, select Console Enabled.
Configure trace logging: To enable trace logging, select Trace Enabled. Clear Trace Enabled to disable trace logging. In the Severity Filter list, select the lowest level of severity of the event or condition to be logged (see the list in step The default severity level is Debug.
Creating a Static Route The IP routing table contains routes that WSS Software uses for determining the interfaces for an WSS switch’s external communications. When you add an IP interface to a VLAN that is up, WSS Software automatically adds corresponding entries to the IP routing table.
You cannot use the word all as the name of an IP alias. In the Host IP Address box, type the IP address that the IP alias is mapped to. Click Finish. NN47250-102 (320666-G Version 02.01) Nortel WLAN Security Switch 2300 Series Configuration step...
10 minutes, convergence of the WSS time can take many NTP update intervals. Nortel recommends that you set the time manually to the NTP server time before enabling NTP to avoid a significant delay in convergence.
Select IP Services. In the Task List panel, select NTP Server. Type the server address in the IP Address box. Click OK. Under NTP in the Content panel, select Enabled. To change the interval at which an NTP server is polled, specify its value in seconds (16 to 1024) in the Update Interval box.
However, you are not required to configure the VLAN on all WSS switches in the Mobility Domain. When a user roams to a switch that is not a member of the VLAN the user is assigned to, the switch can tunnel traffic for the user through another switch that is a member of the VLAN.
Viewing VLANs Select the Configuration tool bar option. In the Organizer panel, click the plus sign next to the WSS. Click the plus sign next to System. Select VLANs. The VLAN settings appear in the Content panel. Creating a VLAN Access the Create VLAN wizard: Select the Configuration tool bar option.
VLANs but on different network ports. If you use a tag value, Nortel recommends that you use the same value as the VLAN number. WSS Software does not require the VLAN number and tag value to be the same, but some other vendors’ devices do.
VLAN still runs its own instance of STP, even if two or more VLANs contain untagged ports. To run a single instance of STP in 802.1D mode on the entire switch, configure all network ports as untagged members of the same VLAN.
To disable this feature, clear Enabled. If you disable spanning tree packet processing on the port, the following might happen: • If STP is enabled on the VLAN, spanning tree packets are dropped at the port. Nortel WLAN—Management Software 2300 Series Reference Guide “Enabling STP Fast 202).)
• If STP is disabled on the VLAN, spanning tree packets are forwarded transparently through the VLAN to and from that port. In the Port Priority box, specify a priority value (0 to 255). The default is 128. In the Path Cost box, specify a value (0 to 65,535) for the cost. The default depends on the port speed and link type: •...
In the Organizer panel, click the plus sign next to the WSS. Click the plus sign next to System. Select VLANs. To switch to an alternate port if the root port fails, select Enable Uplink Fast. To enable the backbone fast convergence feature, select Enable Backbone Fast. Click Save.
If IGMP queriers are not on the subnet (for example, multicast routers), select Querier Enabled. Nortel recommends that you use the pseudo-querier only when the VLAN contains local multicast traffic that is not routed. In the Query Interval box, specify the interval (1 to 65,535 seconds) at which the WSS sends general IGMP queries on behalf of multicast routers to advertise multicast groups.
Select Restrict L2 Traffic to enable the feature for the VLAN. Click Create. In a Permitted MAC Address box, edit the address to be the MAC address of the VLAN’s default router (gateway). Click Finish. “Restricting Layer 3 Traffic Among Clients in Nortel WLAN—Management Software 2300 Series Reference Guide...
Click OK. Restricting Layer 3 Traffic Among Clients in a VLAN To restrict Layer 3 traffic among clients in the same VLAN, use an ACL. You can configure the ACL yourself or use the Restrict L3 Traffic option in WLAN Management Software. Access the VLAN table: Select the Configuration tool bar option.
Directly connected APs • Host connected to a new (unconfigured) 2350, 2360, 2361, 2380 or 2382, to configure the switch using the Web Quick Start Optionally, you can configure the DHCP server to also provide IP addresses to Distributed APs and to clients.
Viewing ACLs Select the Configuration tool bar option. In the Organizer panel, click the plus sign next to the WSS. Click the plus sign next to System. Select ACLs. NN47250-102 (320666-G Version 02.01) Nortel WLAN Security Switch...
Do not include any of the following terms in the name: all, default-action, map, help, editbuffer. Click Add Rule. A new ACE (ACL rule) appears above the implicit deny all rule that is at the end of every ACL. “Configuring Advanced ACL Settings” (page Nortel WLAN—Management Software 2300 Series Reference Guide 212).)
Page 210
ACEs you have configured. The switch uses the ACEs in the order they appear in the list, beginning at the top. Because the action in the first ACE that matches a packet is used, the order the ACEs appear in is important. (You can reorder them.
Page 211
Flash (3)—Packets with flash precedence are filtered. ❍ Flash Override (4)—Packets with flash override precedence are filtered. ❍ CRITIC/ECP (5)—Packets with critical precedence are filtered. ❍ Internetwork Control (6)—Packets with internetwork control precedence are filtered. Nortel WLAN—Management Software 2300 Series Reference Guide...
❍ Network Control (7)—Packets with network control precedence are filtered. Select the ToS value in the TOS box. ❍ -1 (any)—All packets are subject to the ACE regardless of whether TOS is set. ❍ 0 (normal)—Packets with normal TOS defined are filtered. ❍...
Page 213
In the Task List panel, select ICMP Properties. Select or type the ICMP message type in the Type box. (See Select or type the ICMP message code in the Code box. (See Click OK. rate”.) Nortel WLAN—Management Software 2300 Series Reference Guide Table Table...
Table 2: ICMP Messages and Codes ICMP Message (Type Number) Echo Reply (0) Destination Unreachable (3) Source Quench (4) Redirect (5) Echo (8) Time Exceeded (11) Parameter Problem (12) Timestamp (13) Timestamp Reply (14) Information Request (15) Information Reply (16) To disable the capture option If an ACE has the capture option, you can disable the option by selecting the ACE, then selecting Disable Capture for this rule in the Task List panel.
Make sure that you do not specify duplicate mappings that specify the same port and tag value. In the port list, select the port to which you want to map the ACL. step step Nortel WLAN—Management Software 2300 Series Reference Guide “Authorization Attributes” (page step step...
You cannot map an ACL to an AP port or a wired authentication port. In the Direction list, select In to filter incoming packets or Out to filter outgoing packets. To map an ACL to a VLAN: In the Type list, select ID to identify the VLAN by number or Name to identify it by name. ❍...
The classification and marking performed by the switch depend on whether the ingress interface has an 802.1p or DSCP value other than 0, and whether the egress interface is tagged or is an IP tunnel.
Access the QoS tables: Select the Configuration tool bar option. In the Organizer panel, click the plus sign next to the WSS. Click the plus sign next to System. Select QoS. In the CoS column of the DSCP to CoS table, use the arrows to select the new value or type the new value.
Page 219
In the Organizer panel, click the plus sign next to the WSS. Click the plus sign next to System. Select QoS. In the Task List panel, select Reset to defaults. Click Save. Nortel WLAN—Management Software 2300 Series Reference Guide...
Page 220
220 Configuring WSS System Parameters NN47250-102 (320666-G Version 02.01)
Custom Service Profile—Provides wireless access based on the combination of options you choose. (Use this option only if none of the other options apply to the type of service you want to offer.) Wireless Service Parameters A wireless service consists of the following parameters: • Service profile Nortel WLAN—Management Software 2300 Series Reference Guide...
• Voice—Encrypted • Web-Portal—Clear • Open—Clear • Custom—Encrypted Based on service profile type: • 802.1X—None • Voice—None • Web-Portal—Web Portal • Open—Last Resort • Custom—Depends on access type(s) selected for service profile Blank (default page with Nortel logo is used)
Page 223
WLAN Management Software automatically sets are not configurable using the Service Profile wizards. To view all settings (except access rules) or change settings, select the service profile and click Properties. Nortel WLAN—Management Software 2300 Series Reference Guide Default Value Assigned by...
Access Rules The service profile wizards automatically create network access rules to control access to the SSIDs config- ured by the wizards. The access rules match on all usernames (or MAC addresses for voice service profiles). Table 2 lists the access rules automatically created by the service profile wizards. Table 2: Access Rules Automatically Created by Service Profile Service Profile Type 802.1X...
Page 225
• External RADIUS Server—No protocol is used by the WSS. The switch sends the authentication traffic to a RADIUS server for EAP processing. If you select PEAP, the EAP Sub-Protocol is MS-CHAPV2. For other protocols, the EAP Sub-Protocol is None. Other access types do not use EAP.
