Black Box SmartPath LWN602A User Manual
  1. Manuals
  2. Brands
  3. Black Box Manuals
  4. Wireless Access Point
  5. SmartPath LWN602A
  6. User manual
Black Box SmartPath LWN602A User Manual

Black Box SmartPath LWN602A User Manual

Smartpath enterprise wireless system
Hide thumbs Also See for SmartPath LWN602A:
Table of Contents

Advertisement

Quick Links

Download this manual
SmartPath
Enterprise Wireless System User Guide
Provides the speed, range, security, adapability,
and manageability to replace wired networks at
an enterprise level.
Intelligent 802.1n wireless access points work together
to increase network efficiency.
Order toll-free in the U.S.: Call 877-877-BBOX (outside U.S. call 724-746-5500)
Customer
FREE technical support 24 hours a day, 7 days a week: Call 724-746-5500 or fax 724-746-0746
Support
Mailing address: Black Box Corporation, 1000 Park Drive, Lawrence, PA 15055-1018
Information
Web site: www.blackbox.com • E-mail: info@blackbox.com
LWN602A
LWN602AE
LWN602HA
LWN602HAE
BLACK BOX
LWN600VMA
LWN600CM-1
LWN600CM-3
LWN602WA
®

Advertisement

Table of Contents
loading

Related Manuals for Black Box SmartPath LWN602A

Summary of Contents for Black Box SmartPath LWN602A

  • Page 1 Order toll-free in the U.S.: Call 877-877-BBOX (outside U.S. call 724-746-5500) Customer FREE technical support 24 hours a day, 7 days a week: Call 724-746-5500 or fax 724-746-0746 Support Mailing address: Black Box Corporation, 1000 Park Drive, Lawrence, PA 15055-1018 Information Web site: www.blackbox.com • E-mail: info@blackbox.com...
  • Page 2 Trademarks Used in this Manual Trademarks Used in this Manual Black Box and the Double Diamond logo are registered trademarks of BB Technologies, Inc. Kensington is a registered trademark of Acco Brands Corporation. AirMagnet is a registered trademark of AirMagnet, Inc.

  • Page 3: Federal Communication Commission Interference Statement

    Important: FCC Regulatory Warning Notices LWN602A devices are restricted to indoor use due to their operation in 5 GHz frequencies, which are shared by mobile satellite systems and government radar systems. The FCC requires that these products only be used indoors to reduce the potential for harmful interference with co-channel radar that might be operating in the 5.25–5.35 or 5.47–5.725 GHz frequency ranges in the...
  • Page 4 NOM Statement/Radiation Exposure Statement Instrucciones de Seguridad (Normas Oficiales Mexicanas Electrical Safety Statement) 1. Todas las instrucciones de seguridad y operación deberán ser leídas antes de que el aparato eléctrico sea operado. 2. Las instrucciones de seguridad y operación deberán ser guardadas para referencia futura. 3.

  • Page 5: Ec Conformance Declaration

    SmartPath APs are intended to be operated in all countries of the European Community. Requirements for indoor vs. outdoor operation, license requirements and allowed channels of operation apply in some countries as described below. • Before operating a SmartPath AP, the admin or installer must properly enter the current country code as described in Black Box product documentation.

  • Page 6: Declaration Of Conformity In Languages Of The European Community

    Dutch: Hierbij verklaart Black Box dat het toestel Radio LAN device in overeenstemming is met de essentiële eisen en de andere relevante bepalingen van richtlijn 1999/5/EG. Bij deze Black Box dat deze Radio LAN device voldoet aan de essentiële eisen en aan de overige relevante bepalingen van Richtlijn 1999/5/EC.
  • Page 7 Black Box die Übereinstimmung des Gerätes Radio LAN device mit den grundlegenden Anforderungen und den anderen relevanten Festlegungen der Richtlinie 1999/5/EG. (Wien) Italian: Con la presente Black Box dichiara che questo Radio LAN device è conforme ai requisiti essenziali ed alle altre disposizioni pertinenti stabilite dalla direttiva 1999/5/CE.
  • Page 8 SmartPath AP Safety Compliance • The attachment plug must be an earth-grounding type with NEMA 5-15P (15 A, 125 V) or NEMA 6-15 (15 A, 250 V) configuration. Denmark only: • The supply plug must comply with Section 107-2-D1, Standard DK2-1a or DK2-5a. •...

  • Page 9: Table Of Contents

    3.5.3 Suspended Mount ..............................52 3.5.4 Surface Mount ..............................55 Device, Power, and Environmental Specifications ........................56 The Smart Path AP (LWN602A) Overview ............................57 Hardware Description .................................57 4.2 Ethernet Port ..................................58 4.3 Status Indicator ..................................58 4.4 Antennas ....................................59 Mounting a Smart Path AP (LWN602A) ..........................60 4.5.1...
  • Page 10 Table of Contents Device, Power, and Environmental Specifications ........................62 The Smart Path EMS VMA ................................63 SmartPath EMS VMA On-line (Cloud-Based Service) ........................64 Captive Web Portal Enhancements .............................65 6.2 SmartPath Virtual Appliance ...............................66 Using Smart Path EMS VMA ................................67 Installling and Connecting to the Smart Path EMS VMA GUI ....................67 Introduction to the Smart Path EMS VMA GUI ........................72 7.2.1 Viewing Reports ..............................73...
  • Page 11 Table of Contents 9.5.4 Update SmartPath APs ............................149 Multiple Default Routes ..............................150 SmartPath Operating System (OS) .............................153 10.1 Common Default Settings and Commands ........................153 10.2 Configuration Overview ..............................155 10.2.1 Device-Level Configurations ..........................155 10.2.2 Policy-Level Configurations..........................155 10.3 SmartPathOS Configuration File Types ..........................156 Deployment Examples (CLI) ...............................

  • Page 12: Specifications

    Size: 1.25"H x 8.5"W x 8"D (3.2 x 21.5 x 20.3 cm) Weight: 3 lb. (1.4 kg) 1.2 Smart Path AP (LWN602A) Antennas: (2) omnidirectional 802.11b/g/n antennas, and (2) omnidirectional 802.11a/n antennas Interface: RJ-45 power input pins: Wires 4, 5, 7, 8 or 1, 2, 3, 6 Connectors: (1) RJ-45 autosensing 10/100/1000BASE-T/TX Mbps port;...

  • Page 13: Smartpath Ems Vma (Lwn600Vma)

    Chapter 1: Specifications 1.3 Smart Path EMS Virtual Management Appliance (VMA) Software (LWN600VMA) Maximum Supported APs — 5000 Minimum System Requirements — Processor: Dual-core 2 GHz; Memory: 2 GB VM, 1 GB host; Storage: 10 GB available disk space Tested Virtualization Platforms —ESXi 4.0 or better; Player on CentOS;...

  • Page 14: Preparing For A Wlan Deployment

    2.1 Assessing Your Requirements To get started with your Black Box WLAN installation, examine the basic requirements of your implementation. First, consider who your stakeholders are and take the time to fully understand their access requirements. Talk to department managers within your organization and make sure everyone has documented the full complement of potential network users.

  • Page 15: New Wlan Deployment

    Chapter 2: Preparing for a WAN Deployment Upgrading from a thin AP solution is also easy. However, because a thin AP makes use of an overlay tunneled network, you sometimes have to add a local VLAN for access or use tunnels to replicate the overlay network. However, because using VLANs rather than tunnels provides significant performance and scalability advantages, this is clearly the recommended path.

  • Page 16: Budgetiing Wi-Fi: The Chicken And Egg Problem

    Chapter 2: Preparing for a WAN Deployment • Deploy and Check In this scenario, an initial site survey is not performed. Instead, wireless administrators make educated guesses on the best locations for the access points, or they use a planning tool to determine the locations more reliably. After deploying the access points, the administrators do a quick site survey.
  • Page 17 If following general guidelines does not provide enough confidence or if the deployment environment is particularly challenging, you might consider using software planning tools like AirMagnet Planner or Ekahau Site Survey (ESS). Black Box also includes a ® free planning tool with the SmartPath AP on-line software. Such tools are useful in determining the placement of access points without performing a site survey.

  • Page 18: Bandwidth Assumptions For Wi-Fi

    Chapter 2: Preparing for a WAN Deployment • Client Software - Depending on the deployment, users can use built-in Microsoft Windows , Linux and/or Macintosh client software ® ® ® ® (supplicants). - For better services and troubleshooting, consider a third-party supplicant such as Juniper Networks Odyssey Client.
  • Page 19 As anyone who has administered a WLAN system in the past knows, proper configuration of the access point antennas at the outset can save you lots of trouble. The SmartPath AP (LWN602A) has internal antennas that cannot be adjusted. However, the antennas for the SmartPath (LWN602HA) are adjustable. The SmartPath AP (LWN602A) has a pair of fixed, dual- band omnidirectional antennas;...

  • Page 20: Preparing The Wired Network For Wireless

    2.2.7 Preparing the Wired Network for Wireless One of the advantages of moving to a Black Box WLAN is that you do not have to make changes to the underlying network, such as putting controllers into wiring closets. This can save you considerable time and effort during installation. However, some network changes might make sense for some deployments.

