Omnivista 2500 Nms & Omniaccess

OMNIACCESS STELLAR WLAN - R3
OMNIVISTA 2500 NMS & OMNIACCESS

STELLAR WLAN - ISSUE 09
PARTICIPANT'S GUIDE
The Alcatel-Lucent name and logo are trademarks of Nokia used under license by ALE.
OmniAccess Stellar Wireless LAN
OmniVista 2500 NMS & OmniAccess Stellar WLAN
DT00CTE270
Agenda
1
Topics
Administration – Class Schedule
Course Description
Course Agenda
Internet Resources
2
Administration – Class schedule
Standard Class Hours Break Badges for Participants Internet Access

3 days 9:00 AM to 5:00 PM Lunch 12:00 to 1:30 PM Access to the classroom & the
restaurant
Last day ends at 4:00 PM Morning & Afternoon 15 Min
3
Course Description
Welcome to the OmniVista 2500 NMS & OmniAccess Stellar WLAN Training Course
• Title: OmniVista 2500 NMS & OmniAccess Stellar WLAN
• Reference: DT00CTE270
Through successful completion of this course, students will gain the required knowledge and
experience to successfully
• Install & Configure the OmniVista 2500 NMS Server
• Deploy & Configure Stellar APs in Enterprise Mode
• Configure SSID using different Authentication Methods
• Understand & Configure Additional Features (Mobility & Roaming, WIPS)
The course is a combination of

• Lectures
• Labs
4
Agenda
Day 1
• Introduction • OmniVista 2500 & Stellar APs • If you want to know more
• Course Agenda ‐ Solution Overview ‐ Lab
‐ Stellar Hardware Presentation ‐ OmniVista Upgrade Procedure from R3.5.7 to
• OmniVista Presentation ‐ Wifi Enterprise requirements
R4.2.1
‐ Overview
• OmniVista Installation and System
Setup
‐ Overview
‐ Labs
‐ OmniVista installation
‐ OmniSwitches discovery in OmniVista
5
Agenda
Day 2
• OmniVista 2500 & Stellar APs ‐ UPAM Guest SSID • If you want to know more
‐ AP Registration ‐ User Role and Bandwidth Control ‐ WLAN Service – Advanced Option
‐ Lab: Stellar AP discovery ‐ Lab: Creation of a Guest SSID ‐ Troubleshooting a Stellar AP
‐ SSID Creation ‐ UPAM BYOD Access

‐ Lab: Creation of a Secured SSID Employee ‐ Lab: Creation of an Employee SSID for BYOD
‐ Lab: Employee SSID with AD
‐ RF Management
‐ Lab: Radio Frequency Settings Configuration
6
Agenda
Day 3
• OmniAccess Stellar WLAN – Additional • OmniVista 2500 Additional Features • Conclusion
Features ‐ Operation and Maintenance ‐ Course Review
‐ Mobility and Roaming ‐ Lab: Backup, Restore & Upgrade
‐ Monitoring the network devices
• Spacewalkers
‐ Layer 3 Mobility and Roaming
‐ Heat Map & Floor Plan
‐ Lab: Heat Map & Floor Plan
‐ WIPS
‐ Wireless MESH
‐ PALM
‐ Lab
‐ Administrative Users and Groups
‐ Control Panel
‐ Preference
7
Internet Ressources
• Alcatel-Lucent Enterprise Web Site
https://www.al-enterprise.com/en
• Alcatel-Lucent Enterprise Support

https://www.businesspartner.alcatel-lucent.com/
• Training & Certification

https://www.al-enterprise.com/en/services/education-services
• RFC Technical documents

http://www.ietf.org
8
Internet Ressources
• Partner Portal https://www.alenterprise.com/en/products/network
https://businessportal2.alcatel-lucent.com/
Spacewalkers Community
www.spacewalkers.com
9
Data sheets for all the products!
LAN Switches Management Platform
• OmniSwitch 2200 SMB WebSmart switch: datasheet • OmniVista 2500 (on prem) datasheet
• OmniSwitch 6350 SMB LAN switch: datasheet • OmniVista Cirrus (cloud) datasheet
• OmniSwitch 6450 L2+ LAN switch: general datasheet, 10 port datasheet
• OmniSwitch 6465 L2+ Hardened LAN Switch datasheet
• OmniSwitch 6560 L2+ Multigig LAN switch: datasheet
• OmniSwitch 6860 L3 LAN switch with multigig and DPI option datasheet
• OmniSwitch 6865 L3 Hardened Switch datasheet
• OmniSwitch 6900 L3 core switch datasheet
• OmniSwitch 9900 Chassis core switch datasheet
Stellar WLAN
• OmniAccess AP1101 SMB 802.11ac AP: datasheet
• OmniAccess AP1201 entry-level 802.11ac wave 2 AP: datasheet
• OmniAccess AP1201H resident 802.11ac wave 2 AP: datasheet
• OmniAccess Stellar AP1220 high performance wave 2 AP: datasheet
• OmniAccess Stellar AP1230 ultra high performance wave 2 AP: datasheet
• OmniAccess Stellar AP1251 hardened wave 2 AP: datasheet
10
Bonus foldout poster
Two-sided PDF showcasing ALE

communications & networking
products.
Easy to understand description of
each product and how the product
sets play in the Education,
Healthcare, Hospitality and
Transportation verticals.
Download it from the portal or right
here in the handouts section
Your opinion counts!
Evaluation links are available to you as of the last day of the session and can therefore be filled in
at the end of the session before leaving the classroom or virtual class.
Two main situations have to be considered to access to the course evaluation, and this depends
on the Knowledge Hub session status (while still being in “In progress”, and as of it has switched
to “Completed”).
The status switches usually the next Monday after the session has ended.
12
Reach the session evaluation
Directly from the Home page / My Recent Learning activity;

•if “Evaluate” option is viewable, please click on it.
•if “Evaluate” is not proposed, click on “Open Curriculum” and after, on “Evaluate”
13
OmniAccess Stellar Wireless Lan – Training offer for newcomers
OmniAccess Stellar OmniAccess Stellar

ACSE ACSE
Wlan Enterprise Wlan Enterprise
DT00TC2W16 DT00TC2W16
Online exam Online exam
OmniAccess Stellar Wlan

Enterprise Advanced
V=5 h
(virtual) OmniVista 2500 NMS &
DT00VTE269 OmniAccess Stellar
C= 3days
Wlan
OmniAccess Stellar DT00CTE270
Network for SMB ACFE ACFE
Wlan Enterprise
DT00TC1W16 DT00TC1W17
Online exam Online exam
OmniAccess Stellar OmniAccess Stellar Wlan I=2,5 h

Wlan EXPRESS I= 45min Enterprise Basic +lab DIY=
DT00WTE255 DT00WTE268 3,5h
Lan/Wlan for SMB OmniVista 2500 NMS-E I= 75min

(w/Stellar) R4.2 (e-Learning) +lab DIY=
DT00XTE200 DT00WTE211 6 to 7 h
Full remote or Classroom
Small market segment Medium market segment

OmniVista™ 2500 NMS Release 4.4
Presentation
Objectives
Lesson Summary
Describe OmniVista 2500 NMS main features
Define the management interfaces
Introduce the new features

OmniVista 2500 NMS R4.4
Unified Management
Operation & Management
• Full Web-Based applications
• All of which are accessed directly through a
single web GUI
Provisioning
• Provides access to network wide activities
• Optimal network usage between
users/devices/apps securely
• Provides applications for extended NMS
capabilities (QoS, Security,...)
Provisioning • Optimal troubleshooting process to provide

maximum uptime
Monitoring
Management
Analytics
• Better visibility & control of network kpis
• Extensive visibility & control on performance
& quality of experience
OmniVista 2500 NMS R4.4
Responsive Design & Flexible Interfaces
OmniVista 2500 R4 is web-based enabling the user to monitor and manage the network from a
variety of platforms
Traditional PC Rendering Tablet Rendering SmartPhone

OmniVista 2500 NMS
Key Objectives & Key Features
• AOS 8.5R4 & Complete nodal Support OS6900-V72 & C72
NODAL & RELEASE
• AOS 8.6R1 Nodes & Release – AOS 6.7 R6 Release
SUPPORT
• OS9900, OS6865, OS6560, OS6465 (P28), OS6350, OS2220
USER INTERFACE • General UX (Real estate use improvement)

IMPROVEMENTS • Tablet support with responsive design (Captive Portal & Charts/Dashboard)
TOPOLOGY • NOC Topology style, Hierarchical Topology

IMPROVEMENTS • SPB & ERP Topology state Monitoring & Visualization
• Selection & Sketching of paths in SPB topology view (switches end points)
SERVICE
• Periodic monitoring of each path for any changes
INTELLIGENCE • Display of SPB topology view showing each outcome and degradation visually
• Platform “HA” High availability solution

HA FEATURES • HA Feature set expanded (Installation simplification , Performances
Certification, operational improvements)
Omnivista 2500 NMS
USER INTERFACE
IMPROVEMENTS
• Increase usable screen content
• Optimized Display
Better contrast
between button
state (grey for
easier viewing)
• Left-Hand Side Menus automatically close after a

page is open to display more information on the
screen.
• You can click on the arrows (>>) or hover the
mouse over the area to temporarily display the
menu, or
• Lock the menu in place by clicking on the Pin
Sidebar icon at the top of the menu
Omnivista 2500 NMS
USER INTERFACE
IMPROVEMENTS
Increased view for NOC Topology display
Full Screen
mode button
OmniVista 2500 NMS
High Availability
Main/standby instances through VM/VA
instances
• Packaged as VA/VM
Main and standby supporting the
complete set of features for L2
• All OV services -> topology, trap
• Extending for UPAM resiliency
Operates over L2 with OV4.3R1,
expanded to L3 with OV4.3R2 (no
Wireless...)
Single server deployment to
Primary/secondary operation controlled
by optional software license
OmniVista 2500 NMS
High Availability
Before introducing HA, if OmniVista became unavailable due to either loss of connectivity or a
server failure then:
- The network administrator would no longer be able to monitor or make configuration changes
- If using UPAM, no new additional clients would be able to authenticate
HA creates a redundant OmniVista that takes over if the primary (Main) OV becomes unavailable.
Two instances of OV are constantly running:
- All functions are handled by the Main OV
- The Main OV keeps the standby OV in sync
- If the Main OV becomes unavailable then the Standby OV takes over
When control is moved from Main to Standby, all services and operations are transferred
- E.g. UPAM with BYOD and Guest Access is taken over by Standby
- All network monitoring services are taken over by Standby
Omnivista 2500 NMS
HIGH AVAILABILITY Use cases Improvements
FEATURES
• Simpler & reduced installation settings
• Settings entered only once for both instances
HA installation • Allows conversion from Standalone to HA
• Disk synchronization is done in background
• Increased Performance for HA with higher number of devices

Performance • Certification from 500 Devices up to 2000 devices (all devices
combined)
• Traps automatically configured for both instances, so always received
on the active instance
Operation
• Traps recovery/Trap Replay automatic on failover.
Simplification
• Alert banner displayed on failover.
• Link provided within the banner to switch to new active node.
Application Updates / Enhancements
LAN/WLAN Menu
Displays application drop-down menus specific to WLAN devices (e.g., SSIDs, APs)
Available by clicking on the LAN/WLAN Menu drop-down at the top of the screen
By default, all application drop-down menus (for both LAN and WLAN Devices) are displayed ("LAN+WLAN Menu")
Select "WLAN Menu" to display application drop-down menus specific to WLAN devices (e.g., SSIDs, APs).
Alarm Status Bar
A real-time display of unacknowledged alarms is displayed at the bottom of all screens in OmniVista.
The number of alarms in each category (e.g., Critical, Major, Minor, Warning) is displayed.
Click on a category to go to the Notifications application and view all alarms in the selected category.
Application Updates / Enhancements
Topology
Geo Map View
Displays devices in their physical location on a geographical map.
When a device is added to OmniVista, you have the option of specifying a Geo Map location for the device using either
street address or Latitude/Longitude.
You can also create Map Sites (e.g., Street/City, Data Center, Campus Building), place them in a specific Geo Location
and add devices to those sites.
A toggle switch in the upper-right corner of the screen enables you to switch between the Geo Map View and the
Traditional Topology View.
Custom Notes
You can now add custom sticky notes to any Topology map. The notes can be placed anywhere on a map, and can be
edited or deleted.
Click on the Map Level Actions drop-down and select Add Note. You can also go to the Topology Configuration Screen to
set a default option to display notes on maps or hide them.
NMS Components
Simple Network Management Protocol (SNMP)
Management Information Base (MIB)
Traps
RMON
Network Management
Systems
Managed Devices
Agents Agents
Alcatel-Lucent Ease of Use
Management Interface Options
Preferences
• CLI vs. GUI
• CLI Pros
- Proficiency
- Scripting
- Familiarity
• GUI Pros
- Color-coding
- Easier to spot problems
- Fewer “fat-fingered” mistakes
- Bulk operations
• Same features in CLI and in WebView CLI WebView SNMP
CLI-MIP EMWEB-MIP SNMP-MIP

Alcatel-Lucent CLI
Preferred tool for initial configuration
Alcatel-Lucent CLI reduces initial configuration
time
• Designed for usability: new, clean, simple
• Able to gather a wide range of configuration
information into one set of commands
• ASCII based configuration files can be copied and
pasted from one switch to another
• Standardized, cross-platform commands for all
AOS devices from chassis to stacks
• 100% Equivalent functionality to WebView
Alcatel-Lucent WebView
AOS embedded element manager
Alcatel-Lucent WebView
• Native element manager for AOS devices
• Device centric view
• 100% CLI equivalent features
• Integrated with OmniVista
• Manage a single device at the time
• Common look and feel with OmniVista 2500 NMS
OmniVista Web based Dashboard
OmniVista 2500 R4 Home Page
Customizable Dashboard
Application Widgets
Application Widgets
Provides a quick overview of key applications
Provides direct access to the application for more detailed information/configuration
Application Groups
Applications in OmniVista 2500 NMS are:

• Web-based
All are accessed directly through the web GUI.
• Network
• Configuration
• Unified Access
• Security
• Administrator
• UPAM
• WLAN
OmniVista Network Group
OmniVista
Discovery & Topology Features
Discovery Management
• Alcatel-Lucent Enterprise devices in the network.
• Links between devices in the network. Used to display links in graphical maps of network regions.
• Additional link information required by OmniVista's Locator application.
• Third-party devices that support has been added via the Third Party Device Support Preferences window.
Topology / Map
• Contextual access to element management (EMS)
• Devices sorted by VLAN
• Link aggregation (all LACP information including MC-LAG)
• Spanning Tree View
• Subnet Mask Control
• Topology Map Export
• Custom Map
• Discovery timestamp
OmniVista
Locator & VM Manager Features
Locator
• Troubleshooting tool to identify devices & end-user location (switch, slot/port, MAC and IP addresses)
• Live or historical searches for immediate reaction or forensic use
• First line of defense against security hazards
• Available for Alcatel and third party solutions (MIB-II compliant switches)
• Find and react with immediate Ban it, Change it with direct QM links
Notifications
• Monitoring switch activity
• Trap Management tasks
• Automatic Trap Responders
VM Manager
• Single vCenter interface
• Track VM and their associations to network equipment
• Manage UNP VLANs for virtual machines
• Notification of VMs not joining UNPs because of misconfiguration
Configuration Group
OmniVista
Network Administration - Centralized Features
Resource Manager VLAN manager
• Backup and Restore current firmware configuration • Create and manage VLANs across multiple switches
• Compare Configuration Backup Files on the same • Templates for rapid VLAN definition deployment
device or different devices • Configuration support
• Edit an existing backup and save the changes as a new - DHCP generic rules, user defined rules & binding rules
backup file - Link aggregation
• Optimize Configuration Backup Files to save disk space - Integration with topology maps
• Import new or upgraded image and firmware files
• Run Inventory Reports on network switches
• Configure the Automatic Remote Configuration Feature
• Assign customized Banner and Captive Portal Web
Interface files
OmniVista
Network Administration - Centralized Features
SIP
• Identifies and marks SIP and its corresponding media streams
• Provides user configured QoS treatment for SIP/RTP/RTCP traffic flows based on its marking
• Calculates QoS metric values of delay, jitter, round trip time, R Factor and MOS values of media streams
from its corresponding RTCP streams.
Groups
• Create LDAP service Groups
• Groups are used by policy conditions in
- PolicyView QoS
- SecureView ACL
• Groups enables you to create:
- MAC Groups
- L2 VLAN Groups
- Network (IP) Groups
- Multicast (IP) Groups
- Service Groups
Unified Access
OmniVista
Unified Profile, Policy, Multimedia and Premium
Service
Unified Profile/Policy
• Create/Modify QoS Server Profiles and Access Roles, Authentication, Classification and Port Groups
mDNS
• Resolve host names to IP addresses within small networks without a Name Server.
Paid Account Services
• Enables Bring Your Own Device (BYOD) access to the network
• Allows a wired or wireless guest, device or authenticated user to connect to the network through an AOS
switch
• Only supported for AOS devices running 6.4.6R01 and 8.1.1 later
Security Group
OmniVista
Security - Centralized Features
Users and User Groups
• Controls user access to OmniVista
• Manages user access to network switches from OmniVista
• Sets the login authentication server for OmniVista (only Local and Radius servers are currently
supported)
Authentication Servers
• Configuration of authentication servers
• LDAP, RADIUS, ACE and TACACS+ servers are supported
Quarantine Manager
• Protects the network from attacks
• Works with an external IPS or an AOS switch, which sends a Syslog message or SNMP trap containing the
IP or MAC address of the offending device.
• The attacker is immediately quarantined or placed in a Candidate List that can be reviewed for further
action
Administration Group
OmniVista
Server Administration - Centralized Features
Audit
• Monitors client and server activity
- when a user logged into OmniVista
- when an item was added to the discovery database
- when a configuration file was saved
- when a particular application was launched, etc.
• Administrator can
- Configure the maximum number of entries in the log
files
- Export and/or Archive a particular log file
WLAN and UPAM Groups
Stellar OmniAccess WLAN
Connection to the Stellar Remote Lab
Objective
✓ Learn how to connect to the Stellar Remote Lab (R-Lab)
✓ Discover the equipment available in the Stellar Remote Lab (R-Lab)
Contents
1 Connecting to the Remote Desktop......................................................... 1
1.1. Windows 10 ............................................................................................. 1
1.1. Windows 7 ............................................................................................... 4
1.2. MAC OS X ................................................................................................ 6
1.3. Linux (Ubuntu) ......................................................................................... 8
2 Discovering the Remote Lab Environment ................................................. 9
2.1. Remote Lab > Windows Desktop .................................................................... 9
2.1.1. Keyboard layout ............................................................................................ 9
2.1. Topology of the Stellar Remote Lab Pod ........................................................ 10
2.1.1. Switch/Access Point Console ........................................................................... 11
2.1.2. VMware Client ............................................................................................ 11
2.2. Resources .............................................................................................. 12
2.2.1. Firmware .................................................................................................. 12
2.2.2. Applications & Tools ..................................................................................... 12
The Alcatel-Lucent name and logo are trademarks of Nokia used under license by AL
1
1 Connecting to the Remote Desktop

In this part, you are going to learn how to connect to the Remote Lab via an RDP session.
Connect to the Remote Lab via an RDP session
Click on the shortcut corresponding to your operating system:

- Windows 10
- Windows 7
- MAC OS X
- Linux (Ubuntu)
1.1. Windows 10
Windows Desktop
Click on the Start button >
Windows Accessories >
Remote Desktop Connection
Expand the Show Options

menu
2
Select the Advanced tab
Click on the Settings… button
Check Use these RD Gateway

server settings
Enter the Server name

(remoteLab.education.al-
enterprise.com)
Select the Login method:

Allow me to select later
Check the parameter Bypass

RD Gateway server for local
address
Check the parameter Use my

RD Gateway credentials for
the remote computer
Click on the OK button

3
Go back to the General tab
Enter the Computer name

(StellarPodX, where X=Pod
number)
Click on the Connect button
In the username field, enter

your allocated username
(stellaruserX@remote-
lab.com, where X is the R-Lab
number)
In the password field, enter

your allocated password (4/5
digits – session ID)
Congratulations, you are now

connected to the Stellar
Remote Lab!
You can directly go to Part 2

4
1.1. Windows 7
Windows Desktop
Click on the Start button > All
Programs > Accessories >
Remote Desktop Connection
Expand the Show Options

menu
Select the Advanced tab
Click on the Settings… button

5
Check Use these RD Gateway

server settings

(remotelab.education.al-
enterprise.com)
Select the Login method:

Allow me to select later
Check the parameter Bypass

RD Gateway server for local
address
Check the parameter Use my

RD Gateway credentials for
the remote computer
Go back to the General tab
Enter the Computer name

(StellarPodX, where X=Pod
number)
Click on the Connect button
In the username field, enter

(stellaruserX@remote-
lab.com, where X is the R-Lab
number)


6

Remote Lab!
1.2. MAC OS X
Notes
To connect to your WLAN Remote Lab from the MAC OS X operating system, we will use the Microsoft Remote
Desktop application. You can, of course, use another one if you prefer.
MAC OS X Desktop
Download the Microsoft
Remote Desktop from the
Apple Store (free)
Open the Microsoft Remote

Desktop app
Click on the Preferences

button
7
Click on the + sign
Enter the Gateway name

(Remote Lab Alcatel)

(remotelab.education.al-
enterprise.com)
In the User name field, enter

(REMOTE-LAB\stellaruserX,
where X = Pod number)

digits – Session ID)
Close the window
Click on the “New” sign
Enter the Connection Name:

StellarPodX (X = allocated Pod
number)
Enter the PC name:

StellarPodX (X = allocated Pod
number)
Select the previously created

Gateway (Remote Lab
Alcatel)
In the User name field, enter

(stellaruserX@remote
Lab.com, where X = Pod
number)
In the Password field, enter

Close the window
From the list of available RDP

connection, select your newly
created StellarPodX and click
on Start
8
Click on Continue to
acknowledge the certificate
validity warning

Remote Lab!
1.3. Linux (Ubuntu)
Notes
To connect to your WLAN Remote Lab from the Ubuntu operating system, we will use the freerdp application.
You can, of course, use another one if you prefer (note: the chosen application must support TS gateway.
Ubuntu Desktop
To install FreeRDP, refer to
this link
http://ifconfig.dk/freerdp/.
Launch an RDP session with xfreerdp /cert-ignore /v:StellarPodX /d:REMOTE-LAB /u:stellaruserX /p:YYYYY
the following command from a /g: remotelab.education.al-enterprise.com
terminal
Replace X with your R-Lab

number
Replace YYYY with your

allocated password
9

Remote Lab!
2 Discovering the Remote Lab Environment

In this part, you will find an explanation about the Remote Lab environment that you are going to use during this
training.
2.1. Remote Lab > Windows Desktop
2.1.1. Keyboard layout

First thing to check to get comfortable with the Stellar R-LAB is the keyboard. Normally, when you first
open a session, Remote Desktop recognizes your keyboard and applies the correct layout. If the previous
session was not properly closed (i.e. with a Log off), it may keep previous keyboard configuration.
Check that the keyboard layout is correct
R-Lab Windows Desktop

Check the keyboard layout in
the taskbar
10
Notes
If it’s not the correct layout, log off and log in again:
Notes
Don’t leave the Remote Desktop Connection by using the “X” button available in the top bar, as it will leave
the Remote Desktop session active, with all its parameters (keyboard layout, screen resolution, applications
opened…):
2.1. Topology of the Stellar Remote Lab Pod

Take a careful look at the topology displayed, as it shows all the equipment that you will use during this
training.
11
2.1.1. Switch/Access Point Console

On the R-Lab Windows Desktop, you will find 4 console shortcuts. Each one allows you to connect to one
of your Lab’s equipment (switch or access point).
- Open one of the switch Console terminals

- Check that some messages are displayed
Notes
At this stage, the Access Points are not powered on, so it is not possible to access them for now, but you will
have to do it later in this training.

Double-click on one shortcut
to open a switch console
You have now access to the

switch console.
Tips
If you get a message “Hunting Group Busy” when you open a TeraTerm console, it means that another
TeraTerm session has already been opened.
2.1.2. VMware Client

During this Lab, you will have to use a client for tests purpose. This client is a virtual machine, you can
access it via the VMware vSphere Client application.
- Test the connection to VMware vSphere Client.

- Check that the Stellar Client virtual machine is powered on. If not, power it on.

Double click on the VMware
vSphere Client shortcut
Once connected, on the left

panel, the list of the clients is
available.
means that the client is

powered OFF
means the client is

powered ON
To power on a virtual
machine, select it in the list,
12
then click on the icon

available in the top bar (ex.
StellarClient1)
To open a virtual machine,
right click on it and select
Open Console in the
contextual menu
You are now connected to the

StellarClient virtual machine.
Tips
All the virtual machines are configured with an English US keyboard, your current keyboard layout is not taken
into account. Take care of that when you’re typing a command.
2.2. Resources
Files and application are available in the R-Lab Windows OS.
2.2.1. Firmware
In case you need to upgrade a switch or access point, different firmware can be found on the directory
C:\Resources\
2.2.2. Applications & Tools

For the Lab purpose, some application has been installed in the R-Lab Windows OS:
- Firefox & Chrome for web browser
- Notepad++ for text edition
- SumatraPDF for PDF reading
- Teraterm for Console connection
Reinitialization of the Stellar Remote Lab
Objective
✓ Reinitialize the R-Lab equipment to its default configuration
Contents
1 Reinitializing the Switches & Access Points ............................................... 1
2 Reinitializing the OmniVista 2500........................................................... 3
3 Reinitializing the PC Client .................................................................. 5
1
1 Reinitializing the Switches & Access Points

On the R-Lab Windows Desktop, a shortcut is available to reinitialize all the equipment (both switches and
access points) to their default configuration.
In the diagram below, in red, you can see all the equipment that will be reinitialized by using this shortcut:
Warning
THE SWITCHES DEFAULT CONFIGURATION IS NOT AN EMPTY CONFIGURATION!
WHEN CLICKING ON THE SHORTCUT:
- A SPECIFIC CONFIGURATION IS APPLIED TO THE SWITCHES
- ALL THE INTERFACES ARE PUT DOWN. DURING THE LABS, IT WILL BE ASKED TO ENABLE THE INTERFACES
THAT YOU WILL USE.
Reset all the R-Lab Pod’s equipment by using the Reset_PodX script
2

Double click on the
reset_PodX shortcut (X = Pod
number)
Some Windows command

terminals are displayed, wait
for them to disappear.
@Switch > The reinitialization

process takes around 5
minutes
@Access Point > The

reinitialization takes around
1min30 – 2min
Notes
It is also possible to reset each equipment (switch/access point) separately. Check the dedicated addon parts
(Switch Reinitialization / Access Point Reinitialization) if you want to learn more.
3
2 Reinitializing the OmniVista 2500

In this part, we are going to reinitialize the OmniVista 2500 NMS.
In the diagram below:
- In red, the equipment that will be reinitialized during this part.
- In gray, the equipment that have been reinitialized in the previous part.
Reinitialize the OmniVista 2500 to its initial configuration
The OmniVista 2500 is installed in a virtual machine. Therefore, to access and reinitialize it, we will have to
use the VMware vSphere Client.
4

Right click on the OV2500

virtual machine
Select Snapshot > Snapshot

Manager… from the
contextual menu
In the Snapshot Manager

window, select the snapshot
DT00CTE270 - Initial State
Then, click on the Go to

button
Click on the button to start

the OV 2500 virtual machine
We will continue to configure the OmniVista 2500 in a dedicated lab, later in this course.
Tips
All VM are configured with an English US keyboard, your current keyboard layout is not taken into account.
Take care of that when you’re typing a command.
Notes > What is a snapshot?