You can select both a server group and LOCAL. The switch tries the methods in the order they appear in the list, starting with the one at the top. • If you specify a RADIUS server group as the first method and a user is denied access by the RADIUS server, no authentication and authorization are attempted with the other methods specified in the list.
Page 227
VLAN attribute is not configured for the user on the RADIUS server or in the switch’s local database. Nortel WLAN—Management Software 2300 Series Reference Guide step 6, select the encryption algorithms to use. Otherwise, go to...
14 Select or create the local user in local user database 15 Select or create the radio profile to map to this service profile. By default, the default radio profile is selected. • To map the service profile to the default radio profile, leave default selected and go to step •...
Page 229
WEP-104—Used with dynamic WEP • WEP-40—Used with dynamic WEP 13 Click Next. 14 If you selected 802.1X Access or MAC Access in step 8, you can do the following: Nortel WLAN—Management Software 2300 Series Reference Guide step step step step...
Page 230
Key Index or WEP Multicast Key Index box. 17 Click Next. 18 Select or type the name of the VLAN into which you want the switch to place voice clients. 19 Click Next. Note. This step and the following step do not apply if the vendor selected in is Vocera.
Read the description of the wizard on the first page, then click Next. Edit the service name in the Name box. Editing the name is optional if this is the first service of this type you are configuring on the switch. Type the SSID name in the SSID box.
Page 232
Note. Clients are placed in this VLAN regardless of any other VLAN assignment. For example, if the VLAN-Name attribute assigns the user to another VLAN, the switch nonetheless places the user in the VLAN you specify here. 16 Click Next.
If you selected LOCAL as an authentication method, go to 19 Click Next. The users in the switch’s local database are listed. For convenience, you can add, modify, or delete users on this page. To add a user, click Create and see select the user and click Properties.
Page 234
Read the description of the wizard on the first page, then click Next. Edit the service name in the Name box. Editing the name is optional if this is the first service of this type you are configuring on the switch. Type the SSID name in the SSID box.
Note. Power must be available at the location where the Mesh AP is installed. Access the Mesh Service Profile wizard: In the Organizer panel, click on the plus sign next to the WSS switch to configure the service profile. Click on the plus sign next to Wireless.
Edit the service name in the Name field. Editing the name is optional if this is the first service of this type configured on the switch. Type the SSID name in the SSID field. Select Bridging to allow the AP to act as a bridge for wireless traffic destined for a wired network. Click Next.
Most of the settings on the WPA, RSN tab are explained in the sections on the service profile wizards. The TKIP Countermeasures Time specifies how many ms the switch will hold down traffic on the SSID if more than one Message Integrity Check (MIC) error occurs within a one-minute interval. You can specify from 0 to 60000 (one minute).
The exception is the shared-key authentication setting, which appears only on the Static WEP tab. Normally, you should enable shared-key authentication only if advised to do so by Nortel. If you want to enable shared-key authentication in a service profile, click the checkbox next to Shared Key Auth on the Static WEP tab.
The valid rates depend on the radio type and are the same as the mandatory rates. However, you cannot set the beacon rate to a disabled rate. The default depends on the radio type: • 802.11a—6.0 Nortel WLAN—Management Software 2300 Series Reference Guide...
Page 240
• 802.11b—2.0 • 802.11g—2.0 • Multicast rate—Data rate at which the radio sends multicast frames. The valid rates depend on the radio type and are the same as the mandatory rates. The default is Automatic, which sets the multicast rate to the highest rate that can reach all clients connected to the radio.
Select the service profile in the table. A set of tasks appears under Setup in the Task List panel. To display encryption settings and access rules, select one of the following in the Task List panel: Nortel WLAN—Management Software 2300 Series Reference Guide...
• 802.1X Access • MAC Access • Web Portal Access • Open Access To display the service profile’s access rules only, select Access Rules. To display an SSID’s encryption settings and access rules in an Access Rule table In the Organizer panel, click on the plus sign next to the WSS on which the service profile is configured.
SSID. If you want to specify the VLAN later when configuring the access rules, you can leave the VLAN Name box blank. 10 Click Next. Nortel WLAN—Management Software 2300 Series Reference Guide Settings”. “Modifying Access Rules”...
If the access type is Web Portal, the ACEs (ACL rules) that WLAN Management Software will configure for the Web-Portal service are listed. The ACEs are required to allow DHCP traffic while blocking all other traffic while a user is being authenticated. These ACEs are used only during authentication.
You can also create a radio profile as part of a domain policy and apply it to APs on different WSSs. Note. Nortel recommends that you create a new radio profile and leave the default radio profile unchanged as a backup.
Page 246
Select the radios in the Available Members list. Click Move. The radios are removed from the radio profile they are currently in and added to the new profile. Click Next. To map the radio profile to a service profile, select the service profile in the Available Service Profiles list and click Add.
WSS Software as interfering devices. A rogue is a device that is in the Nortel network but does not belong there. An interfering device is not part of the Nortel network but also is not a rogue. WSS Software classifies a...
Enable Long Preambles—Enables advertisement of long preambles for 802.11b/g radios. This option is enabled by default. This option applies only to 802.11b/g radios. NN47250-102 (320666-G Version 02.01) Countermeasures affect wireless service on a radio. When an AP Nortel WLAN Security Switch 2300 Series Configuration Guide.) Nortel WLAN Security Switch...
You can specify from 0 to 65535 seconds. The default channel interval is 3600 seconds. Nortel recommends that you use an interval of at least 300 seconds (5 minutes). If you set the interval to 0, RF Auto-Tuning does not reevaluate the channel at regular intervals.
The Auto-DAP profile assigns a Distributed AP number and name to the AP, from among the unused valid AP numbers available on the switch. The Auto-DAP profile also configures the AP with the AP and radio parameter settings in the profile.
AP with low bias. The default is High. If the bias for all connections is the same, the AP selects the switch that has the greatest capacity to add more active APs.
10/100 Ethernet link and connects to wireless users through radio signals. To configure the WSS to support an AP, you must first determine how the AP will connect to the switch. There are two types of AP to WSS connections: direct and distributed.
Layer 2 or Layer 3 wired networking devices. Configure a Distributed AP for each indirectly connected AP. Table 3 lists how many APs you can configure on a WSS, and how many APs a switch can boot. The numbers are for directly connected and Distributed APs combined.
In the Fingerprint box, type the 16-digit hexadecimal number of the AP’s encryption fingerprint. Use either of the following formats: • 11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00 • 1122:3344:5566:7788:99aa:bbcc:ddee:ff00 An AP’s fingerprint is the hash value of the AP’s public encryption key. The fingerprint is displayed on a label on the back of the AP, and is labeled RSA key.
Page 255
Note. You cannot configure any gigabit Ethernet port, or port 7 or 8 on a 2360/2361 switch, or port 1 on a 2350 switch, or port 3 on a 2382 switch, as an AP port. To manage an AP on either a 2380 or 2382 switch, configure a Distributed AP connection on the switch.(See...
Page 256
To select the radio type for a single-radio model, click the AP Radio Type box and select the radio type from the list: • 11b—802.11b only • 11g—802.11b/g Click Next. Note. The non-editable number (1 or 2) indicates the radio number on the AP. Configure the radios: To enable the radio, select Enabled.
AP with low bias. The default is High. If the bias for all connections is the same, the AP selects the switch that has the greatest capacity to add more active APs. For example, if an AP is dual homed to two 2380 or 2382 switches, and one of the switches has 50 active APs while the other switch has 60 active APs, the new AP selects the switch that has only 50 active APs.
Select Enable POE to enable power over Ethernet on the port Click Finish. To create a distributed redundant connection for an AP, select the AP, click Create, and select Distributed Connection from the list. Select the WSS to which the AP establishes a distributed connection. Set the bias to High or Low.
AP. The setting applies to all Distributed APs booted and managed by the switch. A change to this setting affects only new management sessions established after you deploy the change to the switch. The change does not affect existing sessions.
Page 260
If the bias for all connections is the same, the AP selects the switch that has the greatest capacity to add more active APs. For example, if an AP is dual homed to two 2380 or 2382 switches, and one of the switches has 50 active APs while the other switch has 60 active APs, the new AP selects the switch that has only 50 active APs.
Page 261
You can specify from 1 to 20. Enabel Load Balance, Load Balance Group and Rebalance Clients 14 To configure settings for AP redundancy, click the AP Redundancy tab. 15 Click OK. Nortel WLAN—Management Software 2300 Series Reference Guide 245).)