  • Page 21: Online Planner

    Meaningful SmartPath AP Host Names: When using the Auto Placement feature, SmartPath EMS VMA automatically names the SmartPath AP icons. However, names like “LWN602A-0021400” are not particularly meaningful. You can give them names like "Lobby" or "Conf Room 1," which makes it easier for installers to use an exported PDF report to know where each one goes. To change the host name of a SmartPath AP icon, right-click it, and then edit the Host Name field in the AP Details dialog box that appears (see Figure 2-5).
  • Page 22 Chapter 2: Preparing for a WAN Deployment Figure 2-5. AP details. Setting the Navigation Tree Width: By default, the width of the navigation tree is 180 pixels. If you want to make the tree wider or narrower, based on the length of map names and the depth of the nested structure, you can reset the width by clicking Operation >...

  • Page 23: Operational Considerations

    2.3.2 Spectrum Analysis Black Box SmartPath APs have the ability to perform spectrum analysis in both the 2.4-GHz and 5-GHz band. Spectrum analysis provides a live view of the RF environment so that you can plan for further WLAN deployment or troubleshoot WLAN issues such as high retransmission rates caused by device interference or slow connections from overuse.
  • Page 24 Chapter 2: Preparing for a WAN Deployment The number of SmartPath APs that can perform a spectral scan concurrently varies depending on the SmartPath EMS VMA platform you use. SmartPath EMS VMA Virtual Appliance limits the number of concurrent scans to two (that is, only two SmartPath APs can perform spectrum analysis functions as the same time);...
  • Page 25 Chapter 2: Preparing for a WAN Deployment Run Time: The run time determines how long the scanning process lasts. The default run time is five minutes, which is generally long enough to get a rough idea of the RF (radio frequency) environment. For more intense scrutiny of the RF environment, longer run times are called for.
  • Page 26 Chapter 2: Preparing for a WAN Deployment Each of the representations can be enlarged to fill the entire analysis pane to provide more detail or to increase its visibility, or be deleted from the array to simplify the display. To change the display in this manner, use the buttons in the upper right corner of each of the representations.
  • Page 27 Chapter 2: Preparing for a WAN Deployment On maximizing this display, you gain access to the following additional display parameters: Band: You can choose which band you want to monitor in this display: 2.400-2.500 GHz, 5.150-5.350 GHz, 5.470-5.725 GHZ, or 5.725-5.850 GHz.

  • Page 28: Troubleshooting

    Some of the most common issues that arise after deploying a new wireless network are RF interference, RADIUS issues, and desk- top client issues. The first step in troubleshooting is to look at logs and use debug commands. Black Box offers an extensive set of event monitoring and debug tools that you can use through SmartPath EMS VMA, the SmartPath AP network management sys- tem.
  • Page 29 Chapter 2: Preparing for a WAN Deployment After creating a WIPS policy on the Configuration > Advanced Configuration > Security Policies > WIPS Policies > New page, define how you want to perform rogue AP and client mitigation: manually, automatically, or semi-automatically. Each approach is described below.

  • Page 30: Deploying With Confidence

    Chapter 2: Preparing for a WAN Deployment All the parameters in the Mitigation Parameters for Rogue APs and Their Clients section apply to SmartPath APs that perform automatic mitigation. In addition to the parameters explained above, there is one other: Max number of mitigator APs per rogue AP: For automatic and semi-automatic mitigation, cluster members choose one SmartPath AP to be the arbitrator AP, which is the one to which all the detector APs send reports.
  • Page 31 Chapter 2: Preparing for a WAN Deployment In RF, there is also a relative measurement that you can use to compare two numbers. This measurement is simply dB (without the “m”). To see how this concept is applied, consider how radio signal propagation changes over a distance and how it can be affected.
  • Page 32 Chapter 2: Preparing for a WAN Deployment Received Signal Wall Signal-to-Noise Ratio Noise Distance Figure 2-11. Path loss through a wall. Microwave ovens, wireless video cameras, Bluetooth headsets, and cordless phones can all interfere with Wi-Fi signals (see Figure 2-5). Excess noise in an environment is often difficult to diagnose and can have a major negative impact on network performance. To discover noise sources, a spectrum analysis system is needed.
  • Page 33 1, 5, 9 to counter interference from microwaves, which tend to cause interference in the high end of the spectrum. Black Box recommends alternative channel layouts only for the most challenging radio environments. Designing a channel pattern is easier for the 5-GHz spectrum. Depending on the country and the device being used, there are between 4 and 24 channels available for Wi-Fi use.

  • Page 34: New And Enhanced Smartpath Os Features For Release 4.0R1

    Chapter 2: Preparing for a WAN Deployment 2.5 New and Enhanced SmartPath OS Features for Release 4.0r1 Spectrum Analysis: You can use up to ten SmartPath APs to function as spectrum analyzers for fixed lengths of time. You can use the spectrum analyzer feature to monitor both the 2.4-GHz and 5-GHz bands. Each SmartPath AP performing spectrum anal- ysis provides a real-time FFT (fast Fourier transform) trace that displays the frequency-power relationship, along with a swept spec- trogram to monitor power and frequency changes over time.

  • Page 35: New And Enhanced Smartpath Os And Smartpath Ems Vma Features For Release 4.1R1

    Chapter 2: Preparing for a WAN Deployment CAPWAP Latency Reports: SmartPath EMS VMA tracks the average latency in its CAPWAP connections to each managed SmartPath AP and displays an icon indicating the average amount of current latency in the Connection column on the Monitor > Access Points >...

  • Page 36: The Smartpath Ap (Lwn602Ha) Overview

    Chapter 3: The SmartPath AP (LWN602HA) Overview 3. The SmartPath AP (LWN602HA) Overview The SmartPath AP is a high-performance and highly reliable 802.11n wireless access point. The SmartPath AP provides dual concurrent 802.11b/g/n and 802.11a/n radios for 3x3 MIMO (Multiple In, Multiple Out) and dual 10/100/1000 Ethernet ports for link aggregation or link redundancy.
  • Page 37 PoE injectors available as an optional accessory from Black Box. (If you connect the SmartPath AP to a power source through the power connector and PoE ports simultaneously, the device draws power through the power connector and automatically disables PoE.)

  • Page 38: Ethernet And Console Ports

    Chapter 3: The SmartPath AP (LWN602HA) Overview NOTE: The rear surface of the SmartPath AP is used for heat dissipation to reduce the internal temperature. Consequently, it can become hot, so use caution when handling it. 3.2 Ethernet and Console Ports There are three ports on the SmartPath AP: two RJ-45 10/100/1000BASE-T/TX Ethernet ports and an RJ-45 console port.

  • Page 39: Smart Poe

    Chapter 3: The SmartPath AP (LWN602HA) Overview Table 3-3. T568A Wire Color. T568A Wire Color White/Green Green White/Orange Blue White/Blue Orange White/Brown Brown Figure 3-4. T568A Terminated Ethernet Cable with an RJ-45 connector. Table 3-4. T568B Wire Color. T568A Wire Color White/Orange Orange White/Green...

  • Page 40: Aggregate And Redundant Interfaces

    Chapter 3: The SmartPath AP (LWN602HA) Overview • No adjustments are needed when the power level is 20 W (watts) or higher. If the available power drops to a range between 18 and 20 W, the SmartPath AP disables its ETH1 interface, assuming that it is drawing power through its ETH0 interface. If it is drawing power solely through its ETH1 interface, then it disables its ETH0 interface instead.

  • Page 41: Console Port

    Chapter 3: The SmartPath AP (LWN602HA) Overview Switch(config-if)#exi Switch(config)#int fastEthernet 0/2 Switch(config-if)#switchport mode access Switch(config-if)#channel-group 1 mode on Switch(config-if)#spanning-tree portfast Switch(config-if)#exit Switch(config)#exit Switch#wr mem Finally, you must cable the Cisco switch and the SmartPath AP together: Cisco 0/1 to SmartPath AP eth0, and Cisco 0/2 to SmartPath AP eth1.
  • Page 42 Chapter 3: The SmartPath AP (LWN602HA) Overview Table 3-5. Console port pin assignments. Signal Direction RTS (Request to Send) Output, unused DTR (Data Terminal Ready) Output, unused TXD (Transmitted Data) Output Ground Ground Ground Ground CONSOLE RXD (Received Data) Input Figure 3-6.

  • Page 43: Status Leds

    Chapter 3: The SmartPath AP (LWN602HA) Overview Table 3-6. Wiring details for making a serial cable with an RJ-45-to-female DB9 adapter. Console Port (LWN602HA) RJ-45-to-RJ-45 Rollover Cable RJ-45-to-Female DB9 Adapter Management System Signal RJ-45 Pin RJ-45 Pin RJ-45 Pin DB9 Pin Signal RTS (Request to Send) CTS (unused)

  • Page 44: Antennas

    Chapter 3: The SmartPath AP (LWN602HA) Overview 3.4 Antennas Antennas are an integral part of the SmartPath AP. The SmartPath AP can accept up to six detachable dipole antennas. The three shorter antennas are designed for the 5-GHz band and have a 2-dBi gain. The three longer antennas are designed for the 2.4-GHz band and have a 4.9-dBi gain.

  • Page 45: Multiple In, Multiple Out (Mimo)

    Chapter 3: The SmartPath AP (LWN602HA) Overview Generally, orient the antennas vertically for improved radio coverage, as shown here: When mounting the SmartPath AP (LWN602HA) on a ceiling, orient its antennas downward. When mounting the SmartPath AP on a wall or post, fully extend its antennas upward and downward.
  • Page 46 Chapter 3: The SmartPath AP (LWN602HA) Overview In previous 802.11 standards, access points and clients each used a single set of components, or RF chain, for transmitting or receiving. Although two antennas are often used for diversity, only the one with the best signal-to-noise ratio is used at any given moment, and that antenna makes use of the single RF chain while the other antenna remains inactive.

