advertisement
3
Configuration
Once a RoamAbout Wireless Switch is physically installed into a rack, you need to connect the cables (see
), power it on (see Figure 1‐2
), and go through the initial configuration process described in this chapter.
For more information about configuration of the Mobility System Software on a wireless switch, refer to the RoamAbout Mobility System Software Configuration Guide and the RoamAbout Mobility
System Software Command Line Interface Reference Guide.
Pre-Configuration Tasks
The following information is needed prior to executing any of the steps in this chapter:
• IP Addresses
• Network Subnet Masks
Wireless Switch Configuration Tasks
Once the wireless switch is physically installed and powered on, you can set up its configuration.
This section describes two ways to configure a newly‐installed wireless switch—using the
quickstart CLI command at the switch’s serial console port, and remotely configuring the switch using RoamAbout Switch Manager.
Using the CLI quickstart Command
You can use the quickstart command to quickly configure a new, previously unconfigured wireless switch. The quickstart command runs a script that interactively helps you configure the following items:
• System name
• Country code (regulatory domain)
• System IP address
• Default route
• Administrative users and passwords
• Unencrypted (clear) SSID names
• Usernames and passwords for guest access using WebAAA
• Encrypted (crypto) SSID names and dynamic WEP encryption for encrypted SSIDs’ wireless traffic
RBT-8110 Wireless Switch Installation Guide 3-1
Wireless Switch Configuration Tasks
• Usernames and passwords for secure access using 802.1X authentication using PEAP‐
MSCHAP‐V2 and secure wireless data encryption using dynamic Wired Equivalent Privacy
(WEP)
• Directly connected access points
• Distributed access points
The quickstart command displays a prompt for each of these items, and lists the default if applicable. You can advance to the next item, and accept the default if applicable, by pressing
Enter.
Depending on your input, the command also automatically generates the following key pairs and self‐signed certificates:
• SSH key pair (always generated)
• Admin key pair and self‐signed certificate (always generated)
• EAP (802.1X) key pair and self‐signed certificate (generated if you type usernames and passwords for users of encrypted SSIDs)
• WebAAA key pair and self‐signed certificate (generated if you type usernames and passwords for users of unencrypted SSIDs)
Note: The quickstart command is for configuration of a new wireless switch only. After prompting you for verification, the command erases the switch’s configuration before continuing. If you run this command on a switch that already has a configuration, the configuration will be erased. In addition, error messages such as Critical AP Notice for directly connected APs can appear.
One of the questions the script asks is the country code. For a list of valid country codes, refer to either the RoamAbout Mobility System Software Configuration Guide or the RoamAbout Mobility
System Software Command Line Interface Reference Guide.
Another question the script asks is, “Do you wish to configure wireless?” If you answer y, the script goes on to ask you for SSID and user information, for unencrypted and encrypted SSIDs. If you answer n, the script generates key pairs for SSH and the administrative users you entered, generates a self‐signed administrative certificate, and then ends.
3-2 Configuration
Wireless Switch Configuration Tasks
quickstart Command Procedure
To run the quickstart command:
1.
Using the null modem cable shipped with the RBT‐8100, attach a PC to the RoamAbout wireless switch’s serial console port. Use these modem settings:
• 9600 bps, 8 bits
• 1 stop
• No parity
• Hardware flow control disabled
Note: Do not attempt to connect a monitor, keyboard, or mouse to the switch. Use only a null modem cable connected to the serial console port.
2.
Press Enter three times, to display a username prompt (Username:), a password prompt
(Password:), and then a command prompt such as the following:
RBT-8110-aabbcc>
(Each switch has a unique system name that contains the model number and the last half of the switch’s MAC address.)
3.
Access the enabled level (the configuration level) of the CLI:
RBT-8110-aabbcc> enable
4.
Press Enter at the Enter password prompt.
5.
Type quickstart. The command asks you a series of questions. You can type ? for more help.