A snapshot preserves the state and data of a virtual machine at a specific point in time. We use it to easily
revert the OV 2500 back to its initial configuration, to wipe all the previous training configuration.
5
3 Reinitializing the PC Client

In this part, we are going to reinitialize the PC Client. This virtual machine will be used throughout this
course to test and access the Wi-Fi networks and features that the Stellar products offer.
In the diagram below:
- In red, the equipment that will be reinitialized during this part.
- In gray, the equipment that have been reinitialized in the previous parts.
Reinitialize the Wi-Fi PC Client to its initial configuration
Like the OmniVista 2500, the Wi-Fi PC Client is a virtual machine. Therefore, to access and reinitialize it, we
will have to use the VMware vSphere Client.

6
Right click on the

StellarClientX virtual machine
(X = Pod Number)
Select Snapshot > Snapshot

Manager… from the
contextual menu
In the Snapshot Manager

window, select the snapshot
Initial State
Then, click on the Go to

button
Click on the button to start

the virtual machine
Installation and System Setup
Objectives
Lesson Summary
Install and configure the OmniVista™ 2500 Server

• Server requirements and Licensing
• Installation process
– Virtual Appliance
• Upgrading from a Previous Version of OmniVista
• OmniSwitch and Server parameters
OmniVista as a Virtual Appliance
OmniVista 2500 NMS Enterprise 4.4R1 (OV 2500 NMS-E 4.4R1) is installed as a Virtual Appliance,
and can be deployed to these hypervisors: VMware ESXi, VirtualBox, and MS Hyper-V:
•VMware ESXi: 5.5, 6.0, 6.5, and 6.7

• VirtualBox: 5.2.x
• MS Hyper-V: 2012 R2 and 2016
• MS Hyper-V on Windows 10 Professional.
OmniVista 2500 NMS
PLATFORM and sizing requirements
Specific configurations may vary depending on the network, number of wired/wireless clients,
number of VLANs, open applications, etc.
OmniVista 2500 NMS
Licensing
- OmniVista 2500 NMS is based on licenses.
- A user is allowed to manage up to the maximum number of devices allowed for that license.
- There are two types of licenses:
- Device Licenses
- Service Licenses.
Omnivista 2500 NMS
License Types
- Device Licenses - Manage a specific number of devices.
• Alcatel-Lucent Enterprise Devices - Number of ALE devices (e.g., OS10K, 6900, 6860) that can be managed.
OmniVista has been certified to manage up to 10,000 devices (includes AOS and Third-Party Devices).
• Third Party Devices
• Alcatel Lucent Enterprise OmniAccess Stellar APs - OmniAccess Stellar Wireless Devices (e.g., OAW-AP1101,
OAW-AP1221). OmniVista has been certified to manage up to 512 Stellar APs.
- Service Licenses - Manage a specific number of devices for the following services:
• VMs - Virtual Machines (VMs). VMs can be deployed on VMware vCenters, Citrix XenServers, and MS Hyper-V
Servers; and OmniVista 2500 NMS supports a mixture of Hypervisor types with no limit on the number of Hypervisors.
However, the VM Manager application supports a maximum of 5,000 VMs from all Hypervisors..
• Alcatel Lucent Enterprise Guest Devices - Guest Devices authentication through UPAM. The following licenses
are available: 20, 50, 100, 500, or 1000 Guest Devices.
• Alcatel-Lucent Enterprise On-Boarding Devices - BYOD Devices authentication through UPAM. The following
licenses are available: 20, 50, 100, 500, or 1000 Guest Devices.
• High-Availability – Licenses the High-Availability Feature.
Omnivista 2500 NMS
License Types
There are three types of Device Licenses:
• Starter Pack - Free and enables you to use OmniVista on a limited basis without expiration. You can manage up
to 30 devices (10 AOS, 10 Third Party, 10 Stellar APs).
• Evaluation - Free and gives you full use of OmniVista, but for a limited time (90 days). You can manage up to
60 devices (20 AOS, 20 Third Party, 20 Stellar APs)
• Production - Gives you full use of OmniVista without expiration. Number of devices is chosen at license
generation (Up to 1000 devices)
Service License Types:

OmniVista 2500 NMS
Licensing Model ▪OS9900 in VC– All units need to be
licensed – A VC of 2 = 2 license units
▪ OS9900 as 1 License Unit per Physical Unit
▪ OS 6900, 6350, 6860, 6860E, 6560, 6865, 6450 ▪OS6900 or OS6860 in VC All units
1 License Unit per Physical Unit
need to be licensed i.e. VC of 4 = 4
license counts
▪ OmniAccess Wireless Legacy Access Points ▪Same rule applicable for AOS6.x
Not a licensable item before or after R3.5.7 stacks
▪ OmniAccess Wireless Controller

Licensable item as one unit per entity – Goes toward ALUe
Counters
▪ OmniAccess ESR Gateway

Licensable item as one unit per entity/IP Address
▪All 3rd party devices seen as 1
license count per IP mgmt address
▪3rd Party Devices
OmniVista 2500
Supported OS & platforms for NMS
Web Based User Interface
• OmniVista 2500 NMS uses a web-based user interface.
• All applications are web-based.
• All are accessed directly through the single web GUI.
• The new web GUI is supported on the following HMTL5 capable browsers:
- Internet Explorer 11+ (on Windows client PCs),
- Firefox 62+ (on Windows and Redhat/SuSE Linux client PCs),
- Chrome 68+ (on Windows and Redhat/SuSE Linux client PCs).
OmniVista
Upgrading from OmniVista 2500 NMS R3.5.7
Backup OmniVista Database and restore it to OmniVista Release 4 (R4)
- 1. On the existing OmniVista 2500 NMS, change “admin” user's password to “switch”.
- 2. On the existing OmniVista 2500 NMS, perform a backup from the Server Backup Application.
- 3. Perform a fresh deployment of OV 2500 R4
- 4. Use an SFTP client to copy backup file generated in Step 2 above, to a fresh installation of OV 2500 NMS-E
4.2.1.R01. Make sure the destination directory is “backups”
SFTP User: cliadmin
SFTP Password:
SFTP Port: 22
- 5. Login to OV 2500 NMS-E VA machine using cliadmin account
- 6. Enter 4 and press Enter to choose the Upgrade/Restore VA option.
OmniVista
Upgrading from OmniVista 2500 NMS R3.5.7
- 7. Enter 6 and press Enter to choose the Restore OV2500 NMS Data
- 8. The list of backup files will display, choose a Backup File by selecting the number (e.g., 1) in the list and pressing
Enter.
- 9. Press y at the confirmation prompt, and press Enter. Then press y at the warning confirmation prompt and press
Enter.
- 10. Wait for all OV 2500 R4 Services start up.
- 11. Log into OmniVista R4 WebUI and enter the License Keys.
- 12. You must now restart all services. Go to the Watchdog Screen (Administrator - Control Panel – Watchdog) and
click on the Restart All button to restart all services. When all services restart, you will be able to log into OV 2500
R4
VM Appliance Installation Process
Deploying the Virtual Appliance
1. Log into vCenter and open the vSphere client.
2. Select File > Deploy OVF Template. The Deploy OVF Template Wizard appears.
3. Follow additional steps in the Virtual Appliance deployment wizard. The wizard may prompt
the following steps:
• Review VM details.
• Review and accept end user license agreement.
• Specify a name and location for the deployed template.
• Select the host or cluster where the template is to be deployed
• Storage location of VM files.
• Disk formatting (Thin or Thick Provision). (Thick provision is recommended.)
• Network mapping.
4. If the new Virtual Appliance was not powered on via the deployment wizard, power on the VM
now.
Configuring Omnivista 2500NMS VM
The Keyboard Layout prompt will appear.
Press Enter if you do not want to change the default keyboard layout, or enter y then press
Enter to change the default keyboard layout.
The Technical Support Code Password Screen appears. This is a password that will be used by
Technical Support to access the VM, if necessary
Configuring OmniVista 2500 NMS VM
Specify an administrative password for the cliadmin user, then re-enter it to confirm the new
password. Follow the guidelines on the screen when creating the password.
Configure the OV IP address and mask

The UPAM Portal and IP Ports prompt appears. Enter 1 and press Enter to configure the UPAM IP
and Ports. If you are not managing a wireless network and will not be using UPAM, enter 2 and
press Enter.
If you select 1 in this step, UPAM IP and Ports configuration must be completed
Select the number of devices OV 2500 NMS-E 4.3R2 will manage
Configure the default gateway

Configure the DNS Server
Configure the NTP client

Manage the current configuration
OmniVista -Launching OmniVista 2500 NMS
Enter the IP address of the OmniVista Server in a supported web browser
Log in using the default Username and Password:
• Username: admin
• Password: switch
OmniVista 2500 – Initial Setup
Add the Core License
OmniVista 2500NMS – Initial Setup
Accept the End User License Agreement (EULA)
OmniVista 2500NMS – Initial Setup
Verify the results
OmniVista - Dashboard
Home – Returns the user to the Dashboard
Admin - Brings up the Local User Management Screen.
Help - Brings up the OmniVista 2500 NMS Getting Started Guide
Videos – Launches the Alcatel-Lucent Enterprise YouTube Demo Playlist
About - Displays basic OmniVista 2500 NMS information
Logout - Logs you out of OmniVista 2500 NMS.
Customizing the Dashboard
• Default Widgets
- License
- Network Status
- Quarantine Manager
- Locator
- Favorites
• Adding Widgets
• Removing Widgets
OmniVista - WEB Preferences
Administrator>Preferencs System Settings
User Settings • Locator
• Language • Application Visibility
• Theme • Scheduler History
• Inactivity Timeout • Proxy
• Dashboard • Asset Management
• Web Start
• Colors
OmniVista - Help
Licenses Info
Manage Licenses
• Enterprise, Third Party, VMs
• Add/Import
Switch – SNMPv1/v2 Set-up
Basic SNMP Set-up (V1 or V2)
• aaa authentication snmp local

• user test1234 password public99 read-write all read-only none no auth
• snmp community map public user test1234 on/enable (R6/R7)
• snmp security no security
• snmp station <ip> <v1|v2|v3> test1234 enable
• Optional
- trap 1/1-24 port link enable (for AOS R6 switches)
- interfaces 1/1-24 link-trap enable (for AOS R7 switches)
- snmp trap to webview enable
Switch – SNMPv3 Set-up
aaa authentication snmp local
user test1234 password public99 read-write all read-only [md5+des, sha, md5, sha+des]
Security Level SNMP requests
Security Level
snmp security options accepted by the switch
no security All SNMP requests are accepted.
authentication set SNMPv1, SNMPv2 Gets

Security Level Non-authenticated v3 Gets and Get-Nexts
Authenticated v3 Sets, Gets, and Get-Nexts
Encrypted v3 Sets, Gets, and Get-Nexts
authentication all Authenticated v3 Sets, Gets, and Get-Nexts
privacy set Authenticated v3 Gets and Get-Nexts

privacy all Encrypted v3 Sets, Gets, and Get-Nexts

Trap management traps only All SNMP requests are rejected.
->snmp authentication trap enable
->snmp station 192.168.3.100 162 test1234 v3 enable
Loopback0 Interface
SNMP specified address as source address
By configuring the source field of SNMP packet that can either be loopback address or closest ip in
the ip stack or any ip address
-> snmp source ip preferred {default | no-loopback | ip_address}
 Interface IP address: IP address to be used in the source IP field
 Non-Loopback: loopback0 address not used

 IP field and the first available IP address from the IP stack will be used for this field
 Default: loopback0 address if configured, used for the source IP field

 Else the first available ip from the IP stack will be used
-> no aaa snmp agent preferred : set to default values

Watchdog Application
• Watchdog Application Manages Services
• GUI
• CLI
Watchdog can
• Start/Stop Services
• View Service info
Installing the OmniVista 2500 NMS
Objective
✓ Install the OmniVista 2500 NMS
Contents
1 Briefing ......................................................................................... 1
2 Accessing the VMware ESXi .................................................................. 2
3 Configuring the OmniVista 2500 NMS Settings ............................................ 2
3.1. Post Installation Wizard .............................................................................. 2
3.2. First Login ............................................................................................... 4
4 Generating & Installing an Evaluation License ............................................ 5
4.1. Generating the Evaluation License ................................................................. 5
4.2. Installing the Evaluation License .................................................................... 6
4.2.1. Inserting the License File.................................................................................. 6
4.2.2. Inserting the License Keys................................................................................. 6
5 Debriefing ...................................................................................... 7
1
1 Briefing
The OmniVista 2500 NMS is distributed as a Virtual Appliance only. There are no other standalone installers
(e.g., Windows/Linux).
The OmniVista 2500 Virtual Appliance has already been downloaded from the Business Partner Website
(BPWS, official ALE website to download software and documentations) and deployed on a VMware ESXi
server.
In this lab, you will learn how to perform the post installation of the OmniVista 2500 NMS.
CURRENT
TOPOLOGY
END OF LAB
TOPOLOGY
2
2 Accessing the VMware ESXi

The OmniVista 2500 NMS virtual appliance has already been downloaded and deployed on a VMware ESXi
Server.
Access the VMware ESXi application
First, let’s access to the VMware ESXi application:

Select the OV2500 virtual

machine
Right click on the OV2500

virtual machine
Select Open Console from the

contextual menu
3 Configuring the OmniVista 2500 NMS Settings

In this part, we will configure all the OmniVista 2500 NMS settings (IP address, password…).
Follow the installation wizard to continue with the OmniVista 2500 installation.
3.1. Post Installation Wizard
OmniVista 2500 Console

Select the keyboard layout
(default: us)
3
Enter the code Alcatel.0
Press Enter
This code is used by the ALE

Technical Support for
troubleshooting purposes
Enter the password Alcatel.0
Press Enter
Enter the IP settings:

- IPv4: 10.130.5.5X (X=R-Lab
Number)
- Subnet Mask: 255.255.255.0
Keep the default HTTP and

HTTPS ports
- [y|n]: y
Press Enter
The Captive Portal has its own

IP address.
Select:
- Option 1
- IPv4: 10.130.5.7X (X=R-Lab
Number)
- Subnet mask: 255.255.255.0
– IPv6: n
Keep the default HTTP and

HTTPS ports
- Confirm (y) then press Enter
Additional OV Web IP
- Option 2: Disable Additional
OV Web IP
Check that the configuration

has been applied
Select the network size

- Option 1: Low
- Would you like to set the
number of devices? [y|n]: y
Press Enter
4
Select the default language
- Option 1: English
Configure the Default Gateway
- Choose Option: [4]
- Default gateway:
10.130.5.253
- [y|n]: y
Press Enter
Configure the Hostname

- hostname: StellarPodX (X=R-
Lab Number)
Press Enter
- dns server 1: 10.130.5.130
- dns server 2: 10.0.0.51
Press Enter
Select 0 to Exit this menu
Notes > Services Restart

After exiting the menu, it takes a couple of minutes for the OmniVista 2500 to restart its services. Please wait
before going on with the next part.
Notes > cliadmin

The password entered during the installation wizard is the cliadmin account password. This account is used for
the initial OV configuration and for advance troubleshooting.
Notes > What is UPAM?

The Unified Policy Authentication Manager (UPAM) is a module embedded in the OmniVista 2500 NMS, which
provides advanced authentication functionalities, especially for authenticating Guest or BYOD devices.
3.2. First Login

From the Windows Desktop, login to the OmniVista 2500 Web Admin Interface:

Open a web browser (ex.
Mozilla Firefox or Google
Chrome)
Enter the OV 2500 IP address

in the URL bar: 10.130.5.5X
(X = Pod number)
Username: admin
Password: switch
Depending on the type of web

browser being used, a warning
5
regarding the website’s

security certificate will be
shown. Skip this warning and
continue to the OmniVista
login page.
A prompt appears to add the
license(s)
Go to the next part to learn

how to generate an
evaluation license
4 Generating & Installing an Evaluation License

An Evaluation License provides full OmniVista 2500 NMS feature functionality, but is valid only
for 90 Days (starting from the date the license is generated). There is one file that contains all of
the Device (AOS, Third-Party, Stellar APs) and Service Licenses (VM, Guest, BYOD).
In this part, you will learn how to generate and install an evaluation license
- Generate an Evaluation License

- Install it in your OmniVista 2500
Tips > Evaluation License

This part is NOT dedicated for training. Don’t hesitate to use the same process if you need to generate an
evaluation license for testing purpose (lab…).
Warning
BEFORE THIS STEP, ENSURE THAT NO LICENSE GENERATED IN A PREVIOUS TRAINING IS AVAILABLE TO AVOID ANY
POSSIBLE CONFUSION.
ON THIS WINDOWS DESKTOP, DELETE ANY FILES WITH THE NAME “-EVAL-OV2500…”
4.1. Generating the Evaluation License

From the Windows Desktop, open a new web browser tab/window:

Go to https://lds.al-
enterprise.com/ov25411/ente
rLicenseData.jsp
Enter:
- Customer ID: 99999
- Order Number: evaluation
Click Next
6
Select the License Type:

EVAL-OV2500-ALL-TYPE_1
Enter the Passcode: omnivista
Click on Submit Entry
Enter the following

parameters:
- Company Name: ALE (or
something else)
- Mail: <your mail address>
The sole purpose of entering
your mail is to receive the
license information by mail.
Click on Submit
Save the file locally
4.2. Installing the Evaluation License

2 possibilities:
- Inserting directly the license file obtained in the previous part
- Inserting the license keys
Don’t do both!
4.2.1. Inserting the License File

- Go back in the OmniVista 2500 NMS webpage:
> Go back to the OV 2500 Web Admin Interface

> Click on Add License
> License File: click on Browse
> Select the license file downloaded in the previous part
> Click on Open
> Click on Submit
Software and/or documentation End-User License Agreement “EULA”

> Check OK (don’t check Enable ProActive Lifecycle Management)
4.2.2. Inserting the License Keys

- Open the file with a text editor (notepad, notepad++…). The licence keys are in clear text.
- Go back in the OmniVista 2500 NMS webpage:
7
> Open a Web Browser

> Type the following IP address in the URL bar: 10.130.5.5X
> Username/Password: admin/switch
> Go to ADMINISTRATION > LICENSE > Add or Import License

> In the License Key field, enter all the licenses keys that are in the license file generated in the
previous step (/!\ remove the license name before inserting them, look at the warning below /!\)
> Click on Submit
Warning
COPY AND PASTE ONLY THE LICENSE KEYS AND NOT THE ENTIRE LINES! (HIGHLIGHTED THE INFO THAT YOU HAVE
TO COPY AND PASTE):
EVAL-NM-EX-20-N, KEQWEXRH-VXDJBEUM-4EX$299Z-BBXS7G#4-JC!GW81R-$C8YWB1K-DBE#$LDX-AXVRMLM#
EVAL-VMM-100-N, WWITUJ#W-EWBU@BSM-@EX$299Z-BBXS7G#4-JC!GWL1R-$CFYWB1L-X5#PC4WT-5UDJU7B#
EVAL-AP-NM-20-N, G1CUNONJ-YFZ%JX2W-JEX$299Z-BB@S7G#4-JC!GW81R-$CHYWB1L-WAPB3U7!-GDFXMHV&
EVAL-GA-20-N, VTP@GOKN-E53P8#@E-NEX$299Z-BB@S7G#4-JC!GW81R-$C#YWB1L-CJD%PRTF-9GTXNX!1
EVAL-BYOD-20-N, JSQRU%HH-GFFCJUGB-ZEX$299Z-BB@S7G#4-JC!GW81R-$CRYWB1L-EBX5WUFB-8X7HF@5G
Disable Enable ProActive

Lifecycle Management
Click on OK
5 Debriefing
During this lab, we have learned how to install the OmniVista 2500 NMS. We have also learned how to
generate an evaluation license.
Remember that you can use the last part (Generating an Evaluation License) if you want to get a license for
your own lab! This is not reserved for training purpose.
OmniAccess Stellar WLAN
AOS OmniSwitches Discovery in the OmniVista 2500 NMS
Objective
✓ Learn how to discover the OmniSwitches in the OmniVista 2500 NMS
Contents
1 Briefing ......................................................................................... 1
2 Creating the Backbone VLAN ................................................................ 2
2.1. Configuring the Backbone VLAN ..................................................................... 2
2.2. Configuring the Backbone VLAN IP Interfaces .................................................... 3
3 Configuring the SNMP v3 ..................................................................... 4
4 Discovering the OmniSwitches on the OmniVista 2500 NMS ............................. 5
5 Debriefing ...................................................................................... 6
1
1 Briefing
Before using all the features offered by the OmniVista 2500 NMS, the network devices must be discovered
first. In this lab, we are going to discover the 2 OmniSwitches in the OmniVista 2500 NMS. The discovery of
the 2 Access Points will be covered in another lab.
CURRENT
SITUATION
END OF LAB
SITUATION
2
2 Creating the Backbone VLAN

In this part, we will create a “Backbone” VLAN. This VLAN will be used to interconnect the network
equipment together (OmniSwitches, OmniVista 2500, DHCP Server).
Configure the Backbone VLAN and IP Interfaces on each OmniSwitch.
2.1. Configuring the Backbone VLAN

First, let’s create the backbone VLAN. This VLAN will contain:
- The 2 OmniSwitches;
- The OmniVista 2500 (10.130.5.5X);
- The DHCP Server (10.130.5.7).
Tips > Console Shortcuts

To access to the OmniSwitches consoles, a shortcut is available for each switch on the Windows Desktop:
OS6560 (login: admin / password: switch)

6560 -> vlan 1305 name BACKBONE
6560 -> vlan 1305 members port 1/1/2 tagged
6560 -> interfaces 1/1/2 admin-state enable
OS6860 (login: admin / password: switch)

6860 -> vlan 1305 name BACKBONE
6860 -> vlan 1305 members port 1/1/1 untagged
6860 -> vlan 1305 members port 1/1/2 tagged
6860 -> interfaces 1/1/1-2 admin-state enable
Notes
The VLAN 1305 is already assigned to the OmniVista 2500 and the DHCP Server.
3
2.2. Configuring the Backbone VLAN IP Interfaces

Now, let’s configure the IP interfaces on both OmniSwitches.
OS6560
6560 -> ip interface int_backbone address 10.130.5.22X/24 vlan 1305
OS6860
6860 -> ip interface int_backbone address 10.130.5.20X/24 vlan 1305
Check that the 2 OmniSwitches can now reach each other, and can reach the servers:
OS6560
6560 -> ping 10.130.5.20X (OmniSwitch 6860)
6560 -> ping 10.130.5.7 (DHCP Server)
6560 -> ping 10.130.5.5X (OmniVista 2500 NMS)
OS6860
6860 -> ping 10.130.5.22X (OmniSwitch 6560)
6860 -> ping 10.130.5.7 (DHCP Server)
6860 -> ping 10.130.5.5X (OmniVista 2500 NMS)
4
3 Configuring the SNMP v3

To communicate with, and discover the network devices, the OmniVista 2500 uses the SNMP protocol. The
SNMP version 1,2 and 3 are supported.
In this part, we are going to configure an SNMP version 3 profile on each OmniSwitch.
Configure an SNMP v3 profile on both OmniSwitches.
To create the SNMP v3 profile on the OmniSwitches, use the following command:
OS6560
6560 -> aaa authentication default local
6560 -> user snmpuserv3 read-write all password snmpuserv3 sha+des
6560 -> snmp station 10.130.5.5X 162 snmpuserv3 v3 enable
OS6860
6860 -> aaa authentication default local
6860 -> user snmpuserv3 read-write all password snmpuserv3 sha+des
6860 -> snmp station 10.130.5.5X 162 snmpuserv3 v3 enable
5
4 Discovering the OmniSwitches on the OmniVista 2500 NMS

In this part, we are going to configure an SNMP version 3 profile on the OmniVista 2500, then we will discover
the 2 OmniSwitches in the OmniVista 2500 (once discovered, OmniSwitches can be managed and supervised
from the OmniVista 2500 NMS).
Configure an SNMP v3 profile on the OmniVista 2500 NMS.
To create the SNMP v3 profile on the OmniVista 2500:
> Open a Web Browser

> Type the following IP address in the URL bar: 10.130.5.5X
> Username/Password: admin/switch
> Select NETWORK > DISCOVERY > Managed Devices

> Click Discover New Devices
> Click on the + button (top right)
> Enter IP information
> Start IP: 10.130.5.20X
6860 > End IP: 10.130.5.20X
> Subnet Mask: 255.255.255.0
> Choose Discovery Profiles: click on the button to create an SNMPv3 profile
> SNMPv3 Profile Parameters (leave other parameters blank)

> Name: SNMPv3
> SNMP Version: SNMPv3
> Timeout (msec): 5000
> Retry Count: 3
> User Name: snmpuserv3
> Auth & Priv Protocol: SHA+DES
> Auth Password: snmpuserv3
> Priv Password: snmpuserv3
> Click on Create
> Choose Discovery Profiles: select the SNMPv3 profile, click on + to move it to the right
> Click on Create
> Click on the + button to add a new range

> Enter IP information
> Start IP: 10.130.5.22X
> End IP: 10.130.5.22X
6560 > Subnet Mask: 255.255.255.0
> Choose Discovery Profiles: select the SNMPv3 profile, click on + to move it to the right
> Click Create
> Select both ranges by clicking on the checkboxes on the left

> Click on Discover Now to launch the discovery process, then click on Finish.
At the end of this part, the 2 OmniSwitches are discovered and are now manageable from the OmniVista
2500 NMS:
6
5 Debriefing
In this lab, we have created the “Backbone” VLAN. This VLAN will be used to interconnect the network
equipment together (OmniSwitches, OmniVista 2500, DHCP Server). Then, we have configured the SNMP
settings in the OmniSwitches. And finally, we have discovered the OmniSwitches in the OmniVista 2500 NMS.
These OmniSwitches can now be managed from the OmniVista 2500 GUI.
OmniAccess Stellar Wireless Lan
Solution Overview
Lesson summary
Solution Overview
At the end of this module, you will be able to:
• Understand and choose the Stellar mode on the APs
• Understand the planes of operation and the traffic
generated by the AP
• Understand the network topology recommended
• Identify the network limitations
Stellar WLAN - Modes
Stellar Modes
WiFi Express WiFi Enterprise