External antenna selector guides for AP-2330, AP-2330A, AP-2330B and Series 2332 APs Table 5: External Antenna Selector guide for AP-2330/AP-2330A/AP-2330B and Series 2332 APs for indoor operation Nortel Model Cushcraft Number S2403BHN36RSM DR4000072E6 (Discontinued) S2403BPXN36RSM DR4000088E6 (Replaces DR4000072E6) S2406PN36RSM DR4000075E6...
Page 263
5.47 -5.725 GHz and 4.4 dBi from 5.725 - 5.85 GHz. It is 7" in height, and has a 3-foot cable with a Reverse SMA con- nector. For use in Warehouses, Auditoriums, Shopping Malls, industrial complexes and other locations. Nortel WLAN—Management Software 2300 Series Reference Guide...
Page 264
Table 5: External Antenna Selector guide for AP-2330/AP-2330A/AP-2330B and Series 2332 APs for indoor operation S51514WPN36RSM DR4000071E6 S4901790PN36RS DR4000090E6 SR49120DAN36RS DR4000091E6 Nortel Cushcraft Model Number S24493DSN36RSM DR4000078E6 NN47250-102 (320666-G Version 02.01) 5133 WLAN Directional Patch Panel Antenna with an average gain of 13.1 dBi from 5.15 - 5.25 GHz, 13.0 dBi from...
Page 265
To be used with the outdoor NEMA enclosure only. Output power is compensated for the addition of the 10-foot plenum NEMA-25 rated cable, the lightning protection circuitry and the 25-foot outdoor rated extension cable. Nortel WLAN—Management Software 2300 Series Reference Guide...
Page 266
S2409PN36RSM DR4000076E6 NN47250-102 (320666-G Version 02.01) 24493- Output power is compensated for the addition of lightning pro- tection circuitry and the 10-foot plenum rated cable. 24493- The "10" refers to the addition of the 10-foot outdoor-rated LMR-240 extension cable. Output power is compensated for the OUT-10 addition of the 10-foot plenum rated cable, the lightning protec- tion circuitry and the 10-foot outdoor rated extension cable.
Page 267
To be used with the outdoor NEMA enclosure only. Output power is compensated for the addition of the 10-foot plenum NEMA-25 rated cable, the lightning protection circuitry and the 25-foot outdoor rated extension cable. Nortel WLAN—Management Software 2300 Series Reference Guide...
Page 268
S241290PN36RSM DR4000086E6 NN47250-102 (320666-G Version 02.01) 24143- Output power is compensated for the addition of lightning pro- tection circuitry and the 10-foot plenum rated cable. 24143- The "10" refers to the addition of the 10-foot outdoor-rated LMR-240 extension cable. Output power is compensated for the OUT-10 addition of the 10-foot plenum rated cable, the lightning protec- tion circuitry and the 10-foot outdoor rated extension cable.
Page 269
To be used with the outdoor NEMA enclosure only. Output power is compensated for the addition of the 10-foot plenum NEMA-25 rated cable, the lightning protection circuitry and the 25-foot outdoor rated extension cable. Nortel WLAN—Management Software 2300 Series Reference Guide...
Page 270
Nortel Model Cushcraft Number S5153WBPN36RSM DR4000070E6 NN47250-102 (320666-G Version 02.01) 24113- Output power is compensated for the addition of lightning pro- tection circuitry and the 10-foot plenum rated cable. 24113- The "10" refers to the addition of the 10-foot outdoor-rated LMR-240 extension cable.
Page 271
To be used with the outdoor NEMA enclosure only. Output power is compensated for the addition of the 10-foot plenum NEMA-10 rated cable, the lightning protection circuitry and the 10-foot outdoor rated extension cable. Nortel WLAN—Management Software 2300 Series Reference Guide...
Viewing and Changing Radio Settings You can configure AP radio settings when you configure the APs. You also can view or change radio settings after the APs are configured. Viewing Radio Settings Select the Configuration tool bar option. In the Organizer panel, click the plus sign next to the WSS. Click the plus sign next to Wireless.
OK to close the wizard also saves the changes. Viewing and Changing RF Detection Settings This section contains procedures for configuring RF detection on an individual switch. For an overview of RF detection and for specific information about the configuration options, see Note.
Adding an Entry to the Permitted Vendor OUI List Access the RF detection settings: Select the Configuration tool bar option. In the Organizer panel, click the plus sign next to the WSS. Click the plus sign next to Wireless. Select RF Detection. In the Task List panel, select Vendor OUIs.
Access the RF detection settings: Select the Configuration tool bar option. In the Organizer panel, click the plus sign next to the WSS. Click the plus sign next to Wireless. Select RF Detection. Nortel WLAN—Management Software 2300 Series Reference Guide...
WSS Software as interfering devices. A rogue is a device that is in the Nortel network but does not belong there. An interfering device is not part of the Nortel network but also is not a rogue. WSS Software classifies a device as an interfering device if no client connected to the device has been detected communicating with any network entity listed in the forwarding database (FDB) of any WSS in the Mobility Domain.
Viewing and Configuring Users in the Local Database The WSS contains a local database that can store user information for a Nortel WLAN 2300 System. You can use the local database to create users and authenticate them, or you can use the local database in conjunction with a RADIUS server.
You can create two types of users in the local database: • Named users—These users are authenticated by username and password and are assigned to specific VLANs. Users include administrators and network users. You can group these users by creating user groups, in order to simplify configuration.
“Viewing and Configuring VLANs” (page for a description of user attributes and their values. for each attribute value you want to change. Nortel WLAN—Management Software 2300 Series Reference Guide step 196). 196).
Creating a MAC User Access the Create MAC User wizard: Select the Configuration tool bar option. In the Organizer panel, click the plus sign next to the WSS. Click the plus sign next to AAA. Select Local User Database. In the Task List panel, select Create MAC Address User. In the User MAC Address box, type the MAC address for the user device, using colons (:) as delimiters.
In addition to these values, you can specify a sum of them for a combination of allowed encryption types. For example, to specify WEP_104 and WEP_40, use 24. Nortel WLAN—Management Software 2300 Series Reference Guide “Viewing and Configuring VLANs” step...
Page 282
208).) • Use acl-name.out to filter traffic sent from the switch to users via an AP access port or wired authentication port, or from the network via a network port. Note: If the Filter-Id value returned through the...
Page 283
Name of the SSID you want the user to use. The SSID must be configured in a service profile, and the service profile must be used by a radio profile assigned to Nortel radios in the Mobility Domain. Date and time, in the following format: YY/MM/DD-HH:MM You can use start-date alone or with end-date.
Page 284
Time-Of-Day range or the Session-Timeout duration (if set) expires, whichever is shorter. Note: Time-Of-Day is a Nortel vendor-specific attribute (VSA). The vendor ID is 562, and the vendor type is 244. time-of-day (cont.) URL to which the user is...
RADIUS server groups can authenticate administrators and network users. You can specify up to four RADIUS server groups for AAA services in a Nortel WLAN 2300 System. Note. Although you can use the local database on the WSS to authenticate users, Nortel recommends using RADIUS to accommodate the large number of users in an enterprise network.
Viewing RADIUS Settings, Servers, and Server Groups Select the Configuration tool bar option. In the Organizer panel, click the plus sign next to the WSS. Click the plus sign next to AAA. Select RADIUS. The RADIUS servers, server groups, and default settings appear. Creating a RADIUS Server Access the Create RADIUS Server wizard: Select the Configuration tool bar option.
MAC addresses or for non-802.1X users of third-party APs. Neither of these user types has a regular username or password. The default authorization password is nortel. Changing the password applies both to MAC users and to last-resort users.
Authorization password • Use of the WSS’s system IP address as the source address for RADIUS packets from the switch When you create a new RADIUS server, the default settings apply to the new server. To change default values for RADIUS parameters Access the RADIUS defaults: Select the Configuration tool bar option.
MAC addresses or for non-802.1X users of third-party APs. Neither of these user types has a regular username or password. The default authorization password is nortel. Changing the password applies both to MAC users and to last-resort users.
You can configure 802.1X authenti- cation parameters for an individual WSS or for a domain policy. Caution! 802.1X parameter settings are global for all SSIDs configured on the switch. Viewing Global 802.1X Settings Select the Configuration tool bar option.
Page 291
AAA server with the rest of the authorization attributes for that client. 12 To enable WEP key rolling (rotation) of the broadcast and multicast WEP keys, select WEP Key Rolling. Nortel WLAN—Management Software 2300 Series Reference Guide...