  • Page 47: Using Mimo With Legacy Clients

    Chapter 3: The SmartPath AP (LWN602HA) Overview 3.4.2 Using MIMO with Legacy Clients In addition to supporting up to 300-Mbps throughput per radio for 802.11n clients, MIMO can improve the reliability and speed of legacy 802.11a/b/g client traffic. When an 802.11a/b/g access point does not receive acknowledgement that a frame it sent was received, it resends that frame, possibly at a somewhat lower transmission rate.
  • Page 48 Chapter 3: The SmartPath AP (LWN602HA) Overview (worms’s eye view with ceiling Ceiling Track Worm’s eye view with ceiling tiles removed for clarity) tiles removed for clarity. Track Clip Press the track clips against the ceiling track and swivel them until they snap into place, gripping the edges of the track.
  • Page 49 Chapter 3: The SmartPath AP (LWN602HA) Overview (side view) (side view) Mounting Plate SmartPath AP (shown as transparent for clairty) With the SmartPath AP upside down, align its port side with the bottom end of the plate. Slot Push the SmartPath AP inside locked in upward, inserting the four tabs...

  • Page 50: Plenum Mount

    To mount the SmartPath AP in the plenum space above a dropped ceiling grid, you need the mounting plate, hanger clip, and a standard 24"-wide hanger frame, which can be ordered separately (call Black Box Technical Support at 724-746-5500 for details).
  • Page 51 Chapter 3: The SmartPath AP (LWN602HA) Overview 4. Remove the ceiling tile next to the area where you want to mount the device. 5. Press the hanger frame downward into place on the ceiling track until the claws on each leg grips the track below the top ridge (see Figure 3-17).

  • Page 52: Suspended Mount

    Chapter 3: The SmartPath AP (LWN602HA) Overview SmartPath AP attached to the mounting plate Bird’s eye view with the ceiling tiles and ceiling tracks removed for clarity Hanger frame Insert the hanger clip upward through the center slot in the hanger frame. Rotate the SmartPath AP and the attached mounting accessories coun- terclockwise until the clip locks in...
  • Page 53 Chapter 3: The SmartPath AP (LWN602HA) Overview 2. Push the tabs into the slots and slide the SmartPath AP toward its port panel. This repositions the tabs in the narrower, rectangular section of the slots and holds the device firmly in place below the mounting plate. Mounting Plate The recommended holes for the four strands are shaded in.
  • Page 54 Chapter 3: The SmartPath AP (LWN602HA) Overview Wrap the wire rope around a beam, clip the hook to the rope, and then pull the rope downward until it is taut against the beam. Push the wire rope through the side hole in the locking device Locking Locking Beam...

  • Page 55: Surface Mount

    Chapter 3: The SmartPath AP (LWN602HA) Overview 3.5.4 Surface Mount You can use the mounting plate to attach the SmartPath AP to any surface that supports its weight, and to which you can screw or nail the plate. First, mount the plate to the surface. Then, through one of the two large openings in the plate, make a hole in the wall so that you can pass the cables through to the SmartPath AP.

  • Page 56: Device, Power, And Environmental Specifications

    Chapter 3: The SmartPath AP (LWN602HA) Overview 3.6 Device, Power, and Environmental Specifications Understanding the range of specifications for the SmartPath AP is necessary for optimal deployment and device operation. The following specifications describe the physical features and hardware components, the power adapter and PoE electrical require- ments, and the temperature and humidity ranges in which the device can operate.

  • Page 57: The Smart Path Ap (Lwn602A) Overview

    4.1 Hardware Description The SmartPath AP (LWN602A) is a multichannel wireless access point. It contains a dual-band radio that can operate at either 2.4 GHz or 5 GHz—but not in both bands simultaneously. The SmartPath AP contains a 2.4-GHz radio and a 5-GHz radio that can operate concurrently through four internal antennas.

  • Page 58: Ethernet Port

    4.3 Status Indicator The status indicator has been incorporated into the Black Box logo on the top of the SmartPath AP LWN602A. It is illuminated by various colors to indicate different states of activity. The meanings of the colors are as follows: •...

  • Page 59: Antennas

    (heart-shaped) pattern around each antenna (see Figure 2-1). On the SmartPath AP LWN602A, the two 2.4-GHz antennas link to one radio, and the two 5-GHz antennas link to the other radio, both of which can operate concurrently. The relationship of antennas and radios is shown in Figure 4-3.

  • Page 60: Mounting A Smartpath Ap (Lwn602A)

    Chapter 4: The SmartPath AP (LWN602A) Overview 4.5 Mounting a SmartPath AP (LWN602A) Using one of the track clips included in the box with the SmartPath AP, you can mount it to a track in a dropped ceiling grid. To mount the SmartPath AP to any flat surface that can support its weight (1.75 lb., 0.8 kg), use two #6 or #8 screws to mount it on...

  • Page 61: Surface Mount

    4.5.2 Surface Mount You can attach the SmartPath AP LWN602A to any flat surface that supports its weight. First, attach two screws to the surface. Then, make a hole in the wall a few inches or centimeters above the screws so that you can pass the cables through the wall to the SmartPath AP.

  • Page 62: Device, Power, And Environmental Specifications

    SmartPath AP” in Section 4.5.1. 4.6 Device, Power, and Environmental Specifications Understanding the specifications for the SmartPath AP LWN602A is necessary for optimal deployment and device operation. The following specifications describe the physical features and hardware components, the power adapter and PoE (Power over Ethernet) electrical requirements, and the temperature and humidity ranges in which the device can operate.

  • Page 63: The Smart Path Ems Vma

    Chapter 5: The SmartPath EMS 5. The SmartPath EMS The SmartPath Enterprise Management System (EMS), available as a cloud-based service (LWN600CM-1 or LWN600CM-3) or as a virtual management appliance (VMA) (LWN600VMA), is a GUI for centrally configuring and monitoring the APs as well as setting security and guest log-in parameters.

  • Page 64: Smartpath Ems Vma On-Line (Cloud-Based Service)

    In addition to a SmartPath EMS VMA, the SmartPath EMS VMA network management system is available in one other form. SmartPath EMS Online is a cloud-based service running on hardware hosted and maintained by Black Box (see Figure 6-1). This management system provides cost-effective alternatives for managing WLAN networks that might not require the investment of a physical appliance.

  • Page 65: Captive Web Portal Enhancements

    Chapter 6: SmartPath EMS VMA Online (Cloud-Based Service) SmartPath.blackbox.com (1) The SmartPath AP initially forms a CAPWAP connection with SmartPath.blackbox.com. Online Server VSPM-1 (2) When the online server discovers an entry for the SmartPath AP assigning it to VSPM-1, it redirects the SmartPath AP to that VSPM.

  • Page 66: Smartpath Virtual Appliance

    When the SmartPath AP receives a request containing this parameter, which in this case occurs when a user clicks an image of the Black Box logo (img src="Black Box.gif") on a form with the action set as reg.php, the method set as post, and an attribute set with the value of checkbox, it then considers the user as having passed the registration process.

  • Page 67: Using Smartpath Ems Vma

    Chapter 7: Using SmartPath EMS VMA 7. Using SmartPath EMS VMA Think of the cooperative control architecture as consisting of three broad planes of communication. On the data plane, wireless clients gain network access by forming associations with SmartPath APs. On the control plane, SmartPath APs communicate with each other to coordinate functions such as best-path forwarding, fast roaming, and automatic RF management.
  • Page 68 DB9 connector. (For more details, see Section 5.2, Ethernet and Console Ports.) The GUI requirements for the management system are as follows: • Minimum screen resolution of 1280 x 1024 pixels • Standard browser—Black Box recommends Internet Explorer v7.0 or Mozilla Firefox v2.0.0 or later—with Flash v9.0 or later,...
  • Page 69 Chapter 7: Using SmartPath EMS VMA Clusters in different subnets Router Switch Clusters in different subnets 10.1.1.1 10.1.1.8/24 10.1.3.0/24 10.1.4.0/24 Router 10.1.2.1 10.1.2.8/24 10.1.5.0/24 SmartPath EMS VMA Admin SCP Server Each cluster contains 10.1.7.34 10.1.6.12 multiple SmartPath APs. Static Routes: SmartPath EMS VMA sends traffic destined for 10.1.6.0/24 to 10.1.2.1. SmartPath EMS VMA sends traffic destined for 10.1.7.0/24 to 10.1.2.1.
  • Page 70 4. Type the default name (admin) and password (blackbox) in the login fields, and then click Log in. Figure 7-4. Login screen. 5. After logging in to SmartPath EMS VMA Virtual Appliance, the Black Box End User License Agreement appears. Read it over, and if you agree with its content, click Agree.
  • Page 71 Figure 7-6. Entitlement key screen. For a physical appliance with Internet access, select “Enter Entitlement Key.” Copy the entitlement key text string that Black Box sent you in an e-mail message, paste it in the Entitlement Key field, and then click “Enter.” You also have the option of installing a SmartPath EMS VMA license key, which is useful if you are working with an appliance in a location that does not have Internet access, such as a test lab.