Standalone mode, up to 255 APs Managed mode, up to 4000 APs
Evolutive design
grow your WiFi at your own pace
Market position
 WiFi Express  WiFi Enterprise
 Mutually exclusive with WiFi Enterprise  Mutually exclusive with WiFi Express
 All APs models supported  All APs models supported
 Virtual Controller Management with Web Interface  Centralized Management with OmniVista 2500
 Cluster of 255 APs (cluster limitation of 32 AP1101)  4000 APs managed
 Access Switch required (PoE model if possible)  Access Switch required (PoE model if possible)
 DHCP server required  DHCP server required
 OmniVista 2500 server and licenses required
Access Point PoE Switch DHCP Server + OmniVista 2500

Wifi Express – Standalone cluster deployment
✓ Self managed standalone cluster

✓ Integrated secure Web managed
✓ Wizard driven configuration
✓ Integrated Guest captive portal
✓ External Guest Captive Portal support
✓ Distributed intelligence control
✓ Self configured AP cluster, up to 255 APs*
✓ Optimal RF management
* Hardware limitation
Easy deployment, scaling up to 255 APs

Wifi Express – Features List
Management Security Radio System
✓ GuestOperator Restricted ✓ Authentication 802.1X, WPA, ✓ Dynamic Frequency Selection ✓ Daylight-Saving time
Role GUI WPA2, WPA3 ✓ Transmit Power Control ✓ Syslog support
✓ HTTP and Secure Access via ✓ Encryption WEP, TKIP, AES ✓ Extensive Country Code list ✓ NTP Client
HTTPS ✓ Built-in User Database ✓ Channel & Transmission power ✓ Built-in DHCP/DNS/NAT
✓ English, simplified Chinese, ✓ External Radius Server Support manual assignment
German , French, Spanish ✓ Wireless MESH
Korean, Turkish Language ✓ ACLs per SSID ✓ Certificate Management
Support ✓ Disconnect/ Blacklist Clients
✓ OXO Connect R2.1 ZTP ✓ WIPS protection
integration using secure HTTPS
✓ Scale up to 32 Aps
(AP1101 ONLY Cluster)
✓ Scale up to 255 APs in mixed AP
Cluster (minimum: 8 x
AP122x/123x/1251)
✓ Remote Cluster Management
All Stellar APs can be part of the web managed AP-cluster

Wifi Enterprise – Central managed deployment
✓ OmniVista 2500
▪ Cloud ready (OmniVista Cirrus)
▪ Unified wired-wireless
▪ Access Management (Guest/BYOD)
▪ Role based policy enforcement
✓ Smart Analytics
✓ Distributed intelligence control
▪ Up to 4000 APs
▪ Scale to support 100K clients per devices
✓ Advanced wireless features

▪ WLAN topology on a map and heat map
▪ Wireless security (wIDS/wIPS)
Central unified management for larger deployments, up to 4000 APs

Wifi Enterprise – Features List
Secure Unified policy Wireless

Strategic access authentication manager management
✓ Controller-less ✓ Secure NAC with ✓ Employee - Supplicant/ ✓ RF Management

Architecture Unified Access AG 2.0 Non-supplicant secure ✓ wIDS/ wIPS – Rogue
Integration authentication
✓ OmniVista integrated Containment/ Attack
Unified Policy ✓ Automated deployment ✓ Guest Access – Self Detection
Authentication Manager with ALE OmniSwitch Registration/ Employee ✓ Floor Plan/ Heatmap
(UPAM) Integration sponsored/ Social Login - Planning &
✓ Simplified Management of ✓ Smart Analytics ✓ BYOD deployment tools to
AP Groups Application Monitoring simplify deployment
✓ Strategy based Policy
& Enforcement/ DPI while improving QoE
✓ No limit on AP Group Count Enforcement
✓ Max 4000 APs spread ✓ UPnP/ Bonjour Service ✓ Extensive Captive Portal ✓ Reports – Uptime,
Sharing Usage, etc. Reports
across one or more AP Customization
Groups ✓ External Captive portal ✓ MESH topology
✓ OmniVista High Availability support
All Stellar APs can be part of the OV managed AP-groups

Mode Selection
 WiFi Express is the default mode
 AP requests and receives an IP address from the DHCP server.
 DHCP option 138 equals the IP address of the OmniVista 2500 Server
subnet 192.168.10.0 netmask 255.255.255.0 subnet 192.168.10.0 netmask 255.255.255.0

{ {
dynamic-dhcp range 192.168.10.10 192.168.10.20 dynamic-dhcp range 192.168.10.10 192.168.10.20
{ {
option subnet-mask 255.255.255.0; option subnet-mask 255.255.255.0;
option broadcast-address 192.168.10.255; option broadcast-address 192.168.10.255;
option routers 192.168.10.1; option routers 192.168.10.1;
option dhcp-lease-time 6000; option dhcp-lease-time 6000;
option domain-name-servers 192.168.10.1; option domain-name-servers 192.168.10.1;
option domain-name "vlan10.home"; option domain-name "vlan10.home";
} option 138 192.168.0.61;
} }
}
WiFi Express WiFi Enterprise

Changing the Mode
 Mode can be changed :
 Manually in Express mode with a "Convert to Enterprise" button
 Or requires a factory reset (push button) and reboot
 Migrate an existing Cluster (WiFi Express) to OV mode (WiFi Enterprise)

 Add option 138 in the DHCP server for the AP management scope
Option 138
dhcpd.conf
 Perform a factory reset/reboot or change the mode manually
No configuration migration, AP « cluster » configuration is lost

Planes of Operation
Planes of operation
 Management Plane
 No controller
 WiFi Express: Centralized management on one Primary Virtual Controller (PVC)
 WiFi Enterprise: Centralized management on OmniVista 2500
 Control and Data Plane per AP
Mgmt
Plane Mgmt
Data Control Plane
Plane Plane
PVC
Control
Control
Plane
Plane Control Data
Plane Plane
Data Data Control
Data Plane Plane
Plane Plane
Control Data
Plane Plane
Management Plane
 Management plane – Type of Traffic
 Configuration traffic (SSID creation,..)
 Monitoring and troubleshooting (client monitoring,…)
 AP management traffic is always untagged
 Use the native vlan of the upstream switch and the subnet got from the DHCP scope
OmniVista
Edge Switches Edge Switches
“Management” VLAN
“Management” VLAN Untagged
Untagged
WiFi WiFi
Express PVC
Enterprise
Management Plane – AP Group OmniVista
AP Group: Group 1, Group2
 Management on AP Group only AP <-> AP Group mapping

AP Registration
 AP Group
 No limits & restrictions but total number of AP
limited to 4000 (Enterprise) or 255 (Express)
 Can mix any AP type: AP1101, AP1201(H), LAN / L3
AP12xx, AP123x, AP125x
Edge Switches
Edge Switches Edge Switches
AP-Group
PVC
AP Group 1 AP Group 2
WiFi-Express WiFi-Enterprise
Control Plane
 Control Plane – Type of Traffic
 Manages network protocols, Forwarding Information Base (FIB)
 Manages authentication, packet inspection, load balancing
Over the Air
Control Plane
 Control plane traffic

 AP to AP protocol over the air
OmniAccess WLAN OmniAccess WLAN
 Usedfor Access Point Access Point
 RF Management Over the LAN
 Neighbor AP discovery Control Plane
 AP to AP protocol over the LAN infrastructure Edge Switche Edge Switche
 Usedfor
 RF Management
 Roaming client context sharing
Layer 2/3
Network Infrastructure
Internal traffic, managed by the Stellar APs
Data Plane
 Data Plane – Type of traffic
 Forward data user traffic Guest
 Manages the QoS and ACLs SSID
Employee Voice
SSID SSID
 Data Plane Traffic OmniAccess WLAN

Access Point
 Wireless data converted to Ethernet in the AP
and sent to the AP uplink Vlans Tagged
 Wireless traffic always tagged on the AP uplink Data Traffic
 No tunnel mode to OV or Virtual Controller
Edge Switche
 Data Plane is only L2 Data Center

 No routing for data user traffic
 Routing provided by LAN infrastructure
Layer 2/3
Network Infrastructure
One tagged VLAN per SSID
Network Architecture
Network Topology OmniVista
Internet DHCP Scope for

•All AP Mgt VLANs
Require option 138 for OV IP address
DHCP
WAN Router •All SSID VLANs
DNS
Optional
DNS Server for
•All AP Mgt subnets
•All SSID subnets
Core L3 protocols / Routing
LAN
IP interfaces / Routers for
Distribution •All AP Mgt VLANs
•All SSID VLANs
All AP Management VLANS and SSID VLANs
Access
Trunk Port with POE

•Untagged/Native vlan = AP Mgt VLAN
•Tagged VLANs = SSID VLANs
Stellar Access
Points
OmniSwitch LAN – Value Added
 Stellar deployment with OmniSwitch recommended
OmniVista UPAM
 Key Benefits
 Unified Access for ALE wired and wireless networks
 OV Unified Policy Access Manager (UPAM) RADIUS Guest / BYOD
Server Access Policies
 UPAM acts a the main RADIUS Server for both wired and wireless users
 Unified Guest and BYOD access policies for both wired and wireless users
 Unified access features:

 Automatic VLAN creation
Alcatel
 Guest/BYOD Access for wired/wireless users with UPAM OmniSwitch
Stellar
Access Point
 Network Access with Access Guardian
 Guest Tunneling
Network Guidelines
 AP Management VLANs
 AP Management VLANs and LAN Management /
Data VLANs should be different "Management" VLAN
 Recommendation: dedicated VLAN ID for AP
management
 Recommendation: maximum of 512 APs per vlan
512 APs
 WLAN VLANs
 Same VLAN ID could be used for both wireless and
wired clients
 However, it is recommended to have reserved "Employee" VLAN
VLAN ID for wireless clients
Network Resiliency
Implementation
 AP plugged on 2 switches with one active uplink
 Active uplink POE goes down: AP reboot
 Linkagg supported
Active
OmniSwitch
OmniSwitch Stellar Stellar

Access Point Access Point
Inactive
OmniSwitch
Convergence time
IPv6 Client Support – Express Mode
IPv6 required for specific verticals IPv6 supported on Client side
 Education (Research)
 Healthcare (IoT) IPv6 Policies supported
 Government (Security)  IPv6 QoS/ACL rules to filter client traffic
Cluster AP Management through IPv4
Wireless Client Forwarding

 Client IPv6 traffic forwarded between IPv6 clients and to
IPv6 Gateway
IPv6 Client Support – Enterprise Mode
AP Management through IPv4
 IPv4 for AP/OmniVista communication
 No IPv6 network interface on AP
Client MAC/1X Authentication

 Client authentication request to AP through IPv6
 Radius communication between AP and UPAM through IPv4
Client Portal Authentication

 Client to portal server through IPv6
 Portal server to Radius Server through IPv4
Wireless Client Forwarding

 Client IPv6 traffic forwarded between IPv6 clients and to
IPv6 Gateway
Appendix
BLE Beaconing
AeroScout
Option 138 for DHCP Server
Appendix
BLE Beaconing
BLE Beaconing ready for the AP1230 series and AP1201 with a built-in BLE
 Stellar APs ready for Asset Tracking Solution

 Asset: people or equipment (wheel chair, medical devices, laptop,…)
OAW-AP1201
 Reducing time to find assets: improves employees/customer satisfaction
 BLE Beacon is configured per AP Group

 Turned OFF by default
OAW-AP1230 Series
 Configurable parameters are
 Beaconing Mode : iBeacon per default
 Transmission Power
 Frequency/Emission Period
 UUID (Universal Unique Identifier) – ALE specific UUID for all ALE products
 Major and Minor values – used for greater accuracy than UUID alone
Appendix
Integration with AeroScout Location Engine
AeroScout RTLS (Real Time Location Services) provides location services.
 i.g: Tracking of employees in the building at the plant
AeroScout tags
 AeroScout solution utilize standard WiFi (802.11) technologies as a
communication infrastructure
 Customers use the Stellar AP to communicate with AeroScout tags and
deliver information to the AeroScout Location Engine
 AeroScout LBS Architecture

 AeroScout Tags: Device generating 802.11 messages at a predefined interval
 Stellar APs: Delivers RSSI measurements of tags and WiFi clients to the AeroScout
Engine
 AeroScout Engine Server (AES): Location Engine. Based on RSSI measurements (from
the Stellar AP), determine position of the clients
 AeroScout Engine Manager (AEM): Configuration of the AES. Displays clients on the Stellar AP
map, heatmaps, analytics, Geofencing alerts
Appendix
Example Configuration (ISC-DHCP-Server)
 Linux open source DHCP server
# Classify OmniAccess Stellar AP as STELLAR
class "STELLAR" {
match if substring (option vendor-class-identifier, 0, 4) = "HAP.";
}
# Create custom option 138 as it is not known to isc-dhcp-server

option ovwma code 138 = ip-address;
 DHCP Pool
subnet 192.168.10.0 netmask 255.255.255.0 {
…
# Pool for OmniAccess Stellar AP
pool {
allow members of "STELLAR";
range 192.168.10.10 192.168.10.20;
option ovwma 192.168.0.61;
}
}
Appendix
Example Configuration (OmniSwitch DHCPD)
 OmniSwitch used as DHCP server
 Dhcpd.conf file configuration:

subnet 192.168.10.0 netmask 255.255.255.0
{
dynamic-dhcp range 192.168.10.10 192.168.10.20
{
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.10.255;
option routers 192.168.10.1;
option dhcp-lease-time 6000;
option domain-name-servers 192.168.10.1;
option domain-name "vlan10.home";
option 138 192.168.0.61;
}
}
Follow us on…
Follow us on: www.al-enterprise.com
facebook.com/ALUEnterprise
linkedin.com/company/alcatellucententerprise
twitter.com/ALUEnterprise
youtube.com/user/enterpriseALU
Stellar Hardware Presentation
Lesson summary
Stellar Hardware Presentation
At the end of this module, you will able to:
• List the Stellar Access points per capacity
• Position the Stellar Access Point in the market
Access Points Overview
OmniAccess Stellar AP Lineup
AP1201 AP1201H AP1221/AP1222 AP1231/AP1232 AP1251

802.11ac: Wave 2 802.11ac: Wave 2 802.11ac: Wave 2 802.11ac Wave 2 802.11ac Wave 2
Emerging / SMB Hospitality Mid-Range High-Range Outdoor
AP1101
802.11ac: Wave 1
Selection Criteria
OAW-AP1101 OAW-AP1201 OAW-AP1201H OAW-AP1220 OAW-AP1230 OAW-AP1251
Series Series (-40C to 65C)
# of Radios 2 2 2 2 3 2
Technology 11ac W2 11ac W2

11ac W1 11ac W2 11ac W2 11ac W2
4x4:4 (5Ghz) 2x 4x4:4 (5Ghz)
2x2:2 2x2:2 2x2:2 2x2:2
2x2:2 (2.4GHz) 1x 2x2:2 (2.4GHz)
Throughput 1.2Gbps 1.2Gbps 1.2Gbps 2.2Gbps 4.2Gbps 1.2+ Gbps
Ethernet ports 1XGE uplink

1xGE 1xGE uplink
1xGE 1xGE 3xGE downlink 1xGE
1x2.5GE 1xGE downlink
1xRJ45 Passthrough
BSSID 16 32 16 16 24 16
Client per AP 256 512 256 512 768 512
Client per
128 256 128 256 256 256
band/radio
DPI (App Mon) No Yes No Yes Yes Yes
BLE No Yes Optional (USB) Optional (USB) Yes No
Power 802.3af/at, 802.3at(2p/4p),

802.3af, <10W 802.3af 802.3af/at 802.3af, <12W
<15,6W 30W
OmniAccess Stellar AP1101
OAW-AP1101 – 802.11ac Wave 1 Entry Level AP
Dual radio, 802.11ac 2x2:2SS VHT80

✓ 2.4GHz and 5GHz band support
✓ Up to 867Mbps 5 GHz
✓ Up to 300Mbps 2.4 GHz
✓ Up to 16 SSID (8 SSID per radio)
✓ 1xGbE network interface, RJ-45 console, reset
✓ 802.3af POE / 48V DC
✓ Enterprise temperature range, plenum rated
✓ Built-in antenna (OAW-AP1101)
OAW-AP1201 – 802.11ac Wave 2 Entry Level AP

✓ 1.2 Gbps throughput
▪ Up to 867 Mbps 5 GHz
▪ Up to 400 Mbps 2.4 GHz
✓ 512 client devices per AP
✓ 1xGbE network interface, RJ-45 console, reset
✓ 802.3af POE / 48V DC
✓ Built-in OMNI directional antenna
✓ BLE 5.0, 802.15.4 (Zigbee) HW Ready
OmniAccess Stellar AP1201H
OAW-AP1201H – Hospitality AP
Dual radio, 802.11ac 2x2:2SS

✓ 1.2 Gbps throughput
✓ Limited RF coverage (single room)
✓ 256 client devices per AP
✓ Uplink – 1 x GE with PoE 802.3 af/at
✓ Downlink – 3 x GE interfaces with PoE 802.3af
✓ 1 x RJ45 Pass-Through (Analog phone)
29 95mm ✓ Built-in antenna
m
m
✓ Built-in wall box mount
✓ BLE radio via USB (secured port)
161.5
mm ✓ PoE or DC Power
✓ Separate Desk mount
✓ No Logo
OmniAccess Stellar AP1220 Series
OAW-AP1221/1222 – 802.11ac Wave 2 Mid-range AP

✓ 5GHz radio: 1,733Mbps (with 4SS/VHT80 clients or 2SS/VHT160
clients)
✓ 2.4GHz radio: 400Mbps 2.4GHz (2SS/VHT40)
✓ MU-MIMO
✓ Optional BLE radio through USB port
✓ 1xGbE network interfaces, RJ-45 console, USB port, reset
✓ 802.3at POE compliant/ 48V DC (function reduced when powered
by 802.3af source)
✓ External antenna connectors (OAW-AP1222)
OmniAccess Stellar AP1230 Series
OAW-AP1231/1232 – 802.11ac Wave 2 High-range AP
Tri radio, 802.11ac 4x4:4SS VHT160 and Integrated BLE

✓ First 5GHz radio: 1,733Mbps (with 4SS/VHT80 clients or
2SS/VHT160 clients)
✓ Second Multiband radio: 1,733Mbps (with 4SS/VHT80 clients or
2SS/VHT160 clients)
✓ Third 2.4GHz radio: 800Mbps 2.4GHz (4SS/VHT40)
✓ MU-MIMO
✓ Integrated BLE radio
✓ 1xGbE + 1x2.5GbE uplink network interfaces, RJ-45 console, USB
port, reset
✓ 802.3at POE (4pair - 60W) compliant/ 48V DC (function reduced
when powered by 802.3at 2pair source)
✓ External antenna connectors (OAW-AP1232)
OAW-AP1251 – 802.11ac Wave 2 Outdoor AP
Dual radio, 802.11ac 2x2:2S

✓ 5GHz radio: 867 Mbps (with 2SS/VHT160 clients)
✓ 2.4GHz radio: 400Mbps 2.4GHz (2SS/VHT40)
✓ MU-MIMO
✓ 2xGbE network interfaces, micro-USB console, reset
✓ 1xGbE uplink
✓ 1xGbE for connecting downstream device (IoT)
✓ 802.3af POE compliant/ 48V DC
✓ IP67/66
✓ Temperature range -40 to +65 degree C
✓ Built-in Omni Directional antenna
OmniAccess Stellar
Accessories
AP Accessories
MOUNTING KIT ANTENNAS

 Recommended for AP installation  Required for the indoor AP1222 & AP1232
 Indoor Mounting kits  Antennas available
 Outdoor Mounting kits  Omnidirectional (ceiling antenna or directly
 Dedicated to AP1251
connected)
 Directional (60° sector coverage)
Wall Mount Ceiling Mount Direct connection Ceiling

Antenna Antenna
AP Power Supply
If the Access switch does not support PoE, an alternate AP power supply must be chosen:
POE INJECTOR POWER ADAPTER

 Supported by all stellar ap  Compatible with indoor ap only
 802.3 af/at compatible  802.3 af/at compatible
 30W/60W  30W/60W
Follow us on…
WiFi Enterprise – Requirements
Lesson summary
WiFi Enterprise – Requirements
At the end of this module you will be able to:
• Identify the setup required in the WiFi Enterprise mode
• Configure the OmniVista 2500 server
• Configure the OmniSwitch
Initial Setup
Initial Setup
Hardware requirement
Access Point PoE Switch DHCP Server OmniVista 2500

Initial Setup
Minimal configuration required
 Stellar Access Point
 Purged AP with default factory configuration
 Alcatel OmniSwitch
 PoE
 Management VLAN
 "ip helper" for external DHCP server
 DHCP server
 Option 138 on Management VLAN
 Address Plan for Service VLAN
 OmniVista 2500 server

 IP configuration
 Licenses
OmniVista 2500 NMS
OmniVista 2500 Licenses
 OmniVista Core License - required
 Network devices
 OmniVista VMM License – optional
 OmniVista AP License count

 Stellar Access Point: Per AP License model
 OmniVista Guest Management License count
 Per device license model
 OmniVista BYOD License count
 Per device license model
 OmniVista High Availability (HA) License
 One License per set of OmniVista servers
OmniVista 2500 Licenses – Add-on
In case of network growth, additional APs must be deployed:
 AP License count > total number of APs to be deployed

 Deploy and register the APs
 AP license count < total number of APs to be deployed

 Import additional AP license count
 Deploy and register the APs
+
Initial AP Additional AP Updated AP
License count License count License count
= 100 = 50 = 150
OmniVista 2500 Configuration
Minimal configuration
 IP address and network mask
 OmniVista Network size configuration
 Default Gateway
 Timezone, DNS server,… (optional)
Discover the Network Devices

OmniVista 2500 High Availability (HA)
Laptop switch AP Laptop

Network devices must
communicate to Virtual IP
Virtual IP
Services Services
Databases Databases
Sync
Main OV  Failure Stand-by OV  Main OV

Laptop switch AP Laptop
Network devices must
OmniVista 2500 High Availability (HA)

communicate to Virtual IP
Virtual IP
Services Services
Databases Databases
 Introduces in OmniVista 4.3.1 R01 Sync
Main OV Stand-by OV
High Availability (HA) creates a redundant (Stand-by) OmniVista which will take aver if the
primary (Main) OmniVista becomes unavailable
 With HA, 2 instances of OV are constantly running

 Connection across a Layer 2 network
 Extension to Layer 3 network, if VxLAN or SPB are used.
When control is moved from Main to Stand-by all services and operations are transferred
 E.g. UPAM functions including BYOD and Guest Access is handled by Stand-by
 All network monitoring services are taken over by Stand-by
Dedicated OmniVista HA license.

OmniSwitch
OmniSwitch Manual Configuration
Minimal configuration
 PoE activation - if no power injector or power adapter is used
 Untagged "Management VLAN"
 SNMP configuration
ACCESS CORE
PoE Management VLAN

OmniSwitch Automatic Configuration
Why?
 Reduce the configuration steps on the Edge switch
 No need to set a trunk port
 No need to know in advance where the AP will be connected
 On the same port, AP, Phone, Camera, PC can be plugged
 No need to tag the SSID VLANs
How?
 Configure Access ports as UNP port –type bridge
 Required to accept tag/untag traffic from the AP
 Disable the trust-tag
 Security reasons. Can’t accept any tagged traffic.
 Create an UNP classification rule to classify the AP in a role
 Based on the AP LLDP traffic
 Map a VLAN ID to the role received by the AP
 Management VLAN assigned to the AP
OmniSwitch Automatic Configuration – AP Provisioning DHCP
LAN Scope 10.255.125.0/24
Scope 10.255.10.0/24
Stellar AP OS 6860-A OS 6860-B
1/1/1 1/1/24
1 AP sends LLDP
SSID AP classified in defaultWLANProfile 6860-A Configuration

GUEST 2 -> VLAN 125 assigned vlan 1 member port 1/1/1 untagged
VLAN – Not Required with MVRP
6a 3
AP sends untagged DHCP vlan 125
Get IP on vlan 125 vlan 10
Client connects to vlan 125 members port 1/1/24 tagged
SSID Guest Switch sends LLDP with vlan 10 members port 1/1/24 tagged
ip interface "vlan10" address 10.255.10.1/24 vlan 10
Sends DHCP request 4 • Port LAN ID = 125 ip interface "vlan125" address 10.255.125.1/24 vlan 125
• AP Location = Building1:1/1/1
Location
AP update system location Building1
5 • Management VLAN = 125 UNP

• AP Location = "Building1:1/1/1 unp port 1/1/1 port-type bridge
no unp port-template bridgeDefaultPortTemplate trust-tag
Client DHCP Request unp classification lldp med-endpoint access-point profile1 defaultWLANProfile
6b Tagged 10 unp profile defaultWLANProfile map vlan 125
Get IP on vlan 10
6c Trust-tag enable, port dynamically tagged for VLAN 10

Appendix
Automatic configuration – AP location
Appendix
OmniSwitch Automatic Configuration – AP Location Logic
 If port alias (“interfaces chassis/slot/port alias <string>”) is configured on the port
 => AP Location = Port Alias
 If system location (“system location <string>”) is configured on the OmniSwitch

 => AP Location = “System Location” :“PortID”
 If the system name (“system name <string>”) is configured on the OmniSwitch

 => AP Location = “System Name”:“PortID”
 By default
 => AP Location = “Chassis ID”:“PortID”
 Chassis ID is the Chassis Mac address

 Port ID is the actual port number in the chassis/slot/port format
Follow us on…
AP Registration
Objectives
AP Registration
At the end of this presntation you will be able to:
• Register an AP with the manual Trust method
• Register an AP with the white list method
• Use the Discovery and Topology application
AP Discovery
Access Point DHCP Server OmniVista 2500
AP is connected to the network and powered on

1
AP sends a DHCP request
AP selects the Management VLAN through LLDP
AP determines IP of OV2500 if option "138" is returned by DHCP server

2
AP is set in "Enterprise" mode
3 AP contacts OV2500 for registration
OV2500 assigns an AP Group to the AP

4
OV2500 applies the configuration to the AP
AP Registration
 AP always connects to the AP Registration AP AP
Component in OV Successful Registration Failed Registration

MANAGED UNMANAGED
 Same address as OV (DHCP option)
AP
 AP is managed when Registration succeeds N

Trusted
 AP is Trusted ?
Un-Trusted
 Manually or automatically
Y
 AP is Licensed
N
 Enough AP Licenses on OV Licensed
Un-Licensed
 Country Code matches RF profile CC ?
 AP is unmanaged when Registration fails CC N

CC Mismatch
Match?
 AP is not Trusted
Y
 AP is not Licensed
Assign
 Country Code does not match the Country Code from
the RF Profile AP Group
 Configuration not applied & All Radios are off Apply