Select the Configuration tool bar option. In the Organizer panel, click the plus sign next to the WSS. Click the plus sign next to AAA. NN47250-102 (320666-G Version 02.01) 299). Nortel WLAN Security Switch 2300 Series “Viewing and Configuring WSS...
Page 293
2 (MS-CHAP-V2). Select this protocol for wireless clients. • Uses TLS for encryption and data integrity checking. • Provides MS-CHAP-V2 mutual authentication. • Only the server side of the connection needs a certificate. Nortel WLAN—Management Software 2300 Series Reference Guide...
Page 294
• Pass-Through—No protocol is used by the WSS. Nortel WLAN Security Switch 2300 Series (WSS Software) sends the EAP processing to a RADIUS server. If you select PEAP, the EAP Sub-Protocol is MS-CHAPV2. For other protocols, there is no the EAP Sub-Protocol to select.
To match only on a specific SSID name, select or type the name in the SSID box. • If the rule is for access through a wired authentication port, select Wired. Nortel WLAN Security Switch 2300 Series Nortel WLAN—Management Software 2300 Series Reference Guide...
Page 296
00:01:02:03:04:0* Click Next. If the authentication rule is disabled, select Enabled. When a rule is disabled, WLAN Management Software does not add it to the switch’s configuration. Select the authentication method(s) in the Available RADIUS Server Groups list and click Add.
Select Web Access Rules. The configured Web network access rules appear. Creating a Web-based AAA Network Access Rule Access the Create Web Network Access wizard: Nortel WLAN Security Switch 2300 Series Configuration Nortel WLAN—Management Software 2300 Series Reference Guide step Guide.
Page 298
Click Next. If the authentication rule is disabled, select Enabled. When a rule is disabled, WLAN Management Software does not add it to the switch’s configuration. Select the authentication method(s) in the Available RADIUS Server Groups list and click Add.
To enable this accounting rule for the SSID, select Enabled. By default, accounting rules you configure in WLAN Management Software are disabled, which means WLAN Management Software does not add the rules to the switch’s configuration. Select one of the following record options: •...
Click Next. If the authentication rule is disabled, select Enabled. When a rule is disabled, WLAN Management Software does not add it to the switch’s configuration. Select the authentication method(s) in the Available RADIUS Server Groups list and click Add.
Click Next. If the authentication rule is disabled, select Enabled. When a rule is disabled, WLAN Management Software does not add it to the switch’s configuration. Select the authentication method(s) in the Available RADIUS Server Groups list and click Add.
Note. For information about configuration requirements on the third-party AP, see the “Configuring AAA for Users of Third-Party APs” section in the “Configuring AAA for Network Users” chapter of the Nortel WLAN Security Switch 2300 Series Configuration Viewing Settings for Third-Party AP AAA Support Select the Configuration tool bar option.
Add. An authentication method specifies where the switch will look for user information to authenticate users. You can select a RADIUS server group, LOCAL (the switch’s local user database), or both. WSS Software tries the methods in the order they appear in the Current RADIUS Server Groups list.
If the location policy contains multiple rules, WSS Software compares the user informa- tion to the rules one at a time, in the order the rules appear in the switch’s configuration file, beginning with the rule at the top of the list. WSS Software continues comparing until a user matches all conditions in a rule or until there are no more rules.
In ACL Name—ACL applies to packets sent to the WSS (See • Out ACL Name—ACL applies to packets sent from the WSS (See • VLAN Name (See step 14.) Nortel WLAN—Management Software 2300 Series Reference Guide step 12.) step 13.)
After creating a Mobility Profile, you can assign it to users created in the local WSS user database, or users who are authenticated and authorized by a RADIUS server. You assign the name of the Mobility Profile by using the Mobility-Profile RADIUS attribute, which is a Nortel vendor-specific attribute (VSA). Viewing Mobility Profiles Select the Configuration tool bar option.
Page 307
All—Include all Distributed APs. • Selected—Include a selected list of Distributed APs. • None—Include no Distributed APs. If you select Selected, select the individual APs in the Available Distributed APs list and click Add. Click Finish. Nortel WLAN—Management Software 2300 Series Reference Guide...
Page 308
308 Configuring Authentication, Authorization, and Accounting Parameters NN47250-102 (320666-G Version 02.01)
Staging a WSS for Configuration by WLAN Management Software ... . 312 Preconfiguring a switch in WLAN Management Software ....316 You can use WLAN Management Software Services running in your corporate network to configure WSSs in remote offices.
Page 310
IP address of the host where WLAN Management Software Services are installed. The person at the remote office powers on the 2350, and inserts a paperclip or similar object into the 2350’s factory reset hole to press the factory reset switch and then power on the 2350.Normally, the factory reset LED (the right LED above port 1) remains solidly lit for 3...
The person at the remote office powers the switch on. The switch boots using the configuration created during staging. The switch either uses its DHCP client to obtain an IP address from a local DHCP server, or uses a statically configured address. This depends on the switch’s preconfiguration.
The WLAN Management Software Services option to always accept self-signed certificates must be enabled. This is required if you are using the drop-ship option with a 2350, or you have staged any model switch with a self-signed certificate. (This option is disabled by default.) •...
You can enable the switch to use the WSS Software DHCP client to obtain this information from a DHCP server in the local network where the switch will be deployed. Alternatively, you can statically configure the information. The IP address and DNS information are configured independently. You can configure the combination of settings that work with the network resources available at the deployment site.
WSS# save config success: configuration saved. Power off or restart the switch. Example 3: Deployment Site has DNS but no DHCP The deployment site in this example does not have a DHCP server but does have a local DNS server. The configuration is similar to Example 1, but includes DNS configuration information instead of an IP alias.
Corporate DNS Domain The deployment site in this example has a DHCP server, so the switch’s DHCP client is enabled. Static IP address and default router (gateway) information are not required. The site also has a local DNS server. However, the local DNS domain name is different from the corporate DNS domain name where WLAN Management Software Services are located.
Power off or restart the switch. Preconfiguring a switch in WLAN Management Software If you know the switch’s serial number, use the following procedure to set up the switch’s configuration in WLAN Management Software. Start WLAN Management Software Services. Start a WLAN Management Software client and connect to WLAN Management Software Services.
Leave WLAN Management Software Services running, with the network plan open. When the switch is powered on at the remote site (and the factory reset switch is pressed, if a 2350), the switch contacts WLAN Management Software Services to request a configuration.
The person at the remote office powers on the new switch. If the switch is a 2350, the person at the remote office also inserts a paperclip or similar object into the 2350’s factory reset hole to press the factory reset switch. Normally, the factory reset LED (the right LED above port 1) remains solidly lit for 3 seconds after power on.
Plug the network cables into the new switch. Plug the power cord into the new switch. Perform this step only if the switch is a 2350 and was not prestaged by your network administrator. While the switch is powering on, insert a paperclip or similar object into the 2350’s factory reset hole to press the factory reset switch.
Page 320
320 Configuring WSSs Remotely Normally, the factory reset LED (the right LED above port 1) remains solidly lit for 3 seconds after power on. However, when the factory reset switch is pressed, the LED flashes for 3 seconds instead. NN47250-102 (320666-G Version 02.01)
XML format. (See “Importing and Exporting Switch Configuration Files” (page Import Creates a new WSS in a network plan, by copying a switch configuration file configuration stored on a server. (See “Importing and Exporting Switch Configuration Files” (page Devices Tab The Devices tab allows you to manage configuration changes for WSSs in the network plan.
Page 323
List the tasks performed using the Devices tab. (See “Viewing the Operation Log” (page Cancel a scheduled task, such as an image deployment. (See “Canceling a Scheduled Operation” (page Nortel WLAN—Management Software 2300 Series Reference Guide 326)) 326).) 326).) 326).) 162).) 331).)
(See “Rebooting WSSs or APs” (page Enable WLAN Management Software management of WSSs. (See “Enabling or Disabling Management of a Switch by WLAN Management Software” (page Disable WLAN Management Software management of WSSs. (See “Enabling or Disabling Management of a Switch by WLAN Management Software”...
Whenever configuration changes occur to a switch, WLAN Management Software alerts you that changes have occurred. If a configuration change occurs on a switch in the network or in the network plan, so that the network and network plan are out of sync, WLAN Management Software displays a message in a popup window to alert you that a change has occurred.
The status is shown in the Network Status and Local Status columns. Deploying Switch Configuration Changes You can deploy changes immediately or schedule them to be deployed later. When you deploy changes to a WSS, all of the changes are sent as a single transaction. If any parameter is unsuccessfully changed, the entire transaction is rolled back.
