WLAN 3.x Training

WLAN 3.
x Training
OAW Products
Alcatel-Lucent - Enterprise Solutions Division
Agenda
1. Products Overview
2. Wireless Basic
3. CLI Configuration Overview
4. GUI Configuration Overview
5. Basic System Setup
6. AP Configuration
7. Managing System Images
8. Basic Configuration Sample
9. Lab : Basic System Configuration
2 | Presentation Title | Month 2009
All Rights Reserved Alcatel-Lucent 2009
1. Products Overview
Why Alcatel-Lucent
Complete communication solutions provider
Market leadership in key data, voice, video and fixed mobile convergence
technologies
turnkey solutions
over 500,000 customers
data/IP
broadband
Presence invoice
over 130 countries
satellite
outsourcing
optical
#1 in broadband, switching, optics, satellite, telecom,
submarine
What Can Alcatel-Lucent Enterprise Solutions Do For You?

Build the IP Communications House
Communications
Applications
Voice over IP
IP Network
Infrastructure
Alcatel-Lucent EBG Product Portfolio

IP Networking
Core Layer/
Large Scale
Distributed Layer/
Medium Scale
Access Layer/
Small Scale
Router(WAN)
OmniStack 6200
OmniPCX Office
7750/7450
OmniSwitch
7800
OmniSwitch
6600/ 6602
OmniSwitch
9800/9700
OmniSwitch
9600
OmniSwitch
6400
OAW 6000s/SUP-III
OmniAccess 780
OmniSwitch
6855
OmniSwitch
7700
WLAN
VoIP
OAW4x04
OAW 4324/08/04
OmniPCX Enterprise
OmniAccess 740
OmniSwitch
6850/ 6850Lite
OmniAccess 720s
IP Phone
OAW-AP 4x/6x/70/12x/85
OmniVista 2500
Mobile

NAC
Brick Family
Vital Suite/QIP
Safeguard
Cybergatekeeper
Firewall/ VPN
Performance Management
Quarantine Manager
NLG3500
Alcatel-Lucent WLAN Solution
vs.
OmniAccess WLAN solution
OmniAccess WLAN solution

Access points
Site survey
Access points
Packet capture
Air monitors
WiFi IDS / IPS
WLAN switches
WLAN switches/blades
Captive portal
VPN concentrator
LAN-speed firewall
QoS devices
OmniAccess Wireless Switches
WiFi
Adaptive RF, Packet Capture, Location Tracking
Roaming, SSID Mgmt, RF Fingerprinting
WiFi
WiFi
WiFi IDS/IPS, Rogue AP Defense
WiFi
WEP, TKIP, AES, 3DES

(HIC)
MAC, Captive Portal, 802.1x, VPN

User/Flow Stateful FW + Content Inspection re-direction
Network
Service Provisioning
Network Integration

QoS/Priority/Bandwidth Contracts

Routing, VLANS, NAT, DHCP, Switching
Policy Control
Management
WiFi IDS/IPS
Radius
LDAP
Active Dir.
Alcatel-Lucent WLAN System
Alcatel-Lucent WLAN System
Alcatel-Lucent WLAN Switch

Alcatel

Performance 4
Processor
Access Point
AP
802.11 a, b/g/n
User access and air monitoring

Linux

Alcatel
Wireless
Control
Processor
Wireless
Packet
Processor
Wireless
Security
Processor
Wireless
Switching
Processor
Alcatel WLAN Switch
Alcatel WLAN Switch

OmniAccess 6000 WLAN Switches
4 Slot
Data Remote AP
64 ~ 2048 AP
Line card 24 10/100 PoE 2 GE uplink
SUP-III 2 10GE 10 1GE
802.11 a/b/g/n
OmniAccess 4504/4604/4704 Wireless Switches
4x Dual personality ports 10/100/1000Base-T (RJ-45) or

1000Base-X (SFP)
32/64/128 AP
802.11 a/b/g/n
OmniAccess 4302/4308/4324 Wireless Switches
0/8/ 24 10/100 PoE

1 or 2 port Gigabit uplink
6/16/48 AP AP
802.11b&g and 802.11a/b&g (multimode)
OAW6000 with Sup III

Capacity
40x 1000Base-X (SFP)
Up to 2,048 Campus Connected APs
Up to 8,192 Remote APs
Up to 32,768 Users
Performance
80 Gbps Clear (full-duplex)
32 Gbps Crypto (3DES, AESCBC256)
16 Gbps Crypto (AES-CCM)
Compatibility
Up to 4 Sup III per 6000 chassis
Supports legacy Line cards
Requires 400 watt PSU
All Components Modular, Hot-Swappable
Fan Tray
8x 10GBase-X (XFP)
Redundant PSUs
Up to 4 M3 Modules
OAW 4504, 4604, 4704
Capacity
OAW-4504
Up to 32 Campus Connected APs
Up to 128 Remote APs
Up to 512 Users
OAW-4604
Up to 1,024 Users
OAW-4704
Up to 2,048 Users
Performance
1.6 Gbps, 4 Gbps and 8 Gbps crypto performance
(3DES, AESCBC256)
800 Mbps, 2 Gbps, 4 Gbps crypto performance (AESCCM)
3 Gbps, 4 Gbps, and 4 Gbps wired Non-encrypted
Throughput Performance (full-duplex)
Interfaces
4x Dual personality ports 10/100/1000Base-T (RJ-45)
or 1000Base-X (SFP)
1 x RJ-45 Serial Console Port
Programmable Architecture
Multi-core, Multi-threaded Network Processor
Dedicated Crypto cores
Dedicated
Network Processors
Dedicated Hardware
Crypto Cores
Multiple
Dedicated
Control
Processors
1RU 19
Enclosure
Serial Console
Port
Status LEDs
4x Dual personality ports