Configuration
AP Registration – Add-on
 The Registered APs are located under the Managed AP tab in Network > AP registration >
Access Point
 In case of Network growth, new APs are seen under the Unmanaged AP tab
 Trust the APs in order to register them
 Manually,with the Trust button

 Dynamically, by pre provisioning the MAC address of the APs with the Add button
 The Trusted APs are then displayed under the Managed AP tab.
AP Registration - Trust
Click on the image above to visualize the video

AP Registration - Whitelist

AP Registration - Import

AP Registration - Discovery & Topology Application

Troubleshooting
AP is not seen in the « Unregistered AP » tab
 Check the Managed tab  Check the network infrastructure
 The AP has been manually added and is  Management VLAN is missing
Missing route in a L3 network
automatically moved to the “Managed AP” tab 
 “IP helper” (IP of the DHCP server) not configured on the
OmniSwitch
 OmniVista 2500 is not ready

 The AP did not contact OmniVista  Check that all the OmniVista services are started
 Check option 138 on the DHCP Server: from the Watchdog
 Option 138 is missing  Expect a Status “Running” for all services
 Wrong IP address in the option 138
Follow us on…
Stellar Access Points Discovery in the OmniVista 2500 NMS
Objective
✓ Learn how to discover the Stellar Access Points in the OmniVista 2500 NMS
Contents
1 Briefing ......................................................................................... 1
2 Configuring the VLANs & IP Interface ...................................................... 2
2.1. Creating the VLANs .................................................................................... 2
2.1.1. Creating the MANAGEMENT VLAN (VLAN 40) ............................................................ 2
2.1.2. Verifying the VLAN Creation .............................................................................. 3
2.2. Configuring an IP Interface ........................................................................... 3
2.2.1. Creating the IP Interfaces on the OS6860 ............................................................... 4
2.2.2. Verifying the IP interface Creation ...................................................................... 4
3 Activating the IP Helper & Power over Ethernet (PoE) Features ....................... 5
3.1. About the IP Helper ................................................................................... 5
3.2. About the Interfaces .................................................................................. 5
3.3. Configuring the Features ............................................................................. 5
3.3.1. On the OS6860 .............................................................................................. 5
3.3.2. On the OS6560 .............................................................................................. 6
4 Discovering the Stellar Access Points ...................................................... 6

4.1. Registering the Stellar Access Points ............................................................... 6
4.2. Adding the Stellar Access Points into an AP Group .............................................. 7
5 Debriefing ...................................................................................... 8
6 Annex: Configuring the Option 138 ......................................................... 9
6.1. On Windows Server .................................................................................... 9
1
1 Briefing
Both OmniSwitches are now discovered by the OmniVista 2500, and ready to be configured. During this lab,
we will first setup some basic settings (VLAN, IP Interface, PoE…) on the OmniSwitches, then we will launch
the discovery process for the Access Points to be discovered in the OmniVista 2500.
CURRENT
TOPOLOGY
END OF LAB
TOPOLOGY
2
2 Configuring the VLANs & IP Interface
2.1. Creating the VLANs

First, let’s create the VLANs. The following VLAN must be created:
- VLAN 40 > MANAGEMENT: dedicated VLAN for the Stellar Access Points management.
Notes
The VLAN 1305 (BACKBONE) has already been created in a previous lab. It contains all the management
equipment (OV2500, DHCP Server…).
To create these VLANs on the OmniSwitches, we will use the OmniVista 2500 VLAN Manager feature.
Configure VLANs on both OmniSwitches
2.1.1. Creating the MANAGEMENT VLAN (VLAN 40)
> Select CONFIGURATION > VLANS > VLAN

> Click on Create VLAN by Devices button
1. Devices Selection
> VLAN IDs: 40
> VLAN(s) Description: MANAGEMENT
> Click on the Add/Remove Devices
> Click on Add All to select both OmniSwitches
> Click on OK
> Click on Next
2. VLAN Configuration
> Check that Admin Status = Enabled
> Click on Next
3. Default Port Assignment

> For each switch, click on Add Port
> Select the port 1/1/3
> Click on OK
> Click on Next
3
4. Q-Tagged Port Assignment

> Select the port 1/1/2
> Click on OK
> Click on Next
5. Review
> Review the information
> Click on Create
Tips
The VLANs can also be created on the OmniSwitches via command lines (CLI). Hence, the VLAN Manager feature
can be very interesting to use if the infrastructure is composed of a lot of OmniSwitches, and the same VLANs
must be created on some (or all) of them.
2.1.2. Verifying the VLAN Creation

> Next to the information “0 Devices”, click on ADD > Use Switch Picker
> Select 1 OmniSwitch (6560 or 6860)
> Click on Add
> Click on OK
> Check that the VLAN 40 appears in the list

> The VLAN 1305, created in the previous lab, should
also appear.
2.2. Configuring an IP Interface

Now that the VLANs have been configured, let’s create an IP interface on the OmniSwitch 6860. This will
be the IP interface for the management VLAN.
Configure the following IP interfaces:

- OS6860:
Name: int_management | IP@: 10.7.X.126/27 | VLAN: 40
4
2.2.1. Creating the IP Interfaces on the OS6860
> Select CONFIGURATION > VLANS > IP Interface

> Click on the + button
> Name: int_management
> IP Address: 10.7.X.126
> Subnet Mask: 255.255.255.224
> Device Type: VLAN
> VLAN ID: 40
> Devices: select the OS6860, then click on > to add it as selected
> Click on Create
Notes
No IP interface is configured on the OmniSwitch 6560 for the VLAN 40 (it will act as a “level 2” switch and will
redirect all the level 3 traffic to the OmniSwitch 6860).
Tips
The IP interfaces can also be created on the OmniSwitches via the Command Line Interface (CLI).
2.2.2. Verifying the IP interface Creation

> Click on Select a device
> Select Use Switch Picker
> Select 1 OmniSwitch (6860)
> Click on OK
> Click on Refresh
The following result should be displayed:

5
3 Activating the IP Helper & Power over Ethernet (PoE) Features

The Stellar Access Points that we are going to use during this training need to:
- Receive an IP Address from the DHCP Server > An IP Helper must be configured;
- Forward the Wi-Fi clients traffic to a default route > Create a static route;
- Have the switch interface where they are connected enabled;
- Receive power from the OmniSwitches > The Power over Ethernet (PoE) feature must be enabled.
Configure an IP Helper address on the OmniSwitch 6860;

Create a static route for the Wi-Fi Clients traffic
Enable the interfaces where the Stellar Access Points are connected;
Restart the PoE feature on the OmniSwitches 6560 and 6860 to force the Stellar Access
Points to reboot.
3.1. About the IP Helper

Once powered on, the Stellar Access Points will send a DHCP request on the VLAN 40. This request must be
relayed to the DHCP Server located on the VLAN 1305. Hence, we need to configure the IP helper feature
on the OmniSwitch 6860.
The DHCP Server will then send a DHCP Offer with the option 138 (IP address of the OmniVista 2500). Once
this option received, the Stellar Access Point will work in Enterprise mode.
Notes
The IP Helper feature is not configured on the OmniSwitch 6560. The OmniSwitch 6560 will act as a “level 2”
switch and will send the DHCP request to the OmniSwitch 6860, which will relay it to the DHCP Server.
Tips > Option 138

To learn how to configure the Option 138 on a Windows Server, click here.
3.2. About the Interfaces

The Stellar Access Points are connected to the interface 1/1/3 of each OmniSwitch.
3.3. Configuring the Features
3.3.1. On the OS6860
> Select CONFIGURATION > CLI SCRIPTING > Terminal

> Click on Browse
> Select 10.130.5.20X (OS6860)
> Click on OK
> Click on SSH

> Enter the username/password: admin/switch
> Click on OK
You are now connected to the OS6860. Enter the following command to enable the PoE:
> ip helper address 10.130.5.7
> interfaces 1/1/3 admin-state enable
> lanpower slot 1/1 service stop
Stop/Start the PoE to force the AP to reboot
> lanpower slot 1/1 service start
> ip static-route 0.0.0.0/0 gateway 10.130.5.253
6
3.3.2. On the OS6560
> Select CONFIGURATION > CLI SCRIPTING > Terminal

> Click on Browse
> Select 10.130.5.22X (OS6560)
> Click on OK
> Enter the username/password: admin/switch
> Click on OK
You are now connected to the OS6560. Enter the following command to enable the PoE:
> interfaces 1/1/3 admin-state enable
> lanpower slot 1/1 service stop
Stop/Start the PoE to force the AP to reboot
> lanpower slot 1/1 service start
The OmniSwitches are now completely configured. In the next part, we will discover the Stellar Access Points
in the OmniVista 2500 NMS.
4 Discovering the Stellar Access Points

Discover the Stellar Access Points in the OmniVista 2500
Add the Stellar Access Points in a new AP Group “APGX” (X = R-Lab Number)
4.1. Registering the Stellar Access Points

Now, let’s discover the Stellar Access Points.
> Select NETWORK > AP REGISTRATION > Access Points

> Select your Country/Region
> Select your Timezone
> Click on OK
Warning
DO NOT CHOOSE THE COUNTRY CODE USA, JAPAN OR ISRAEL AS THE STELLAR ACCESS POINTS USED IN THE
REMOTE LAB ARE NOT COMPATIBLE WITH THESE COUNTRY CODES.
> Click on Managed AP

> Check that 2 APs are displayed (AP1101 & AP1221: 10.7.X… with X = R-Lab number)
IF THEY DON’T APPEAR
> Click on Unmanaged AP

> Check that 2 APs are displayed (AP1101 & AP1221: 10.7.X… with X = R-Lab number)
> Select both
> Click on Change to Trust Status
> Click on OK
> Check that the Operation Status = Successful, then click on OK
7
4.2. Adding the Stellar Access Points into an AP Group

OmniVista does not manage individual APs. You must first add APs to AP Groups. The attributes configured
for the AP Group (e.g., Management VLAN, RF Profile) are applied to all APs in the group.
Once an AP(s) are assigned to a group, you configure the APs in OmniVista (e.g., Notification traps,
Resource Manager backups) by applying the configuration to the AP Group.
In OmniVista applications (e.g., Notifications, Resource Manager), rather than presenting the user with
individual APs when applying a configuration (as is done with AOS Devices), OmniVista presents the user
with the option of applying a configuration to AOS Devices and/or AP Groups.
Any configuration applied to an AP Group is applied to all APs in the group.
When an AP initially registers with OmniVista, the AP is placed into a pre-configured Default AP Group.
Let’s begin by creating the AP Group:
> Select NETWORK > AP REGISTRATION > AP Group

> Group name: APGX (X = R-Lab number)
> skip all the other parameters, read the Tips section below
> Click on Create
Tips
As you can see, several settings can be managed in the AP Group properties. Take the time to learn more about
each of them by clicking on the Help button
Now, let’s insert the APs in the AP Group:
> Select NETWORK > AP REGISTRATION > Access Points

> Select both APs
> Click on then Change Group

> Group name: APGX (X = R-Lab number)
> Click on Apply
> Check the status, then click on OK
8
5 Debriefing
During this lab, we have created the Management VLAN, which contains all the management data used by the
Access Points. We have also created a “trash” VLAN, which will contain all the “faulty” devices (not
authenticated, quarantined…). Then, we have enabled the PoE on the OmniSwitches to provide power to the
Access Points, and the IP Helper feature to redirect the APs DHCP requests to the DHCP Server. And finally,
we have discovered the Stellar Access Points in the OmniVista 2500 NMS. These Access Points can now be
managed from the OmniVista 2500 GUI.
9
6 Annex: Configuring the Option 138
6.1. On Windows Server
> Go to Control Panel > Administrative Tools

> Double click on DHCP
> Right click on IPv4
> Select Set Predefined Options…
> Click on Add…

> Name: Stellar-AP
> Data type: IP Address
> Code: 138
> Click on OK
> Select <Server FQDN> > Scope > Scope Options

> Right click on the main area > Configure Options
> Select the option 138
> Enter the OmniVista 2500 IP Address
> Click on OK
SSID Creation
Objectives
SSID Creation
At the end of this presentation you will be able to:
• Understand the SSID Usage profile
• Create a new SSID
SSID Creation
 How to create a new SSID?
 WLAN  « SSID » or « WLAN service (expert) »
 Simple SSID
 Wizard driven tool.
 Pre-defined Usage (Guest, Employee, BYOD,…).
 All the configuration is performed from the
wizard.
 Recommended mode
 WLAN service (expert)

 Manual configuration.
 Profiles, policies, users configured independently
and assigned then to the WLAN service.
 Limited usage for specific SSIDs.
Simple SSID
SSID Wizard – Step 1 « Create SSID »
 Name the « SSID Service »
 Unique name to identify a wireless service
 Multiple SSID service can share the same SSID
name
 Name the SSID

 Unique SSID name broadcasted in the air
 Select the SSID Usage

 Each usage leads to a predefined template
 Depending on the usage selected, one of

these option can be enabled:
 Enable BYOD Registration
 Use the Captive Portal
SSID Usage Templates
Usage
Enterprise Protected
Employee BYOD Protected
Guest Network Network for Network for
Network Network
Employees Employees (BYOD)
PSK followed by
Captive Portal 802.1X followed by
Captive Portal
Guest Captive Portal BYOD
Guest
Y Y Y
Captive Portal PSK followed by
Captive Captive
BYOD BYOD? Captive Portal BYOD
Portal? Portal?
N N N
802.1X
Open Pre-Shared Key
or MAC followed by
or MAC 802.1X (PSK)
SSID Security Level

SSID Wizard – Step 2 « Customize SSID »
 SSID Usage defines the parameters displayed.
 Minimal configuration contains:

 Basic Parameters
 Allowed Band: All, 2.4GHz or 5GHz
 Optional - Security Settings (Pre-Share Key, Encryption
type,…)
 Default VLAN/Network
 VLAN assigned to the SSID
 Optional - ACL/QoS rules applied to the SSID
 Authentication Strategy
 Select the Authentication source in « Advanced
Configuration » (Local Database, External Radius, LDAP/AD)
 Optional - Use the links « Manage Guest Accounts » to create
new users in the local database
 Optional – Select the RADIUS server used for the Guest SSIDs
SSID Wizard – Step 2 « Customize SSID »
 Based on the SSID Usage, optional strategies:
 Guest Access Strategy

 Link Customize Portal Page to change the appearance of the
Captive Portal
 Customize: Set the Login method (login & password, Access
code, Terms & Conditions), self registration.
 BYOD Access Strategy

 Link Manage Employee Account creates new users in the
local database
 Link Customize Portal Page to change the appearance of the
Captive Portal
 Customize: Set the Portal Page template, the Employee
Database used for the authentication, URL Redirection on
success
SSID Wizard – Step 3 « AP Group Assignment & Schedule »
 Apply the SSID to one or multiple AP Group(s)  Schedule the SSID broadcast: when is the SSID
broadcasted by the AP?
 Always available by default
Wlan Service - Prerequisite

Wlan Service - Enterprise

Wlan Service - MAC

Authentication
Authentication Security Level - Reminder
Open + Captive Portal
 Cons: No Security
 Pros: Followed by Captive Portal, any type of device can
be authenticated
MAC authentication
Level of Trust
 Cons: MAC can be spoofed, no traffic encryption
 Pros: Available for basic wireless devices (printers,
scanners,…)
WPA/WPA2/WPA3 Personal = Pre-Shared Key (PSK)
 Pros: Easy set up, strong keys can be difficult to hack
 Cons: But all keys can be hacked or stolen (key shared by
Authentication Method
all users)
WPA/WPA2/WPA3 Enterprise = 802.1X
 Pros: Strongest security, ease of Management, scalability
 Cons: More configuration during initial setup (server,
users)
Security – WPA3
Wi-Fi Alliance new Security Standard
Released in 2018, available on new end-user devices in 2019
All Stellar APs are WPA3 compatible with software upgrade
WLAN PERSONAL WLAN ENTERPRISE
 WPA/WPA2-Personal PSK (Pre-Shared Key)  WPA/WPA2-Enterprise replaced by WPA3-

replaced by WPA3-Personal SAE (Simultaneous Enterprise
Authentication of Equals)  Optional 192-bit security mode (CNSA option)
 Stronger Encryption Key (128 bits) □ CNSA enabled: Only wpa3 client authorized on the
 Offline dictionary attack resistance SSID
□ CNSA disabled: wpa2 or wpa3 clients authorized on
 No additional complexity to connect (user side) the SSID
□ CNSA option not enabled on AP1101 only
Appendix
WLAN Service (expert)
Appendix
Profile and Service List
WLAN Service
Access Policy
SSID
Authentication Associate to
Default AAA Authentication
• Open SSID name
Access Profile Strategy
• Personal Role 802.1X or
• Enterprise MAC
Profile 802.1X or MAC
Map to Assign
VLAN ID
AP Group
RF Profile
Specific
RF Profile
Assign Assign Assign

Appendix
WLAN Service (expert)
 WLAN Service is used to create
specific SSIDs not listed in the Simple
SSID tools. It contains the following
attributes
 Basic
 Enable SSID
 Hide SSID
 Set the Allowed Bands (2.4G , 5G)
 Security Settings
 Level (Open, Enterprise, Personal)
 MAC Auth
 AAA Profile
 Classification Status
 MAC Pass Alt
 Default Access Role Profile
 Advanced
 QoS Settings
Appendix
WLAN Service Security Settings
 In the Security Settings Section you must choose a Security Level
 Open, Enterprise, Personal
 You must also set a Default Access Role Profile

 A default WLAN Profile already exists
 You can create additional Profiles as needed
 Optional Security Settings are

 MAC Auth
 AAA Profile
 Classification Status
 MAC Pass Alt
Appendix
WLAN Service Security Settings Parameters
 The input fields for the Security Settings changes depending on
which security Level you choice
 Enterprise
 Need to Specify Encryption Type
 DYNAMIC_WEP, WPA_TKIP, WPA_EAS,
WPA2__TKIP, WPA2_AES, WPA3_AES
 802.1x Bypass is option field
 MAC Allow EAP is option
 AAA Profile is a mandatory fields
 Personal
 Encryption type is Mandatory
 WPA_PSK_TKIP, WPA_PSK_AES,
WPA_PSK_AES_TKIP, WPA2_PSK_TKIP,
WPA2_PSK_AES, WPA3_SAE_AES,
WPA3_PSK_SAE_AES
 Passphrase is mandatory
 Key Format
 AAA Profile is Mandatory
Appendix
WLAN Service and Access Role Profile
 The field Default Access Role Profile is mandatory in the WLAN Service
 An Access Role Profile contains the various UNP properties for the users assigned to this profile
 QOS Policy List
 Captive Portal Authentication
 Bandwidth Controls
 The Default Access Role Profile is assigned to the VLAN ID of the SSID
 Ex: If Guest SSID uses the VLAN 10  Assign the Access Role Profile to the VLAN 10
Appendix
WLAN Service and AAA Server Profile
 An AAA Server Profile is mandatory when
the security level is set to Enterprise or
Personal
 The AAA Server Profile defines
 802.1x Authentication Servers
 MAC Authentication Servers
 Captive Portal Authentication Servers
 Accounting Servers
 The Default UPAM Server can be chosen
by default
Appendix
External Captive Portal Integration
 Leading hotel groups, large retail chains, restaurant chains, and shopping malls re-enforce their
brands by leveraging their existing Wi-Fi networks to provide better in-door mobile experiences.
 Both Stellar Express and Enterprise supports External Captive Portal with External Captive Portal
and MAC authentication enabled.
CONFIGURATION REQUIRED
Both External Captive Portal and MAC authentication enabled
 If MAC authentication fails : Captive Portal Enforcement
 If MAC authentication succeeds : No Captive Portal enforcement
WLAN SERVICE ACCESS ROLE PROFILE

Follow us on…
Creation of a Secured Employee SSID
Objective
✓ Learn how to create a secured Employee SSID
Contents
1 Briefing ......................................................................................... 2
2 Creating the Service VLAN & IP Interface ................................................. 3
2.1. Creating the Service VLAN ........................................................................... 3
2.2. Configuring IP Interface .............................................................................. 4
3 Creating the Employee SSID ................................................................. 4
3.1. Creating the EmployeeX SSID ........................................................................ 5
3.2. Creating an Employee Account ...................................................................... 5
3.3. Back to… Creating the EmployeeX SSID ............................................................ 6
3.4. Assigning the SSID to the AP Group ................................................................. 6
4 Testing the Employee SSID ................................................................... 7
4.1. Checking the “Client PC” Virtual Machine Status ................................................ 7
4.2. Setting Up the VM Client to Connect to the EmployeeX SSID .................................. 8
4.3. Verifying the connection ........................................................................... 10
5 Monitoring the Connections................................................................ 11
5.1. UPAM Monitoring ..................................................................................... 11
5.2. Using the Locator .................................................................................... 11
6 Debriefing .................................................................................... 12
1
7 Annex: WLAN Service (Expert) ............................................................ 13

7.1.1. Creation of a WLAN Service profile (SSID) ............................................................ 14
7.1.2. AAA Server Profile ........................................................................................ 14
7.1.3. Access Role Profile ....................................................................................... 15
7.1.4. Apply the Access Role Profile to the Stellar APs ..................................................... 15
7.1.5. Authentication Strategy ................................................................................. 16
7.1.6. Access Policy configuration ............................................................................. 17
2
1 Briefing
Now that all the devices have been discovered in the OmniVista 2500 NMS, let’s create multiple SSIDs
(employee, guest…). In this first lab, we will focus on how to create a secured Employee SSID.
CURRENT
TOPOLOGY
END OF LAB
TOPOLOGY
3
Creating an SSID can be decomposed in several steps:

1. Create the VLAN 20. This VLAN will service the SSID “EmployeeX” (X = R-Lab Number). It will be
tagged from the Access Points to the OmniSwitches, and over the link between the 2 OmniSwitches.
2. Create the SSID and configure its options.
2 Creating the Service VLAN & IP Interface

Before creating the Employee SSID, let’s create the VLAN and IP interface that will be associated to this SSID
EmployeeX (X= R-Lab number) and that will carry the employee traffic.
2.1. Creating the Service VLAN
Create the VLAN 20 on both OmniSwitches
To create the VLAN 20 on both OmniSwitches, we will use the OmniVista 2500 VLAN Manager feature:

> VLAN IDs: 20
> VLAN(s) Description: EMPLOYEES
> Click on OK
> Click on Next
> Click on Next

> Skip this step (click Next)

> Select the ports 1/1/2 & 1/1/3 (both OmniSwitches)
> Click on OK
4
> Click on Next
5. Review
> Click on Create
Tips
can be very interesting to use if the infrastructure is composed of several OmniSwitches, and the same VLANs
must be created on some/all of them.
2.2. Configuring IP Interface

Now that the VLANs have been configured, let’s create an IP interface on the OmniSwitch 6860.
Create the associated IP Interface on the OmniSwitch 6860.

> Name: int_employees
> IP Address: 10.7.X.62 (X = R-Lab Number)
> Subnet Mask: 255.255.255.224
> Device Type: VLAN
> VLAN ID: 20
> Devices: select the OS6860, then click on Add > to add it as selected
> Click on Create
Tips
The IP Interfaces can also be created on the OmniSwitches via command lines (CLI).
3 Creating the Employee SSID

Now that we have the Employee VLAN and associated IP interface managed, let’s create the Employee SSID:
5
3.1. Creating the EmployeeX SSID
Create the SSID EmployeeX (X = R-Lab Number)
> Select WLAN > SSIDs > SSIDs

> SSID Service Name: EmployeeX (X = R-Lab number)
> SSID: <filled automatically>
> Usage: Enterprise Network for Employees
> Click on Create & Customize
Notes > About the “Usage”

During the SSID creation, a “Usage” is asked. When you select a Usage, relevant related default configurations
(Access Policy, Authentication Strategy, …) are automatically created.
Of course, these configurations can be customized. Check the OV2500 dedicated Help for more information.
> Allowed Band: All

> Encryption Type: WPA2_AES
Tips > Help Menu

As you can see, several settings can be managed in the SSID Creation properties. Take the time to learn more
about each of them by clicking on the Help button
Notes > UPAMRadiusServer

In this lab, for all the types of authentication, we will use the UPAM platform (Unified Policy Authentication
Manager) embedded in the OmniVista 2500.
UPAM is a unified access management platform for both AOS Switch Series devices and Stellar AP Series
devices. UPAM supports both captive portal server and RADIUS server; and can be used to implement multiple
authentication methods, such as MAC authentication, 802.1X authentication, and captive portal authentication.
Authentication Strategy
> RADIUS Server: UPAMRadiusServer
> Click on Manage Employee Accounts
3.2. Creating an Employee Account
Create the EmployeeX account (X = R-Lab Number)

> Username: EmployeeX (X = R-Lab Number)
> Password: password
> Click on Create
> Click on Close
Tips > Importing Employee Accounts Information

You can automatically import a xls/csv/xlsx file containing Employee Account information
by clicking on the Import button at the top of the screen. You can also download a template by
clicking on the import button then clicking on the template Download button.
6
3.3. Back to… Creating the EmployeeX SSID

Default VLAN/Network
> VLAN ID: 20
> Click on Save and Apply to AP Group
3.4. Assigning the SSID to the AP Group
Assign the freshly created SSID EmployeeX to the AP Group APGX created in the
previous lab
Now that the SSID EmployeeX has been created, the last step consists in assigning it to one or several AP
Group(s):
AP Group Assignment and Schedule

> Click on Change Selection
> Remove default group from the SELECTED tab
> Move APGX (X = R-Lab Number) from AVAILABLE to SELECTED
> Click on OK
> Click on Apply
> Check the result on the page that is displayed
Tips > Setting a Schedule

By default, the availability schedule for AP Groups is set to "Always Available". However, you can schedule
availability for specific times/days of the week. You can set the same availability schedule for all selected AP
Groups, or set different schedules for each group.
Now that we have finished the configuration of the SSID, let’s test it!
7
4 Testing the Employee SSID
Test the EmployeeX SSID by connecting on it via the EmployeeX account
4.1. Checking the “Client PC” Virtual Machine Status

Before beginning the test, let’s check that the “Client PC” virtual machine, that we will as WiFi Client, is
powered on and ready to use.

