cnPilot E-Series 3.1.X Release Features

cnPilotE-Series3.1.XReleaseFeatures
-ChannareddyIreddy
cnPilotE-Series3.1.XReleaseFeatures
NewreleaseimageversionforE400/E500/ePMP1000is3.1.1-r16
3.1-r20and3.1.1-r16ImageForAccessPointincludesbelowfeatures:
Ø Layer2GRE(L2GRE)/EthernetOverGRE(EOGRE)tunnel
Ø PointtoPointProtocolOverEthernet(PPPoE)client
Ø InternalGuestAccessAccount
Ø DNSLogging
Ø NATLogging
Ø DeviceLockup
Copyright2014CambiumNetworks,Ltd.Allrightsreserved.
2
3.1.1ReleaseFeature:L2GRETunnel
Description: Access Point can tunnel WLAN traffic to remote location using L2GRE
Deployment Topology:
Copyright2014CambiumNetworks,Ltd.Allrightsreserved.
3
3.1.1ReleaseFeature:L2GRETunnel….continued
GRE Tunnel:
Ø APcantunnelWLANtraffictoremoteGREpeer/GREgateway
Ø APsupportsonlyoneGREtunneli.e.APcan’tformmultipleGREtunneltomultiple
destinationssimultaneously
Ø GREtunnelandL2TPv2tunnelcanbeusedmutuallyexclusivei.e.eitheranyonetunnelata
time
Ø FortunneledWLANonAP,DHCPserver,DNSserveranddefaultgatewayshallbepresent
acrossthetunnel
Ø GuestAccessservicecanbeenabledontunneledWLAN
Ø APcan’tbridgeEthernettrafficonGREtunnelandviceversa
Copyright2014CambiumNetworks,Ltd.Allrightsreserved.
4
3.1.1ReleaseFeature:L2GRETunnel ….continued
GRE Tunnel Options:
Ø ToavoidfragmentationonGREtunnel,APsupportsTCPMSSclampingbydefault
Ø TCPMSSclampingissetto1410asthedefaultvalueandadminhastheoptiontoconfigure
MSSvalueforthetunnel
Ø UsercandisableTCPMSSclampingoption
Ø IfTCPMSSclampingisdisabled,APdoesTCPpacketsfragmentationonGREtunnelifpacket
sizeexceeds1514/1518bytes
Ø PMTUissupportedanddisabledbydefault
Ø PMTUcanbeenabledsothatfragmentationisdoneatthesourcelevelonly
Ø OnlyoneGREpeerconfigurationoptionissupportedandplanistoaddsecondpeerfor
highavailabilitypurpose
Ø UsercanconfigureDSCPvaluefortheGREpacketIPheaderbydefaultDSCPvalueissetto
zero
Ø PeercanbeconfiguredeitherwithIPaddressorthroughhostname
Copyright2014CambiumNetworks,Ltd.Allrightsreserved.
5
3.1.1ReleaseFeature:L2GRETunnel ….continued
GRE Configuration and statistics Information:
Ø ConfigureWLANwithtunnelmode
Copyright2014CambiumNetworks,Ltd.Allrightsreserved.
6
3.1.XReleaseFeature:L2GRETunnel ….continued
GRE Configuration and statistics Information:
Ø GREtunnelconfiguration
Copyright2014CambiumNetworks,Ltd.Allrightsreserved.
7
3.1.1ReleaseFeature:L2GRETunnel ….continued
GRE Configuration and statistics Information:
Ø GREtunnelstatus
Copyright2014CambiumNetworks,Ltd.Allrightsreserved.
8
3.1.1ReleaseFeature:L2GRETunnel ….continued
GRE Configuration and statistics Information:
Ø GREtunnelstatus
Copyright2014CambiumNetworks,Ltd.Allrightsreserved.
9
3.1.1ReleaseFeature:PPPoEClient
PPPoE Client:
Ø APcantunneltrafficonPPPoEinterface
Ø APcanlearnnexthopi.e.defaultgatewayfromPPPoEserver
Ø PPPoEnexthopcanbeconfiguredindefiningstaticroutes
PPPoE Client Options:
Ø Optiontoconfigureusernameandpassword
Ø AuthenticationprotocolssupportedincludesMS-CHAP,MS-CHAPv2,EAPMD5-Challenge
andPAP
Ø OptiontoconfigureMTUsizeanddefaultvalueissetto1492
Ø OptiontoenableanddisableTCPMSSclamping.TCPMSSclampingisdisabledbydefault
Ø WhenTCPMSSclampingisenabledMSSvalueisset1452
Ø OptiontoenableanddisablePPPoEinterface
Ø OptiontoconfigureVLANonwhichPPPoEpacketsshallbesent
Copyright2014CambiumNetworks,Ltd.Allrightsreserved.