Page 327
Edit the start date and time. (The date and time are based on the date and time on the machine where WLAN Management Software Services is installed.) Click OK. Nortel WLAN—Management Software 2300 Series Reference Guide 335).) 331).) “Verifying...
Synchronizing when the Network and WLAN Management Software have Nonmatching Changes If a WSS in the network has configuration changes, and the switch’s counterpart in the network plan also has changes but the changes are different, you still can synchronize the changes.
To use a new system image, you must reboot the WSS. For more information, see (page 330). Note. Nortel recommends that you use the Verification tab to resolve any configuration errors or warnings before you distribute system images. Note. Before you can distribute an image, you must add it to the image repository. (See “Using the Image Repository”...
In the Task List panel, select Reboot WSS and APs. Information about the rebooting process is shown in the Status column. Click Close. To reboot APs without rebooting the switch Select the Devices tool bar option. At the bottom of the Task List panel, select Device Operations.
The operation log displays information about the operations you perform using the Devices options. To display the operation log Select the Devices tool bar option. At the bottom of the Task List panel, select Device Operations. In the Task List panel, select View Operation Log. Nortel WLAN—Management Software 2300 Series Reference Guide...
• The import option enables you to create a WSS in the network plan by importing configuration files in Extensible Markup Language (XML) format. You also can update the configuration of a switch that is already in the plan. •...
For each WSS whose configuration you want to export, make sure the Export checkbox is selected. Click Export to begin the exporting process. Messages appear in the Status column in the WSS List box and the Results box. Nortel WLAN—Management Software 2300 Series Reference Guide step 6 “Modifying Basic...
The configuration is saved in the directory that you specified. To close the Export Configurations dialog box, click Close. Modifying Configuration Change Polling Options By default, WLAN Management Software client polls WSSs in the network every 15 minutes for network changes, and displays a popup message if changes are detected.
Resolving an Error or Warning ......... 336 WLAN Management Software uses a set of rules to verify WSS configurations. Changes to a switch’s configuration in WLAN Management Software or in the live network are automatically evaluated by comparing the changes to the rules.
WLAN Management Software opens the configuration wizard for the configuration item. For example, if you create a new WSS called dang-2350 but you do not specify the system IP address of the switch, the error message System IP address is not assigned or is invalid appears in the Message area. To correct the error, click on Edit dang-mxr2 in the Resolutions section.
When you upload a switch from the network into WLAN Management Software. WLAN Management Software verifies the switch’s entire configuration by default each time a change occurs. In addition, WLAN Management Software allows you to deploy or export configuration changes that cause error messages by default.
Note. Nortel recommends that you do not deploy a network plan that contains configuration errors. Allowing configuration errors to be deployed to the network can affect network stability.
Page 339
To disable only specific instances: Select Disable Selected Instances. The individual instances of the rule are listed. Click next to the instances you want to disable, then go to 10 Click Close. Nortel WLAN—Management Software 2300 Series Reference Guide step step step...
Page 340
340 Verifying Configuration Changes NN47250-102 (320666-G Version 02.01)
Distributing Certificates to WSSs ........343 A digital certificate is a form of electronic identification for computers. The Nortel WLAN 2300 System supports the following types of X.509 digital certificates:...
Processing Certificates When WLAN Management Software client connects to WLAN Management Software Services or to a WSS that presents a certificate that is unknown to WLAN Management Software client, the Certificate Check dialog box appears. The dialog shows information about the certificate and allows you to accept or reject the certifi- cate and therefore accept or reject the connection.
In the Managed Devices list, select the WSSs to which you want to distribute the certificate. To select more than one WSS, press Shift while clicking to select contiguous items, or press Ctrl while clicking to select noncontiguous items. In the Task List panel, select Distribute Certificates. Nortel WLAN—Management Software 2300 Series Reference Guide...
Page 344
• Admin—To install an administrative certificate Click Start Download. Download progress appears in the Status column. When the download process is complete, you see a message indicating that the certificate was installed on the selected switch(es). NN47250-102 (320666-G Version 02.01)
However, after you have associated a policy with at least one switch, any changes you later make to the policy are not automatically applied to any switches. To apply the changes you make to a policy to the switches associated with that policy, you must explicitly reapply the policy to the switches.
Select the feature areas you want to set in the policy. When you apply the policy to a switch, all parameter settings from all the feature areas you select are applied to the switch. This includes any settings you leave at their default settings in the policy.
Click the Notification tab and select the severity levels for which WLAN Management Software should send an email notification. You can select severity levels for the following categories: • Performance • Security • Client “Classifying and Organizing Alarms” (page “Classifying and Organizing Alarms” (page Nortel WLAN—Management Software 2300 Series Reference Guide 350)). 350)).
• System “Classifying and Organizing Alarms” (page 350) Enter the appropriate email address in the Email Address field at the bottom of the screen. Click the Database Maintenance tab. The Database Maintenance tab allows you to specify how many faults to store in the database and the number of days to keep uncleared faults. In addition, use this tab to specify the number of days to keep active Critical, Major, Minor, and Informational alarms in the database.
Page 351
Last Updated By, Generated By, Transmitter MAC Address, SSID, and Number of Events. The Events tab in the information pane provides additional details about a specific alarm, as shown in the screen below. Nortel WLAN—Management Software 2300 Series Reference Guide...
Search Capabilities You can sort system faults based on any of the columns in the table. WLAN Management Software sorts fault events on the date of occurrence as Today, Yesterday, Last Week, or Last Month. WLAN Management Software can also sort faults based on Category, Source, Severity, and Time.
Each fault has an associated state, such as Active, Acknowledged, or Cleared. Whenever the state of a fault is changed (for example, from Active to Acknowledged) WLAN Management Software automatically revises the last update time. The following diagram illustrates how the state of a fault changes during the fault management process. Nortel WLAN—Management Software 2300 Series Reference Guide...
Managing Faults By performing various tasks, such as acknowledging, unacknowledging, and deleting faults; you can manage all of the various alarms in WLAN Management Software. For some faults, WLAN Management Software provides a predeter- mined task list that guides you through performing appropriate tasks and resolutions. Furthermore, when the same operation can manage more than one fault, you can select those multiple faults, and then perform the same appropriate fault management operation simultaneously.
The WLAN Management Software Fault Management System displays alarm data in three ways: in bar graphs, pie charts, or tables. The default view is the graphical representation of alarms. However, you may switch between the chart and table views by clicking the tabular icon or the graph icon, as mentioned in...
Page 356
To view only category data, click Alarms by Category in the list at the bottom of the screen. To view only severity data, click Alarms by Severity in the list at the bottom of the screen. Viewing Alarm Summary Information in Pie Chart Format You can view alarm summary information via pie charts in two different formats: by category and by severity.
To view a table of all alarms in WLAN Management Software, click the Details button in the Top 5 Sources of Alarms section. Performing this action produces the same effect as clicking the show table icon. Nortel WLAN—Management Software 2300 Series Reference Guide...
Indicates that WSS Software has detected a wireless packet with the source MAC address of a Nortel AP, but without the spoofed AP’s signature (fingerprint). Indicates that WSS Software has detected beacon frames for a valid SSID, but sent by a rogue AP.
Page 359
In the table view that displays (shown as follows), hypertext numbers link to filtered lists that contain only the alarms for that row and column that contain the hypertext. Nortel WLAN—Management Software 2300 Series Reference Guide Description Indicates that WSS Software has detected an associate request flood, reassociate request flood, or disassociate request flood.
(IDS) and Denial of Service (DoS) protection. (For more information about IDS notification, see System (IDS) Alarms” (page 358). To enable notifications on a switch, see To view DoS alarms in chart format, click the chart icon at the bottom left corner of the DoS Alarms section of the WLAN Management Software screen.
Page 361
Click a row in the lower pane to view all of the details for the alarm, or click Event Details in the Alarms panel on the right. WLAN Management Software will display a window similar to the one shown in the following screen. Nortel WLAN—Management Software 2300 Series Reference Guide...
Click Close in the lower right corner. Reporting Faults WLAN Management Software provides the capability to export fault data in the form of reports. You can generate the following reports: • Alarm Summary—The Alarm Summary report provides the total number of current faults in the system and identifies them by type, source, severity or state.
WLAN Management Software allows you to sort the faults by source, severity, or category. Perform the following steps to generate an Alarm History report: Click Alarm History in the options located on the right side of the Fault Management panel under Reports. Nortel WLAN—Management Software 2300 Series Reference Guide...