  • Page 72: Introduction To The Smartpath Ems Vma Gui

    Chapter 7: Using SmartPath EMS VMA Figure 7-8. Start here screen. 9. To save your settings and enter the SmartPath EMS VMA GUI in Enterprise mode, click “Update.” 10. A message appears prompting you to confirm your selection of Enterprise mode. After reading the confirmation message, click “Yes.”...

  • Page 73: Viewing Reports

    Chapter 7: Using SmartPath EMS VMA Figure 7-9. Important sections of the SmartPath EMS VMA GUI. Menu Bar: The items in the menu bar open the major sections of the GUI. You can then use the navigation tree to navigate to specific topics within the selected section.

  • Page 74: Capwap Latency Reports

    Chapter 7: Using SmartPath EMS VMA Figure 7-10. Working with graphs in reports. Moving the mouse over a measurement point in a graph displays data about that measurement. If measurement points on multi- ple lines happen to converge at the same point, SmartPath EMS VMA displays data for all of them. Here you can see information about the total number of transmitted (Tx) and received (Rx) frames and dropped frames.

  • Page 75: Searching

    Chapter 7: Using SmartPath EMS VMA 7.2.3 Searching The SmartPath EMS VMA GUI provides a search feature that you can use to find text strings throughout the SmartPath EMS VMA database and the entire GUI (except in Reports and Topology) or within one or more specified sections of the GUI. By default, SmartPath EMS VMA searches through the following sections of the GUI: Configuration, Access Points, Clients, Administration, and Tools.

  • Page 76: Multiselecting

    Chapter 7: Using SmartPath EMS VMA Figure 7-13. Search results. NOTE: Do not use quotation marks to enclose a phrase of two or more words. Simply enter the phrase that you want to find with spaces. See the SmartPath EMS VMA on-line Help for more information on the Search tool. 7.2.4 Multiselecting You can select multiple objects to make the same modifications or perform the same operation to all of them at once.

  • Page 77: Cloning Configurations

    Chapter 7: Using SmartPath EMS VMA Then click the Modify button to configure them with the same settings. Figure 7-14. Selecting multiple new SmartPath APs. Here, you use the shift-click multiselection method to select a set of the topmost eight SmartPath APs in the list; that is, you select the checkbox for the top SmartPath AP and hold down the SHIFT key while selecting the checkbox for the eighth SmartPath AP from the top.

  • Page 78: Sorting Displayed Data

    Chapter 7: Using SmartPath EMS VMA Figure 7-15. Cloning a cluster. 7.2.6 Sorting Displayed Data You can control how the GUI displays data in the main panel by clicking a column header. This causes the displayed content to reorder itself alphanumerically or chronologically in either ascending or descending order. Clicking the header a second time reverses the order in which the data is displayed.

  • Page 79: Smartpath Configuration Workflow (Enterprise Mode)

    Chapter 7: Using SmartPath EMS VMA By clicking the heading of a column, you can reorder the display of objects either alphanumerically or chronologically, depending on the content of the selected column. Here you reorder the data chronologically. Figure 7-17. Click to reorder the display of objects. Indicates that the list appears in descending order from the top Indicates that the list appears in ascending order from the bottom 7.3 SmartPath Configuration Workflow (Enterprise Mode)

  • Page 80: Updating Software On Smartpath Ems Vma

    SCP server, you can direct SmartPath EMS VMA to log in and load it from a directory there. 1. I f you do not yet have an account on the Black Box Support portal, send an e-mail request to (info@blackbox.com) to set one 2.

  • Page 81: Updating Smartpathos Firmware

    SmartPath EMS VMA makes it easy to update SmartPathOS firmware running on managed SmartPath APs. First, you obtain new SmartPath AP firmware from Black Box Technical Support and upload it onto SmartPath EMS VMA. Then you push the firmware to the SmartPath APs and activate it by rebooting them.

  • Page 82: Updating Smartpath Aps In A Mesh Environment

    Chapter 7: Using SmartPath EMS VMA To load a SmartPathOS image file from an SCP server: SCP Server: (select) IP Address : Enter the IP address of the SCP server. SCP Port: Enter the port number of the SCP server (the default port number for SCP is 22). File Path: Enter the path to the SmartPathOS image file and the file name.
  • Page 83 Chapter 7: Using SmartPath EMS VMA NOTE: A mesh point is a cluster member that uses a wireless backhaul connection to communicate with the rest of the cluster. SmartPath EMS VMA manages mesh points through another cluster member that acts as a portal, which links mesh points to the wired LAN.

  • Page 84: Basic Configuration Examples

    Chapter 8: Basic Configuration Examples 8. Basic Configuration Examples This chapter introduces the SmartPath EMS VMA GUI in Enterprise mode through a series of examples showing how to create a basic configuration of an SSID, cluster, and WLAN policy. It then explains how to connect several SmartPath APs to SmartPath EMS VMA, accept them for management, and push the configuration to them over the network.
  • Page 85 Chapter 8: Basic Configuration Examples SSID access security: WPA/WPA2 PSK (Personal) Preshared key: CmFwbo1121 A PSK is the simplest way to provide client authentication and data encryption: simply configure an SSID with the same PSK on the SmartPath AP and its clients. A PSK authenticates clients by the simple fact that the clients and SmartPath AP have the same key.
  • Page 86 Chapter 8: Basic Configuration Examples Enable MAC Authentication: (clear) User profile assigned to users that associate with this SSID: default-profile The predefined user profile "default-profile" applies the standard SmartPath Quality of Service level through the predefined QoS policy "def-user-qos" and assigns user traffic to VLAN 1. SSID Broadcast Band: 2.4 GHz (11n/b/g) SmartPath APs have two radios: a 2.4-GHz radio, which supports 802.11n/b/g, and a 5-GHz radio, which supports 802.11n/a.

  • Page 87: Example 2: Creating A Cluster

    Chapter 8: Basic Configuration Examples 8.2 Example 2: Creating a Cluster A cluster is a group of SmartPath APs that exchanges information with each other to form a collaborative whole. Through coordinated actions based on shared information, cluster members can provide the following services: •...
  • Page 88 Chapter 8: Basic Configuration Examples • Device-level features—These features control how cluster members communicate with the network and how radios operate in different modes, frequencies, and signal strengths. A WLAN policy is an assembly of policy-level feature configurations that SmartPath EMS VMA pushes to all SmartPath APs that you assign to the policy.

  • Page 89: Example 4: Access And Backhaul On The Same Radio

    8.4 Example 4: Access and Backhaul on the Same Radio Black Box SmartPath APs have the ability to provide both wireless client access and backhaul services on the same interface. When you configure a SmartPath AP mesh point to operate in this way, you create a redundant pathway if one of the interfaces fails.
  • Page 90 Chapter 8: Basic Configuration Examples Wired Ethernet All SmartPath APs: Backhaul wifi0 = access wifi1 = dual (default settings) SmartPath AP loses its Ethernet SmartPath AP judges signal conditions connectivity. SmartPathOS 4.0 and determines that SmartPath AP 3 has detects the failure and begins the best signal quality.

  • Page 91: Example 5: Connecting Smartpath Aps To Smartpath Ems Vma

    100–240 VAC power source or allow them to obtain power through PoE from PSE on the network. (Both power adapters and PoE injectors are available from Black Box as options.) Place the third SmartPath AP—SmartPath AP3—...
  • Page 92 Chapter 8: Basic Configuration Examples NOTE: To illustrate all possible CAPWAP states, Figure 8-5 begins by showing a SmartPath AP and SmartPath EMS VMA already in the Run state. When a SmartPath AP first attempts to discover a SmartPath EMS VMA—after the SmartPath AP has an IP address for its mgt0 interface and has discovered or has been configured with the SmartPath EMS VMA IP address—it begins in the Discovery state.
  • Page 93 Chapter 8: Basic Configuration Examples CAPWAP Client CAPWAP Server (SmartPath AP) (SmartPath EMS VMA) The CAPWAP client (SmartPath AP) pings the CAPWAP server (SmartPath EMS VMA) but receives no responses within the neighbor-dead-interval. State . . . Idle When the client determines its neighbor is dead, it transitions State from the Run state to the Idle state.
  • Page 94 Chapter 8: Basic Configuration Examples The page displays the three SmartPath APs that you put on the network. If you see the three SmartPath APs, refer to Figure 8-6. If you do not see them, check the following: • Do the SmartPath APs have power? Check the PWR (Power) status LED on the top of the devices.
  • Page 95 Chapter 8: Basic Configuration Examples If the SmartPath AP does not have any network settings, check that it can reach the DHCP server. To check if a DHCP server is accessible, enter interface mgt0 dhcp-probe vlan-range <number1> <number2>, in which <number1> and <number2>...
  • Page 96 Chapter 8: Basic Configuration Examples NOTE: If you see a different group of SmartPath AP settings, make sure that Monitor is selected as the view mode at the top of the SmartPath APs page. The GUI provides two view modes for SmartPath APs, one that focuses on monitoring SmartPath APs (Monitor) and another that focuses on configuring them (Config).