10/100/1000Base-T (RJ-45)
or 1000Base-X (SFP)
Alcatel-Lucent WLAN Switch

Number of AP
Branch
Regional HQ
Large Branch
Medium-802.11n
Large 802.11n
2048
OAW-6000-2048
(with Supervisor III)
512
OAW-6000-512
(Dual Supervisor II)
256
128
OAW-4704
64
OAW-4604
OAW-4324
Pay as you grow

capability
48
32
16
OAW-4504
OAW-4308
OAW-4304
1 Gbps /
200 Mbps
Performance (Clear text / encrypted)

2 Gbps /
400 Mbps
6 Gbps /
1.6 Gbps
8 Gbps /
4 Gbps
8 Gbps /
8 Gbps
8 Gbps /
7.2 Gbps
80 Gbps /
32 Gbps
Alcatel-Lucent Access Point (11a/b/g)

Single Radio APs
Software Configurable 802.11a OR b/g
AP / Air Monitor / Remote AP / Mesh
Internal or External Antenna Options
OAW-AP60
OAW-AP61
Dual Radio APs

Dual-Radio 802.11 a AND b/g
OAW-AP70
OAW-AP65
Dual Fast Ethernet Interfaces (OAW-AP70) for resiliency

of secured RJ-45 port
Extensible USB Interface Port (OAW-AP70)
Weatherproof, Outdoor (OAW-AP85)
OAW-AP85
Alcatel-Lucent Access Point (11n)

802.11n Ready APs
Single Radio 802.11a OR b/g
Adaptive PoE (802.3af, PoE+, 802.3at)
OAW-AP120 abg
OAW-AP121 abg
Dual Gigabit Ethernet Interfaces (resiliency and secured

RJ-45 port)
802.11n SW upgrade for future
802.11n MIMO APs

Dual Radio pre-802.11n a/n AND b/g/n
3x3 MIMO 300Mbps per radio
Adaptive PoE (802.3af, PoE+, 802.3at)
OAW-AP124
OAW-AP125
Dual Gigabit Ethernet Interfaces (resiliency and secured

RJ-45 port)
Enterprise WLAN
The Business Benefits
Mobility
Location tracking
enterprise-wide WLAN
users
guest access
equipment assets
internal WLAN hotspots
security
remote / branch office access

small office, home office access
Converged communication services

converged mobile devices
fixed / mobile convergence
Enterprise WLAN
Requirements / Challenges
Deployment
no disruption of existing network
RF engineering
new infrastructure
network redesign and upgrades
Management
design and configuration
monitoring
troubleshooting
growth
Security
authentication and encryption
identity-based security and guest access
rogues, ad-hoc networks, hacks and
attacks
firewalling
Availability
coverage
reliability
mobility
performance
Convergence
QoS
security
load balancing
voice-aware
Addressing the Management Challenges

Planning, Deploying and Managing
Simplest RF planning tool
Zero-touch AP deployment model
Adaptive radio management
Real-time coverage maps
Centralized configuration and monitoring
Integrated packet capture for easy troubleshooting
Integrated location tracking
Addressing the Availability Challenges

Reliability, Coverage and Mobility
VRRP-based redundancy requires no AP

provisioning
Split-second
VRRP
Failover
APs automatically become aware of

redundant topology when deployed
across L3 boundary
Data
DataCenter
Center
Modular architecture for scalability
Built-in
Remote office connectivity with site-tosite VPN
Site-tosite
IPSec
VPN
Home office connectivity with remote AP
Mobile office connectivity with client VPN
Internet
Branch Office
Branch Office
Remote AP
with IPSec
VPN
Regional
RegionalOffice
Office
Auto-awareness of
Redundant
topology
(No priming
needed)
HotStandby
Home
HomeOffice
Office
Public
PublicHotspot
Hotspot
OAW
Client
Addressing the Security Challenges

Authentication, Authorization and Control
Integrated stateful firewall
Role-based access control
Built-in client integrity
Centralized 802.11i security
Built-in AAA services
L1-L7 wireless IPS
Rogue detection services
Direct Interface
to Microsoft
Active Directory
Active
Directory
Wireless Controller
Centralized
Encryption
Keys
Rights,
QoS, VLAN
Built-in Rogue
Detection &
Containment
Wired L2 / L3
Transport
Access Point
Quarantine Manager
SSID: GUEST
SSID: CORP
SSID:
VOICE
Rogue
AP
Scan & Quarantine
Un-trusted Users
Employees
Voice
Guest
Addressing Enterprise Applications

Convergence Services to Meet the Needs of Business
QoS for application-aware traffic management
Security to protect the network, users, and remote clients
Load-balancing automatically distributes clients across

multiple APs
Application-aware design allows better management of time

sensitive applications (voice)
Adding VoIP is Easy with OmniAccess Wireless
Bi-directional QoS on wired and

wireless network
Voice flow classification ensures

QoS for converged devices with
single SSID for voice and data
2802.1p or DSCP
prioritized voice
packets
Call admission control ensures QoS

in the wireless environment
Secure devices that support only

MAC auth against spoofing
Protocol-aware
voice flow
classification and
security
Call admission
control distributes
call volume
between access
points
Converged
voice and data
packet stream
with WMM tags
RF management
stops channel
scanning when voice
clients are present
Wired
Data Packets
Wireless
Single
ESSID
for
Voice &
Data
OmniAccess Wireless Features and Services