Page 364
The following Alarm History Report dialog box will display: Select the desired Report Scope type from the list. You can select one of the following scope types: • Network Plan • Mobility Domain • Site • Building • Floor Select the desired Report Scope instance from the list. Enter the date you would like the report to begin in the Start Date field or navigate to the desired date from the calendar.
Displays the Export Data dialog box, which enables you to save log data into a file. Refresh Refreshes event data. Show Event Displays details for the currently selected message. Details Show Filters Toggles display of the filter tabs. Nortel WLAN—Management Software 2300 Series Reference Guide...
Refreshing Event Data By default, the event data is refreshed whenever the WLAN Management Software client generates a new message for itself, or receives a new message from the WLAN Management Software service. To disable automatic refreshing of events, clear the Auto-update checkbox and click Apply. (The checkbox is located on the Filters tab.) To manually refresh events at any time, click the Refresh icon on the Event log’s toolbar.
Page 367
In the End box, click the arrow to use the calendar to specify the day, month, and year. ❍ Specify the end time. In the Show list, select one of the following: • All—To see all log entries Nortel WLAN—Management Software 2300 Series Reference Guide...
• Last—To see a specified number of entries at the bottom of the log • First—To see a specified number of entries at the top of the log If you selected All, go to In the Matching Entries box, type the number of log entries you want to see. The maximum number of entries you can specify depends on the number of entries in the log.
By default, this option is selected. The existing file is copied to a file with a .bak extension. Click Export. You can see the status of the export process in the Results box. Click Close. Nortel WLAN—Management Software 2300 Series Reference Guide...
Page 370
370 Using the Event Log NN47250-102 (320666-G Version 02.01)
• Radio Details • Traffic reports: • Traffic • Rogue reports: • Rogue Details • Rogue Summary • RF Planning reports: • Site Survey Order • Work Order • Alarm reports: • Alarm Summary • Alarm History • Security • Client OUI When you generate a report, you can specify the scope of the report and the location where WLAN Management Software saves the report.
Page 373
In the Task panel, choose the Setup>Schedule Reports option to display the Schedule Reports dialog (shown below). From the Task panel, Choose Setup>Add Schedule option to start the Create Schedule wizard (shown below). Nortel WLAN—Management Software 2300 Series Reference Guide...
Configure scheduling options in the “Select Schedule” window of the Create Schedule wizard. Click Next to move to the Select Reports window (shown below). In the Select Reports window, select the reports to be generated and enter the e-mail address(es) to which they will be sent.
Enable Rogue Detection None. Information comes from the network plan. None. Information comes from SNMP. Traps must be enabled on the WSSs and WLAN Management Software Services must be enabled as a trap receiver. Nortel WLAN—Management Software 2300 Series Reference Guide...
Generating a Mobility Domain Configuration Report The Mobility Domain configuration report lists information for all the WSSs in a Mobility Domain, including the VLANs, radio and service profiles, and RADIUS server groups and servers configured on the switch(es). To generate a Mobility Domain configuration report Select the Reports tool bar option.
Select the Reports tool bar option. In the Reports list, select WSS Configuration. Click Generate. In the Report Scope Instance drop-down list, select the switch for which you want the report. Note. The scope is always WLAN—Security Switch and cannot be changed.
Access Control Lists (ACLs) configured on the switch. Directly connected APs configured on the switch. Radio profiles configured on the switch. Service profiles configured on the switch. 802.1X parameters configured on the switch. RADIUS server groups and servers configured on the switch.
To generate a client details report Select the Reports tool bar option. In the Reports list, select Client Details. Click Generate. Click Add to add a report filter. The filter configuration fields are activated. “Changing Monitoring Settings” Nortel WLAN—Management Software 2300 Series Reference Guide...
Select the Reports tool bar option. In the Reports list, select Client Errors. Click Generate. Select the scope type of the report from the Report Scope Type drop-down list: • Mobility Domain • WLAN—Security Switch • Site • Building • Floor NN47250-102 (320666-G Version 02.01)
Select the instance for which you want the report. For example, if the scope is Building, select the building. Select the time period for the report: • 1 Hour • 24 Hours • 7 Days 466).) Nortel WLAN—Management Software 2300 Series Reference Guide...
Select the Reports tool bar option. In the Reports list, select Network Usage. Click Generate. Select the scope type of the report from the Report Scope Type drop-down list: • Mobility Domain • WLAN—Security Switch • Network Plan • Site • Building •...
Select the time period for the report: • 1 Hour • 24 Hours • 7 Days • 30 Days Click Next. When the report is generated, click the report link to view it. 466).) Nortel WLAN—Management Software 2300 Series Reference Guide...
The RF summary report contains the following sections: • Cumulative data for the scope of the report • Detailed data for each WSS within the scope of the report Generating a Radio Details Report The radio details report lists details about an individual radio. Note.
Click Generate. Select the scope type of the report from the Report Scope Type drop-down list: “Changing Monitoring Settings” step 7 for each user you want to display details for. “Changing Monitoring Settings” Nortel WLAN—Management Software 2300 Series Reference Guide...
• Mobility Domain • Site • Building • Floor Select the instance for which you want the report. For example, if the scope is Building, select the building. Select the time period for the report: • 1 Hour • 24 Hours •...
Select the instance for which you want the report. For example, if the scope is Building, select the building. Edit or select the start and end dates and times for the history. Click Next. When the report is generated, click the report link to view it. Nortel WLAN—Management Software 2300 Series Reference Guide...
Generating a Security Alarm Report The security alarm report provides information about security alarms. To generate a security alarm report Select the Reports tool bar option. In the Reports list, select Security. Click Generate. When the report is generated, click the report link to view it. Generating an Alarm Report for Client OUIs The client OUI report provides information about client-related alarms.
Generating a Work Order A work order provides all of the necessary information for the physical installation of the Nortel WLAN 2300 System. A work order shows where the APs should be installed, WSS initial setup configuration information, and projected RSSI information that is useful when verifying the installation.
Page 390
• RSSI Projections • Show Disabled APs (only available if RSSI Projections is selected) • Show RF Coverage On Entire Floor (only available if RSSI Projections is selected) • Show Unreachable APs (only available if RSSI Projections is selected) • Show APs on Other Floors (only available if RSSI Projections is selected) Select the language: •...
The Monitor function displays information retrieved from the WLAN Management Software service. Information is presented in the following views under the Monitor tool bar option: • Status Summary—Shows the high-level status for Nortel equipment. • Client Summary—Shows activity, errors, and session information for network clients.
Distributed Networks with Remote Sites Distributed networks with remote sites have a large number, possibly hundreds, of smaller switches, such as 2350, 2360 or 2361 devices, spread across a variety of sites; for example, branch offices or a chain of stores. Each site has relatively few APs and clients.
WSS has the most traffic load? The Alarms Summary, Clients, and Traffic sections provide buttons so that you can switch between graphical and tabular views in the same panel. These buttons allow you to see the data behind each graph.
• Pie chart • Bar chart • Stacked-bar charts While WLAN Management Software collects graphical or tabular data, it might take longer to display data in one area than it does in another. Consequently, WLAN Management Software will show the message “Loading data, please wait,”...
The following screen provides a close-up view of the Status Summary table. This table is an example of the type of data that WMS displays in the Status Summary section of the dashboard. Nortel WLAN—Management Software 2300 Series Reference Guide...
Status Monitor view. In the previous screen, the blue numbers in the table are hyperlinks. Click on one of the hyperlinks to open the Status Monitor panel. You can also click the Details button to switch the view from Status Summary to the Status Monitor panel.
Page 397
Admin State • Locked • Unlocked • Operational State • Up (enabled) • Down (disabled) • Usage State • Active • Idle • Busy • Availability Status • Failed • Degraded • Powered Off Nortel WLAN—Management Software 2300 Series Reference Guide...
Click the tabular icon chart and table views. The following screen shows the default Alarm Summary view. Notice that the graph icon is selected. NN47250-102 (320666-G Version 02.01) or the graph icon to switch between the...
There are three ways to view Alarm Summary details. Like the Status Summary table, blue numbers are hyperlinks. Click on a hyperlink to view the details for that item. You can also click the Details button to switch from the Alarm Summary view to the Alarm Monitor panel, or select Alarms from the navigation bar.
Page 400
400 Monitoring the Network By clicking the Details button, the display will show the Alarms dashboard, and your results will be unfiltered. WLAN Management Software will display all of the alarms in tabular format. The results will be similar to those shown in the following screen.