Once connected, on the left

panel, the list of the clients is
available.
means that the client is

powered OFF
means the client is

powered ON
To power on a virtual
machine, select it in the list,
then click on the icon

available in the top bar (ex.
StellarClient1)
Open Console in the
contextual menu
8
You are now connected to the

StellarClient virtual machine.
4.2. Setting Up the VM Client to Connect to the EmployeeX SSID
StellarClientX Virtual Machine

Open Control Panel >
Network and Sharing Center
Click on Set up a new

connection or network
9
Manually connect to a
wireless network
Click Next
Network name: EmployeeX (X

is your POD number)
Security type: WPA2-

Enterprise
Uncheck the box Start this

connection automatically
Click Next
Click on Change connection

settings
Go to Security tab
Uncheck Remember my
credential for this
connection each time I’m
logged on
Click on Settings
Uncheck Verify the server’s

identity by validating the
certificate
Click on OK, then OK again
Click on Advanced settings

Check Specify authentication
mode
Select User authentication
Click OK, and OK again
Click Close
10
Now, try to connect to the SSID EmployeeX:
Click on the icon

(bottom right)
Select the SSID EmployeeX (X

= R-Lab Number)
Click on Connect
Enter the credentials
Username: EmployeeX (X = R-
Lab Number)
Password: password
Click on OK
4.3. Verifying the connection

From the Stellar Client virtual machine, check that the connection has been successfully established:
- The IP Address of the Wi-Fi network card should be in the 10.7.X.32/27 range
- Ping the DHCP Server (10.130.5.7) and the OmniVista 2500 (10.130.5.5X)
11
5 Monitoring the Connections
Display the EmployeeX authentication record
5.1. UPAM Monitoring

The UPAM platform (Unified Policy Authentication Manager) is embedded in the OmniVista 2500 NMS. This
module is used to implement authentication (MAC authentication, 802.1x, Captive Portal…)
The Authentication Record Screen displays authentication information for all devices authenticated
through UPAM:
> Select UPAM > AUTHENTICATION > Authentication Record
In the Authentication Record List information, find the Stellar Access Point where your
Client Virtual machine (StellarClientX) is connected.
Notes > Client associated to a Stellar Access Point

The information asked in the question above can also be found in the WLAN > CLIENT > Client List
menu. Go check it out!
Tips > Employee Account Creation

Do you remember the EmployeeX account that you have created? You have done it via a shortcut, during the
SSID creation process. This shortcut leads to the … UPAM > Employee Account menu! Go and have a look at
this menu. You will find the EmployeeX account that you have created previously. From there, you can easily
create a new Employee account.
Another interesting feature that the OmniVista 2500 NMS offers is the ability to locate the AP, Switch
and/or slot/port that is directly connected to a user-specified station: it is the Locator application.
5.2. Using the Locator

Let’s imagine that you have several hundreds of employees account in your company. These accounts have
been created/imported in the UPAM > Employee account menu.
You want to locate where is connected (i.e. on which AP) the employee EmployeeX. One solution could be
to use the UPAM Authentication Record, or the WLAN Client List, but if there are several authentication
requests, finding the one that corresponds to EmployeeX could be difficult…
12
A specific application is available to answer this request: The Locator application.
> Select NETWORK > LOCATOR > Locate

> Select Search by: Auth. User
> Enter the username: EmployeeX (X = R-Lab Number)
> Click on Historical to switch to Live
> Click on Locate
From the Results screen, find on which Stellar Access Point the employee EmployeeX is
connected
6 Debriefing
During this lab, you have learned how to create a secured Employee SSID, and an Employee account. You
have also used the OmniVista 2500 features to get more information about the account that are connected to
the Employee SSID.
13
-ANNEXES-
7 Annex: WLAN Service (Expert)

- The deployment of an SSID consists in several steps:
- Creation of a "WLAN Service" profile (SSID)
- Creation of an "AAA Server Profile" (if do not exist)
- Creation of an "Access Role Profile" (if do not exist)
- Creation of an Access Policy (if do not exist)
- Definition of an Authentication Strategy (if do not exist)
- Create a Radius local employee account (if do not exist)
- Deployment of the profiles (templates) to AP-Group(s)
14
7.1.1. Creation of a WLAN Service profile (SSID)
OV2500 -> WLAN -> WLAN Service -> + (Create icon)
- Enter a Service Name and configure the profile as described below:

ESSID - EmployeeX
Hide SSID - Disable
Enable SSID - Enable
Allowed Band - All
Security Level - Enterprise
Encryption type - WPA2_AES
AAA Profile - AAA-Server-PODX
Default Access Role Profile - Access-role-employeeX
Notes: AAA server and Access role profiles can be created first prior to setup WLAN services but for
this exercise you will create specific profiles through the WLAN Service configuration screen.
7.1.2. AAA Server Profile
Tips: UPAM supports both captive portal and RADIUS server and can be used to implement multiple
authentication methods: MAC, 802.1X and captive portal authentication. User Profiles can be
supported in the OmniVista database or on external servers.
AAA Server Profile

- In the Security section, click on the “AAA Profile” field, select “+ Add New” and create the following
AAA Server Profile “AAA-Server-PODX”:
802.1X
Primary: UPAMRadiusServer
Captive Portal
MAC
Accounting Servers
802.1X
Captive Portal
MAC
Click on the Create icon.

You are then sent back to the WLAN Service page. In the Security section, select “AAA-Server-PODX” as the AAA
Profile.
15
Notes: In UPAM, there is a system-defined NAS Client Item (All Managed Devices). It cannot be
deleted and is used to indicate that all the devices managed by OmniVista are automatically added
into the NAS Client Database of UPAM and perform the AAA process.
The shared secret in the system-defined “All Managed Devices” NAS profile is “123456”.
7.1.3. Access Role Profile
Access Role Profile

Notes: In this exercise you will create a specific access role “Access-role-employeeX” profile even
if the use of the “defaultWLANprofile” should be enough for the test.
- In the Security section, click on the “Default Access Role Profile” field, select “+ Add New” and create
the Access Role Profile Access-role-employeeX.
- Keep the default values for all parameters.
- Click on the Create icon.
- Back to the WLAN Service page, in the Security section, select “Access-role-employeeX” as the Default
Access Role Profile.
- Click on the Create icon.
7.1.4. Apply the Access Role Profile to the Stellar APs
- Go to the submenu Access Role Profile on the left Panel.

- Select the checkbox next to the Access role profile “Access-role-employeeX” and click on the Apply to
Devices button to assign this profile to your APs.
- Do not change the Mapping method and enter the Vlan number “20” which is the EmployeeX VLAN.
- Click on AP Group “Add”.

- Select the AP Group APGX from the list on the left, add it to the section on the right and click on OK.
- Click on Apply.
16
- Check for success message.
- This is how the AP will map the Employee VLAN (20) to the EmployeeX SSID.
When the SSID uses Enterprise authentication, assign a AAA Server Profile and then create an Authentication
Strategy and Access Policy.
At this step, the AAA Server Profile is already assigned to the SSID. The Authentication policy and Access Policy
must be created.
7.1.5. Authentication Strategy
Notes: Authentication Strategy is used to set up a user profile source and login method (web page
or not) for authentication, as well as the network attributes applied after a successful
authentication.
OV2500 -> UPAM -> Authentication -> Authentication Strategy -> + (Create icon)
- Name the Strategy “User-PODX”, select the Authentication source as “local database”, “Access-role-
employeeX” as the default Access role profile and keep Web Authentication to none:
17
7.1.6. Access Policy configuration
Notes: Authentication Access Policies are used to define the mapping conditions for an
authentication strategy. Through Access Policy configuration, authentication strategy can be
applied to different user groups, which can be divided by SSID or other attributes.
OV2500 -> UPAM -> Authentication -> Access Policy -> + (Create icon)
- Create the access policy “User-PODX” that will define the previous strategy to apply for employee
authentication connected to SSID “EmployeeX”. The employeeX profile will use 802.1X with the UPAM
internal RADIUS server.
- In the Mapping Condition, select the SSID attribute and EmployeeX. Click on the + button.
- Keep “User-PODX” as the Authentication Strategy and click on Create.
Microsoft Active Directory Authentication
Objective
✓ Learn how to configure Microsoft Active Directory Authentication
Contents
1 Briefing ......................................................................................... 1
2 Declaring the Active Directory Server ...................................................... 2
3 Modifying the Authentication Strategy ..................................................... 2
4 Testing the AD Authentication .............................................................. 3
4.1. Verifying the connection ............................................................................. 3
5 Monitoring the Connections.................................................................. 4
5.1. UPAM Monitoring ....................................................................................... 4
6 Debriefing ...................................................................................... 4
1
1 Briefing
In the previous lab, we have learned how to create an Employee SSID, with the UPAM Server (embedded in
the OmniVista 2500) in charge of authenticating the clients.
In this lab, we will learn how to declare the Active Directory in the OmniVista 2500, and we will use it during
the authentication of clients on the SSID Employee.
CURRENT
SITUATION
END OF LAB
SITUATION
2
During this lab, we will:

- Reuse the Employee SSID
- Use an Active Directory already installed and configured to test this feature.
2 Declaring the Active Directory Server

First, let’s declare the Microsoft Active Directory Server in the OmniVista 2500 NMS:
Modify the Employee SSID’s authentication strategy to use the Active Directory as
Authentication Server.
> Select UPAM > SETTINGS > LDAP/AD Configuration

> LDAP/AD Server: select AD
> Server Type: AD
> NETBIOS Domain Name: COMPANY
> DNS Domain Name: company.com
> FQDN/IP address of Domain Controller: 10.130.5.130
> Username: ov2500
> Password: Alcatel.0
> AD Port: 389
> Click on Test Connection to test the connection to the AD

> If OK, click on Apply
3 Modifying the Authentication Strategy

Now that the Active Directory server has been declared, go back Employee SSID settings and modify the
Authentication Strategy.
Modify the Employee SSID’s authentication strategy to use the Active Directory as
Authentication Server.

> In the EmployeeX SSID column, select Authentication Strategy Name: EmployeeX
> Click on Edit
> Select External LDAP/AD
> Click on Apply
> Click on Close
3
4 Testing the AD Authentication

To test that the Active Directory authentication is working correctly, let’s try to connect to the EmployeeX
SSID.
First, remove the SSID EmployeeX from the known networks:
Click on the icon (bottom

right)
Click on Network Settings >

Manage known networks
Select EmployeeX, then click

on Forget
Then, login with the account Employee, already created in the Active Directory database.
Click on the icon

(bottom right)
Select the SSID EmployeeX (X

= R-Lab Number)
Click on Connect
Enter the credentials
Username: Employee
Password: Alcatel.0
Click on OK

- Ping the DHCP Server (10.130.5.7) and the OmniVista 2500 (10.130.5.5X)
4
Display the Employee authentication record

The UPAM Authentication Record Screen displays authentication information for all devices authenticated
through UPAM:
6 Debriefing
In this lab, we have learned how to declare the Active Directory in the OmniVista 2500. Then, we have
modified the Employee SSID settings in order to use the Active Directory to authenticate the clients which
connect to this SSID.
Unified Policy Authentication Manager (UPAM) - Guest
Lesson summary
Unified Policy Authentication Manager
(UPAM) – Guest
• Understand the UPAM application
• Configure a UPAM Guest access and the Guest operator
UPAM
Overview
Unified Policy Authentication Manager - UPAM
 UPAM applications
 Guest Access – Guest License required
 BYOD Access – BYOD License required
 UPAM consists of
 Guest Access
 BYOD Access
 A built-in RADIUS Server
 A built-in MAC Authentication Server
UPAM – Guest and BYOD Access
BYOD GUEST ACCESS
Employee user access the corporate Guest user are granted limited access
network with it’s personnal device to the corporate network
Authentication via a « BYOD » Captive Authentication via « Guest » Captive
Portal Portal
Captive Portal and employee users Captive Portal and guests users
managed in UPAM BYOD managed in UPAM Guest
UPAM - Services
Authentication Server
 Internal RADIUS server used to authenticate both Guest and BYOD users
E-mail server configuration
 Guest sponsor approval
External Log Server
 UPAM logs can be redirected to an external syslog server
Guest Access Management
 Dedicated Captive Portal and database
 Guest Access License : per device license model (not per account)
BYOD Access Management
 Dedicated Captive Portal and database
 BYOD Access License : per device license model (not per account)
UPAM – Authentication Strategy
Guests and Employees are authenticated by:

 Internal RADIUS Server (with a Local Database)
 External LDAP/AD and RADIUS servers

 LDAP Role Mapping: Option to assign Access Role Profile & Policy List based on AD attributes
In Authentication Strategy, specify the authentication server that will be used
UPAM – Authentication Strategy
 Advanced Options
 Network Enforcement
 Default Role of the user if the Authentication server
doesn’t return a role
 User session details (timeout, bandwidth,…)
 Web Redirection
 Web Authentication – which Captive Portal template
is returned
 Guest Access Strategy
 How the guest is managed (login strategy, self-
registration,…)
UPAM
Guest Access Strategy
UPAM – Guest Access Strategy
 Guest Access Strategy defines:
 Login Strategy
 How the Guest is authenticated: credentials, access code,
Terms & conditions.
 Post Portal Enforcement

 Provide a new Role to the guest after the portal
authentication.
 Self-registration strategy
 The sponsor can create it’s own username & password
 An Employee can validate the guest account creation
UPAM Guest
SSID Creation
UPAM – Guest Access SSID
 How it works  Workflow
 Create a Guest SSID with the usage « Guest
Network » Guest SSID
 Activate the Captive portal option Usage « Guest Network »
 Select the RADIUS server in the Authentication Authentication Strategy

Strategy Web redirection « Guest » CP
 Create a Guest account if the UPAM internal RADIUS server is
used

 In the Guest Access Strategy, define the login Login Method, Post Portal
method (username and password) and Post portal enforcement, self-registration
enforcement to restrict Guest traffic
Optional
 Assign a VLAN to the Guest SSID
Guest account creation in the local DB
Guest Tunneling
Guest Tunneling
Overlay Guest network while preserving Enterprise

security
 Control what traffic needs to be tunneled 6860/6900

 Tunnel per Access Role Profile from Access Point to
a OS6860/E or OS6900
 L2 GRE tunnel over L2/L3 networks
 OmniSwitch simplifies deployment with automatic
tunnel creation to AP IP
 Max 16 tunnel starts per AP AP AP
 6860/E  750 tunnel terminations
 6900  1000 tunnel termination
Guest 1 Guest 2
UPAM - Guest

UPAM - Guest Operator

UPAM - Guest Self Registration

UPAM - Guest Sponsor Approval

UPAM - Captive Portal Customization

Appendix
AD Role Mapping Procedure
Appendix
UPAM – Active Directory (AD/LDAP) Authentication with Role Mapping
 Setup Process
 Create an AD/LDAP server and test connection.
Appendix
 Setup Process
 Create an Authentication Strategy with External LDPA/AD as the source.
Appendix
 Setup Process
 Create an Authentication Strategy with External LDPA/AD as the source.
 Setup AD attribute / value based policies for granular control of role based access.
Follow us on…
User Role and Bandwidth Control
Lesson summary
User Role and Bandwidth Control
• Understand a user role
• Configure the bandwidth contracts and understand the
precedence system
User Role
User Role - Overview
Policy List:
 User Role = Policy List
"Policy-Guest"
 List of Policy Rules (QoS, ACLs)
 Action can be • Rule : "http-traffic"
 Accept/drop ➢ Action: Accept
 Bandwidth control • Rule: "Network-traffic"
 Priority, 802.1p, DSCP marking ➢ Action: Deny
 Application Policy Rules (DPI) • Rule: "Guest-speed"
 In Application Visibility, application/application ➢ Action: 1Mb/s
group Policy Rules can be set in a Policy List • Rule: "Guest-priority"
 Enforcement is bidirectional ➢ Action: 802.1p=3
 Policy List Assignment
 From RADIUS
 From Access Role Profile (Default Policy List)
 Built-in roles
 Redirection (UPAM)
Access Role
 Unauthorized (Time and Location based policy) Profile
RADIUS Server
User Role - Considerations
 Policy List configuration
 From the application Unified Access – Unified Policy
 From the SSID wizard – in Default WLAN Support “ACL/QoS”
 AP support
 Policy Rules / ACL
AP 1101 AP 1221/22 AP 1231/32 AP 1251

Number of Policy Rules 1K 2K 3K 2K
 Full Application Visibility signature kit (~2K application)

 Creation of Policy List, based on the L7 Application (Google, Facebook, …)
 Not supported on AP1101
Bandwidth Control
User Role – Bandwidth Control
 Bandwidth contract at SSID level

 Configured in “Advanced WLAN Service Configuration”
 Bandwidth shared for all user, per radio
 Bandwidth contract at Access Role Profile level

 Configured in “Advanced Access Role Configuration”
 Bandwidth assigned per user of the profile – Not shared
 Bandwidth contract at Role level

 A Policy List (ACL/QoS) can restrict the Bandwidth as an
action
 Bandwidth limited by the ACL/QoS Rule
User Role – User Bandwidth control Precedence
User Context
• Role / Policy List
• Access Role Profile
• SSID
Matches a
Matches N
DPI N Access Role N N
User an ACL in SSID set with No BW
application set with BW
Traffic the Policy BW Control ? Limitation
in the Policy Control ?
List ?
List? All User
Other User Other User
Traffic Traffic Y Traffic Y
Y
Y
User BW
Application Specific ACL Specific BW Enforcement Shared BW Enforced
BW Enforcement Enforcement
as per DPI Rule as per Access Role as per WLAN Service/SSID
as per Policy List Profile
User Role /Policy List Access Role Profile WLAN Service / SSID
Per User & Application BW Control Per User BW Control All Users shared BW
Follow us on…
Creation of a Guest SSID
Objective
✓ Learn how to create a Guest SSID
Contents
1 Briefing ......................................................................................... 2
2 Creating the Guest VLAN & IP Interface ................................................... 3
2.1. Creating the Service VLAN ........................................................................... 3
2.2. Configuring the IP Interface ......................................................................... 4
3 Creating the Guest SSID ...................................................................... 4
3.1. Creating the GuestX SSID ............................................................................. 5
3.2. Creating a Guest Account ............................................................................ 5
3.1. Back to… Creating the GuestX SSID ................................................................. 6
4 Testing the Guest SSID ....................................................................... 7
4.1. Connecting to the “Client PC” Virtual Machine .................................................. 7
4.2. Setting Up the VM Client to Connect to the GuestX SSID ....................................... 7
4.3. Verifying the connection ............................................................................. 8
5.1. UPAM Monitoring ....................................................................................... 8
5.1.1. Authentication Record ..................................................................................... 8
5.1.2. Captive Portal Access Record ............................................................................. 9
1
5.2. Using the Locator ...................................................................................... 9

6 Kicking/Banning a Device .................................................................... 9
6.1. Kicking a Device ...................................................................................... 10
6.2. Banning/Backlisting a Device ...................................................................... 10
7 Debriefing .................................................................................... 10
8 Annex: Restricting the Services ........................................................... 11
8.1. Creating Policies ..................................................................................... 11
8.1.1. Service Group ............................................................................................. 11
8.1.2. Create & Select the Services ........................................................................... 11
8.1.3. Back to… Service Group ................................................................................. 12
8.2. Back to… Create a new Policy ..................................................................... 12
8.3. Creating a Policy List ................................................................................ 12
8.4. Pushing the Policy List & Policies in the Network Devices ................................... 13
8.5. Applying the Policy List to a User ................................................................. 14
8.6. Testing the Configuration .......................................................................... 14
2
1 Briefing
In the previous Lab, we have learned how to create a secured Employee SSID, dedicated for the company’s
employee. Now, let’s see how to create a Guest SSID, dedicated for the guests.
CURRENT
TOPOLOGY
END OF LAB
TOPOLOGY
3
Creating an SSID can be decomposed in several steps (same way as in the previous lab “Creation of a Secured
Employee SSID”):
1. Create the VLAN 30. This VLAN will service the SSID “GuestX” (X = R-Lab Number). It will be tagged
from the Access Points to the OmniSwitches, and over the link between the 2 OmniSwitches.
2 Creating the Guest VLAN & IP Interface

Before creating the Guest SSID, let’s create the VLAN and IP interface that will be associated to this SSID
GuestX (X= R-Lab number) and that will carry the guests’ traffic.
2.1. Creating the Service VLAN
Create the VLAN 30 on both OmniSwitches
To create the VLAN 30 on both OmniSwitches, we will use the OmniVista 2500 VLAN Manager feature:

> VLAN IDs: 30
> VLAN(s) Description: GUESTS
> Click on OK
> Click on Next
> Click on Next

> Skip this step (click Next)

4
> Select the ports 1/1/2 & 1/1/3 (both OmniSwitches)

> Click on OK
> Click on Next
5. Review
> Click on Create
Tips
can be very interesting to use if the infrastructure is composed of several OmniSwitches, and the same VLANs
must be created on some/all of them.
2.2. Configuring the IP Interface

Now that the VLANs have been configured, let’s create an IP interface on the OmniSwitch 6860.
Create the associated IP Interface on the OmniSwitch 6860.

> Name: int_guests
> IP Address: 10.7.X.94 (X = R-Lab Number)
> Subnet Mask: 255.255.255.224
> Device Type: VLAN
> VLAN ID: 30
> Devices: select the OS6860, then click on Add > to add it as selected
> Click on Create
Tips
The IP Interfaces can also be created on the OmniSwitches via command lines (CLI).
3 Creating the Guest SSID

Now that we have the Guest VLAN and associated IP interface managed, let’s create the GuestX SSID:
5
3.1. Creating the GuestX SSID
Create the SSID GuestX (X = R-Lab Number)

> SSID Service Name: GuestX (X = R-Lab number)
> Usage: Guest Network (Open or Captive Portal)
> Do you want users to go through a Captive Portal? YES
> Captive Portal Type: OV-UPAM Captive Portal

Guest Network creates a network for Guest Users. It is suitable for setting up an Open Network with or without
a Captive Portal. This is typically used for Guests.
Of course, these configurations can be customized. Check the OV2500 dedicated Help for more information.
> Allowed Band: All
Tips > Help Menu

about each of them by clicking on the Help button
Authentication Strategy
> RADIUS Server: UPAMRadiusServer
> Click on Manage Guest Accounts
Notes > UPAMRadiusServer

In this lab, for all the types of authentication, we will use the UPAM platform (Unified Policy Authentication
Manager) embedded in the OmniVista 2500.
UPAM is a unified access management platform for both AOS Switch Series devices and Stellar AP Series
devices. UPAM supports both captive portal server and RADIUS server; and can be used to implement multiple
authentication methods, such as MAC authentication, 802.1X authentication, and captive portal authentication.
3.2. Creating a Guest Account
Create the GuestX account (X = R-Lab Number)

> Guest name: GuestX (X = R-Lab Number)
> Data Quota: Disable
> Click on Create
> Click on Close
6
3.1. Back to… Creating the GuestX SSID

> Portal Page: DefaultPortal
> Login by: Username & Password
> VLAN ID: 30
Tips > Customize Portal Page

The Captive Portal (the webpage where the guests are redirected when they try to connect to the network) is
customizable. By clicking on the Customize Portal Page option, you can choose between different templates
(=predefined Captive Portal styles). To fully customize the Captive Portal, go to UPAM > SETTINGS > Captive
Portal.
Test it if you are ahead of schedule!
Assign the freshly created SSID GuestX to the AP Group APGX created in the previous lab
Now that the SSID GuestX has been created, assign it to the AP Group(s) APGX:

> Click on OK
> Click on Apply
> Check the result on the page that is displayed (notice the differences between EmployeeX and GuestX
SSIDs)
7
4 Testing the Guest SSID
Test the GuestX SSID by connecting on it via the GuestX account
4.1. Connecting to the “Client PC” Virtual Machine


Open Console in the
contextual menu
4.2. Setting Up the VM Client to Connect to the GuestX SSID
Click on the icon

(bottom right)
Select the SSID GuestX (X = R-

Lab Number)
Click on Connect
A Web Browser automatically

opens
Username: GuestX (X = R-Lab
Number)
Password: password
Check I accept the Terms of
Use
Click on OK
8

- Ping the DHCP Server (10.130.5.7), the OmniVista 2500 (10.130.5.5X) and the UPAM Server
(10.130.5.7X)
Display the GuestX authentication record
5.1.1. Authentication Record

through UPAM:
In the Authentication Record List information, find the Stellar Access Point where your
Client Virtual machine (StellarClientX) is connected.
Notes > Client associated to a Stellar Access Point

The information asked in the question above can also be found in the WLAN > CLIENT > Client List
menu. Go check it out!
Tips > Guest Account Creation

Do you remember the GuestX account that you have created? You have done it via a shortcut, during the SSID
creation process. This shortcut leads to the … UPAM > Guest Account menu! Go and have a look at this menu.
9
You will find the GuestX account that you have created previously. From there, you can easily create a new
Guest account.
5.1.2. Captive Portal Access Record

To monitor the Captive Portal access:
> Select UPAM > AUTHENTICATION > Captive Portal Access Record

Let’s imagine that several hundreds of guests visit your company.
You want to locate where is connected (i.e. on which AP) the guest GuestX. One solution could be to use
the UPAM Authentication Record, or the WLAN Client List, but if there are several authentication
requests, finding the one that corresponds to GuestX could be difficult…
A specific application is available to answer this request: The Locator application.