Base Feature Set
OMNI VISTA MOBILITY

MANAGER
OmniAccess
WLAN Switch
Base Software
Alcatel-Lucents standard WLAN software provides unprecedented control
over the entire wireless environment, offering intelligent / centralized
WLAN switching and advanced services.
Services Included in Base Software

WLAN switching and Dynamic RF management
Embedded management
Adaptive Radio resource Management (ARM)
Authentication MAC, 802.1x, Captive Portal
Encryption WEP, WPA, WPA2 / 802.11i
Mobility seamless hand-over L2/L3
Rogue Access Point Detection, Classification, Containment
Wireless QoS WMM, SVP, T-Spec, U-APSD
Per SSID AAA server selection
Switch to switch IPSec encryption for control traffic

Additional Hardware and Software Modules
OMNI VISTA3600
MOBILITY
MANAGER
OmniVista
Air Manager
Centralized visibility of the mobile edge
Switch level modules

Policy Enforcement Firewall module
Wireless Intrusion Protection (WIP) module
Voice Service Module
VPN Server Module
Mesh AP License Module
Remote AP License Module
External Services Interface Module
xSec Module

Policy Enforcement Firewall Module
Policy Enforcement Firewall module

User and group policy enforcement
through an integrated, ICSA-certified
stateful firewall
Security policies can be centrally
defined and enforced on a per-user
or per-group basis
Policies are enforced dynamically,
following users as they move and
taking into account a variety of
metrics such as:
User location
Key benefits
Firewall permit/deny/drop/log
(ICSA certified to version 4.1
corporate standard)
Role-based services for user /
group class of service
differentiation, bandwidth
contracts
QoS - priority traffic queues, BW
contracts, traffic marking
802.1p/DSCP
Time-of-day
Device type
Authentication method

Wireless Intrusion Protection Module
Wireless Intrusion Protection module

Patented classification technology that
identifies and protects against
vulnerabilities and malicious attacks
Ad-hoc networks
Client and AP impersonation
Denial of service attacks
Man-in-the-middle attacks
Key benefits
Detection of:
Network probing and DoS attacks, impersonation and man-in-the-middle
attacks
Unauthorized devices (ad-hoc networks,Windows bridging, wireless bridges)
Prevention of:
Clients roaming to unauthorized APs
Attempted intrusion

Voice Service Module
Voice service module
Stateful VoWLAN QoS
Voice Connection Admission Control
Stateful voice load balancing
Voice-aware ARM, 802.1x
Automatic Voice Prioritization
Troubleshooting and security
WMM, T-Spec enforcement
Phone number awareness
Voice flow quality measurement
off-hook
active- phones
on-hook
phone
Key benefits
Improved end user experience
QoS mechanisms such as CAC ensures optimum audio quality even as network
load increases
Mechanism such as voice-aware QoS and stateful load balancing minimizes call
drops
Improved troubleshooting and security
Voice Clients are identified by phone numbers, key call quality metrics are
availblr to network administrator
WMM and T-Spec security is enforced by stateful firewall

VPN Server Module
VPN Server module
Integration support for a variety of VPN
implementations
Eliminates need for discrete, external
VPN concentrators
Hardware acceleration provides LAN-speed
VPN connectivity
Both client termination as well as site-tosite VPNs are supported
Supported VPN protocols include:
L2TP/IPSec
IPSec/XAUTH
PPTP
Key benefits
Complete client VPN services - PPTP, L2TP/IPSec
Site-to-site VPN services - IPSec NAT-T transport mode tunnels between
OmniAccess WLAN switches or third-party VPN concentrators

Mesh AP License Module
Mesh Link
Mesh Path
OmniAccess
Mesh Point
OmniAccess
Mesh Portal
OmniAccess WLAN switch
Mesh AP module
Wire-line network
Securely extend wireless network beyond the reach of wire-line
infrastructure
Mesh Points and Mesh Portals allow seamless, campus-like WLAN
connectivity
Mesh Points support Ethernet bridging over the mesh network
Key benefits
Allows for coverage of areas such as university campuses, docks, ship yards,
warehouses where wires cannot be used
Consistent services and management model with regular APs
Survivability survives mesh points / mesh portal through dynamic L2 routing
protocols

Remote AP License Module
Remote AP module
Securely extend corporate wireless
functionality to any location with an
Internet connection
Remote APs allow seamless,
corporate-like WLAN connectivity
Remote office
Home
Anywhere a mobile worker
chooses to work
Key benefits
Remote access point - termination of remotely deployed APs using IPSec transport
Flexible modes of operation:
Tunnel mode all traffic is tunneled to the WLAN switch
Local bridging all traffic is forwarded by the Remote AP at the remote
location
Split tunneling (requires PEF module) policy-based forwarding of packets in
the tunnel or locally
Survivability survives WAN failure with pre-shared key auth/encryption