Page 401
Monitoring the Network 401 Click on a row to view the details of a specific alarm in the tabular view (shown in the following screen). Nortel WLAN—Management Software 2300 Series Reference Guide...
Page 402
402 Monitoring the Network After clicking on a row, WLAN Management Software will display more information for the specific alarm in the lower pane. Click a row in the lower pane to view all of the details for the alarm. WLAN Management Software will display a window similar to the one shown in the following screen.
Additional Alarm Options Additional alarm options are available from the Alarms dashboard. These options are located in the upper right side of the screen and include the following: • Alarms • Event Details Nortel WLAN—Management Software 2300 Series Reference Guide...
Page 404
• History • Setup • Manage • Acknowledge • Delete • Reports • Alarm Summary • Alarm History • Related Tasks • Add to Rogue List • Add to Ignore List • Create Third-Party AP The options are either active or inactive for each alarm. Click on an active option to see more information. Inactive options will be gray.
Client by WSS. The first screen shows the information represented using a chart, the second shows the information represented in tabular format. to switch between the chart and table views. The following Nortel WLAN—Management Software 2300 Series Reference Guide...
406 Monitoring the Network Client Details Click the Details button to switch the from the graphical or tabular representation to the Client Monitor dash- board. In the Client Monitor dashboard, you can examine current and trending data for client sessions and launch various actions on a session.
Top Clients • Clients by WSS • Clients by SSID • Clients by access type • Clients by time • Manage • Locate Client • Terminate Client • RF Link Test • Find Client Nortel WLAN—Management Software 2300 Series Reference Guide...
Page 408
• Find AeroScout Tag • Statistics • Client Statistics • Reports • Client Reports The options are either active or inactive for each alarm. Some data might not be available depending on the scope and the server setup options, but you can retrieve and view details of current sessions. Click on an active option to see more information.
Page 409
Monitoring the Network 409 The following screen provides a sample of the Top Clients option. Nortel WLAN—Management Software 2300 Series Reference Guide...
Finding a Client When the network level polling is disabled, perform the following actions to monitor one or more clients. Click Find Client under the Manage section of the Task panel. The Find Clients dialog box appears, as shown below. Enter the desired search criteria, and select the search scope.
You can select up to six APs from the list. WLAN Management Software uses the selected APs to calculate the location of the client. WLAN Management Software displays the approximate location of the client on the floor plan. The client’s location is indicated with a laptop icon, as shown below. Nortel WLAN—Management Software 2300 Series Reference Guide...
Client’s Approximate Location To refresh the list of APs that detect the client, click the To change the APs used for calculating the client’s location, click the Listeners tab and Select or deselect APs from the list, then click the Refreshing Client Data WLAN Management Software refreshes client monitor data at regular intervals (every 5 minutes by default).
Choose Manage>RF Link Test in the Task panel to run a link test and display the Link Test results dialog, as shown below. Click the Refresh button to perform another link test and repopulate the RF Link Test table with new data. Nortel WLAN—Management Software 2300 Series Reference Guide...
RF statistics for Radio, AP, Floor, Building, and Site options, but only traffic data is applicable for MS, Mobility Domain, and Network Plan options. Click the tabular icon chart and table views. The following options are available for Nortel Wireless Security Switch, Mobility Domain, and Network Plan: • 1 Hour •...
Traffic Details Click the Details button to switch the view from the Traffic Monitor dashboard to the Traffic Details view. The following screen is a sample of the data available for Traffic - 1 Hour in the Traffic Monitor view.
• Bytes & Packets In/Out • Packets Details • Reports • Traffic The options are either active or inactive. Click on an active option to see more information. Inactive options will be gray. The following screen provides a sample of the Traffic Reports option. Voice Monitoring with Traffic Views WLAN Management Softwarer 6.0 now includes monitoring functions which can assist with voice deployments.
AP access point from the Monitoring Equipment tree and display a floor map with that AP selected. From this view, you can generate visualizations of operational statistics such as RSSI, re-transmits, SNR, and signal level to determine problem areas. Nortel WLAN—Management Software 2300 Series Reference Guide...
To find an AP on the floor Click on the Monitor option in the main WMS tool bar. Expand the Site list tree in the Organizer panel and select the access point you want to view. WMS automatically opens the Floor View panel, displaying a floor map with the selected access point highlighted.
Page 419
Monitoring the Network 419 The reports can be scheduled hourly, daily, weekly, and monthly. Scheduled reports can be sent to an administrator through email. Nortel WLAN—Management Software 2300 Series Reference Guide...
Page 420
420 Monitoring the Network NN47250-102 (320666-G Version 02.01)
You can display information about the devices of interest. To identify friendly devices, such as non-Nortel access points in your network or neighbor’s network, you can add them to the known devices list. You also can enable countermeasures to prevent clients from using the devices that truly are rogues.
Indicates that WSS Software has detected a wireless packet with the source MAC address of a Nortel AP, but without the spoofed AP’s signature (fingerprint). Indicates that WSS Software has detected beacon frames for a valid SSID, but sent by a rogue AP.
Processing of RF Detection data is resumed only when all members of the Mobility Domain are up. If a seed switch in the Mobility Domain cannot resume full operation, you can restore the Mobility Domain to full operation, and therefore resume RF Detection data processing, by removing the inoperative switch from the member list on the seed.
Page 424
424 Detecting and Combatting Rogue Devices lowed. An empty client black list implicitly allows all clients, and an empty ignore list implicitly considers all third-party wireless devices to be potential rogues. All the lists except the black list require manual configuration. You can configure entries in the black list and WSS Software also can place a client in the black list due to an association, reassociation or disassociation flood from the client.
Page 425
Device is not a threat. SSID in Permitted SSID List? OUI in Permitted Vendor List? Generate an alarm. Classify device as a rogue. Issue countermeasures (if enabled). Source MAC in Rogue List? Nortel WLAN—Management Software 2300 Series Reference Guide...
Rogue APs—APs that are on the Nortel network but do not belong there. • Interfering APs—Devices that are not part of the Nortel network but also are not rogues. No clients connected to these devices have been detected communicating with any network entity listed in the forwarding database (FDB) of any WSS in the Mobility Domain.
The status of the alarm. The time the alarm was created. The time the alarm was last updated by WLAN Management Software Where in WLAN Management Software the alarm was updated. The device that generated the alarm Nortel WLAN—Management Software 2300 Series Reference Guide...
Page 428
Table 2: Alarm Details for Rogues (continued) Field Alarm Object Transmitter MAC address SSID Number of Events Description Help Table 3 describes the fields that appear on the Events tab for a rogue. Table 3: Events tab information for Rogues Column Time Occurred Description...
Page 429
Channel on which the rogue was detected or disappeared. Strength of the signal received by the listener from the rogue. SSID of the rogue. Nortel WLAN—Management Software 2300 Series Reference Guide...
Displaying Rogue Client Information To display details about the clients of rogue devices, select the rogue in the alarm list, then click View Clients in the Task List panel. Table 5 lists the information displayed on about clients of rogue devices. Column Client Vendor...
You can change the filter criteria for which rogues are listed. To filter the rogue list Click the dialog box appears. 434).) icon on the Rogue Detection screen’s toolbar. The Rogue List Filter Options Nortel WLAN—Management Software 2300 Series Reference Guide “Displaying a Rogue’s...
By default, all these entry types are displayed. Current, Current Hour, Current Day, and History Tabs The Current, Current Hour, Current Day, and History tabs show rogues detected in the past. • Current—Lists the rogues observed during the most-recent polling intervals. •...
Strength of the signal received by the listener from the rogue. SSID of the rogue. Table 9: Clients Columns Description MAC address of the client. Manufacturer of the client. Channel the client is on. SSID the client is associated with. Nortel WLAN—Management Software 2300 Series Reference Guide...
Note. This option displays the likely location of the rogue when the data was collected by the monitoring service from the Mobility Domain’s seed switch. If the rogue has moved since then, the location information will not be current. To display the location of a rogue within a site Select the rogue in the alarm list.
Page 435
To display the location of a client associated with the rogue: Select the rogue client in the alarm list. The Device Location screen appears, indicating the approximate location of the rogue Nortel WLAN—Management Software 2300 Series Reference Guide...
Page 436
436 Detecting and Combatting Rogue Devices Rogue Client’s Approximate Location Select the rogue in the rogue list. A list of the clients associated with the rogue appears under the Clients tab. NN47250-102 (320666-G Version 02.01)
Page 437
Detecting and Combatting Rogue Devices 437 Nortel WLAN—Management Software 2300 Series Reference Guide...