  • Page 97: Example 6: Assigning The Configuration To Smartpath Aps

    Chapter 8: Basic Configuration Examples 1. If the DNS server cannot resolve the domain name to an IP address, the SmartPath AP broadcasts CAPWAP Discovery messages on its local subnet for a CAPWAP server (SmartPath EMS VMA). If SmartPath EMS VMA is on the local network and responds, they form a secure CAPWAP connection.
  • Page 98 Chapter 8: Basic Configuration Examples WLAN Policy: DHCP client: enabled SSID: test1-psk DHCP client: enabled wlan-policy-test1 Credentials: Cluster: cluster1-test Credentials: SSID: test1-psk Name: testadmin1 Name: testadmin1 Cluster: cluster1-test Password: testpass1 Password: testpass1 SmartPath AP1 (Portal) SmartPath AP2 (Portal) SmartPath EMS VMA SmartPath AP3 (Mesh Point) CAPWAP traffic secured with DTLS...
  • Page 99 Chapter 8: Basic Configuration Examples Figure 8-11. Monitor > Access Points > SmartPath APs (view mode: Config). Updating the Country Code For SmartPath APs intended for use in the United States, the region code is preset as "FCC"—for "Federal Communications Commission"—and the country code is preset as "United States".
  • Page 100 Chapter 8: Basic Configuration Examples Because SmartPath AP3 is a mesh point and the update involves changing its cluster—from cluster0 to cluster1-test—you must make sure to update its configuration before updating the configurations on SmartPath AP1 and SmartPath AP2. If you upload the configuration on all of them at the same time and schedule them to reboot too quickly (say, 1 second after the upload pro- cess completes), there is a chance that the portal through which the configuration for the mesh point is passing will reboot before the mesh point finishes receiving its configuration.

  • Page 101: Example 7: Selective Multicast Forwarding Through Gre Tunnels

    Chapter 8: Basic Configuration Examples SmartPath EMS VMA begins transferring the configuration to SmartPath AP3 and displays the Monitor > Access Points > SmartPath AP Update Results page where you can observe the progress and the result of the operation. After SmartPath AP3 reboots to activate its new configuration, it tries to reconnect with SmartPath EMS VMA.
  • Page 102 Chapter 8: Basic Configuration Examples GRE selective multicast forwarding allows you to determine whether a specific multicast group or set of multicast groups can receive multicast packets, or whether the SmartPath AP blocks all or no multicast packets. Filtering multicast packet occurs in two main ways: by blacklisting and whitelisting. You cannot use blacklists and whitelists together because their operations are mutually exclusive;...

  • Page 103: Example 8: Ip Multicast Enhancements

    Chapter 8: Basic Configuration Examples You can also create these lists through the CLI. To create a whitelist for selective multicast forwarding through GRE tunnels except for a single IP address (for example, 224.1.1.10), make an SSH connection to the SmartPath AP where you want to create the whitelist, and then enter the following command: forwarding-engine tunnel selective-multicast-forward block-all except 224.1.1.10 To create a whitelist for selective multicast forwarding except for a range of IP addresses (e.g., 224.1.1.0/24), enter the following...
  • Page 104 Chapter 8: Basic Configuration Examples Figure 8-14. IP multicast screen. If you want the SmartPath AP to convert multicast frames to unicast when the channel utilization or membership count conditions are met, select “Auto.” For the SmartPath AP to make the conversion unconditionally, select “Always.” If you do not want the SmartPath AP to use the multicast-to-unicast conversion feature but instead follow the standard 802.11 behavior for sending multicast frames, select “Disable.”...

  • Page 105: Common Configuration Examples

    Chapter 9: Common Configuration Examples 9. Common Configuration Examples Through the use of examples, this chapter shows how to use SmartPath EMS VMA in Enterprise mode to configure several fea- tures that are somewhat more advanced than those covered in the previous chapter. The examples cover topics such as topologi- cal maps, IEEE 802.1X authentication, captive web portals, and the SmartPath EMS VMA concept of classifier tags, which is a method for assigning the different definitions of a single network object to various managed SmartPath APs.

  • Page 106: Setting Up Topology Maps

    Chapter 9: Common Configuration Examples 4 SmartPath APs 2 SmartPath APs Floors per Floor Floors per Floor Floors 8 SmartPath APs SmartPath APs Total Total Corporate Branch Headquarters Office VPN Tunnel Branch1 HQ-B1 HQ-B2 SmartPath EMS (in “HQ-B1”) Figure 9-1. Deployment overview. 9.1.1 Setting Up Topology Maps In this example, you upload maps to SmartPath EMS VMA showing floor plans for three office buildings and organize them in a hierarchical structure.
  • Page 107 Chapter 9: Common Configuration Examples Level 1 CorpOffices (Level-1 Map) Double-clicking a floor icon on the This map shows 3 buildings and 20 icons that link to level-2 maps. CorpOffices map (level 1) opens the corresponding level-2 map. You can also navigate to any map within the Topology Maps section of the navigation tree in the 8 icons linking...
  • Page 108 Chapter 9: Common Configuration Examples Map showing one of the floor plans SmartPath EMS VMA Uploading map to SmartPath EMS VMA Management system Figure 9-3. Uploading a map of a building floor plan. 4. Repeat this for all the image files that you need to load, and then close the dialog box when done. For this example, you load these 21 files: •...

  • Page 109: Preparing The Smartpath Aps

    Chapter 9: Common Configuration Examples A floor icon labeled "HQ-B1-F2" appears on the CorpOffices image, and a new entry named "HQ-B1-F2" appears nested under "CorpOffices" in the navigation tree. 6. Select the icon and drag it to the location you want. After adding the CorpOffices "map"...
  • Page 110 For example, if the MAC OUI is 008C:1000:0120, you only need to write "000120" to be able to distinguish it from other SmartPath APs later. NOTE: 008C:10 is the Black Box MAC address portion. You need to change this. 1. Make copies of the maps uploaded to SmartPath EMS VMA, label them, and take them along when installing the SmartPath APs.

  • Page 111: Netconfig Ui

    MAC address, so the SSID will be something similar to "BB-123456_ac".) Select it, and when prompted to enter a network key, type Black Box, and then click “Connect.” Check the IP address of the default gateway that the DHCP server on the SmartPath AP assigned your client.
  • Page 112 Chapter 9: Common Configuration Examples Configuring a SmartPath AP through the NetConfig UI When you log in to the NetConfig UI, there are three pages that provide settings for an initial configuration: Local Network Settings: Configure the SmartPath AP to be a DHCP client or use static network settings for the IP address and netmask of its mgt0 interface, its default gateway, and DNS server.

  • Page 113: Example 2: Ieee 802.1X With An External Radius Server

    You can use the NetConfig UI to update the SmartPath OS firmware running on the SmartPath AP. First, download the latest SmartPath OS image for your SmartPath AP from the Black Box Support site and save it to your local workstation. After that, log in to the NetConfig UI, click “Upgrade SmartPath OS Software,”...
  • Page 114 Chapter 9: Common Configuration Examples The RADIUS authentication server checks RADIUS Authentication Server authentication requests against user IP Address: 10.1.1.10 accounts stored in its database. Authentication Port: 1812 Shared Secret: radius123 Authentication Replies The SmartPath APs act as RADIUS authenticators, forwarding SmartPath AP authentication requests and replies RADIUS...
  • Page 115 Chapter 9: Common Configuration Examples 3. To create a VLAN object for IT staff traffic, select the check box for the newly created VLAN object “VLAN-10” in the list on the Configuration > Advanced Configuration > Network Objects > VLANs page, and then click Clone. The VLANs dialog box appears with the settings for VLAN-10.
  • Page 116 Chapter 9: Common Configuration Examples Object Name: AuthServer-10.1.1.10 Enter the following, and then click Apply to add the IP address to the address configuration: IP Entry: 10.1.1.10 Type: Global Setting the type as "Global" means that SmartPath EMS VMA applies the IP entry to all SmartPath APs that include the IP address/host name object in their configuration.
  • Page 117 Chapter 9: Common Configuration Examples This field is only relevant when both primary and backup RADIUS authentication servers are configured. The retry interval defines how long a SmartPath AP RADIUS authenticator waits before retrying a previously unresponsive primary RADIUS server, even if the current backup server is responding. When there is only a single RADIUS authentication server, as in this example, the retry interval does not matter.
  • Page 118 Chapter 9: Common Configuration Examples When cleared, this setting allows access to authenticated users even when the Tunnel-Private-Group-ID attribute that the RADIUS authentication server returns matches another user profile configured on the SmartPath AP but not specified for this SSID. If you do not mind granting access to all valid user accounts on the RADIUS authentication server, disable this option by clearing the checkbox.

  • Page 119: Example 3: Providing Guest Access Through A Captive Web Portal

    A captive web portal provides registered users with network access while containing unregistered users. Because the Black Box captive web portal feature is very flexible, you will have a number of choices to make when configuring it.

  • Page 120: Providing Network Settings

    9.3.2 Providing Network Settings In addition to various registration types, Black Box offers two approaches to providing captive Web portal clients with network settings. One approach uses external DHCP and DNS servers on the network, and the other uses internal DHCP and DNS servers on the SmartPath AP itself.
  • Page 121 Chapter 9: Common Configuration Examples Forming an association Address and TCP/IP assignments Wireless Client Wireless Access Point DHCP Client DHCP Server DHCP Discover Association Request DHCP Offer DHCP Request Association Response DHCP ACK The client forms an association with the The SmartPath AP allows DHCP traffic to pass SmartPath AP but the visitor has not yet between the client of an unregistered user and...
  • Page 122 Chapter 9: Common Configuration Examples DNS address resolution HTTP connection to the captive web portal DNS Querient DNS Server HTTP Client HTTP Server HTTP GET DNS Query Reply DNS Reply The SmartPath AP allows DNS queries and When the client sends an HTTP or HTTPS replies between the client of an ungregistered GET command, the SmartPath AP intercepts it user and a DNS server.
  • Page 123 Chapter 9: Common Configuration Examples Association Using SSID “guest” Address and TCP/IP Assignments Wireless Client Wireless Access Point DHCP Client DHCP Server DHCP Discover Association Request DHCP Offer DHCP Request Association Response DHCP ACK SSID “guest” IP Address: 172.16.1.2 Netmask: 255.255.255.0 The client forms an association with the Default Gateway: 172.16.1.1*...