External Services Interface Module
External Services Interface module
Per FQDS AAA server selection
Allows an OmniAccess WLAN switch
to communicate with external
service devices (Fortinet cluster)
Supports advanced interaction with
authentication, authorization, and
accounting (AAA) services
infrastructure
Key benefits
Choice of AAA server for authentication
XML API for captive portal (external captive portal server support)
Content inspection with external appliance, Fortinet integration
Note: requires that the Policy Enforcement Firewall module is installed

xSec Module
xSec module
Termination of highly secure xSec
client sessions
Link-layer 256-bit AES-CBC encryption
with complete header obscuration for
highly sensitive environments
Enables encryption of trunk ports
between WLAN switches based on the
same strong encryption standard
X-Sec Tunnel
X-Sec Tunnel
Layer 2 Connectivity
Key benefits
Client/server xSec: termination of AES layer 2 xSec secure VPN sessions
Point/point xSec: termination of AES layer 2 xSec secure VPN switch port
session
Completing the Solution

Benefits of Alcatel-Lucents Enterprise Portfolio
End-to-end, highly available, consistent solution

complete set of switching solutions sharing common feature set thus enabling the perfect fit for any need
superior availability for better voice services
Smart PoE for every need

PoE flavors for all switching needs
dynamic power allocation allowing maximized efficiency
Enhanced security
unique support of 802.1x authentication
not recognition but authentication
Best in class support for VoWLAN

roaming, handover, QoS, security
Single management platform

wired, wireless and voice management on the same server
same GUI and look and feel across applications
Wireless Network Management Platform

Supported Platforms: OmniVista 3600 Air Manager
Hardware
2 servers to support the OV3600 applications (OV3600-HWPRO, OV3600-HWENT)
Software
Centralized network management (Network Discovery, Firmware distribution, Real-time
and historical trend reports)
Granular administrative access (Role-based, Network segment based)
Rogue Access Point Detection and Classification
Display of location information for all wireless users and devices
Up-to-date heatmaps and channel maps for RF diagnostics
Summary: The Alcatel-Lucent WLAN solution

Delivering business benefits
Best-in-class functionality for lowest TCO
mobility
location tracking
Easy to deploy
converged communication services
Easy to secure
Easy to manage
by meeting the Wireless LAN challenges

management
Easy to scale
Easy to add voice
security
availability
convergence services
2. Wireless Basic

,
(Radio Frequency) Network
, , ISM UNII Band
Spread Spectrum
, , LAN

ISM and UNII Spectra
1990 10 IEEE 802.11

OSI .
(802.11 a/b/g)
Protocol
802.11
802.11a
802.11b
802.11g
2.4 Ghz
5 Ghz
2.4 Ghz
2.4 Ghz
1, 2 Mbps
54 Mbps
11 Mbps
54 Mbps
OFDM
DSSS
OFDM
1.2 Mbps
25 Mbps
5 Mbps
20 Mbps
100 M
70 M
100 M
100 M
Yes
Yes
Yes
Yes
FHSS
DSSS

40 bit
40 bit
40 bit
104 bit
104 bit
104 bit
40 bit

RC4
No
RC4
RC4
RC4
802.1X
802.1X
802.1X
(802.11n)
SISO -> MIMO
SISO (Single Input Single Outpur) MIMO (Multiple Input Multiple Output)
, MIMO
.
MAC
100Mbps ( 600Mbps
(ACK)
. ACK
. 802.11n (Focusing)
ACK .

( 3 )
2010
(802.11n)
802.11n
Protocol
5 Ghz
2.4 Ghz
600Mbps
300 Mbps
MIMO & OFDM
MIMO & OFDM
300 Mbps
150 Mbps
210 M
300 M
Yes
Yes
40 bit, 104 bit, 152 bit, RC4
40 bit, 104 bit, 152 bit, RC4
802.1X
802.1X

PEAP
EAP-TTLS
EAP-MD5
Authentication
Shared Key
Static WEP
Default
WPA
Dynamic WEP
TKIP
AES
MAC Filtering
etc
Not Secure
MAC Authentication
Open
Encryption
EAP-TLS
SSID Disabled
Authentication server
Most secure
Extensible Authentication Protocol (EAP) [ ]

Topic
EAP - MD5
EAP - TLS
EAP - TTLS
P EAP
LEAP
Cisco O nly
N/A
N/A
N/A
N/A
( Credential)
Active Directory
Active Directory
Active Directory
NT Domains
NT Domains
Token,SQ L,LDAP Token,SQ L,LDAP
Active Directory
NT Domains
AP
STA
IEEE802.11&11i
Radius
802.11 Beacon
802.11 Associate-Request
802.11 Associate-Response
IEEE802.1X
EAPOL-Start
EAP-Request/Identity
EAP-Response/Identity
RADIUS-Access-Request
EAP-Request
EAP-Response(Credentials)
RADIUS-Access-Request
EAP-Success
EAPOL-Key(P, ANonce)
IEEE802.11i
EAPOL-Key(P, Snonce, MIC, RSN IE)
EAPOL-Key(P, ANonce, MIC, RSN IE)

EAPOL-Key(P, MIC)
EAPOL-Key(G, Index, GNonce, RSC, MIC, GTK)
EAPOL-Key(G, MIC)
IEEE802.11aa
RADIUS-Access-Challenge
Access Allowed
RADIUS-Access-Accept & MS-MPPE(PMK)
WLAN Switch - Multi-Layered Security
Application Security
Network-Layer Security
Link-Layer Security
Wireless Intrusion Protection
Centralized Wireless
ACCESS
DISTRIBUTION
CORE
DATA
CENTER
FLOOR x
EMPLOYEE
GUEST
GRE Tunnel
WLAN Controller
AP Communications
1. AP Switch port AP IP Controller .(AP
DHCP DHCP IP )
2. AP Boot Image(TFTP) Controller Control Protocol PAPI (UDP 8211)
.
3. AP WLAN controller AP Controller GRE Tunnel .
4. Clent GRE tunnel Controller .
WLAN Switch Flow