> Enter the username: GuestX (X = R-Lab Number)
> Click on Historical to switch to Live
> Click on Locate
From the Results screen, find on which Stellar Access Point the guest GuestX is
connected;
Verify this information with the diagram available in the part below (7 – End of Lab
Diagram)
6 Kicking/Banning a Device
Now that we are sure that the StellarClient virtual machine is correctly connected to the Guest SSID, let’s see
how to kick him from the network, and ban it (blacklist it).
- Try to kick the StellarClient. Check that you can reconnect to the Guest SSID
- Try to ban/blacklist the StellarClient. Check that it is not possible to reconnect to
the Guest SSID until the StellarClient is removed from the blacklist.
10
6.1. Kicking a Device

To kick a device from the OmniVista 2500:
> Select UPAM > GUEST ACCESS > Guest Device

> Select the Client
> Click on KickOff
> Click OK to confirm
6.2. Banning/Backlisting a Device

If you have kicked the StellarClient, reconnect it to the Guest SSID before testing the blacklist feature.
To blacklist a device from the OmniVista 2500:
> Select WLAN > CLIENT > Client List

> Select the Client
> Click on Add to Blacklist
> Click OK to confirm
To remove the client from the backlist:
> Select WLAN > CLIENT > Client BackList

> Select the Client
> Click on
7 Debriefing
During this lab, we have created a VLAN dedicated for the Guests data traffic. Then, we have created the
Guest SSID and configured it to force the Guests to authenticate via a Captive Portal. Finally, we have
monitored the Guest (StellarClient virtual machine) connection, and we’ve seen that it was possible de
kick/ban a device from the OmniVista 2500.
11
-ANNEXES-
8 Annex: Restricting the Services

To configure network access control, we need to:
• Create policies to define what we will be authorized and what will not (telnet, SSH).
• Create a policy list which will contain the policies, and a precedence for each.
• Apply the policy list to a user (ex. GuestX)
8.1. Creating Policies
Create a policy which will regroup the forbidden services: telnet, SSH
Let’s begin with the creation of the Policy. In this Policy, we will deny the telnet and SSH protocols:
> Select UNIFIED ACCESS > UNIFIED POLICY

> Click on to add a new Policy
1. Config
> Name: DeniedServ
> Click on Next
2. Device Selection
> Click on both ADD buttons to apply the policy on all the network devices (OmniSwitches and AP
Group)
> Click on Next
3. Set Condition
> Select L4 Services
> Select Group
> Service Group: click on
8.1.1. Service Group

Now, let’s create a group containing the denied services:
Service Group
> Group Name: DeniedSrv
8.1.2. Create & Select the Services
Services
> Click on
> Service Name: telnet
> Destination Port: select TELNET (23)
> Click on Create
> Click on Finish
12
Services
> Click on
> Service Name: SSH
> Protocol: UDP
> Destination Port: select
> Name: SSH
> Port Number: 22
> Click on Create
> Click on Finish
> Destination Port: SSH

> Click on Create
> Click on Finish
8.1.3. Back to… Service Group
Service Group
> Select Services: Click on to add all the services
> Click on Create
8.2. Back to… Create a new Policy
3. Set Condition
> Service Group: DeniedSrv
> Click on Next
4. Set Action
> Click on QOS
> Disposition: DROP
> Click on Next
5. Validity Period
> Validity Periods: AllTheTime
> Click on Next
6. Review
> Review the information, then click on Create
> Click on OK
At the end of this step, a Policy has been created. This Policy contains the services that will be denied to
the users, when they will be authenticated. Creating a list of authorized services is not necessary, as one
“AcceptAllPolicy” is created by default (we will use it in the next part).
8.3. Creating a Policy List

Now that we have created the policy containing the denied services, let’s create a policy list that will
regroup and order the policies (1 – Deny services chosen in the previous part, 2 – Authorized the other
services)
13
> Select Unified Policy List in the left menu

> Click on to create a new Policy List
1. Config for Policy List

> Name: GuestsPolicy
> Add Unified Policy: select DeniedServ
> In the drop-down list at the bottom of the area (“Device-Default”), select OV-L3-AcceptAllPolicy
> Click on Next
2. Device Selection
> Click on ADD, then add all the devices (OmniSwitches and the AP Group APGX)
> Click on Create, then OK
8.4. Pushing the Policy List & Policies in the Network Devices
Once the Policies and the Policy List created, they must be pushed to the network devices:
> On the left menu, select:

> Unify Policies
> Click on Notify All (top right corner)
> Click on OK
> Unify Policy List

> Click on Notify All (top right corner)
> Click on OK
At the end of this step, we have:

- Created the Policy
- Created the Policy List
We have also pushed them on the network devices (OmniSwitches and Stellar APs contained in the AP
Group APGX).
14
8.5. Applying the Policy List to a User

Once all the settings configured, we will set up the OmniVista 2500 to apply the Access Role Profile once the
users (WLAN or LAN) authenticated:
Now that we have created Policies and inserted them in a Policy List, we must configure the OmniVista
2500 to apply this Policy List to a User when he/she has authenticated:
> Select UPAM > Guest Access > Guest Access Strategy
> Fixed Policy List: GuestsPolicy
> Click on Apply
8.6. Testing the Configuration

Try to perform a telnet and SSH connection to the gateway:
WIRELESS CLIENT VM
> Use Teraterm or CMD
> Choose Telnet > 10.7.X.62 (X = R-Lab Number)
> Choose SSH > 10.7.X.62 (X = R-Lab Number)
Warning
BEFORE PERFORMING THE TEST, BE SURE TO DISCONNECT AND RECONNECT THE VIRTUAL MACHINE FROM THE
NETWORK TO FORCE THE RE AUTHENTICATION AS THE POLICY IS APPLIED WHEN THE AUTHENTICATION IS
SUCCESSFUL.
Unified Policy Authentication Manager (UPAM) - BYOD
Objectives
Unified Policy Authentication Manager
(UPAM) – BYOD
• Understand and configure a BYOD access for employee
personal devices.
UPAM
BYOD Access
UPAM – BYOD Access
 How it works  Workflow
 Employee connects to the BYOD SSID and is
redirected to the Captive Portal BYOD SSID
 BYOD SSID is open with network access restrictions Usage « Employee BYOD Network »
 Employee provides its corporate credentials to Authentication Strategy

register his personal device Web redirection « Employee » CP
 Employee is now allowed to access the corporate

network BYOD Access Strategy
Authentication source (local DB,
external LDAP/AD, Radius)
Optional
Employee account creation in the local
DB
UPAM – BYOD Access and Employee Property
Alternate solution to Employee Account, BYOD device (MAC address) can be created by admin
 Referred as Company Property
Not accounted for the BYOD License count

UPAM – BYOD Access Strategy
BYOD Access Strategy defines:
 Authentication Source
 Login Strategy
 What is the Redirection URL after the
successful authentication.
 Post Portal Enforcement

 Provide a new Role to the employee after the
portal authentication.
UPAM - BYOD Access

Follow us on…
Creation of an Employee SSID for BYOD
Objective
✓ Learn how to create an SSID dedicated for Employees with personal
devices (BYOD: Bring Your Own Device)
Contents
1 Briefing ......................................................................................... 1
2 Creating the BYOD SSID ...................................................................... 2
2.1. Creating the BYODX SSID ............................................................................. 2
2.2. Back to… Creating the BYODX SSID ................................................................. 3
3 Testing the BYOD SSID ........................................................................ 4
3.1. Connecting to the “Client PC” Virtual Machine .................................................. 4
3.2. Connecting the VM Client to the BYODX SSID ..................................................... 4
3.3. Verifying the connection > After the Web Authentication ..................................... 5
4.1. UPAM Monitoring ....................................................................................... 5
4.1.1. Authentication Record ..................................................................................... 5
4.1.2. Captive Portal Access Record ............................................................................. 5
4.2. Using the Locator ...................................................................................... 6
5 Debriefing ...................................................................................... 6
1
1 Briefing
In the previous Labs, we have learned how to create a secured Employee SSID and a Guest SSID. Now, let’s
see how to create an Employees BYOD SSID, dedicated for the employees who want to bring and use their
personal device within the company network.
CURRENT
TOPOLOGY
END OF LAB
TOPOLOGY
2
Creating a BYOD SSID can be decomposed in several steps:

1. For this SSID, no additional VLANs need to be created: we will reuse the VLAN 20 (Employee) and 30
(Guest). The BYOD employee device will first be in the VLAN Guest (pre-authentication). Once
authenticated via a Captive Portal, it will be move to the Employee VLAN.
2 Creating the BYOD SSID

Let’s create the BYODX SSID:
2.1. Creating the BYODX SSID
Create the SSID BYODX (X = R-Lab Number)

> SSID Service Name: BYODX (X = R-Lab number)
> Usage: Employee BYOD Network

Employee BYOD Network > create a network for employees connecting with their own devices. Suitable for
setting up an Open Network for Employee BYOD devices. Access to the network is granted after BYOD portal
authentication.
3
> Allowed Band: All
Tips > Help Menu

about each of them by clicking on the Help button.
BYOD Access Strategy

> Fixed Access Role Profile: _EmployeeX (X = R-Lab Number)
Tips > Fixed Access Role Profile

Access Role Profile assigned to the BYOD device after it is authorized. After being authenticated, the client will
have the “employee rights”. It will be, for example, moved to the VLAN Employee (VLAN 20)
Tips > Employee Account

During this lab, we will not create a new employee account, as we already have created one (“EmployeeX”) in
the “secured Employee SSID” lab.
2.2. Back to… Creating the BYODX SSID

> VLAN ID: 30
Notes > VLAN ID

The VLAN ID to insert is the default VLAN: by default, the personal device will be put in the VLAN
30 (Guest VLAN). Then, after the authentication via the Captive Portal, the personal device will be
transferred to the VLAN 20 (Employee VLAN).
Assign the freshly created SSID BYODX to the AP Group APGX created in the previous lab
Now that the SSID BYODX has been created, assign it to one or several AP Group(s):

> Click on OK
> Click on Apply
> Check the result on the page that is displayed
4
3 Testing the BYOD SSID
Test the BYODX SSID by connecting on it via the BYODX account
3.1. Connecting to the “Client PC” Virtual Machine


Open Console in the
contextual menu
3.2. Connecting the VM Client to the BYODX SSID

Click on the icon

(bottom right)
Select the SSID BYODX (X = R-

Lab Number)
Click on Connect
A Web Browser automatically

opens
Username: EmployeeX (X = R-
Lab Number)
Password: password
Check I accept the Terms of

Use
Click on OK
5
3.3. Verifying the connection > After the Web Authentication

From the OmniVista 2500, check that the StellarClientX virtual machine is now in the VLAN 20 (Employee):

> Browse to the List of Clients on All APs section
> Locate the Client StellarClientX, then find the VLAN information
Display the BYODX authentication record
4.1.1. Authentication Record

The UPAM platform (Unified Policy Authentication Manager) is embedded in the OmniVista 2500 NMS. This
module is used to implement authentication (MAC authentication, 802.1x, Captive Portal…)
through UPAM:
4.1.2. Captive Portal Access Record

To monitor the Captive Portal access:
> Select UPAM > AUTHENTICATION > Captive Portal Access Record
6

> Enter the username: EmployeeX (X = R-Lab Number)
> Click on Locate
From the Results screen, find:

- On which Stellar Access Point the guest BYODX is connected;
- On which OmniSwitch this Stellar Access Point is connected;
- On which slot/port of this OmniSwitch the Stellar Access Point is connected.
Verify this information with the diagram available in the part below (6 – End of Lab
Diagram)
5 Debriefing
In this Lab, we have learned how to create an Employee SSID, dedicated for the employees who want to use
their personal device within the company network (BYOD, Bring Your Own Device).
RF Management and Optimization
Lesson Summary
RF Management and Optimization
• Understand and configure the RF profile
RF Management
Distributed Radio Management - DRM
 Fully distributed control Plane
Over the Air
 Each AP communicates with its neighbor APs Control Plane
 Over to air protocol : neighbor AP discovery
 Over the LAN protocol : RF management
 RF context sharing Stellar AP Stellar AP
Channel utilization & interference, number or clients per
band, radio & AP, power… Over the LAN
Control Plane
 Each AP can take RF action (try, wait, retry mechanism)
 Limited to neighbor APs Edge Switche Edge Switche
 Does no rely on AP Group or AP management

vlan
Layer 2/3
 Concept of RF Profile Network Infrastructure
 Use default or new RF Profile

 RF Profile applied to AP Group or at AP level
 Country Code set in the RF Profile
Distributed Radio Management - DRM
OmniVista
AP Group 1: AP 1,2,3,4,6 => RF Profile Profile1
AP Group 2: AP 5,7 => RF Profile Profile2
AP7 explicitly assigned to RF Profile Profile2
LAN
RF App
MGT VLAN 1 MGT VLAN 2 Over the LAN RF management
Scope = Adjacent APs
AP Group 2
AP 2
AP 1
AP 3 AP 5
AP 4
AP 6 AP 7
AP Group 1
Over the Air Discovery

RF Management – OmniVista
RF Profile configuration
 Name / Description & Country Code
 Smart Load Balance
 Scanning
 Band , Channel & Power

RF Management – OmniVista
RF Profile
 Dynamic Radio Management
(DRM) channel list selection
 Admin can specify a list of

channels that will be used by
the Auto Channel Selection
(ACS)
 Only for the 5GHz band (and
5GHz Low and High)
 Select enough channels to avoid
interferences between APs
SMART Air Share
In SSID, Advanced WLAN Service configuration

 Granular controls to improve the WiFi
experience for 802.11a/n clients (High quality
WiFi)
 2.4G client minimum data rate control 

Advanced control (recommended value 12)
 5G client minimum data rate control
Advanced control (recommended value 24)
 2.4G MGMT beacon rate control

 5G MGMT beacon rate control
SMART Load Balance
Band Steering
 Steer client to 2.4Ghz or 5Ghz Radio/Band
 5GHz always preferred
 Or forced with the 5GHz enforcement option
 Decision based on
 Client count per Radio/Band & Channel utilization (overloaded)
Dynamic Load Balance
 Clients Load Sharing between AP
 Decision based on client count per AP
Client SNR Threshold
 Client Signal to Noise Ratio in db (noise floor ~95dbm)
 Deny connection to APs when signal of client is too weak
 Disconnect a client when the signal of this client becomes weak
 Default value : 2.4G =18db , 5G = 12db - Range 0-40 db
SMART Load Balance – Band Steering
DUAL RADIO
Diff. = 5G Client Number – 2.4G Client Number
(Threshold:10)
AP
TRI RADIO
• Pri-Diff. = 5G High Client # – 2.4G Client #
(Threshold:10)
• Sec-Diff. = 5G Low Client # – 2.4G Client #
(Threshold:10)
Overloaded: A channel is considered overloaded when its average medium utilization over the span of a minute exceeds 70%.
SMART Load Balance – Dynamic Load Balance
AP1 New Client AP2

1. Broadcast Join Request 1. Broadcast Join Request
AP 2. Reply to Client
3. New Client joins AP2
1. Broadcast Join Request
 Every AP learns the neighboring

 When a new client appears, each AP will set up a timer AP3
based on its connecting clients
 When the timer ends, AP will respond to the new client
 The new client is guided to connect to the lightest
loaded AP
Scanning
Background scanning
 Each radio can periodically scan the air – One channel at the time
 During scanning wireless clients are impacted – no 802.11 data
 Scanning is required for WIPS
 Interfering& Rogue AP detection
 Wireless attack detection
Scanning Interval and duration

 Default interval = 5 sec – Range = 5-10 sec
 Default Duration = 20 ms – Range = 20-110 ms
Dedicated AP scanning mode
 AP only used to scan the air in order to the quality of the wireless environment
Voice and Video Awareness
 Bypass scanning when the AP has an active voice or video session from a client
 SIP and H.323 traffic detected
Band, Channel and Power settings
Per band configuration (2.4G, 5G (all), 5G High and 5G Low)
Channel and Power settings mode
 Auto mode
 The Channel number and power setting are automatically set & adjusted
 Optimal settings to minimize interferences and maximize wifi coverage
 Decision based on the RF context shared between neighbor APs
 Does not depend on background scanning configuration status
 Channel width still needs to be set
 Explicit mode
 The Channel number, channel width and power setting are manually set
 Channel number restriction per Country Code
 Channel width for 2.4G: 20Mhz (default) or 40 Mhz
 Channel width for 5G, 5G Low, 5G High: 20Mhz , 40 Mhz (default), 80Mhz or 160 Mhz
 Power: Auto or value in 3-23Dbm
Short Guard Interval

 Used to improve the overall throughput of the AP
RF Optimization and Recommendation
Smart Load Balance Per Band Info
Band Steering Enable

Short Guard Interval Enabled
If RF environment it not good and clients are crowded,
Signal Strength/Client SNR Keep default threshold then it should be disabled
Threshold • Low value recommendation is 10, many weak client
can associated, overall throughput is low.
• High value recommendation 25, weak client cannot
Channel & Power Auto Mode
associate, overall throughput is better.
It is recommended to use auto channel & power
instead of static setting.
Dynamic Load Balance Enabled In R3.0, Heatmap will have different view if the power
is changed in RF Profile, but channel setting is not
Scanning reflected in heat map
Background scanning Enabled Channel Width Keep Default settings

Only required for WIPS Narrow width for dense AP deployment
Scanning Interval Keep default setting Large width for sparse AP deployment
Scanning Duration Keep default setting

•Higher scanning interval or lower scanning duration means
intrusions are less likely being detected but client performance
will be better
•Lower scanning interval or higher scanning duration
means intrusions are more likely being detected but client
performance will be lower.
Voice and Video Enabled

Awareness
RSSI
Received Signal Strength Indicator (RSSI)
How well a device can hear a signal from an access point
 Indicates the quality of the signal received by the access point
CLI
-> wlanconfig ath01 list
CLIENT LIST
RSSI values
RSSI dBm RSSI dBm RSSI dBm
10 -86 21 -75 29 -67
11 -85 22 -74 30 -66
12 -84 23 -73 31 -65
13 -83 24 -72 32 -64
14 -82 25 -71 33 -63
15 -81 26 -70 34 -62
16 -80 27 -69 35 -61
17 -79 28 -68 36 -60
18 -78 37 -59
OK – not bad
19 -77 38 -58
20 -76 39 -57
40 -56
Bad
Not recommended for Video or Audio 41 -55
applications 42 -54
Desired and recommended 43 -53
Follow us on…
Radio Frequency Settings Configuration
Objective
✓ Learn how to configure the RF (Radio Frequency) Settings
Contents
1 Briefing ......................................................................................... 1
2 Creating an RF Profile ........................................................................ 1
2.1. General Settings ....................................................................................... 1
2.2. Smart Load Balance ................................................................................... 1
2.2.1. Band Steering ............................................................................................... 1
2.2.2. Exclude MAC OUI ........................................................................................... 1
2.2.3. Force 5 GHz ................................................................................................. 1
2.2.4. Association RSSI Threshold ................................................................................ 2
2.2.5. Roaming RSSI Threshold ................................................................................... 3
2.3. Per Band Info ........................................................................................... 3
2.3.1. Default Setting .............................................................................................. 3
2.3.2. Band .......................................................................................................... 3
2.3.3. Channel Setting ............................................................................................. 3
2.3.4. Channel DRM ................................................................................................ 3
2.3.5. Channel List ................................................................................................. 3
2.3.6. Channel Width .............................................................................................. 3
2.3.7. Power Setting ............................................................................................... 3
2.3.8. Short Guard Interval ....................................................................................... 3
3 Assigning the RF Profile to an AP/AP Group ............................................... 4

4 Debriefing ...................................................................................... 4
1
1 Briefing
In the OmniVista 2500, and for Stellar Access Points, the Radio Frequency settings management is done via
“RF Profiles”. A RF Profile contains all the radio frequency settings. Once created, it must be assigned to an
AP or AP Group.
2 Creating an RF Profile
2.1. General Settings
> Select WLAN > RF > RF Profile

> Name: My_RF_Profile
> Country/Region: <select your country/region>
2.2. Smart Load Balance

Smart Load Balance (SLB) is a feature that improves the user experience when accessing wireless
connectivity by guiding a user's client device to connect to a free wireless channel or AP and denying
access to APs with weak signal.
2.2.1. Band Steering

Band Steering controls the behavior of dual band clients and encourage them to use the 5 GHz band,
which is generally less-congested and provides higher speed.
Warning > Why Band Steering is disabled by default?

To function properly, band steering generally assumes that the coverage areas on both the 2.4 GHz bands and 5
GHz bands are the same, or at least roughly equivalent. However, band steering will prove problematic if
coverage on 5 GHz is significantly weaker and has coverage holes, as compared to coverage for 2.4 GHz.
It can also cause problems. For example, a 5 GHz-capable device is automatically redirected to the 5 Ghz band
by the band steering feature, even if the 5 GHz signal is low.
Solution:
- Design your networks for simultaneous 5 GHz and 2.4 GHz coverage.
- For existing deployments where this may not be feasible, and your coverage is quite different on both bands,
avoid using band steering or use the Exclude MAC OUI feature explained below.
2.2.2. Exclude MAC OUI

Excludes MAC OUI for band-steering (if Band Steering is enabled). The client will not utilize Band Steering
and will be allowed to connect to the wireless band. This setting may be preferable for certain legacy and
latency sensitive clients (e.g., scanners, MIPT Phones).
2.2.3. Force 5 GHz

With force 5 GHz, a dual-band client device will only be allowed to connect to the network on the 5 GHz
band, and any requests to connect on the 2.4 GHz band will be ignored. This mode works quite well when
the signal strength is good on the 5 GHz band but will prove problematic if there are weak coverage areas
on 5 GHz because the network will not allow the client device to “fall back” to the 2.4 GHz network.
2
2.2.4. Association RSSI Threshold

This feature is used to set thresholds to optimize connectivity when associating with an AP by forbidding
client access to networks with a weak wireless signal (RSSI, Received Signal Strength Indicator). Clients
with an RSSI value lower that the Association RSSI Threshold will not be allowed to connect to the AP.
- Find the RSSI value of your StellarClient virtual machine (we will consider in the lab
that this RSSI value is too low to connect to the SSIDs created previously)
- Modify the Association RSSI Threshold to make StellarClient RSSI too low to connect
the SSIDs created previously
- Find the StellarClient signal strength Value
> Before doing this, be sure that the StellarClientX virtual machine is connected to one of the SSIDs
created in the previous labs!

> Double click on the Client in List of Clients on All APs
> Check (and note) the RSSI value (ex. 70)
- Now, we are going to assume that the StellarClient signal strength (ex. -18 dBm) must be considered
too weak to connect to the AP. To do so, we will set the Association RSSI Threshold to a value greater
than the client RSSI value:
Notes > RSSI vs dBm
dBm and RSSI are different units of measurement that both represent the same thing: signal strength. The
difference is that RSSI is a relative index, while dBm is an absolute number representing power levels in mW
(milliwatts).
In the OmniVista 2500 NMS:

- The clients signal strength is given in dBm
- The Stellar AP’s RF settings are configured in RSSI
For this exercise, we need to translate the client signal strength from dBm to RSSI. To do so, please refer to
the following table (to convert the RSSI value to dBm you just need to rest 96 to the RSSI value):
dBm -20 -19 -18 -17 -16 -15 … -10

RSSI 76 77 78 79 80 81 … 86
> Go back to WLAN > RF > RF Profile

> Select the profile My_RF_Profile
> Modify the Association RSSI Threshold for all the bands to a value much higher than the Client
value (ex. 90, which is higher than -18 dBm = 78)
Notes
We will test this management in the next part, as the RF Profile must be first applied to the desired AP or AP
Group.
3
2.2.5. Roaming RSSI Threshold

This feature is used to set thresholds to optimize connectivity when roaming by forbidding client access to
networks with a weak wireless signal (RSSI). Clients with an RSSI value lower than the Roaming RSSI
Threshold value will be guided to roam to another AP with a better transmission signal.
2.3. Per Band Info
Disable all the 5G Band (All, Low, High)
2.3.1. Default Setting

Disable to set custom bandwidth settings. Enable to reset bandwidth settings to default values.
2.3.2. Band
Configure the working radio for the AP.
2.3.3. Channel Setting

Configure the working channel of the radio (auto = dynamically assigned via ACS, Auto Channel Selection)
2.3.4. Channel DRM

Enables/Disables the channel scope specification definition that will be applicable for Auto-Channel
Selection.
2.3.5. Channel List

Specify the channel list that will be applicable for Auto-Channel Selection.
2.3.6. Channel Width

Configures the channel width for 2.5 and 5G radio. Channel width is used to control how broad the signal
is for transferring data. By increasing the channel width, you can increase the speed and throughput of a
wireless broadcast. However, larger channel width brings more unstable transmission in crowded areas
with a lot of frequency noise and interference.
2.3.7. Power Setting

Configures the transmit power of the wireless radio.
2.3.8. Short Guard Interval

Guard Interval is used to ensure that distinct transmissions occur between the successive data symbols
transmitted by a device. This would provide approximately an 11% increase in data rates. However, using
the Short Guard Interval will result in higher packet error rates when the delay spread of the RF channel
exceeds the Short Guard Interval, or if timing synchronization between the transmitter and receiver is not
precise.
Validate the creation of the RF Profile:
> Click on Create

4
3 Assigning the RF Profile to an AP/AP Group
> Select NETWORK > AP REGISTRATION > AP Group

> Select the AP Group APGX (X = R-Lab Number)
> Click on Edit
> RF Profile: My_RF_Profile
> Click on Commit
Notes
Note that it is also possible to assign an RF Profile to a specific AP (instead of an AP Group). To do so, go to the
NETWORK > AP REGISTRATION > Access Points menu.
Tips
The RF Profile can also be created directly from the AP/AP Group, in the Edit mode, by clicking on Add New:
Now that the RF Profile My_RF_Profile is applied to the APGX Group, try to connect to
one SSID from the StellarClient virtual machine.
Notes
StellarClient RSSI = 70 < Association RSSI Threshold = 90, so it is not possible for the StellarClient (and other
devices with an RSSI less than 90) to connect to any SSID broadcasted by the APGX Group.
PENDING …
4 Debriefing
During this lab, we have learned that the OmniVista 2500 provides an easy way to manage the Stellar Access
Points radio frequency settings.
We have also learned that a lot of settings are available and can be enabled or disabled depending on the
infrastructure deployed.
Layer 2 Mobility and Roaming
Lesson summary
• Understand the Layer 2 Roaming.
• Configure the Fast Roaming
Overview
Overview
WiFi Enterprise only
 In WiFi Express, roaming is limited to L2 only within the same cluster
Fast Roaming
L2 Roaming L2 Roaming
L3 Roaming
Roaming relies on client context sharing between over the air adjacent APs
L2 or L3 Roaming selection based on the client VLAN between "home" and "foreign" AP
L3 Roaming based on L2 GRE tunnel between "home" and "foreign" AP
Configuration
L2 Roaming always enabled
L3 Roaming disabled by default

 L3 Roaming configured in the Advanced WLAN
Service Configuration
Fast Roaming disabled by default

 Fast Roaming configured in the SSID
 OKC only for Enterprise and WPA2
 802.11r only for WPA2 (both Personal and
Enterprise)
Client Context Sharing
AP Discovery Protocol
 Each AP learns about its “over-the-air” adjacent APs and their IP addresses
 No dependency on AP Groups and Management VLAN
 Limited to AP managed by the same OmniVista
Client context shared with adjacent APs

 Over the LAN infrastructure
 IP based protocol
 Add/Del Message
 On Client Association, AP sends a Add message to all adjacent APs
 On Client Dis-association, AP sends a Del message to all adjacent APs
Upon Roaming, client context removal mechanism

 Del Message triggered on the “old” AP upon Add Message from the “new” AP
Network OmniVista
Over-the-LAN Client
Context sharing
Edge Switch
Access Point
Over-the-air AP discovery
Client Client Client Client

Context Context Context Context
Client
Client Context
Client Context Content
Client network Content AP Context Fast Roaming

• SSID & WLAN service • MAC Address • PMKSA cache
• MAC Address • IP Address • FT PMK R0/R1 cache
• IP Address • OV IP Address
• Currently assigned Unified Access
- VLAN ID
- Access Role Profile
- Policy List
- Redirect-URL
- Captive Portal status
On Receiving AP, Add/Del Message discarded when

 AP is not managed by the same OV
 AP does not have the WLAN service
Roaming conditions
Client Context exists on WLAN service and Access Client Context VLAN ID = Roaming Results
the new AP? Role Profile exist in the VLAN ID mapped to the
Client Context on the Access Role Profile on
new AP? the new AP?
No - - No Roaming, new client
Yes No - No Roaming, new client
Yes Yes Yes L2 Roaming
Yes Yes No L3 Roaming
Layer 2 and Layer 3 selection based on the management VLAN between the "home" and "foreign"
AP.
FAST Roaming
FAST Roaming
Improve handoff times during roaming
 Remove RADIUS authentication
 Optimize authentication handshake
 Require key caching
Support OKC (802.11k) and 802.11r

Configurable on the WLAN Service
 OKC only for Enterprise and WPA2
 802.11r only for WPA2 (both Personal and Enterprise)
If Fast Roaming not enabled, standard Roaming

FAST Roaming
OKC / 802.11k
 PMK (Pairwise Master Key) caching
 Client can provide the PMKID in the association request (802.11k)
 If 802.11k not supported by client, AP uses the cached PMK
 Re-auth reduced to 4-way handshake to establish transient keys PTK/GTK (Pairwise/Group
Transient Key)
 PMK caching always stored in client context even when OK disabled
802.11r / Fast BSS Transition (FT)

 Initial handshake for PTK/GTK with the new AP is done before the client roams to the target AP
 New capability in the 802.11 authentication request
 FT protocol modes
 Over-the-AirFT Roaming
 Over-the-DS (Distribution System) FT Roaming
 Eliminates much of the handshaking overhead while roaming, thus reducing the handoff times
 FT PMK R01/R01 only cached when 802.11r enabled
Sticky Client Avoidance
Sticky Client avoidance
Goal: Optimize client distribution among APs
 In case of user roaming, suggest to the client to best new Access Point, based on availability and
RSSI.
Roaming RSSI: Guiding to roam threshold 802.11v (BSS Transition Management):

 Located in the RF Profile Obtain Roaming target APs
802.11k: Guide client to roam to best
connection AP
L2 Roaming
L2 Client Roaming

Guidelines
Identify the Roaming mode
 Check the roaming conditions
 Based on the VLAN ID between the "home" and
"foreign" AP, select either:
 Layer 2 Roaming
 Layer 3 Roaming
 Check the security level of the SSID

(WPA/WPA2, Enterprise/Personnal)
 With WPA2 Enterprise only, OKC can be activated
 With WPA2 only, 802.11r (Fast Roaming) can be
activated (recommended)
Check the Radio coverage
Use the Heat Map application to check the radio coverage
 Select the 2.4GHz and 5GHz in the filters as they don't have exactly the same radio coverage
No overlap
Overlap
KO OK
No Radio overlap, no Roaming Radio overlap, Roaming available
Neighbor AP
Radio
coverage
 In some cases, the Stellar APs are hole
geographical neighbors but can't see each
other through the air (i.e: corridor with right No client
context
angles,…). sharing
 The client context can't be shared. No roaming.
 Solution:
 On both AP, add statically the neighbor Stellar AP
from the list of known AP.
 The client context can be shared through the LAN
and the client can roam.
 Select the AP in the AP Registration > Access
Point view and click on the hyperlink
"Neighbor AP"
 Click on the Edit button and select the neighbor
AP from the list
 Repeat the process for the second AP
Sticky client avoidance
The roaming decision is made by the client device.
 But some devices will stick to the AP they were previously associated to.
Use the Roaming RSSI Threshold in the RF profile.