  • Page 124: Modifying Captive Web Portal

    9.3.3 Modifying Captive Web Portal Pages Black Box provides .html files and images for use on the captive Web portal server and a tool in the GUI to modify the supplied text, colors, and images to better suit the needs of your organization. The various file names and their purposes are as follows. An example of the default web page components is shown in Figure 9-14: •...
  • Page 125 Chapter 9: Common Configuration Examples blackbox_spacer.png (transparent image to offset the registration section from the top; size 200 x 103 px; 72 dpi) blackbox_3d_bg.png (solid background; color #031e2f; size 5 x 5 px.; 96 dpi) blackbox_3d.jpg blackbox_logo_reverse.png (background image: (111 x 48 px; 72 dpi) 842 x 595 px;...

  • Page 126: Configuring A Captive Web Portal

    You can also replace it with a file containing an image if you prefer. Footer Image: By default, this is a graphic of the Black Box logo. The file name is blackbox_logo_reverse.png and its dimensions are 111 x 48 px at 72 dpi. If you replace this with a different image, make sure it has the same or nearly the same dimensions to avoid distortion.
  • Page 127 Chapter 9: Common Configuration Examples • Files and Configuration Upload—Push the captive web portal files and the WLAN policy to the managed SmartPath APs. Guests use a preshared key to secure wireless traffic between their wireless clients and SmartPath APs. After forming a secure association with a SmartPath AP, the SmartPath AP intercepts all outbound traffic—except DHCP, DNS, and ICMP traffic—and presents them with a self-registration page.
  • Page 128 Chapter 9: Common Configuration Examples The rate limit for network control and voice is 0 kbps because guests are not permitted to run any applications that would generate network control traffic or use VoIP applications. In this example, guests are expected to use cell phones or other phones provided for them.
  • Page 129 Chapter 9: Common Configuration Examples Table 9-2. CTRL-click to select multiple services. (Action) Source Destination Service‡ Action Logging* (Action) [-any] [-any-]* DHCP-Server, DNS† Permit Click “Apply.” Click “New.” [-any-] 10.0.0.0/8 [-any-] Deny Dropped Packets Click “Apply.” Click “New.” [-any-] 172.16.0.0/12 [-any-] Deny Dropped Packets...
  • Page 130 Chapter 9: Common Configuration Examples To save the firewall policy and close the dialog box, click “Save.” NOTE: You do not have to create a policy to control incoming traffic because you will set the default action to deny all incoming and outgoing traffic not specified in any of the policy rules.
  • Page 131 Chapter 9: Common Configuration Examples To-Access: (nothing) Default Action: Deny Expand QoS Settings, and enter the following: Rate Control & Queuing Policy: QoS-Guests This is the policy that you created in "QoS Rate Limiting.” The SmartPath AP applies these rates and scheduling to users that belong to this user profile on an individual basis.
  • Page 132 Chapter 9: Common Configuration Examples Visitor Receptionist Visitor’s Laptop SmartPath AP Internet The visitor enters the preshared key “guest123” when forming an association with the SmartPath AP using the SSID “guest”. Figure 9-16. Guest access using a preshared key. The guest SSID provides secure network access for visitors. Also, by linking visitors to the guest SSID, you can differentiate them from employees—who associate with other SSIDs—so that you can apply one group of settings for visitors and another for employees.

  • Page 133: Ip Firewall Policy Support Of Domain Names

    Chapter 9: Common Configuration Examples Upload and activate configuration: (select) Upload and activate CWP pages and Server key: (select) Upload and activate certificate for RADIUS and VPN services: (clear) Upload and activate employee, guests, and contractor credentials: (clear) List of all SmartPath APs selected on the Monitor > Access Points > SmartPath APs page: (select) Because the WLAN policy for the selected SmartPath APs contains an SSID using captive Web portal files, upload and activate the files required for the captive Web portal to function and also the configuration.

  • Page 134: Example 4: Private Psks

    Chapter 9: Common Configuration Examples 9.4 Example 4: Private PSKs Private PSKs are unique preshared keys created for individual users on the same SSID.3 They offer unique keys per user and user profile flexibility (similar to 802.1X) with the simplicity of preshared keys. For this example, the steps for generating, applying, and distributing private PSK user data are as follows: 1.

  • Page 135: Private Psk Enhancements

    Chapter 9: Common Configuration Examples 9.4.1 Private PSK Enhancements You can set up a captive Web portal that allows users to self-register and receive their own, individual private PSKs (preshared keys). In addition, you can configure a SmartPath AP to generate sets of private PSK users with admin-defined validity periods, which is convenient for users such as contractors that require temporary network access for lengths of time longer than a day.
  • Page 136 Chapter 9: Common Configuration Examples Number of New Users: Enter the number of private PSK users that you want to generate. Description: Type a note about the private PSK. If you send the keys to users through e-mail, this description appears in the e-mail message, so you might want to enter the SSID that users access when connecting to the network.
  • Page 137 Chapter 9: Common Configuration Examples Registration Type: Private PSK Server Description: Add a note about the captive Web portal for future reference. Captive Web Portal Login Page Settings Private PSK Server Registration Type: Self-registration There are two options: Authentication and Self-registration. When you select Self-registration, users must complete and submit a registration form to obtain their private PSKs.
  • Page 138 Chapter 9: Common Configuration Examples The diagram below shows the flow of traffic between client, authenticator, and private PSK server. Wireless Private PSK Authenticator Private PSK Server Client captive Web portal on wifi0.1: 1.1.1.1/24 mgt0: 10.1.1.1/24 A wireless client forms an association with the SmartPath AP acting as a private PSK authenticator at 1.1.1.1 using SSID-1 (open authentication).
  • Page 139 Chapter 9: Common Configuration Examples Recurring Automatic Generation of Private PSKs For private PSK generation, the recurring option refreshes keys every day. This option satisfies the needs of guest access for daily visitors, but is less suitable for temporary users for longer stays, such as contractors who might need to access the wireless net- work for several days or several weeks.
  • Page 140 Chapter 9: Common Configuration Examples Private PSK Users to Create per Rotation: Set the number of private PSK users to generate in each set. You can generate from 1 to 9999 users in each set. The default is 10, which means that each set will contain 10 private PSK users. (1–9999) Example: To create a user group that generates 10 private PSK users at 8:00 A.M.

  • Page 141: User Profiles

    Chapter 9: Common Configuration Examples SmartPath AP Private PSK Server: Choose the SmartPath AP that you want to use as the private PSK server from the drop- down list. This is the SmartPath AP that will store all the private PSK users and act as a server that the other SmartPath APs will contact when checking and requesting a binding of a user-submitted private PSK to the MAC address of the user's client.

  • Page 142: User Profile Reassignment

    Chapter 9: Common Configuration Examples * The three addresses "10.0.0.0/8", "172.16.0.0/12", and "192.168.0.0/16" that define private network address space were created in a previous example. See “Address Objects” in Figure 9-15. Click “Save” to save the IP firewall policy and return to the User Profile dialog box. From-Access: contractors-outgoing-IP-policy (This is the firewall policy that you just created.) To-Access: (nothing) Default Action: DenyUser Profile Reassignment...
  • Page 143 Chapter 9: Common Configuration Examples • Mac OS X ® • iPad • iPhone ® • Android ™ If one or more of these predefined OS objects satisfies your needs, you can skip this step. Click Configuration > Advanced Configuration > Network Objects > OS Objects > New, enter the following, and then click Save: Object Name: Type the name of the OS object.

  • Page 144: Private Psk User Groups

    Chapter 9: Common Configuration Examples To add another domain name, click New, click the empty space at the top of the drop-down list and type a new domain name, add an optional description, and then click “Apply.” You can create up to 32 entries for a single device domain object, and there can be up to 64 device domain objects per SmartPath AP.

  • Page 145: Importing Private Psk Users

    Chapter 9: Common Configuration Examples VLAN ID: 1 If you leave this field empty, the SmartPath AP applies the VLAN ID set in the Employees(30) user profile, which is already set as 1. If you set a different VLAN ID here than the one in the user profile, this setting takes precedence over the one in user profile.

  • Page 146: Private Psk Ssid

    Chapter 9: Common Configuration Examples Bill Li, 3, Contractors(35), Cm$7)3bO1!, hm-admin@apis.com;mgr@apis.com, Use SSID star, home Notice that the private PSK user definitions for employees are sent directly to the people who will use them, but those for contractors are sent to a department manager for dissemination. All definitions are also sent to the SmartPath EMS VMA administrator as a backup.

  • Page 147: E-Mail Notification

    Chapter 9: Common Configuration Examples The SmartPath AP Update Results page appears so that you can monitor the progress of the upload procedure. When complete, “100%” appears in the Upload Rate column and “Successful” appears in the Update Result column. 9.4.8 E-mail Notification To distribute the private PSK user definitions to the employees and the manager in charge of the contractors, click Configuration >...