1. Client 802.11 association request AP WLAN switch
.
2. WLAN switch association acknowledgement .
3. Client WLAN switch 802.1x authentication RADIUS server
.
4. Encryption key WLAN switch pass user encryption keys
data .
5. WLAN switch .11 MAC
decrypts data, processes
packet, applies services and forward
packets .
Corp Backbone
5
3
2
1
RADIUS
Generic Routing Encapsulation (GRE)
8
Ver
HL
16
TOS
Total Length
Identification
TTL
31
IP packet
Flags Fragm. Offset
Protocol
Header Checksum
Delivery Header
GRE packet
Src Address
Dest Address
C
Reserved
Checksum (opt.)
Protocol Type
Reserved1(opt.)
Payload
GRE Header
Payload Packet
Payload packet
(original)
Radio Distance
134 ft = 40 m
2 (b) /36 (a/g) Mbps
90 ft = 27 m
5.5 (b) /48 (a/g) Mbps
44 ft = 14 m
11 (b) /54 (a/g) Mbps
3. CLI Configuration Overview
CLI Configuration Overview

OAW Switch CLI GUI(Web) Configuration
CLI Access
Local Serial Interface
Remote Telnet or SSH session
GUI Access
Remote Web browser
Internet Explorer and Netscape/Firefox
CLI mode
User
Enable or Privileged
Configure
CLI Access
Default Serial Console or SSH
Serial
Cisco-compatible RJ-45 serial cable
9600, N, 8, 1, No flow control
SSH
Version 2
Password based
Telnet
(Alcatel 4324) (config) #telnet cli
CLI User Mode

User Mode
( > ) prompt
(Alcatel 4324) >
Basic utilities (Ping, Traceroute, etc)
User mode
Display or changing of any info that might be a security risk, such as ACLs,
Policies, SNMP, IP addressing, etc.
Entry into Configuration mode
Must enter Enable mode first
enable Enable mode
CLI Enable Mode

Enable Mode
(#) prompt
(Alcatel 4324) #
configuration information display

Configuration mode
configure terminal Configuration mode
exit user mode return
CLI Configuration Mode

Configuration Mode
(config) # prompt
(Alcatel 4324) (config) #
User OAW switch Config

Enable mode Configuration mode
^Z exit Enable mode return
running config
Config Startup (NVRAM)
(Alcatel 4324) (config) # copy running-config startup-config
CLI Feature Overview

Command Completion
<TAB> key
Context-sensitive help
?
(Alcatel 4324) #cl?
clear
Clear configuration
clock
Configure the system clock
(Alcatel 4324) #clock ?
set
Set the time and date
CLI Feature Overview

Configuration
(Alcatel 4324) #show running-config

(Alcatel 4324) #show startup-config
Configuration Option
(Alcatel 4324) #show running-config | ?

begin
Begin with the Line that matches
exclude
Exclude Lines that match
include
Include Lines that match
Switch configuration
(Alcatel 4324) #write erase all

All the configuration will be deleted. Press 'y' to proceed :y
Write Erase successful
Write erase : Configuration
Write erase all : Configuration License
OmniAccess File System

256MB of Flash( )
3 partition
2 system partitions (45MB each)
1 user partition (165MB)
System partitions
Hold system software
2 copies - Active and Backup
User partition
Holds everything else
Startup config
Databases
Log files
File System Commands

File system
Dir
flash file system file
Delete
flash file system file
Copy
Enable or Config Mode copy
(Alcatel 4324) #copy [source] [destination]
Source and Destination can be:
flash:
ftp:
Log
running-config
startup-config
system:
tftp:
CLI Copy Command
TFTP server running configuration Backup
(Alcatel 4324) #copy running-config tftp: 172.16.1.50 2400.cfg

Saved Configuration
Rebooting the OmniAccess Switch

reload Switch reboot (Enable Mode)
(Alcatel 4324) #reload

Do you want to save the configuration(y/n): y
Saving Configuration...
Saved Configuration
Do you really want to reset the system(y/n): y
System will now restart!
Port Naming Conventions

CLI Port type format
<port type> <slot number>/<port number>
FastEthernet - 10/100 Ethernet port
GigabitEthernet - Gigabit Ethernet port
Exception
port-channel - Etherchannel - port-channel <#>
4. GUI Configuration Overview
GUI (Web) Management Access

Initial setup GUI system management
GUI Wireless information monitoring Wireless

GUI Access
Initial configuration Web browser GUI
http://switchip
https://switchip:4343
Monitoring / Network Summary Screen
Configuration / Wireless Screen
Diagnostics / Network Screen
Maintenance / Switch Screen
Plan Screen
Events & Reports Screen
5. Basic System Setup
Initial Setup Dialog

Booting ( Config ), switch basic switch parameter
initial setup dialog
Initial setup Serial console
Initial setup skip
***************** Welcome to the OAW-4308 setup dialog *****************
This dialog will help you to set the basic configuration for the switch.
These settings, except for the Country Code, can later be changed from the
Command Line Interface or Graphical User Interface.
Commands: <Enter> Submit input or use [default value], <ctrl-I> Help
<ctrl-B> Back, <ctrl-F> Forward, <ctrl-A> Line begin, <ctrl-E> Line end
<ctrl-D> Delete, <BackSpace> Delete back, <ctrl-K> Delete to end of line
<ctrl-P> Previous question <ctrl-X> Restart beginning

Enter system name [Alcatel 4324]:
Hostname CLI prompt SNMP system name . GUI or Captive Portal hostname
Enter VLAN 1 interface IP address [172.16.0.254]:

Switch default VLAN interface IP address
Enter VLAN 1 interface subnet mask [255.255.255.0]:

VLAN interface subnet mask
Enter IP Default gateway [none]:

Switch Default Route . ( uplink router IP)
Enter Switch Role, (master|local) [master]:

Switch Role . single-switch network master Network
local .