 Use in conjuction with 802.11k and 802.11v
 Value range is 0-100
 Recommended value for 2.4GHz : RSSI = 10
 Recommended value for 5GHz : RSSI = 15
The Roaming RSSI Threshold controls the signal strength a client needs to see before searching for
another site.
 If the RSSI threshold is too low, the client remains on a low signal strength site, even with a
stronger site nearby.
 If the RSSI threshold is too high, the client roams too much that could result to packet loss.
Miscellaneous
 Background scanning
 When a user roams, his real time traffic can be
interrupted if the new AP on which he is
connected is using the background scanning.
 No impact on the voice traffic.
 The AP is voice aware and will deactivate the background
scanning when a voice call is detected.
 Other real-time traffic can be impacted.
 Solution:
 Deactivate the Background scanning on the
Stellar APs
 Install new Stellar APs in the network, acting as
dedicated scanning APs
 Please note that this solution requires
additional Stellar APs in the network
Follow us on…
Lesson Summary
L3 Roaming
L3 Client Roaming

L3 Roaming - Home AP & limitations
L2 GRE tunnel established between Foreign AP and Home AP at early stage of roaming
All network enforcement done in the Home AP
 Foreign AP transparently tunnels the client data to the Home AP
 Home AP terminates the tunnel and process the client data locally
 Incoming traffic received & processed by the Home AP, then tunneled to the foreign AP
One L2 GRE tunnel per SSID
Any number of Roaming Clients can Use the tunnel
Limit Comment
Client Cache per AP 1K -
L2 GRE tunnel per AP 16 -
Client Cache Removal - During Roaming
L2 GRE tunnel Removal - On last client disconnection
Follow us on…
WIPS
Lesson Summary
Wireless Intrusion Prevention System
• Classify an AP as Interfering, Rogue or Friendly
• Configure the WIPS
WIPS Overview
Stellar APs monitors the radio spectrum for the presence of unauthorized
 AP
 Users
Automatically take countermeasures
Global configuration applied to all APs managed by OV
Require AP with scanning activated
WIPS – Interfering / Rogue / Friendly AP
 Interfering AP
 The “scanning” Stellar AP discovers any other AP over the air
 Such AP are marked as Interfering
 AP managed by the same OV are excluded
 Rogue AP
 An interfering AP is marked as Rogue based on the
configuration of Rogue AP Policy
 AP managed by the same OV are excluded
 Rogue AP Containment – enabled by default
 The scanning Stellar AP sends de-auth request to all clients associated to the
rogue AP
 Friendly AP
 Friendly AP is not reported as Interfering or Rogue
 An Interfering or Rogue AP can be set as Friendly AP manually
 Friendly AP OUI can be set – ALE OUI set by default
 Friendly AP can be added
WIPS – Rogue AP Policy
Policy Description
Signal Strength Threshold The detected AP signal in dbm is too strong and above the threshold
Default: – 70 dbm ; Range -95 to -50 dbm
Detect Valid SSID The detected AP is advertising a SSID that is configured in OmniVista and set in your WLAN network
(An AP not managed by OV is adverting a SSID set in OV)
Detect Rogue SSID Keyword The detected AP is advertising a SSID name that matches a string set in this policy
(SSID blacklist)
Rogue OUI The detected AP has a OUI that matches one of the OUI set in this policy
If an interfering AP matches one of these Policies, it is classified as Rogue.

WIPS – Wireless Attack Detection
Enabled by default
AP attack Detection Policy
 The scanning Stellar AP is detecting a wireless attack that seems to be originated from an AP
Client Attack Detection Policy
 The scanning Stellar AP is detecting a wireless attack that seems to be originated from a client
Set the detection level to:

 Custom
 High
 Medium
 Low
WIPS – Wireless Attack Containment
Containment & Client Blacklist Policy
 Disabled by default
 Puts the attacker source MAC in the client blacklist
 This MAC is not allowed to associate anymore on any of the Stellar AP
 A blacklist duration is also configurable
 Limitations
 The attacker source MAC can be anything (an AP mac, a BSSID mac, a wireless NIC card mac..)
 Blacklisting the attacker source MAC is only relevant when the source MAC is an actual wireless client
Follow us on…
Operation and Maintenance
Lesson Summary
Operation and Maintenance
• Monitor the clients, APs, guest and BYOD devices
• Maintain the AP and upgrade its firmware
Monitoring
Monitoring – Clients
Wireless Clients Monitoring
 List of clients connected to any AP Group
 Client details
 Radio
 Authentication status
Monitoring – Client Behavior Tracking
Administrator tool for effective monitoring & troubleshooting of clients
Parameters tracked
 View user ONLINE/OFFLINE status
 View TCP/UDP flow context
 View HTTP(S) domain flow context
ONLINE/OFFLINE LOG
Monitoring - APs
APs Monitoring
 AP details
 Name, AP Group, MAC address
 Client count
 Radio details
Monitoring – Guest and BYOD Devices
Dedicated monitoring for either Guest ou BYOD clients
 Basic
 Enforcement Policy
 Authentication
 Accounting
Monitoring – Summary
Maintenance
Maintenance – Topology Map
In Network > Topology
 Edit Device
 AP name
 Group Name
 RF Profile
 Reboot
 Save to Running
 Backup Device
 View AP Logs
Maintenance – Resource Manager
Backup / Restore
 Backup
 Full
 Config
 Image
 Restore
Maintenance – Resource Manager
In Configuration > Resource Manager > Upgrade Image
 Import AOS or Stellar AP Firmware (.zip)
 Install Firmware on OmniSwitch or Stellar AP

Maintenance – Web Interface
Activate the AP Web option in the AP Group
Connect to https://AP_IP_Address
 AP Maintenance
 Mesh configuration
Monitoring

Maintenance

Packet Capture
Packet Capture on Stellar AP - TCPdump
 Step 1  Step 2
 CLI connection on the AP with « support » account  Transfer the capture file on your PC/laptop
 Enter in CLI:
ssudo tcpdump –i 3 –w test-capture.pcap udp port 53 SFTP tool
(WinSCP)
SFTP
Use the Save the capture in the file
TCPdump tool « test-capture.pcap »
Select the traffic Test-capture.pcap Test-capture.pcap

Select the interface n°3 « br-wan » UDP port 53 = DNS
You are listening to the interface br-wan –  Step 3
which is the wired interface - where all the  Open and read the file with Wireshark
traffic is going through.
Capture the DNS traffic on the wired

interface of the access point
Packet capture from Stellar AP – AP web interface
 Stellar AP captures the surrounding wireless  Click on Start Capture
traffic on the selected channel  Select the Channel
 Enter the TFTP server where the capture will be
sent
 Step 1 - OmniVista
 Option: Filter the capture (MAC, Frame type)
 Activate “AP Web” in the AP Group and commit
the change
 Step 2 – Stellar AP
 Start/Stop the capture
 Log in on the Stellar AP
 In RF Environment, select the Radio to capture
 Step 3 – PC/laptop
 Open the file on Wireshark
Appendix
Client Behavior Tracking
Procedure
Appendix
Monitoring – Client Behavior Tracking How To
 In Unified Access  Unified Profile
 Template Access Role Profile
 Enable/Disable "Client Session
Logging" per Access Role Profile
 Choose "HTTP/HTTPS", AP will log
client HTTP/HTTPS connections.
Choose "ALL", AP will log client all
TCP/UDP connections including
HTTP/HTTPS connection
Appendix
 In Unified Access  Unified Profile 
Template Access Role Profile
 In Network  AP Registration  AP
Group
 Control per AP Group  Client
Behavior Tracking – Upload to
Appendix
 In Unified Access  Unified Profile
 Template Access Role Profile
 In Network  AP Registration  AP
OR
Group
 Control per AP Group  Client
Behavior Tracking – Upload to
 Config the TFTP or SFTP server

 IP & server port, optional
Remote Path,
"Username/Password"
 Choose Cycle time and Save, or
Upload Now
Follow us on…
Backup, Restore & Upgrade
Objective
✓ Backup & Restore and Upgrade the Network Devices
Contents
1 Briefing ......................................................................................... 2
2 Saving the Current Configuration ........................................................... 3
2.1. From the Menu ......................................................................................... 3
2.2. From the Notification Area ........................................................................... 3
3 Backing Up the Devices Configuration ..................................................... 4
3.1.1. Backing Up AOS OmniSwitches............................................................................ 4
3.1.2. Backing Up Stellar APs Devices ........................................................................... 5
4 Restoring the Devices Configuration ....................................................... 5

4.1. Restoring an AOS Device Configuration ............................................................ 5
4.1.1. Briefing ...................................................................................................... 5
4.1.2. Modifying the OmniSwitches Configuration ............................................................. 6
4.1.3. Restoring the OmniSwitch 6860 Configuration ......................................................... 6
4.1.4. Checking the Result ........................................................................................ 6
4.2. Restoring a Stellar Device Configuration .......................................................... 7
5 Debriefing ...................................................................................... 8
6 Annex: Upgrading an Image (Resource Manager) ......................................... 9
6.1. Importing the Upgrade Files ......................................................................... 9
6.2. Installing the Upgrade Files .......................................................................... 9
1
7 Annex: Upgrading an Image (Access Point Web Page) ................................. 10

7.1. Enabling the Web Management .................................................................... 10
7.2. Accessing to the Web Management Interface ................................................... 10
7.3. Upgrading the Firmware ............................................................................ 10
2
1 Briefing
At this stage of the training, we have a fully operational infrastructure with the devices deployed, SSID
broadcasted, and QoS & ACLs setup. In this lab, we will learn how to backup and restore the devices
configuration.
CURRENT
SITUATION
END OF LAB
SITUATION
3
2 Saving the Current Configuration
Save all the management done during this training as Running configuration
2.1. From the Menu

To save the management of all the devices at once:
> Click on the Select All button

> Select Action > Device
> Click on Save to Running
> A new tab is automatically opened

> Check that the task is completed successfully, then click on Finish
Notes > Reboot?!

The Access Points are NOT rebooted when the configuration is saved, even if the
message displayed can be confusing:
Notes
It is also possible to save the management of each device (one by one):
OMNISWITCH
> Click on the OmniSwitch
> Click on Actions > Device
> Click on Copy Working/Running to Certified
> Check that the save process has been completed successfully
> Click on Finish
STELLAR ACCESS POINT

> Click on the Stellar AP
> Click on Finish
2.2. From the Notification Area

Let’s begin by saving the current configuration as Running.
> Click on the bell icon on the top right and corner
> Click on the floppy icon
> Click on OK to confirm
Check that the operation has been successfully completed. Then click on Finish
4
3 Backing Up the Devices Configuration

A dedicated application is available in the OmniVista 2500 to perform the backup and restore operations of
AOS and Stellar devices: The Resource Manager.
Backup the configuration files of all the devices
3.1.1. Backing Up AOS OmniSwitches
> Select CONFIGURATION > RESOURCE MANAGER > Backup/Restore

> Click on the BACKUP button
1. Backup Method
> Select Backup By Devices
> Click on Next
2. Device Selection
> Click on ADD > Use Switch Picker
> Click on Add All to add all the OmniSwitches
> Click on OK
> Click on Add FTP Authentication
> Username: admin
> Password: switch
> Check Apply FTP Authentication for all missed devices
> Click on Apply
> Click on Close
> Click on Next
3. Configuration
> Backup Type: Configuration Only
> Click on Next
4. Review
> Review the information, then click on Backup to launch the backup process
Check that the 2 lines “SUCCESS” appear in the Result screen. Click on OK.
Tips > Summary View
The CONFIGURATION > RESOURCE MANAGER > Backup/Restore > Summary View displays the list of the backups
that have been performed on each device, and their result.
Notes > Backup Method

3 Backup Methods are available:
- Backup by Devices: select specific AOS Devices from a list of discovered devices.
- Backup by Maps: select a map(s) to backup all devices in the map(s). Note that if a map contains AOS
Devices and Stellar APs, the Stellar APs will not be backed up. Stellar APs can only be backed up by
AP Group.
- Backup by AP Group: backup Stellar AP Series Devices.
5
Notes > Backup Types

3 Backup Types are available:
- Full Back up: backs up both configuration files and image files.
- Configuration Only: backs up all configuration-related files in all directories (including user
credentials, banner, time zone, etc.).
- Images Only: backs up image files only. Image files will not be FTPed from a device. OmniVista will
only record file version(s).
Tips > Schedule Setting

During the Backup configuration (AOS or Stellar Devices), it is possible to enable the Schedule Setting option.
This option allows you to schedule a single or recurring backup. Several options are available:
- Start At to select the time when you want to begin the scheduled backup
- Recurrence Pattern (daily, weekly, monthly…)
- Range of Recurrence (start date of the recurring backup, end date of the recurring backup)
3.1.2. Backing Up Stellar APs Devices

> Click on the BACKUP button
1. Backup Method
> Select Backup By AP Groups
> Click on Next
2. AP Group Selection
> Click on ADD
> Select the APGX (X = R-Lab Number), then click on Add >
> Click on OK
3. Configuration
> Backup Type: Configuration Only
> Click on Next
4. Review
> Review the information, then click on Backup to launch the backup process
Check that the 2 lines “SUCCESS” appear in the Result screen. Click on OK.
4 Restoring the Devices Configuration

To test the Restore operation feature, we will first modify the configuration of one OmniSwitch (ex. 6860),
then we will restore the backup created in the previous part.
- Modify the configuration of the OmniSwitch 6860 (create VLAN 70-80)

- Restore the backup created in the previous part
4.1. Restoring an AOS Device Configuration
4.1.1. Briefing
In this part, we are going to:
- Create VLANs 70 to 80 on both OmniSwitches
- Restore the backup
- Check that the VLANs 70 to 80 have been removed
6
4.1.2. Modifying the OmniSwitches Configuration

> VLAN IDs: 70-80
> VLAN(s) Description: TEMP-VLANS
> Select the Add All
> Click on OK
> Click on Next
> Click on Next

> Click on Next (skip this part)
5. Review
> Click on Create
Tips
You can check that the VLANs have been created by connecting on the OS6860 CLI console, or via the CLI
Scripting.
4.1.3. Restoring the OmniSwitch 6860 Configuration

Now that we have created VLANs, let’s restore the previous backup. After this step, the VLANs 70 to 80
should be removed:

> Select the OmniSwitch 6860 in the list
> Click on the RESTORE button
1. File Selection
> Click on OmniSwitch 6860
> Select only the 2 vcboot.cfg files
> Click on Restore
Check that the restore is successful in the Result page, then click OK
4.1.4. Checking the Result

Now, the backup has been restored in the WORKING and CERTIFIED status, let’s check that the temporary
VLANs have been deleted:
7

> Click on ADD > Switch Picker
> Select the OS6860, then click on Add >
> Click on OK
And the VLANs 70 to 80 are … still here!
Why are the VLANs 70-80 still displayed?
As you may have guessed, the configuration files are transferred in the WORKING and CERTIFIED folders
but are NOT applied on the RUNNING configuration (could cause major problems in real cases scenarios if
it was the case).
To force the configuration restored in the WORKING directory to be used by the OmniSwitch, launch the
following command (via the console, or the OV 2500 CLI SCRIPTING application):
CLI SCRIPTING application or CONSOLE

> reload from working no rollback-timeout
Confirm Activate (Y/N): y
Wait for the OmniSwitch to reboot (~3 min), then use the VLAN Manager application to check that the
VLANs 70-80 have been correctly removed:

> Click on ADD > Switch Picker
> Select the OS6860, then click on Add >
> Click on OK
And the VLANs 70 to 80 are … deleted!
4.2. Restoring a Stellar Device Configuration

It is not possible to perform a restore on a Stellar AP, as most of the configuration is pushed when the
Access Points is inserted in an AP Group. However, backup files of Stellar APs can be used to
analyze/troubleshoot problems with APs. See the Troubleshooting lab for more information.
8
5 Debriefing
During this lab, we have learned how to backup the configuration of each device (AOS or Stellar) available in
the network. We have also learned that it is possible to schedule the backup operation, and that the restore
operation can be done only on AOS Devices (not on Stellar APs).
9
-ANNEXES-
6 Annex: Upgrading an Image (Resource Manager)

From the Resource Manager, it is also possible to upgrade an OmniSwitch or an Access Point.
6.1. Importing the Upgrade Files

All upgrade files supplied by Alcatel-Lucent Enterprise Customer Service are packaged as WinZip
executables and have a *.zip file extension. Do not attempt to unzip the firmware files manually. When
you Import the WinZip executable, OmniVista automatically unzips the executable as part of the import
process.
> Go to RESOURCE MANAGER > Upgrade Image

> Click on Import
> Click on Browse and select the desired firmware file
> Once the upload finish, click on OK
The list of uploaded firmware is displayed in the Upgrade Image main page:
6.2. Installing the Upgrade Files
> Go to RESOURCE MANAGER > Upgrade Image

> Select the firmware to install
> Click on install
1. Firmware File Selection

> Check that the Access Points models that you have are available in the list
> Click on Next
> In case of AP upgrade
> To install a firmware only on specific AP(s): Click on ADD > Use Switch Picker
> To install a firmware on all the APs of an AP Group: Click on ADD
> In case of OmniSwitch upgrade
> Select one or several OmniSwitch(es)
3. Software Installation
> Review the information, then click on Install Software
10
7 Annex: Upgrading an Image (Access Point Web Page)

The upgrade of an Access Point can also be done via its webpage.
7.1. Enabling the Web Management

The Web Management must be enabled in order to be able to access the Access Point webpage:
> Go to NETWORK > AP REGISTRATION > AP Group

> Select the AP Group APGX (X=R-Lab Number)
> AP Web: ON
7.2. Accessing to the Web Management Interface

Check what is the IP address of the Access Point:
> Go to NETWORK > AP REGISTRATION > Access Points

> Note the IP address of the desired AP
> Open a web browser

> URL: https://<IP address of the AP>
> Username: Administrator
> Click on Login
7.3. Upgrading the Firmware

Finally, upload the firmware to be installed:
> Go to System
> Select Image File (or Image File URL if the Image File/Firmware is located on a web server)
> Click on Browse, then select the firmware/image file
Monitoring the Network Infrastructure
Objective
✓ Monitor the Network Devices from the OmniVista 2500
Contents
1 Briefing ......................................................................................... 1
2 Checking the Topology & Devices Status .................................................. 2
2.1. Saving the Configuration ............................................................................. 3
2.2. Monitoring the Devices & Links Status ............................................................. 4
2.2.1. Device Information ......................................................................................... 4
2.2.2. Device Status................................................................................................ 4
2.2.3. Notification Status ......................................................................................... 5
2.2.4. Links Status.................................................................................................. 5
3 Being Notified in case of Critical Event .................................................... 7

3.1. Using the Notification Application .................................................................. 7
3.1.1. Using the Filters ............................................................................................ 7
3.2. Using the Trap Responder ............................................................................ 8
3.2.1. Setting Up the Trap Responder ........................................................................... 8
3.2.2. Declaring the Mail Server .................................................................................. 8
3.2.3. Testing the Mail Server Configuration ................................................................... 8
3.2.1. Testing the Notification ................................................................................... 9
4 Debriefing .................................................................................... 10
1
1 Briefing
Let’s see how to monitor all the network devices from one platform, the OmniVista 2500. 2 applications will
be used:
- The Topology Application which provides a view of all discovered devices in the network;
- The Notification Application which displays the notification generated by the network devices.
CURRENT
TOPOLOGY
END OF LAB
TOPOLOGY
2
2 Checking the Topology & Devices Status

The Topology application enables you to view the topology of all discovered devices in the network, view
information about a specific device and perform certain actions on those devices (e.g., edit a device, telnet
to a device, reboot a device).
> Select NETWORK > TOPOLOGY

> Click on Create Site (top right corner)
> Site Name: <your company name> (ex. ALE)
> Location: <your company address> (ex. Rue Antoine de St Exupéry, 29490 Guipavas, France)
> Devices: click on >> to add all the devices (4)
> Click on Create
A pointer indicates the location entered with the number of devices:
> Click on Go To Topology
The network topology containing all the previously discovered devices is displayed:
3
2.1. Saving the Configuration
Save all the management done during this training as Running configuration
To save the management of all the devices at once:
> Click on the Select All button


Notes
It is also possible to save the management of each device (one by one):
OMNISWITCH
> Click on Copy Working/Running to Certified
> Click on Finish
STELLAR ACCESS POINT

> Click on the Stellar AP
> Click on Finish
Notes
You have maybe noticed that the links between the OmniSwitches and the Stellar Access
Points don’t appear in the diagram. This “problem” is easily solved by manually polling
the links:
> Select both Stellar Access Points by clicking on Multiple Selection

> Select Poll Link

Result: the links should now appear:

4
2.2. Monitoring the Devices & Links Status

From the Topology application, it is also possible to check the Devices & Links Status.
2.2.1. Device Information
Display the MAC Address, version and device model of the OmniSwitch 6560.
To display detailed device information, click on the device. A Detail panel appears on the right. A list of
information is displayed. The information displayed may vary depending on the device:
2.2.2. Device Status
- Discover why the OmniSwitch are in Warning state, and solve the problem;
- Display the OmniSwitches & Access Points notifications
- Check that the links are ups, and that the correct ports are used;
Device status is displayed by the device status circle around the device:
• Green = Up (Device is up)
• Orange = Warning (indicates that traps have been received on the device. The highest level of
trap received by the device is displayed (Green, Orange, Red) in the Notifications Status).
• Red = Down (Device is down)
Notice that your OmniSwitches are in the Orange “Warning” state, meaning that a notification has been
generated on these devices. The Notification Status part (next part) shows how to acknowledge the(se)
notification(s).
5
2.2.3. Notification Status

Notifications status displayed in the small circle in the upper right corner of the device, indicating the
highest level of trap received by the device:
• No Circle = Alarm status is Normal.
• Orange = Alarm status is Warning.
• Purple = Alarm status is Minor.
• Yellow = Alarm status is Major.
• Red = Alarm status is Critical.
To clear/acknowledge the notification and pass the Device & Notification status to Green status:
OMNISWITCH
> Click on Actions > Notifications > View Traps
> Select the first checkbox to select all the lines
> Click on ACK (blue button) to acknowledge the notifications or CLEAR (red button) to delete the
notifications from the database
You may have to repeat the operation to acknowledge/clear all the notifications. A maximum of 1000
notifications can be acknowledged/cleared at the same time.
The OmniSwitch should now be displayed in Green:
2.2.4. Links Status

Links between devices are displayed as a single line, whether there is a single link or multiple links.
• Green - Link is up. If there are multiple links, Green indicates all the links are up.
• Orange - There are multiple links and at least one of the links is down.
• Red - Link is down. If there are multiple links, Red indicates all the links are down.
• Blue - Link status is unknown.
6
To display link information, move the mouse over the link until the pointer turns into a finger. Link
information will be displayed in table form as shown below:
You can also click on a link to display link information:
Tips
Several shortcuts to the other OmniVista 2500
applications are available when a device (OmniSwitch,
Access Point) is selected or by right clicking on a device.
We will discover these applications and learn
how to use them in the next labs.
7
3 Being Notified in case of Critical Event

During the last part, we saw that notifications are sent from the devices to the OmniVista 2500. Theses
notifications are displayed in the Topology application. In this part, we are going to learn how to perform an
action (send a mail, execute a script…) when a notification is received.
3.1. Using the Notification Application

Open the Notification Home menu:
> Go to NETWORK > NOTIFICATIONS > Notifications Home
The Notifications Home Screen displays all traps received from network devices and provides basic trap
information (e.g., severity level, date/time received). You can also use this screen to acknowledge,
renounce, and clear traps, as well as poll devices for traps.
3.1.1. Using the Filters
Filter the traps to display only traps:

- Coming from the AP Group AGPX (X=Remote-Lab Number);
- With a severity = Critical
> Go to NETWORK > NOTIFICATIONS > Notifications Home

> Click on the Filters area (top)
> Filter By: AP Group
> Select APGX
> Select Severity: Critical
> Click on to exit the filter menu
In the result, the reboot operations done during this training should be displayed.
8
3.2. Using the Trap Responder
3.2.1. Setting Up the Trap Responder

A Trap Responder enables you to specify a response (send a mail, execute a program, forward trap) that
you want OmniVista to take when specified traps are received by OmniVista. In this Lab, we will learn how
to automatically send a mail when a critical alarm is generated by a network device.
- Configure the OmniVista 2500 to send an e-mail if a critical alarm is generated by an

AP
- Test your management
> Go to NETWORK > NOTIFICATIONS > Trap Responder

> Click on
1. Agent
> Agent Type: AP Group
> AP Group Selection: APGX (X=Remote-Lab Number)
> Click on Next
2. Trap Type
> Traps which match these severities: Critical
> Click on Next
3. Response
> Action: Send an e-mail
> E-mail To: adminX@company.com (X = R-Lab Number)
> Click on Next
> Click on Next to review the information, then click on Create
Notes > Trap Variables

Trap variables can be used to customize the E-mail Subject and E-mail Body fields.
For example, you can use the following fields and variables:
- E-mail Subject: Warning! Critical Trap Received on $TrapAgent$ ($TrapAgentName$)!
The $TrapAgent$ displays the IP address of the device.