  • Page 148: Set Smartpath Ap Classifiers

    Chapter 9: Common Configuration Examples SmartPath EMS Branch Office #3 VLAN: 30 VLAN definition: 30; type: branch3 SmartPath AP classifier: branch3 Main Office Branch Office #2 Branch Office #1 VLAN: 20 VLAN: 10 VLAN definition: 20; type: branch2 VLAN definition: 10; type: global SmartPath AP classifier: branch2 SmartPath AP classifier: (nothing) Figure 9-20.

  • Page 149: Create A Vlan Object With Three Definitions

    Chapter 9: Common Configuration Examples 9.5.2 Create a VLAN Object with Three Definitions Click Configuration > Advanced Configuration > Network Objects > VLANs > New, enter the following, and then click Apply: VLAN Name: branchVLAN-10-20-30 VLAN ID: 10 Type: Global Description: VLAN at Branch Office #1 Click New, enter the following, and then click Apply: VLAN ID: 20...

  • Page 150: Multiple Default Routes

    Chapter 9: Common Configuration Examples The SmartPath AP Update Results page appears so that you can monitor the progress of the upload procedure. When complete, “100%” appears in the Upload Rate column and “Successful” appears in the Update Result column. Check that the VLANs are being applied properly: In the Upload and Activate Configuration dialog box, click the host name of a SmartPath AP at Branch Office 1, and then select View Configuration.
  • Page 151 Chapter 9: Common Configuration Examples When a guest connects to a SmartPath AP on the corporate network, the SmartPath AP applies a guest user policy to the traffic, which assigns it to the public VLAN (20). The SmartPath AP tags the frame with the public VLAN, encapsulates it with a GRE wrapper, and forwards it to the eth0 port of the SmartPath AP in the DMZ.
  • Page 152 Chapter 9: Common Configuration Examples 3. Expand the Advanced Ethernet Settings section, enter the default VLAN ID for your public network in the Eth1 row in the Native VLAN column, and then enter the VLAN IDs you want to allow on the public network in the Allowed VLAN column. NOTE: You do not have to enter a value in the Allowed VLAN column if the only VLAN ID allowed is entered in the Native VLAN column.

  • Page 153: Smartpath Operating System (Os)

    Chapter 10: SmartPath Operating System (OS) 10. SmartPath Operating System (OS) You can deploy a single SmartPath AP and it will provide wireless access as an autonomous AP. However, if you deploy two or more SmartPath APs in a cluster, you can provide superior wireless access with many benefits. A cluster is a set of SmartPath APs that exchanges information with each other to form a collaborative whole (see Figure 10-1).
  • Page 154 Chapter 10: SmartPath Operating System (OS) Additionally, there are many default settings that simplify the setup of a SmartPath AP because these are the typical settings for many of the most common deployments. The following are some important default settings and the commands necessary to change them if you need to do so.

  • Page 155: Configuration Overview

    Chapter 10: SmartPath Operating System (OS) 10.2 Configuration Overview The amount of configuration depends on the complexity of your deployment. As you can see in "Deployment Examples (CLI)" in Chapter 11, you can enter a minimum of three commands to deploy a single SmartPath AP, and just a few more to deploy a cluster.

  • Page 156: Smartpathos Configuration File Types

    Chapter 10: SmartPath Operating System (OS) qos { classifier-map | classifier-profile | marker-map | marker-profile | policy } … • User profiles user-profile string … • SSIDs ssid string … • AAA (authentication, authorization, and accounting) settings for IEEE 802.1X authentication aaa radius-server …...
  • Page 157 Chapter 10: SmartPath Operating System (OS) • backup: a flash file that the SmartPath AP attempts to load during the reboot process if there is a newly uploaded current config file or if it cannot load the current config file. See Figures 10-4 and 10-5. •...
  • Page 158 Chapter 10: SmartPath Operating System (OS) SmartPath EMS VMA TFTP SmartPath AP Server Server Current Config Config File New Backup Config When you upload a config file from SmartPath EMS VMA or a (in flash memory) TFTP or SCP server, the SmartPath AP saves the uploaded file as a backup config.
  • Page 159 NOTE: Be careful to remember the login name and password defined in the bootstrap config file. If they become lost or forgotten, you must obtain a one-time login key from Black Box technical support. To get the key, you must already...
  • Page 160 Chapter 10: SmartPath Operating System (OS) To create and load a bootstrap config, make a text file containing a set of commands that you want the SmartPath AP to load as its bootstrap configuration (for an example, see Section 11.5). Save the file locally and then load it with one of the following commands: save config tftp://ip _ addr:filename bootstrap save config scp://username@ip _ addr:filename bootstrap...

  • Page 161: Deployment Examples Cli

    Chapter 11: Deployment Examples CLI 11. Deployment Examples CLI This chapter presents several deployment examples to introduce the primary tasks involved in configuring SmartPath APs through the SmartPathOS CLI. In Deploying a Single SmartPath AP in Section 11.1, you deploy one SmartPath AP as an autonomous access point. This is the simplest configuration: You only need to enter and save three commands.

  • Page 162: Example 1: Deploying A Single Smartpath Ap

    Chapter 11: Deployment Examples CLI 11.1 Example 1: Deploying a Single SmartPath AP In this example, you deploy one SmartPath AP (SmartPath AP-1) to provide network access to a small office with 15–20 wireless clients. You only need to define the following SSID parameters on the SmartPath AP and clients: •...
  • Page 163 Chapter 11: Deployment Examples CLI 4. On your management system, run a VT100 terminal emulation program, such as Tera Term Pro (a free terminal emulator) or Hilgraeve Hyperterminal (provided with Windows operating systems). Use the following settings: • Bits per second (baud rate): 9600 •...
  • Page 164 Chapter 11: Deployment Examples CLI Step 3: Configure the wireless clients. Define the “employee” SSID on all the wireless clients. Specify WPA-PSK for network authentication, AES or TKIP for data encryption, and the preshared key N38bu7Adr0n3. Step 4: Position and power on the SmartPath AP. 1.

  • Page 165: Example 2: Deploying A Cluster

    Chapter 11: Deployment Examples CLI 11.2 Example 2: Deploying a Cluster Building on "Deploying a Single SmartPath AP" in Section 11.1, the office network has expanded and requires more SmartPath APs to provide greater coverage. In addition to the basic configuration covered in the previous example, you configure all three SmartPath APs to form a cluster within the same Layer 2 switched network.
  • Page 166 Chapter 11: Deployment Examples CLI You create a cluster, which is a set of SmartPath APs that collectively distribute data and coordinate activities among themselves, such as client association data for fast roaming, route data for making optimal data-path forwarding decisions, and policy enforcement for QoS and security.
  • Page 167 Chapter 11: Deployment Examples CLI interface wifi0 ssid employee cluster cluster1 cluster cluster1 password s1r70ckH07m3s interface mgt0 cluster cluster1 3. (Optional) Change the name and password of the superuser. admin superuser mwebster password 3fF8ha 4. Check that the channel ID for wifi1 and wifi1.1 is now 149. show interface If the channel ID for wifi1 and wifi1.1 is not 149, set it to 149 so that SmartPath AP-2 uses the same channel as SmartPath AP-1 for backhaul communications.
  • Page 168 Chapter 11: Deployment Examples CLI Log in to SmartPath AP-3 and enter this command to see its neighbors in SmartPath AP-1: show cluster cluster1 neighbor SmartPath AP-3 Chan=channel number; Pow=Power in dBm; A-Mode=Authentication mode; Cipher=Encryption mode; Conn-Time=Connected time; Cstate=Cluster State; Mac Addr Chan Tx Rate...
  • Page 169 Chapter 11: Deployment Examples CLI After associating a wireless client with SmartPath AP-1, log in to SmartPath AP-1 and enter this command: show ssid employee station SmartPath AP-1 Chan=channel number; Pow=Power in dBm; A-Mode=Authentication mode; Cipher=Encryption mode; A-Time=Associated time; Auth=Authenticated; UPID=User profile Identifier;...

  • Page 170: Example 3: Using Ieee 802.1X Authentication

    Chapter 11: Deployment Examples CLI The setup of cluster1 is complete. Wireless clients can now associate with the SmartPath APs using SSID “employee” and access the network. The SmartPath APs communicate with each other to share client associations (to support fast roaming) and routing data (to select optimal data paths).
  • Page 171 Chapter 11: Deployment Examples CLI The IP address of the RADIUS server is 10.1.1.10, and the shared secret that SmartPath AP-1 and the RADIUS server use to authenticate each other is "s3cr3741n4b10X". You must also enter the same shared secret on the RADIUS server when you define the SmartPath APs as access devices (see Step 4).
  • Page 172 Chapter 11: Deployment Examples CLI If the supplicant is Windows based and you are not on a domain. 1. Configure the SSID on your client as follows: Network name (SSID): employee Network authentication: WPA2 Data encryption: AES Enable IEEE 802.1X authentication for this network: (select) EAP type: Protected EAP (PEAP) Authenticate as computer when computer information is available: (clear) Authenticate as guest when user or computer information is unavailable: (clear)

  • Page 173: Active Directory Configuration Improvement

    Chapter 11: Deployment Examples CLI show ssid employee station Chan=channel number; Pow=Power in dbm; A-Mode=Authentication mode; Cipher=Encryption mode; A-Time=Associated time; Auth=Authenticated; UPID=User profile Identifier; Phymode=Physical mode; Mac Addr IP Addr Chan Rate A-Mode Cipher A-Time VLAN Auth UPID Phymode -------------- --------- ---- ---- ---- -------- -------...
  • Page 174 Chapter 11: Deployment Examples CLI Default Domain Domain: Type the DNS domain name to which the SmartPath AP RADIUS server and Active Directory server belong; for example, blackbox.com. Active Directory Server: Choose a previously defined IP object/host name for the Active Directory server from the drop-down list. If you do not see the one that you need, click the New icon ( + ) and define it, or select the blank space at the top of the drop-down list and type the IP address or host name of the server.
  • Page 175 Chapter 11: Deployment Examples CLI Password: Enter the password that the SmartPath AP RADIUS server supplies when requesting a user account lookup on the Active Directory server. The password must exactly match the password entered for the user account defined on the Active Directory server for the SmartPath AP RADIUS server.