To quit, press Ctrl+C. The following example code accepts the defaults for system name and country code, and does not configure SSIDs, user information, or distributed access points.
RBT-8110-aabbcc# quickstart
This will erase any existing config. Continue? [n]: y
Answer the following questions. Enter '?' for help. ^C to break out
System Name [RBT-8110]:RBT-8110-aabbcc
Country Code [US]: US
System IP address []: 182.29.1.250
System IP address netmask []: 255.255.255.0
Default route []: 182.29.1.1
Do you need to use 802.1Q tagged ports for connectivity on the default VLAN?
[Y/N]: y
Specify the port number that needs to be tagged [1-2, <CR> ends config]: 2
Specify the tagged value for port [2] [<CR> ends config:] 100
Specify the port number that needs to be tagged [1-2, <CR> ends config]:
Enable WebView [y]: y
Admin username [admin]: rbtadmin
Admin password [mandatory]: letmein
Enable password [optional]: enable
Do you wish to set the time? [y]: y
Enter the date (dd/mm/yy) []: 31/03/06
Is daylight saving time (DST) in effect [n]: n
Enter the time (hh:mm:ss) []: 04:36:20
Enter the timezone []: EST
Enter the offset (without DST) from GMT for 'PST' in hh:mm [0:0]: -5:00
Do you wish to configure wireless? [y]: y
Enter a clear SSID to use: public
RBT-8110 Wireless Switch Installation Guide 3-3
Wireless Switch Configuration Tasks
Do you want Web Portal authentication? [y]: y
Enter a username to be used with Web Portal, <cr> to exit: user1
Enter a password for user1: user1pass
Enter a username to be used with Web Portal, <cr> to exit:
Do you want to do 802.1x and PEAP-MSCHAPv2? [y]: y
Enter a crypto SSID to use: corporate
Enter a username with which to do PEAP-MSCHAPv2, <cr> to exit: bob
Enter a password for bob: bobpass
Enter a username with which to do PEAP-MSCHAPv2, <cr> to exit:
Do you wish to configure access points? [y]: y
Enter a port number [1-2] on which an AP resides, <cr> to exit: 2
Enter AP model on port 2: RBT-1602
Enter a port number [1-2] on which an AP resides, <cr> to exit:
Do you wish to configure distributed access points? [y]: y
Enter a DAP serial number, <cr> to exit: 123456789
Enter model of DAP with S/N 123456789: RBT-1602
Enter a DAP serial number, <cr> to exit: success: created keypair for ssh success: Type "save config" to save the configuration
RBT-8110-aabbcc# save config
RBT-8110#
6.
Optionally, enable Telnet.
RBT-8110# set ip telnet server enable
7.
Verify the configuration changes.
RBT-8110# show config
8.
Save the configuration changes.
RBT-8110# save config
3-4 Configuration
Wireless Switch Configuration Tasks
Configuring RoamAbout Wireless Switches Using RASM
You can use the RoamAbout Switch Manager (RASM) running in your corporate network to configure RoamAbout wireless switches. You can stage any model of wireless switch by preconfiguring IP connectivity and enabling auto‐config, then sending the switch to the remote office. The switch contacts RASM in the corporate network to complete its configuration.
This installation option requires someone to preconfigure the switch in a RASM network plan and someone to physically install and power on the switch.
Preconfigure the Wireless Switch in RASM
If you know the switch’s serial number, use the following procedure to set up the switch’s configuration in RASM.
1.
Start RASM Services.
2.
Start a RASM client and connect to RASM Services.
3.
Select Services > Setup from the menu bar in the main RASM window. A browser window containing the Setup page appears.
Note: If a certificate check dialog box appears, click Accept or OK to accept the certificate.
4.
Select the RAS Connection Settings in the column on the left.
5.
Select Accept self‐signed certificates, in the Connection Security area.
6.
Click Save.
7.
Open the network plan for the site, or create a new one.