Enter country code (ISO-3166), <ctrl-I> for supported list:
Switch Country code . KR
Enter password for admin login (up to 32 chars):

admin Password
Enter password for enable mode (up to 15 chars):

Enable mode password
Do you wish to shutdown all the ports (yes|no)? [no]:

port shutdown

Current choices are:
System name: OAW-4324
VLAN 1 interface IP address: 172.16.12.2
VLAN 1 interface subnet mask: 255.255.255.0
IP Default gateway: 172.16.12.1
Switch Role: master
Country code: KR
Ports shutdown: no
If you accept the changes the switch will restart!

Type <ctrl-P> to go back and change answer for any question
Do you wish to accept the changes (yes|no)
Basic config Reboot Basic config load
Setting Date and Time

Enable mode Date/Time Manual
(Alcatel 4324) #clock set <year> <month> <day> <hour> <minute> <seconds>
NTP Server
(Alcatel 4324) (config) # ntp server x.x.x.x
Timezone & DST Config Mode
(Alcatel 4324) (config) # clock timezone PST -8
(Alcatel 4324) (config) #clock summer-time PDT recurring first sunday april 02:00
last sunday october 02:00 -7
Setting System Contact

System Contact SNMP query GUI login page
(Alcatel 4324) (config) # syscontact John Smith x1234"
Additional S/W Module License

license add Software module
(Alcatel 4324) (config) # license add xxxxxx-xxxxxx-xxxxx-xxxxx-xxxx
license add reload
Switch Management Configuration

GUI SNMP, SYSLOG, and user administration
Configuration/Management
Access Control
Management User Role

Configuration/Management/Administration
Vlan Configuration
VLAN GUI
Configuration/Network/VLAN
VLANs can be:
Created
Deleted
Add L3 VLAN Interfaces
Assign DHCP Helper addresses
In the CLI:
(Alcatel 4324) (config) #vlan 10

(Alcatel 4324) (config) #interface vlan 10
(Alcatel 4324) (config-subif)#ip address x.x.x.x <mask>
(Alcatel 4324) (config) #interface FastEthernet 1/0
(Alcatel 4324) (config-if) #switchport access vlan 10
Vlan Configuration
Port Configuration
Port GUI
Configuration/Switch/Port
One or more ports can be selected and:
Enabled or disabled
Assigned to VLANs
Made trusted or untrusted
Enable 802.3af POE (default) or Cisco POE
Assign a Firewall Policy (not used for AP connectivity)
Made an 802.1q trunk port
GUI Apply click switch
update Save Configuration button click running config
startup config
Port Configuration
Port Mirroring
Port Mirroring CLI
(Alcatel 4324) (config) #interface fastethernet 1/22
(Alcatel 4324) (config-if)#port monitor fastethernet 1/0
1/0 Traffic 1/22 copy
DHCP Configuration
Two modes:
External DHCP Server (recommended)
DHCP Relay (Helper Address)
Configured on a per-VLAN basis at: Configuration/Network/VLAN
Internal DHCP Server
Configured via: Configuration/Network/IP/DHCP Server
Configured independently of VLANs - Subnet will match VLAN to DHCP scope
Recommend naming scope after VLAN - ie vlan-4
Must assign a complete subnet, then exclude ranges of addresses
DHCP Configuration
ESSID Configuration
GUI ESSID profile

Configuration/Advanced Services/All Profile Management/Wireless LAN
AP Provisioning
AOS-W <3.0
Location code (1-256).(1-256).(1-163
bldg . floor . location
Controller configuration
ap location 0.0.0
All APs
ap location 2.3.0
Bldg 2, floor 3 APs
ap location 2.3.6
Bldg 2, floor 3, AP 6
AOS-W 3.0
ap-name 63 +
ap-group 63 +
All controller config done through ap-group and ap-name statements
AP Provisioning
AP default values
ap-name == AP wired MAC address
ap-group == default
AP ap-group
AP Provisioning
Radio Configuration
Configuration/Advanced Services/All Profile Management/RF Management
Spanning Tree
Switch port Vlan1 STP & RSTP spanning tree
Spanning tree can be modified globally through the GUI at:
Configuration/Network/Switch
To disable spanning tree in the CLI:

Globally:
(Alcatel 4324) (config) #no spanning-tree
On a per-interface basis:
(Alcatel 4324) (config) #interface fastethernet 1/0
(Alcatel 4324) (config-if)#no spanning-tree
Profile Configuration
2.5 3.0 OS Wireless function Profile
Profile AP Configuration
GUI Configuration/Advanced Services/All Profile Management Function