10
3.1.1ReleaseFeature:PPPoEClient….continued
PPPoE Client Configuration:
Ø ConfigurationoptionunderNetwork– PPPoEcontext
Copyright2014CambiumNetworks,Ltd.Allrightsreserved.
11
3.1.1ReleaseFeature:PPPoEClient….continued
PPPoE Client status:
Ø StatusisavailableunderMonitor– Network– PPPoE
Copyright2014CambiumNetworks,Ltd.Allrightsreserved.
12
3.1.1ReleaseFeature:PPPoEClient….continued
PPPoE Client Tx and Rx statistics:
Ø PacketsTx andRxstatisticsareavailableunderMonitor– Network– VLAN
Copyright2014CambiumNetworks,Ltd.Allrightsreserved.
13
3.1.1ReleaseFeature:PPPoEClient….continued
PPPoE Client route status:
Ø RouteinformationisavailableunderMonitor– Network– Route
Copyright2014CambiumNetworks,Ltd.Allrightsreserved.
14
3.1.1ReleaseFeature:InternalGuestUserAccount
Description: If captive portal service is hosted on the AP, guest users can be
authenticated from the AP local data base. At present only one user can be added to
the data base. Supporting multiple users data base is in the road map
Configuration: User can be added from WLAN Guest Access configuration context
Copyright2014CambiumNetworks,Ltd.Allrightsreserved.
15
3.1.1ReleaseFeature:DNSLogging
Description: DNS logging will provide an option for the IT admin to see the DNS queries request
made by the wireless clients. The functionality is similar to URL logging feature. When DNS
logging is enabled AP will intercept DNS request sent by the wireless clients and send DNS
query information to sys log server.
DSN Logs format:
Mon Oct 03 10:45:21 2016;10.110.72.127; <14>Oct 3 10:45:21 E500-B14BFA DNS-LOGGING Client D8-FC-93
-66-9A-09, IP 192.168.40.2, SSID 'IronMan-40', Host 'IN01-3TWM542.CAMNWK.COM'
Mon Oct 03 10:46:04 2016;10.110.72.127; <14>Oct 3 10:46:04 E500-B14BFA DNS-LOGGING Client D8-FC-93-66
-9A-09, IP 192.168.40.2, SSID 'IronMan-40', Host 'ocsp.digicert.com'
Copyright2014CambiumNetworks,Ltd.Allrightsreserved.
16
3.1.1ReleaseFeature:DNSLogging….continued
DNS Logging configuration: It can be enabled from WLAN advanced configuration context
Copyright2014CambiumNetworks,Ltd.Allrightsreserved.
17
3.1.1ReleaseFeature:NATLogging
Description: NAT logging will provide an option for the IT admin to re-direct copy of NATed
traffic to external host for monitoring purpose. Admin will come to know host in private
network communicating to which destination IP and destination port
NAT logging configuration option: Configuration option is available from Configure – Service
section. It is not been supported on ePMP 1000 Hotspot AP
Ø
Ø
Ø
Ø
Option to enable and disable the feature
Host Configuration
Port Number can be 65500 to 65502
Interval 5 to 3600 seconds
Copyright2014CambiumNetworks,Ltd.Allrightsreserved.
18
3.1.1ReleaseFeature:NATLogging
NAT logging packet capture:
Copyright2014CambiumNetworks,Ltd.Allrightsreserved.
19
3.1.1ReleaseFeature:DeviceLockup
Description: It is an anti theft software solution apart from physical security of the device.
Admin can prevent access to the device through factory reset mechanism. The device can be
recovered only using the original password even when device is booted with factory reset
(factory reset can be done using hardware reset button)
Configuration option: Configuration option is available only from CLI
CLI commands:
E400-112233(config)# service password-lock <admin-password>
This will lock the device with the password mentioned in above command
E400-112233(config)# service password-unlock >admin-password>
This will unlock the device lockup feature
Copyright2014CambiumNetworks,Ltd.Allrightsreserved.
20
ThankYou!
QA!
-Pleasemailmeyourofflinequeriestochannareddy.ireddy@cambiumnetworks.com