8.
Access the Create Mobility Exchange wizard: a.
Select the Configuration toolbar option.
b. In the Organizer panel, select the network plan name.
c.
In the Task List panel, select Create Mobility Exchange.
9.
Enter a name for the switch in the RAS Name box.
10. Select the switch model.
11. Enter the serial number in the Serial Number box.
12. Configure other parameters as required for the switch’s deployment.
Note: You can configure an enable password for the switch even if it does not already have one.
When sending the configuration, RASM tries the configured password first, then tries a blank password if the enable password does not match the one on the switch. If the switch does not have an enable password, the blank password is accepted. RASM then sends the configuration to the switch, including the configured (non-blank) enable password.
13. Click Finish to save the switch configuration and close the wizard.
Leave RASM Services running, with the network plan open. When the switch is powered on at the remote site, the switch contacts RASM Services to request a configuration.
RBT-8110 Wireless Switch Installation Guide 3-5
Wireless Switch Configuration Tasks
Stage the Wireless Switch
You can use this method of remote configuration for any RoamAbout wireless switch, and regardless of whether the local office (the switch installation site) has a DHCP server or DNS server.
Preparing the Network
If the network where the switch will be installed has a DNS server, add an entry that maps the IP address of RASM Services to the hostname wlan‐config‐srv. Include the corporate network’s domain name in the entry (for example, wlan‐config‐srv.example.com). Alternatively, you can configure an IP alias on the switch itself that maps the server IP address to this well‐known name.
(See “ Example 2: Deployment Site Has No DHCP and No DNS ” on page 3‐7.)
Preparing the Switch
Preconfigure the RoamAbout wireless switch with the following information:
• IP address
• Default router (gateway) address
• Domain name and DNS server address
You can enable the switch to use the MSS DHCP client to obtain this information from a DHCP server in the local network where the switch will be deployed. Alternatively, you can statically configure the information.
The IP address and DNS information are configured independently. You can configure the combination of settings that work with the network resources available at the deployment site.
The following examples show some of the combinations you can configure.
Example 1: Deployment Site Has DHCP and Local DNS
The deployment site in this example has a DHCP server. The switch is configured to use the MSS
DHCP client to obtain an IP address, default router address, DNS domain name, and DNS server
IP addresses.
1.
Configure a VLAN:
RBT-8110# set vlan 1 port 1
2.
Enable the DHCP client on VLAN 1:
RBT-8110# set interface 1 ip dhcp-client enable
3.
Enable the auto‐config option:
RBT-8110# set auto-config enable
4.
Save the configuration changes:
RBT-8110# save config
5.
Reset the switch by using one of the following methods:
• Enter the following command:
RBT-8110# reset system
• Turn the power off to the switch, and then turn the power back on.
3-6 Configuration
Wireless Switch Configuration Tasks
Example 2: Deployment Site Has No DHCP and No DNS
The deployment site in this example does not have a DHCP server or a local DNS server.
Therefore, IP and DNS information must be statically configured. Because no DNS server is available, an IP alias is configured to map the RASM server’s IP address to the well‐known hostname wlan‐config‐srv.
1.
Configure a VLAN:
RBT-8110# set vlan 1 port 1
2.
Configure an IP interface on the VLAN.
RBT-8110# set interface 1 ip 192.168.1.252 255.255.255.0
3.
Configure a default route through the local gateway:
RBT-8110# set ip route default 192.168.1.1 1
4.
Configure the default DNS domain name:
RBT-8110# set ip dns domain example.com
5.
Configure an IP alias to map the RASM server IP address to the well‐known name wlan‐config‐srv:
RBT-8110# set ip alias wlan-config-srv 172.16.22.84
6.
Enable the auto‐config option:
RBT-8110# set auto-config enable
7.
Save the configuration changes:
RBT-8110# save config
8.