The client is most likely in the vicinity of the area indicated by the red squares in the floor plan. The number in red on the legend (0.90 in this example) is the probability (90%) that the client is where the display indicates. Ignoring Friendly Third-Party Devices By default, when countermeasures are enabled, WSS Software considers any third-party transmitter to be a rogue device and can send countermeasures to prevent clients from using that device.
Adding a Device to the Rogue List The rogue list is a switch’s list of AP MAC addresses to attack whenever they are present on the network. In the list of rogues on the Alarm screen, select the devices you want to place on the rogue list.
Adding a Rogue’s Clients to the Black List The client black list is a switch’s list of MAC addresses of wireless clients who are not allowed on the network. WSS Software prevents clients on the list from accessing the network through a WSS.
Panel Although the Rogue Detection tool bar options provide the simplest way to configure rogue detection features, you also can configure them on an individual switch basis. To configure rogue detection settings for a switch, see “Viewing and Changing RF Detection Settings” (page 273).
Page 442
442 Detecting and Combatting Rogue Devices NN47250-102 (320666-G Version 02.01)
Locating and Fixing Coverage Holes ........445 After you deploy a network plan to the Nortel equipment in your live network, you can optimize the plan based on RF information from the network.
You can choose to import measurements from the network, a site survey file, or both: If you want to use RF neighborhood information imported from an AP in the network, click Yes next to Network. If you want to import measurements from a site survey file, click Yes next to File, and in the File Format listbox, select Ekahau.
Data Rate—Coverage is shown in colored bands that represent each of the data transmit rates supported by the radio. These rates are standard for each radio type. 102). The wizard is the same whether it is labeled Nortel WLAN—Management Software 2300 Series Reference Guide “To use the...
Page 446
• RSSI—Coverage is shown based on the received signal strength indication (RSSI) of the radio’s signal heard by other radios. In the Coverage Areas section of the Organizer panel, select the scope for which you want to display coverage. You can display coverage for an individual radio, a specific coverage area, or all coverage areas on the floor.
Click on the AP icon, then click on the location where you installed the AP. The AP icon moves from the Objects To Place tab to its location on the floor. 335).) Nortel WLAN—Management Software 2300 Series Reference Guide “Computing...
Page 448
448 Optimizing a Network Plan NN47250-102 (320666-G Version 02.01)
By default, WLAN Management Software checks for configuration changes, events, and status changes on WSSs. You can configure checking (also called polling) for configuration changes in the network made with the CLI, Web View, or another instance of WLAN Management Software. 457). Nortel WLAN—Management Software 2300 Series Reference Guide “Changing WLAN...
If you do not enable this option, you still can manually synchronize WLAN Management Software with WSSs using the Devices tab. (Select the Devices option from the toolbar in the main WLAN Management Software window. See “Synchronizing Local and Network Changes” (page To change network options Select Tools >...
To change the Telnet executable file or location used by WLAN Management Software, type the path of the executable file in the Telnet Executable box. For Windows systems, the default Telnet executable file is C:\WINDOWS\system32\telnet.exe. For Linux systems, the default is /usr/bin/telnet. Nortel WLAN—Management Software 2300 Series Reference Guide...
Changing Options for RF Planning You can change the following RF planning options: • Typical transmit power for clients in the Nortel network. • Color schemes for showing RF information Configuring the Typical Client’s Transmit Power To change the typical client’s transmit power: Select Tools >...
For more information about using RGB, see “Defining a Color from the Palette” (page “Defining a Color by Changing HSB Properties” (page “Defining a Color by Changing RGB Properties” (page Nortel WLAN—Management Software 2300 Series Reference Guide 454). 454). 455).
Page 454
Defining a Color from the Palette To specify a color using the color palette, click Swatches in the Choose Color dialog box. From the color palette, click the color you want to see. Repeat until you find the color you want. In the Preview box, you can see the swatches and text in the color you chose.
Critical—A critical condition has occurred that requires immediate resolution. • Warning—An event that might require attention has occurred. • Info—Informational messages only. No action is required. • Debug—All events are shown, including debug messages. Nortel WLAN—Management Software 2300 Series Reference Guide 190).
Page 456
Note. Select the Debug option only if the Nortel NETS has advised you to do so. Debug-level logging significantly impacts network performance and should only be enabled temporarily to troubleshoot problems, as directed by NETS. Select one or more of the available event types for WLAN Management Software to log.
To set WMS Services preferences, select Tools > WMS Services Setup from the toolbar in the main WLAN Management Software window. “Changing WLAN Management 449). To configure access control for the WLAN Management Nortel WLAN—Management Software 2300 Series Reference Guide 55).
Figure 1: WMS Services Setup Dialog Box A page is opened in your web browser, displaying the WMS Services Setup page. When you click Save to implement changes you make on a WMS Services page, WLAN Management Software Services verifies the changes. If the changes are valid, the service implements the changes.
Note. Nortel recommends that all clients that are using WMS Services be closed before you stop the services. If a WLAN Management Software client is using a network plan on WMS Services when you stop the services, you cannot select objects or options in the client.
Starting or Stopping WLAN Management Software Services on Linix Systems You can start or stop the service manually by typing commands at the command line or automatically by configuring the service as a daemon. After WLAN Management Software Services is started, you must enable the WLAN Management Software client to access the service.
To connect to WMS Services Start WLAN Management Software client. Do one of the following: • On Windows systems, select Start > Programs > Nortel > WMS > WMS, or double-click the WLAN Management Software icon on the desktop. •...
If the Certificate Check dialog is displayed, click Accept. (For more certificate options, see “Certificate Check” (page If the Finish button does not become available, read the last message in the Open Progress message area of the page to determine why the service could not be reached. Here are common error messages and suggestions for troubleshooting them: •...
Content panel. Wait 60 seconds for WLAN Management Software to retrieve updates from the server, then check the color of the objects for Nortel equipment displayed in the Explore window. Nortel WLAN—Management Software 2300 Series Reference Guide...
Other clients will need to use the Monitor Service Select wizard to change the service port and reconnect. To enable WLAN Management Software to reuse a switch configuration to replace an old switch with a new one, select Auto-Config IP Subnet Matching.
“Configuring WLAN Management Software Services as a Notification Target” (page 188).) To enable WLAN Management Software to reuse a switch configuration to replace an old switch with a new one, select Auto-Config IP Subnet Matching. (For more information about this option, see (page 318).)
1 to 30 seconds. The default is 15 seconds. To change the number of times WMS Services will reattempt to query a switch, if WMS Services does not receive a reply to the first query attempt within the connect timeout, type or select the value in the Retry Count box.
Page 467
WMS Services to be configured as a notification target (trap receiver) for each of the switches. Note. The data for some reports also requires monitoring options to be enabled. For information, see the descriptions for each report in Nortel WLAN—Management Software 2300 Series Reference Guide Default Enabled Enabled Enabled...
To change monitoring settings Select Services > Setup or select the browser window if WMS Services is already open. (See page 458.) Select Tools > WMS Services Setup. The WMS Services Setup dialog box appears. (See page 458.) Select Setup, then select Monitoring Settings. Click the Monitoring Settings tab.
To manage backups, select Services > Backup & Restore. If WLAN Management Software Services is already open in the browser window, select Plan Management, then select Backup & Restore. Nortel WLAN—Management Software 2300 Series Reference Guide...
To manage backups, use the Backup/Restore dialog. To access this dialog, select Tools > WMS Services Backup/ Restore from the menu bar in the main WLAN Management Software window. The backups that already exist for the network plan are listed. Backups that are automatically created by WLAN Management Software do not have names, and their type is Automatic.
Click Transfer. The Transfer Backup dialog appears. Select the destination: • Server—Activates the boxes in the Server area of the dialog. This option allows you to copy the backup to another host. Go to step Nortel WLAN—Management Software 2300 Series Reference Guide...
• File—Activates the box in the File area of the dialog. This option allows you to save a copy of the backup in another folder. For example, if NETS requests a copy of the backup for troubleshooting, this option enables you to save the backup to a location from which your FTP application can access the file.
53 uninstalling Linux systems 37 Windows systems 36 upgrading 36 work orders, generating 154 WSS (WLAN Security Switch) NN47250-102 (320666-G Version 02.01) managing configuration files 321 managing system images 321 monitoring performance 190 ports. See WSS ports rebooting 330 WSS software images 329 X.509 certificate types 341...
Page 480
Users must take full responsibility for their applications of any products specified in this document. The information in this document is proprietary to Nortel Net- works.
Need help?
Do you have a question about the 2350 and is the answer not in the manual?
Questions and answers