Profile
GUI Configuration/AP Group All Profile Management Profile

Profile Hierarchy
apgroup
apname
ap
rf
wlan
virtualap
qos
ssidprofile
ids
aaaprofile
dot1xauth
macauth
6. AP Configuration
AP Connectivity
AP switch
Direct Attach
The AP physically plugs into the Alcatel Switch.
Power and Serial over Ethernet are available with this setup.
Indirect Attach
The AP physically plugs into some other network device (switch or router)
with L2 or L3 connectivity back to the Alcatel Switch.
Power over Ethernet is available if the network device attached to the AP
supports it. Serial over Ethernet is not supported.
AP Boot Sequence
AP booting
IP Address, Netmask, Default Gateway
Location ID
IP Address of Alcatel WLAN Switch
AP 2
Static
All parameters manually configured
Dynamic
AP only configured with a location ID (optional on first boot)
AP Static Boot Sequence

1.
AP booting bootrom load
2.
AP location ID OAW switch message
3.
AP OAW switch TFTP request OS image download
4.
AP Location ID OAW switch control
5.
AP OAW siwtch GRE tunnel
AP Dynamic Boot Sequence

1.
AP booting bootrom location ID loading
2.
AP IP address DHCP request
3.
vendor option 43 (masterip) DHCP response AP

Master IP address
4.
vendor option DHCP response AP ADP packet

Multicast group 224.0.82.11
5.
Multicast ADP response AP ADP packet L2/L3

broadcast (configure Master OAW Switch as a DHCP helper recipient)
6.
response AP DNS (alcatelmaster.domain.com) DNS query domain DHCP AP

Master IP address
7.
AP Master IP address , Static config Step2 booting
AP Configuration
AP config Switch
AP Switch ,
GUI
AP Switch ,
AP OAW switch SOE (Serial over Ethernet)

SPOE adapter(AP console) serial port
SPOE adapter (AP console) Pin-out
Post-deployment Method
GUI Reprovision
AP Configuration Network OAW switch Unprovisioned
Alcatel AP AP Reprovision Config

Unprovisioned AP
Provisioning the AP
Pre-deployment Configuration
SOE configuration
OAW switch CLI SOE Enable
(Alcatel 4234) # configure terminal
(Alcatel 4234) (config)# telnet soe
Switch IP Telnet port 2300 Swithc 1/0 port AP
connect 1/0
telnet x.x.x.x 2300
AP CLI
AP CLI AP booting stop autoboot enter
bootrom mode booting
Commands:
printenv
Display
setenv variable <value>
Setenv value (ex. ip, netmask etc..)
save
AP flash configuration
boot
AP booting
AP CLI
Dynamic AP configuration location
setenv location x.x.x
save
Static AP configuration:
setenv ipaddr x.x.x.x
setenv netmask x.x.x.x
AP configuration : AP boot mode

Purge
setenv gatewayip x.x.x.x
Save
setenv serverip x.x.x.x
reset
setenv master x.x.x.x

setenv name xxxxxxx
setenv group xxxxxxx
Save
Verifying AP/AP Configuration

From the CLI:
From the GUI:

Monitoring/Network/All Access Points
Monitoring/Network/All Air Monitors
7. Managing System Images
System Backup
To backup the system:
Config file
(Alcatel 4324) #copy running-config tftp: x.x.x.x filename
WMS database
(Alcatel 4324) #wms export-db wms.db
(Alcatel 4324) #copy flash: wms.db tftp: x.x.x.x filename
(Alcatel 4324) #local-userdb export-db user.db
(Alcatel 4324) #copy flash: user.db tftp: x.x.x.x filename
RF Plan
Plan/Building List/Export
System Restore
To restore the system:
Databases
(Alcatel 4324) #copy tftp: x.x.x.x filename flash: wms.db
(Alcatel 4324) #wms import-db wms.db
(Alcatel 4324) ) #copy tftp: x.x.x.x filename flash: user.db
(Alcatel 4324) #local-userdb import-db user.db
Config file
(Alcatel 4324) #copy tftp: x.x.x.x filename flash: default.bak
(Alcatel 4324) #copy flash: default.bak flash: default.cfg
RF Plan
Plan/Building List/Import
Reload
GUI Backup/Restore
Adding System Images

CLI System image upgrade
TFTP server IP connectivity
VLAN IP interface
TFTP server IP switch ping
Running system impact switch 2 system image
partition
Active
Backup

Step 1: Active Partition

Step 2: Copy new image
(Alcatel 4324) #copy tftp: 172.16.1.50 image_file_name system: partition 0
Upgrading partition 0
................................................................................
................................................................................
................................................................................
....................
Copied image successfully.
The system will boot from partition 1 during the next reboot.
Step 3: Default Boot

([OAW4308]) #boot system partition 0
Step 4 : Reload
5. Basic Configuration Sample
Profile Configuration Sample

All Open Sample
Step 1 : Configuration/Advanced Services/All Profile Management

Step 2 : AAA Profile -> AAA profile name Add

Step 3 : test-open Default Profile
Step4 : Initial role allow all role default-vpn-role apply Click

Step 5 : SSID Profile -> SSID profile name Add
Step 6 : test-ssid SSID apply click

Step 7 : Virtual AP Profile -> Virtual AP profile name Add
Step 8 : Virtual AP Profile SSID & AAA Profile

Step 9 : Virtual AP Profile -> SSID Profile SSID Profile apply
click

Step 10 : Virtual AP Profile -> AAA Profile AAA Profile apply
click
Profile AP

[ ] WLAN switch AP LMS, B-LMS AP System
Profile

Step 11 : Configuration -> Wireless -> AP Configuration New AP
Configuration name Add
Step 12 : AP Configuration Edit All Profiles

Menu

Step 13 : Wireless LAN -> Virtual AP Virtual AP Profile &
Add Apply
Step 14 : All Profiles

Step 15 : AP default AP-Group AP-Group
. Wireless -> AP Installation -> Provisioning
Step 16 : AP Provision AP-Group .