Reset the switch by using one of the following methods:
• Enter the following command:
RBT-8110# reset system
• Turn the power off to the switch, and then turn the power back on.
Example 3: Deployment Site Has DNS But No DHCP
The deployment site in this example does not have a DHCP server but does have a local DNS server. The configuration is similar to Example 1, but includes DNS configuration information instead of an IP alias.
1.
Configure a VLAN:
RBT-8110# set vlan 1 port 1
2.
Configure an IP interface on the VLAN.
RBT-8110# set interface 1 ip 192.168.1.252 255.255.255.0
3.
Configure a default route through the local gateway:
RBT-8110# set ip route default 192.168.1.1 0
4.
Configure the default DNS domain name:
RBT-8110# set ip dns domain example.com
5.
Configure DNS server information:
RBT-8110# set ip dns server 192.168.11.2
RBT-8110 Wireless Switch Installation Guide 3-7
Wireless Switch Configuration Tasks
6.
Enable the MSS DNS client:
RBT-8110# set ip dns server enable
7.
Enable the auto‐config option:
RBT-8110# set auto-config enable
8.
Save the configuration changes:
RBT-8110# save config
9.
Reset the switch by using one of the following methods:
• Enter the following command:
RBT-8110# reset system
• Turn the power off to the switch, and then turn the power back on.
Example 4: Deployment Site Has DHCP But Local DNS Domain Differs From
Corporate DNS Domain
The deployment site in this example has a DHCP server, so the switch’s DHCP client is enabled.
Static IP address and default router (gateway) information are not required. The site also has a local DNS server. However, the local DNS domain name is different from the corporate DNS domain name where the RASM server is located. The static DNS configuration on the switch overrides the DNS configuration from the DHCP server.
1.
Configure a VLAN:
RBT-8110# set vlan 1 port 1
2.
Enable the DHCP client on VLAN 1:
RBT-8110# set interface 1 ip dhcp-client enable
3.
Configure the default DNS domain name:
RBT-8110# set ip dns domain customer.com
4.
Configure DNS server information:
RBT-8110# set ip dns server 192.168.11.2
5.
Enable the MSS DNS client:
RBT-8110# set ip dns server enable
6.
Enable the auto‐config option:
RBT-8110# set auto-config enable
7.
Save the configuration changes:
RBT-8110# save config
8.
Reset the switch by using one of the following methods:
• Enter the following command:
RBT-8110# reset system
• Turn the power off to the switch, and then turn the power back on.
3-8 Configuration
Preparing the Network for Distributed Access Points
Preparing the Network for Distributed Access Points
An AP that is not directly connected to a RoamAbout wireless switch is considered a Distributed
AP (DAP). RoamAbout APs are DAPs that require the following support in order to find a
RoamAbout wireless switch to configure and manage them:
• Power—Power over Ethernet (PoE) must be provided on one of the Ethernet connections to the AP. Use a PoE injection device that has been tested by Enterasys Networks. Providing PoE on both of the Ethernet connections allows for redundant PoE.
• DHCP—A Distributed AP uses IP for communication, and relies on DHCP to obtain IP parameters. Therefore, DHCP services must be available on the subnet that the AP is connected to. DHCP must provide the following parameters to the AP:
• IP address
• Default router (gateway) address
The DHCP server might also need to supply the following DNS parameters, unless the
RoamAbout wireless switch is in the same subnet as the APs, or DHCP option 43 is used to supply a list of RoamAbout wireless switch IP addresses or hostnames in the DHCP message.
• Domain name
• DNS server address
• DNS—If the intermediate network between the RoamAbout wireless switch and DAP includes one or more IP routers, do one of the following:
• Configure DHCP option 43 on the DHCP server (see above).
• Create a wlan‐switch.mynetwork.com entry on the DNS server.
RBT-8110 Wireless Switch Installation Guide 3-9
Preparing the Network for Distributed Access Points
3-10 Configuration
advertisement
Related manuals
advertisement