  • Page 176: Radius Authentication For Vhm Administrators

    Chapter 11: Deployment Examples CLI LDAP User Group Attribute: Enter the attribute name defined on the Active Directory server that you want to use to link users to user profiles on SmartPath AP authenticators. The default LDAP user group attribute name on Active Directory is "memberOf".

  • Page 177: Example 4: Applying Qos

    Chapter 11: Deployment Examples CLI To configure SmartPath EMS VMA to authenticate administrators whose login accounts are stored on an external RADIUS server: 1. Log in to the home system as an admin with super-user privileges. Either note the name and attribute number of one of the predefined admin groups or create a new one.
  • Page 178 Chapter 11: Deployment Examples CLI Voice traffic is very sensitive to delay and cannot tolerate packet loss without loss of voice quality. When other traffic is competing with voice traffic for bandwidth, it becomes essential to prevent that traffic from interfering with voice traffic. Because voice traffic for a single call requires very little bandwidth—typically from 8 to 64 kbps depending on the voice codec used—a good approach for setting its rate is to calculate the bandwidth necessary for a voice call plus related telephony traffic from a single user’s computer, softphone, or handset and then multiply that by the potential number of concurrent VoIP users.

  • Page 179: Qos Classifier-Map Oui 00:12:3B Qos

    Class 2 is for all types of traffic not mapped to an Black Box class—such as HTTP for example. Figure 11-9. QoS policy “voice” for voice, streaming media, and data.

  • Page 180: Service Mms Tcp

    Chapter 11: Deployment Examples CLI 2. Define the custom services that you need. service mms tcp 1755 service smtp tcp 25 service pop3 tcp 110 The Microsoft Media Server (MMS) protocol can use several transports (UDP, TCP, and HTTP). However, for a SmartPath AP to be able to map a service to a SmartPath QoS class, it must be able to identify that service by a unique characteristic such as a static destination port number or a nonstandard protocol number.

  • Page 181: Qos Policy Voice Qos 5 Wrr

    Chapter 11: Deployment Examples CLI Step 3: Apply QoS on SmartPath AP-1. 1. Create a QoS policy. For SmartPath APs supporting IEEE 802.11a/b/g: qos policy voice qos 5 wrr 20000 90 qos policy voice qos 3 wrr 54000 60 For SmartPath APs supporting IEEE 802.11a/b/g/n: qos policy voice qos 6 strict 512 0 qos policy voice qos 5 wrr 20000 90 qos policy voice qos 3 wrr 1000000 60...

  • Page 182: User-Profile Employee-Net Qos-Policy Voice Attribute

    Chapter 11: Deployment Examples CLI The user profile rate defines the total amount of bandwidth for all users to which this policy applies. The user rate defines the maximum amount for any single user. The user rate can be equal to but not greater than the user profile rate. (Note: The maximums shown here are for SmartPath APs that support 802.11n data rates.
  • Page 183 Chapter 11: Deployment Examples CLI qos classifier-map oui 00:12:3b qos 6 service mms tcp 1755 service smtp tcp 25 service pop3 tcp 110 qos classifier-map service mms qos 5 qos classifier-map service smtp qos 3 qos classifier-map service pop3 qos 3 qos classifier-profile employee-voice mac qos classifier-profile employee-voice service qos classifier-profile eth0-voice mac...

  • Page 184: Example 5: Loading A Bootstrap Configuration

    2. Confirm the reboot command, and then, when you are asked if you want to use the Black Box Initial Configuration Wizard, enter no.
  • Page 185 NOTE: Be careful to remember the login name and password defined in a bootstrap config file. If they become lost or forgotten, you must obtain a one-time login key from Black Box technical support. To get the key, you must already have had a support contract in place.

  • Page 186: Command Line Interface (Cli) Commands For Examples

    Chapter 11: Deployment Examples CLI Step 3: Load the bootstrap config file on SmartPath AP-2 and SmartPath AP-3. 1. Make a serial connection to the console port on SmartPath AP-2 and log in. 2. Upload the bootstrap-cluster1.txt config file from the TFTP server to SmartPath AP-2 as a bootstrap config. save config tftp://10.1.1.31:bootstrap-cluster1.txt bootstrap 3.

  • Page 187: Commands For Example 3

    Chapter 11: Deployment Examples CLI SmartPath AP-3: ssid employee ssid employee security protocol-suite wpa-auto-psk ascii-key N38bu7Adr0n3 interface wifi0.1 ssid employee cluster cluster1 cluster cluster1 password s1r70ckH07m3s interface mgt0 cluster cluster1 save config 11.8.3 Commands for Example 3 Enter the following commands to configure the cluster members to support IEEE 802.1X authentication in Example 3 in Section 11.3: SmartPath AP-1: aaa radius-server first 10.1.1.10 shared-secret s3cr3741n4bl0X...
  • Page 188 Chapter 11: Deployment Examples CLI qos classifier-profile employee-voice mac qos classifier-profile employee-voice service qos classifier-profile eth0-voice mac qos classifier-profile eth0-voice service ssid employee qos-classifier employee-voice interface eth0 qos-classifier eth0-voice For SmartPath APs supporting IEEE 802.11a/b/g: qos policy voice qos 5 wrr 20000 90 qos policy voice qos 3 wrr 54000 60 For SmartPath APs supporting IEEE 802.11a/b/g/n: qos policy voice qos 6 strict 512 0...

  • Page 189: Commands For Example 5

    Chapter 11: Deployment Examples CLI qos policy voice qos 3 wrr 1000000 60 user-profile employee-net qos-policy voice attribute 2 save config SmartPath AP-3: qos classifier-map oui 00:12:3b qos 6 service mms tcp 1755 service smtp tcp 25 service pop3 tcp 110 qos classifier-map service mms qos 5 qos classifier-map service smtp qos 3 qos classifier-map service pop3 qos 3...
  • Page 190 Chapter 11: Deployment Examples CLI show config bootstrap SmartPath AP-2 save config tftp://10.1.1.31:bootstrap-security.txt bootstrap show config bootstrap SmartPath AP-3 save config tftp://10.1.1.31:bootstrap-meshpoint.txt bootstrap show config bootstrap 724-746-5500 | blackbox.com Page 190...

  • Page 191: Traffic Types

    Chapter 12: Traffic Types 12. Traffic Types This is a list of all the types of traffic that might be involved with a SmartPath AP and SmartPath EMS VMA deployment. If a fire- wall lies between any of the sources and destinations listed below, make sure that it allows these traffic types. Table 12-1.
  • Page 192 Chapter 12: Traffic Types Table 12-2. Traffic supporting management of SmartPath APs. Service Source Destination Protocol SRC Port DST Port Notes Required for SmartPath APs to | discover SmartPath EMS VMA and SmartPath AP mgt0 send it alarms, events, reports, traps, CAPWAP* SmartPath EMS VMA 17 UDP...
  • Page 193 Chapter 12: Traffic Types Table 12-2 (continued). Traffic supporting management of SmartPath APs. Service Source Destination Protocol SRC Port DST Port Notes Required for a SmartPath EMS VMA SmartPath AP mgt0 to upload files—SmartPath OS imag- SSHv2 SmartPath EMS VMA 6 TCP 1024–65535 es, full configs, captive web portals...

  • Page 194: Appendix. Country Codes

    Appendix: Country Codes Appendix. Country Codes When the region code on a SmartPath AP is preset as “world,” you must set a country code for the location where you intend to deploy the SmartPath AP. This code determines the radio channels and power settings that the SmartPath AP can use when deployed in that country.
  • Page 195 Appendix: Country Codes Table A-1 (continued). Countries and country codes. Country Country Code Country Country Codes Country Country Code Country Country Code Japan 11 (J11) 4011 Japan12 (J12) 4012 Japan13 (J13) 4013 Japan14 (J14) 4014 Japan 15 (J15) 4015 Japan16 (J16) 4016 Japan17 (J17) 4017...
  • Page 196 About Black Box Black Box Network Services is your source for an extensive range of networking and infrastructure products. You’ll find everything from cabinets and racks and power and surge protection products to media converters and Ethernet switches all supported by free, live 24/7 Tech support available in 30 seconds or less.

This manual is also suitable for:

Smartpath lwn600cm-1Smartpath lwn600cm-3Smartpath lwn602haeSmartpath lwn602haSmartpath lwn602waSmartpath lwn600vma ... Show all

Table of Contents