Step 17 : AP Apply and Reboot .

Step 18 : PC SSID .
Profile Configuration Sample [ ]

- .
Step 1 : Advanced Services > All Profile Management > Wireless LAN -> RADIUS Server
Radius add .

Step 2 : .
IP KEY port number WLAN
Switch .

Step 3 : Advanced Services > All Profile Management > Wireless LAN -> Server Group
add . Server Group
Radius server & Apply .

Step 4 : 802.1X Authentication Profile Default 802.1x Profile .
.

Step 5 : AAA Profile Profile . Profile
Role 802.1X Authentication Default Role .

Step 6 : .
802.1X Authentication Profile -> Default
802.1X Authentication Server Group -> Radius
RADIUS Accounting Server Group -> Radius

Step 7 : SSID Profile 802.1x SSID Encryption
. 802.1x Open Encryption .
Encryption Wilress AP
.

Step 8 : Virtual AP profile SSID & AAA Profile Profile
. .
7. Lab
Basic System Configuration
Lab Diagram - 1
SSID : Test10
AP1
Backbone
10.3
vlan 1
10.10.10.1/24
WLAN Switch
Vlan 1
10.10.10.2/24
Open
Lab Diagram - 2
SSID : Test10
SSID : Test20
vlan 10
10.10.10.1/24
AP1
Backbone
Backbone WLAN switch

802.1q vlan10
vlan20
SSID 2 Test10
vlan10 Test20 vlan20
Network
AP

WLAN Switch
Vlan 10
10.10.10.2/24
vlan 20
10.10.20.2/24
AP2
V10, 20
vlan 30
10.10.30.1/24
30.3
Open
10.3
802.1q
vlan 20
10.10.20.1/24
OS6600-P24
Vlan 30
10.10.30.2/24
Lab Diagram -3
vlan 10
10.10.10.1/24
Backbone
vlan 20
10.10.20.1/24
10.11 ssid test-1
WLAN#2
10.12 ssid test-2
WLAN#3
10.12ssid test-3
WLAN#4 10.14 ssid test-4
APs
20.x
WLAN#1
PoE
Vlan 20
10.10.20.2/24
AP1
Ba
80
vl
SS
www.alcatel-lucent.com

WLAN 3.x Training

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

WLAN 3.x Training

Uploaded by

Copyright:

Available Formats

WLAN 3.

Alcatel-Lucent - Enterprise Solutions Division

2 | Presentation Title | Month 2009

All Rights Reserved Alcatel-Lucent 2009

Complete communication solutions provider

#1 in broadband, switching, optics, satellite, telecom,

4 | Presentation Title | Month 2009

All Rights Reserved Alcatel-Lucent 2009

What Can Alcatel-Lucent Enterprise Solutions Do For You?

5 | Presentation Title | Month 2009

All Rights Reserved Alcatel-Lucent 2009

Alcatel-Lucent EBG Product Portfolio

6 | Presentation Title | Month 2009

All Rights Reserved Alcatel-Lucent 2009

Alcatel-Lucent WLAN Solution

OmniAccess WLAN solution

8 | Presentation Title | Month 2009

All Rights Reserved Alcatel-Lucent 2009

OmniAccess Wireless Switches

WEP, TKIP, AES, 3DES

9 | Presentation Title | Month 2009

All Rights Reserved Alcatel-Lucent 2009

Alcatel-Lucent WLAN System

Alcatel-Lucent WLAN System

Alcatel-Lucent WLAN Switch

10 | Presentation Title | Month 2009

All Rights Reserved Alcatel-Lucent 2009

Alcatel WLAN Switch

Alcatel WLAN Switch

OmniAccess 4504/4604/4704 Wireless Switches

4x Dual personality ports 10/100/1000Base-T (RJ-45) or

OmniAccess 4302/4308/4324 Wireless Switches

0/8/ 24 10/100 PoE

11 | Presentation Title | Month 2009

All Rights Reserved Alcatel-Lucent 2009

OAW6000 with Sup III

12 | Presentation Title | Month 2009

All Rights Reserved Alcatel-Lucent 2009

OAW 4504, 4604, 4704

All Rights Reserved Alcatel-Lucent 2009

4x Dual personality ports

Alcatel-Lucent WLAN Switch

Pay as you grow

14 | Presentation Title | Month 2009

Performance (Clear text / encrypted)

All Rights Reserved Alcatel-Lucent 2009

Alcatel-Lucent Access Point (11a/b/g)

Dual Radio APs

Dual Fast Ethernet Interfaces (OAW-AP70) for resiliency

15 | Presentation Title | Month 2009

All Rights Reserved Alcatel-Lucent 2009

Alcatel-Lucent Access Point (11n)

Dual Gigabit Ethernet Interfaces (resiliency and secured

802.11n MIMO APs

16 | Presentation Title | Month 2009

Dual Gigabit Ethernet Interfaces (resiliency and secured

All Rights Reserved Alcatel-Lucent 2009

internal WLAN hotspots

remote / branch office access

Converged communication services

17 | Presentation Title | Month 2009

All Rights Reserved Alcatel-Lucent 2009

18 | Presentation Title | Month 2009