The $TrapAgentName$ displays the name of the device.
3.2.2. Declaring the Mail Server

The next step consists in declaring the mail server in the OmniVista 2500:
> Go to ADMINISTRATION > PREFERENCES > System Settings

> Click on Email Server (left menu)
> SMTP Server: mail.company.com
> ‘From’ Address: ov2500@company.com
> SMTP Authentication: OFF
> ‘To’ Address to Test: adminX@company.com
> Click on Apply
3.2.3. Testing the Mail Server Configuration

Now, let’s test the configuration. Let’s begin by testing the mail server configuration:
> Open a Web Browser (or a new tab/page)

> URL: mail.company.com
> Name: adminX@company.com
The “test” mail sent by the OmniVista 2500 should be in the Inbox:
9
3.2.1. Testing the Notification

First, let’s force the generation of a Critical notification by restarting one of the AP:
> Go to NETWORK > TOPOLOGY

> Select an AP
> In the Action panel (on the right), click on Device > Reboot…
> Are you sure..: Yes
Notes > Trap Responder on OmniSwitches

The same steps can be followed in order to be notified by mail if an OmniSwitch generates a critical
notification (except 4.2.1: Agent Type: Device instead of AP).
Check that a notification has been generated by the AP and sent to the OmniVista 2500:
Now, check that a mail has been send to adminX@company.com (wait a few minutes if needed, as the
mail server doesn’t send mails in real time):
10
4 Debriefing
In this lab, we saw that the OmniVista 2500 provides powerful application to monitor the network devices
(OmniSwitches/Access Points).
Heat Map & Floor Plan
Lesson Summary
Heat Map and Floor Plan
Wireless Monitoring Applications
Heat Map
 Visual Heat Map of Deployed AP
Floor Plan
 Visual Heat Map of Estimated Aps before Deployment
Heat Map – Use Case
Insufficient Radio coverage
 Identify network weaknesses and fix it (move/add APs)
Radio Add new AP1221

coverage
hole
Floor Plan – Use case
AP Deployment (e.g: warehouse)
 Creation of custom obstacles (shelves with 18dBm signal decline – assume the worst case)
 Manual (or automatic) deployment on the plan
Custom
obstacle
Manual AP
deployment
Heat Map

Floor Plan

Follow us on…
Configuring Heat Map & Floor Plan
Objective
✓ Learn how to create and configure a Heat Map and a Floor Plan
Contents
1 Configuring a Heat Map ...................................................................... 1
1.1. Creating the Building Hierarchy ..................................................................... 1
1.2. Configuring the Plan Map ............................................................................. 1
1.2.1. Scaling the Plan ............................................................................................. 1
1.2.2. Laying Down the Obstacles ................................................................................ 2
1.2.3. Placing the Access Points .................................................................................. 2
1.2.4. Displaying the Result ....................................................................................... 3
2 Configuring a Floor Plan ...................................................................... 3

2.1. Creating the Floor Plan ............................................................................... 4
2.2. Configuring the Plan Map ............................................................................. 4
2.2.1. Scaling the Plan ............................................................................................. 4
2.2.2. Laying Down the Obstacles ................................................................................ 4
2.2.3. Launching the Auto Deployment ......................................................................... 5
2.2.4. Displaying the Result ....................................................................................... 5
1
1 Configuring a Heat Map

The Heat map function is to display the current work of the AP signal intensity distribution, through different
colors showing the signal coverage.
The Heat Map feature permits the administrator to create Campus, Building and floor map, to set up obstacles in
the Map and put APs into the Floor to observe the wireless signal coverage.
In this lab, the Stellar APs will be placed on a custom map.
Create a Heat Map with the given office plan document.
1.1. Creating the Building Hierarchy

The Heat Map always respect the following structure:
Campus
> Building
> Floor Map
Let’s create each level:
> Select WLAN > HEAT MAP
Campus
> Campus Name: My_Campus
> Double click on the My_Campus that is now displayed
Building
> Building Name: My_Building
> Double click on the My_Building that is now displayed
Floor
> Floor Name: First_Floor
> Floor Number: 1
> File Name: click on Select File > Select the Office-Plan.jpg file in the C:\Resources folder
> Click on OK
> Double click on the First_Floor that is now displayed to access the Floor map
1.2. Configuring the Plan Map

From this point, 3 main actions are required to visualize the wireless signal:
- Scaling the plan;
- Laying down obstacle;
- Placing the APs.
1.2.1. Scaling the Plan
From the Floor Map Editor

> Click on Operation > Edit Floor Map
> Click on Scale the Map
> Trace a line on the map
> Enter a distance for this segment. In the example below, the red line is 5 meters long.
2
1.2.2. Laying Down the Obstacles

The next step is to lay down the obstacles on the map.

> Click on Operation > Edit Floor Map
> Click on Draw:WallsHeavy
> Start drawing the obstacles on the map to obtain the result below:
Tips
Pre-defined obstacles can be selected by clicking on the button and each one with a different absorption
coefficient (dB).
It is also possible to create custom obstacles via the Operation > Obstacle Manage link.
1.2.3. Placing the Access Points

The last step is to lay the Stellar APs to the Floor.

> Click on Operation > Adding AP To The Floor
> Select both Aps
> Click on OK
> Place the APs on the Map
> Click on Stop to exist from the Edit Floor Map menu
> Do you want to save the modified heat map? Yes

3
1.2.4. Displaying the Result

Once the Layout has been saved, the Heat Map Application will display the signal power on the map based on the
actual signal power transmitted by the APs.
Observe the Heat Map as well as the absorption of the walls.
Notes
Go back to Edit Floor Map and place the APs in different places to cover the cold areas.
Changing the APs on the map will simulate the new Wi-Fi coverage based on the real
band and power of emission of the APs.
- Go back in the Survey Toggle

- Select the Frequence 2.4 Ghz only, then 5GHz only. Notice the difference between
the 2. Read the explanation below. It will be mentioned again in another lab (RF
Profile).
Important > Difference Between 2.4 GHz and 5 GHz

- The 2.4 GHz band is quite crowded, because it is used by more than just Wi-Fi (old cordless doors, baby
monitors…). The longer waves used by the 2.4 GHz band are better suited to longer ranges and transmission
through walls and solid objects.
- The 5 GHz band is much less congested, which means you will likely get more stable connections, and higher
speeds. On the other hand, the shorter waves used by the 5 GHz band makes it less able to penetrate walls and
solid objects.
2 Configuring a Floor Plan

The main functions of the Floor Plan are to import the floor map and mark the relevant obstacle. Then,
calculate the placement of the AP by a relevant algorithm, and automatically generate the functions of the AP
plan.
With Floor Plan, the admin can import a map into a floor plan, scale it and perform the AP auto Deployment.
4
2.1. Creating the Floor Plan

> Select WLAN > FLOOR PLAN

> Floor Plan Name: My Floor Plan
> Double click on the My Floor Plan that is now displayed
> File Name: click on Select File > Select the Office-Plan.jpg file in the C:\Resources folder
> Click on Create
2.2. Configuring the Plan Map

From this point, 3 main actions are required to visualize the wireless signal:
- Scaling the plan;
- Laying down obstacle;
- Placing the APs.
2.2.1. Scaling the Plan

> Click on Operation > Edit Floor Plan
> Click on Scale the Map
> Trace a line on the map
> Enter a distance for this segment. In the example below, the red line is 5 meters long.
2.2.2. Laying Down the Obstacles

The next step is to lay down the obstacles on the map.

> Click on Operation > Edit Floor Plan
> Click on Draw:WallsHeavy
> Start drawing the obstacles on the map to obtain the result below:
5
Tips
Pre-defined obstacles can be selected by clicking on the button and each one with a different absorption
coefficient (dB).
It is also possible to create custom obstacles via the Operation > Obstacle Manage link.
2.2.3. Launching the Auto Deployment

Now, let’s auto deploy the Access Points on the map:

> Click on Operation > Auto Deployment
> Quality: Excellent
> AP Model: OAW-AP1231
> TX Power: 14
> Click on OK
2.2.4. Displaying the Result

Once the Auto Deployment done, the Access Points are automatically placed on different location to
provide the optimal coverage:
Tips
The result will vary based on the following parameters:
- Scale of the map
- Number and type of obstacles placed
- AP Model
- Quality (General, Good, Excellent)
Change some of these parameters (AP Model, Quality…) and click on Save the Layout.
Notes
In Edit Floor Plan, APs can be added manually on the map to fill the cold areas. After clicking on
“Save The Layout”, the Floor Plan application will process and display the Wi-Fi coverage based on
all the APs located on the map.
OmniAccess Stellar Wireless LAN
MESH
Lesson Summary
MESH
• Understand the difference between Mesh and Bridge
topology
• Configure the Mesh and Bridge topology
Wireless MESH
2,4 GHz
Reaching areas where 5 GHz high
cabling is not available
5 GHz low
Mesh link
Extend network with Wireless links

Provide connectivity even when LAN cable cannot be extended
Supported on all Stellar APs
Self healing Mesh network
Wireless MESH – Design "Bridge – Point to point"
 Connect two distant sites over wireless

 No client WLAN broadcast
 Pure site to site BRIDGE
Wireless MESH – Design "Bridge – Point to multipoint"
Root
 Connect multiple distant sites over wireless

Limits
 The LAN connected AP is the Root
 MAX 16 APs terminating to one MESH Root
 All APs also broadcast client WLAN services (max 5)
 MAX 5 APs in a single hop P2MP connection
 If there are two roots configured in the setup, the downlink APs
will connect to the root with BEST RSSI
 If Root fails, the downlink APs will try to search for next best Root
Enterprise MESH

Enterprise Bridge

Follow us on…
OmniSwitch AOS R6/R8
OmniVista 2500 NMS-E R4.4
Administrative Users and Groups
How to
✓ Create user accounts and manage the read-write capabilities for certain
users.
Contents
1 The Users and Groups Application .......................................................... 2
2 Summary ........................................................................................ 6
3 Lab Check ...................................................................................... 6
2
Implementation
1 The Users and Groups Application

- This lab will provide the instructions to set up security using OmniVista. You will create Users and Groups
to determine access privileges within OmniVista.
- Make sure the LAN+WLAN menu is selected.

- Select Security -> Users & User Groups
- In the Users & User Groups Home screen select Group
- Click on the Create new Group icon .

3
- Provide the new group with the name Training and give it a description.
- Check on the Group Rights and choose Read to provide read-only access.
- Users could be added at this point, but we’ll create a new user.
- Click Create when done to save the new group.
- The new group is now part of the Group List.
- In the User & User Groups Home screen, select User
- Click + to create a new user

4
- Enter the new user training_user with a password of training_user and make it part of the Training
group.
- Click Create when done.
- The new user is now part of the Existing Users list.

5
- Log out and log back in from Omnivista using the account you have just created and try performing
various tasks. Notice that you are limited to view information but you are not allowed to modify the
switch.
- Log back in as an administrator to continue with the following labs.

6
2 Summary
OmniVista provides the capability to limit the rights of users logged into the OmniVista server. This
feature can be used to provide read-only access or even to prevent certain users from seeing all of the
discovered devices.
3 Lab Check
1. What are the default accounts and what privileges do each of them have?
2. OmniVista can be configured to allow users to only make modifications on edge devices. T/F
3. What was different about the OmniVista interface when you logged in with an account having
read-only privileges?
OmniVista 2500 NMS-E
Control Panel
How to
✓ View services currently running on OmniVista
View Asset Management History
Shut Down server processes on OmniVista.
Contents
1 Control Panel .................................................................................. 2
1.1. Watchdog Service ...................................................................................... 2
2 Summary ........................................................................................ 3
2
Control Panel
Implementation
1 Control Panel
This lab will provide the steps required to view services and shutdown the OmniVista server.
1.1. Watchdog Service

- Make sure LAN+WLAN menu is selected.
- Select Administrator -> Control Panel.
- The Watchdog Screen displays the status of all of the services used by OmniVista.
- Click on any service to view detailed information (e.g., description, status, dependencies). To Start/Stop
a service, click on the slider control next to the service (Running/Stopped).
- You can start/stop all services or shutdown OmniVista using the buttons at the top of the screen:
(Do not modify or stop any process unless directed by your instructor!)
- Start All icon to start all stopped services.
- Start All icon to restart all services.

- Select Scheduler -> Scheduler History on the left menu.
- This screen displays a history of all Asset Management events.
3
Control Panel
2 Summary
The OmniVista Control Panel can be used to start and stop services and the OmniVista server.
Preference
How to
✓ Manage the default settings of OmniVista Web GUI
Contents
1 Preference ..................................................................................... 2
1.1. User Settings ............................................................................................ 2
1.2. System Settings ........................................................................................ 3
2 Summary ........................................................................................ 3
3 Lab Check ...................................................................................... 3
2
Preference
Implementation
1 Preference
This lab will provide the instructions for making OmniVista Web GUI modifications using Preferences.
- Make sure the LAN+WLAN menu is selected.
- Select Administration -> Preferences.
- Select User Settings
1.1. User Settings

Configure settings for each user
3
Preference
1.2. System Settings

Configure system wide settings.
Continue exploring the various options that can be configured using Preferences.
2 Summary
Preferences allows an administrator to change the default behavior of the OmniVista Web GUI and
change the look and feel of OmniVista.
3 Lab Check
1. What are the two different areas that can be modified using Preferences.
..............................................................................................................
..............................................................................................................
..............................................................................................................
ProActive Lifecycle Management
Lesson Summary
ProActive Lifecycle Management
• Understand the benefits of PALM
• Use the Inventory
• Send an email to your Sales representative for getting a
support contract renewal quotation for your End-
Customer.
Asset Tracking main Challenges
INVENTORY PROACTIVITY VISIBILITY COST
• Do you know what • Is it time for a • Does the vendor still • Can you afford, with
LAN switches/ WLAN end-customer support equipment technical experts, to
controllers, WLAN network refresh ? (HW/SW support) ? manually complete an
APs are running on inventory of
• Does it take you too
networks ? equipment ?
long to know when
• Do you know support expires on
LAN/WLAN each equipment ?
equipment partners
have in stock ?
Key Benefits
 Prevent Security breaches  Proactively plan network update

 Update to the latest firmware version  Easy identification of devices to update (license
 Update obsolete hardware expiration, end of life equipment)
 Support Contract  Partner benefits

 Keep track of the devices hardware and software  Save time and cost. No manual inventory
support through notifications and detailed
inventory in PALM
 Renew the support contract to access the
technical support
 Ease of management
 Full inventory view of ALE Wi-Fi and LAN products
PALM – First steps
 Cloud based application
 Gather equipment and lifecycle information
from the OmniVista NMS
 Activate PALM on Omnivista

 OV ID identifies the system
 Test the connection of the backend server that
will gather the OV data
 Click on Register
 Receive PALM credentials upon registration

PALM – Self Registration

PALM - Inventory
 Lifecycle Component tab  Displays the status of:
 Operating System Version
 Select from the filters:  Hardware Lifecycle
 Customer  Hardware support
 Product Line  Software support
 Product Model
PALM – Browsing devices inventory and display licenses

PALM – Displaying devices inventory in the fleet Dashboard

PALM – Support contracts renewal
 Lifecycle Component tab  Click on Send Quote Request
 Click Renew my support contracts

 Select the devices to renew
 Click on Request a quote
 Enter and send the mail to your company

buyer who will generate the quote
 Your Quote Request window opens
 Fill in the:
 Support model, type, duration
Follow us on…
OmniAccess Stellar
Wireless LAN
OmniVista 2500 NMS &
Conclusion
1
Course Objectives Review
During this course, you have learned how to:
• Install & Configure the OmniVista 2500 NMS Server
• Deploy & Configure Stellar APs in Enterprise Mode
• Configure an SSID using different Authentication Methods
• Understand & Configure Additional Features (Mobility &
Roaming, WIPS)
2
SPACEWALKERS
What it is for?
It’s an OPEN TECHNICAL Community providing

a great place to connect with other members or just participants
who share the same passion
On Alcatel-Lucent Enterprise Network Solutions
Read or post interesting information

To connect
Provide mutual aids
and …
Learn from others into the community
Starting the community!
Creating first our STELLAR technology Community

addressing the Express Mode, the Enterprise Mode with OmniVista 2500
and/or OmniVista CIRRUS and Location Based Services (LBS)
Not boiling the ocean

but starting with a
WLAN Adding then OmniSwitch
STELLAR during 2019… LAN
focused subject
Forum space and blog area presentation
Slider mode Configurable
The Spacewalkers experience home banner
Knowledge
through
the BLOGs
Community
activity Stats
Connections
through
the FORUM
Top active
Members
The Forum sub-menu details
The Spacewalkers experience

FORUM
link per Solutions
for better usage
HELP
for forum rules Forum
categories
for quick
access
Quick access to
Stats
latest answers &
associated
comment
to the post
Question and answer space

Blog area details

Search results area

Stellar forum
Key Takeaways
SPACEWALKERS is YOUR place to exchange on the ALE Network Solutions
Sharing your passion around ALE technologies with all members to answer any question,
provide guidance, help or getting information
Creating fruitful connections
To create a COMMUNITY and …. discover a new land for your IT experience
https://www.spacewalkers.com/
Thank you…
Unified Access
Objectives
Lesson Summary
Configure Unified Profiles and Policies

Configure Captive Portal
OmniVista
Security - Centralized Features
Authentication Servers application
• Manages authentication servers in OmniVista
• LDAP, RADIUS, ACE, or TACACS+ Server
• Default OmniVista LDAP Server
Unified Access
Unified Access
Overview
Unified Access is now used to manage all types of switches (R6, R8).
It also manages wireless devices
Unified Profile
• Unified security for Edge Ports for both wired
and wireless devices
Unified Policy
• Contains Unified Policy and Policy List
applications
• Configure QoS policies for both wired and
wireless devices
Multimedia Services
• mDNS application
Paid Account Services
• Tie-in with CP BYOD applications and locator
Unified Profile
Home
Unified Profile
Workflows
Unified Profile
Templates
Access Auth Profile . Enables the assignment of a pre-defined UNP port configuration to an edge port
WLAN Service. Assigns SSID, Security, QoS and Priority to Wireless Devices
Access Role Profiles. Contains the various UNP properties, (e.g., QoS Policy List attached to the UNP, Access Policies, Captive
Portal Authentication)
AAA Server Profile. Defines specific AAA parameters that can be used in an Access Auth Profile or a Captive Portal Profile
Access Classification. If authentication is not available or does not return a profile name, these rules are applied to
determine the profile assignment
Customer Domain. Additional method for segregating device traffic. Once a UNP port is assigned to a specific customer
domain ID, only classification rules associated with the same domain ID are applied.
SPB Profile. Dynamically assign devices to a specific SPB Service using a device's MAC Address
Far End IP - Edit/Delete Far End IP Lists. Far End IP Lists allow multiple far-end nodes to be associated with the service created
for the VXLAN Network ID (VNID) specified in a VXLAN Profile.
Global Configuration. This can be assigned and automatically applied to all UNP ports which have not been assigned an Access
Authentication Profile
AAA Server Profile
Access Role Profile
Assigning an Access Role Profile
After the profile is created, click on the Apply to Devices button to associate the VLAN and
assign the profile to a switch/wireless device on the network
Access Auth Profile
Enables a user to assign a pre-defined UNP port configuration to a UNP Edge Port or Linkagg
Configures 802.1x and MAC authentication for both wired and wireless devices, Access
Classification and the default AAA Server and/or UNP Profile to be used once a user is
authenticated.
Access Auth Profile
Default Settings
Port Bounce. Required to handle scenarios where a client is switched from one VLAN to other
after COA. If it is enabled, the port will be administratively put down. This is to trigger DHCP
renewal and re-authentication, if necessary.
802.1X Auth and MAC Auth only applies to wired devices.
Access Auth Profile
No Auth/ Failure/ Alternate
802.1X Authentication
• 802.1X Pass Alt - The user shall be assigned a Pass-Alternate UNP in case the 802.1X authentication does not result in a valid UNP for
the pass branch.
• Bypass Status - When it is enabled, the user's 802.1X authentication method is skipped. The user enters directly MAC-authentication or
Access Classification.
• Failure Policy - The authentication method used if 802.1X authentication fails.
MAC Authentication
• MAC Pass Alt - The Access Role Profile the user is assigned to after passing authentication
• MAC Allow EAP - Enables/Disables Extensible Authentication Protocol (EAP).
Access Classification
Access Classification Rules are defined and associated with a UNP Access Role Profile to provide
an additional method for classifying a device.
• If authentication is not available or does not return a profile name for whatever reason, Access
Classification rules are applied to determine the profile assignment.
Access Classification
Rule Types
For Wired devices: For Wireless Devices:

• Port • MAC
• MAC • BSSID
• MAC OUI • ESSID
• MAC + Port • DHCP Option
• MAC + IP + Port • DHCP Option 77
• LLDP • Encryption Type
• Authentication Type • Location
• IP Address
• IP + Port
Unified Policy
Unified Policy
QoS Policies that can be applied to both wireline and wireless devices.
Unified policies are part of the Access Role Profile configuration.
Unified Policies
Click on the Create
button to start the
wizard
Unified Policy List
Set of Unified Policies that are grouped together and assigned to devices as a group.
A List can be assigned to a network switch or a ClearPass server.
Captive Portal
Captive Portal - Configuration
Captive Portal - Profile
Captive Portal – Profile Domain Policy
Captive Portal – Domain Policy List
Captive Portal - Customization
OmniVista™ 2500 NMS release 4
Analytics
Lesson Summary
At the end of this presentation, you will be able to
 Describe the following:

 Analytics Application
 Reports
 Profiles
 Summary View
 Applications Management
 Anomalies
 Report Application
 Configuration
 List
 Application Visibility
 Configuration
 Report
 Enforcement
Analytics
Network Analytics
 Real-time information to enable real-time business decisions

• Historical and predictive views
• Insight of application usage and trends
• ‘Plain talking’ to drive improved business process decisions and IT cost control
• This application leverages sflow information
• Essentially L1-L4 information
Network Analytics
Challenges
 Networks needs are changing

 In terms of design as well as real-time requirements
 Highly virtualized, dynamic networks
 BYOD Trend
 User mobility and the need to have the same type of access on any device
 Application Visibility for common profiles and policies
 Troubleshooting becomes challenging
 Bottlenecks can affect the network and disappear before the source of the
problem is even identified
 Network Planning is required
 From Real-time to Long-term needs
Analytics Application
Overview
 Accessed from Network -> Analytics
 Provides users with a comprehensive view of network resource utilization

 Users, devices and applications.
 Summary and detailed reports are available.
 Provides information on usage trends

 Including predictive analysis of future utilization.
Analytics
Overview
• Reports.
Provides a comprehensive view of network resource utilization.
Two types of reports:
- "Visibility" Reports can be configured to show network utilization over
different time periods.
- "Availability" Reports provide a "real-time" view of all discovered
network switches.
• Profiles.
Used to create Analytics Profiles. To generate an Analytics Report for
any of the "Visibility“ Reports, you must first create an Analytics Profile
that defines the switches/ports that you want to view and the type of
information that you want to view on those switches/ports.
Analytics
Overview
• Summary View
Displays basic information on all supported network devices,
including any Analytics Profiles defined for a device.
• Applications Management
When generating a Top N Applications Report, the Analytics
application uses port numbers to identify application traffic. This
screen is used to create port/application mappings to identify
applications traffic.
• Anomalies
Displays any port utilization anomalies. An anomaly is an utilization
data point that fall outside of expected norms based on past usage.
Reports
Reports
Types
 Top N Applications
 Displays information about the top applications being accessed on the network,
including which users are using an application, and which switches have the most
traffic for an application.
 Top N Applications – Advanced

 Displays information about the top applications being accessed on the network based
on Signature Profiles configured in the Application Visibility Application
 Top N Clients
 Displays information for the Top Network Users including the number of traffic flows
for each user.
Reports
Types
 Network Health
 Displays information for the top devices on the network in terms of the device's
resource usage. Devices are ranked based on the device's CPU usage, memory usage,
and temperature.
 Top N Ports Utilization

 Displays network ports by utilization over time. This report can also provide predictive
analytics to show expected future usage.
 Network Availability
 Displays the current operational state of network devices (Up/Warning/Down).
 Alarms
 Displays network alarms by severity level.
Reports
Measurements & OPERATIONS
KPI Mechanisms Outcome

Application name
Top N Apps Sflow sampling through TCP/UDP
Visibility
Network
Ports
Widgets &
Source IP
Graphical
Top N Users Sflow sampling address/ Sflow Reporting
sampling OV412.R02
Top N Switches/ “Index” derived
Value /gravity
Resources from CPU, Mem
scale
Utilization use, Temp
Availability
KPI Mechanisms Display top ports

Outcome
Top N Port w/ Widgets
Network
Network SNMP MIB Polling Display device were

Utilization SNMP- Device poll high network
Availability status part of
traffic OV411
SNMP – Display total
Alarms
Trap/Severity alarms in network
Reports
sflow Sampling Overview
Present
analytics OV
WebUI
Sflow
AOS Packets OV
Analytics WebServer
Switch Mongo DB
Service
Store analytical
data
• OV profiles used to create sampling

on switch ports
• Reports can be pre-defined or
customized
Sflow Collection & Sampling used for

•Top N app
•Top N users
Reports
Options
 Reports can be viewed in different formats.

 By default, the Summary View is displayed for all reports as a pie chart or in a list.
 In the Detail View, you can display a detailed subset of information in a bar chart
format.
 Reports can be customized by clicking on the Configuration icon.

 Options vary depending on the report type
 By clicking on the Options icon, users can:

 Download a report in PDF or PNG format or send the report to a printer
 Schedule a report.
Top N Applications
Summary View
 Displays information about the top applications being accessed on the network.
 The Top N Applications are determined using sFlow.

 OmniVista identifies the applications using the TCP/UDP port obtained from sFlow
packets.
 Well known ports (e.g., 161 for SNMP, 80 for HTTP) are automatically identified and
labeled in the Top N Applications Report.
 Other applications can be mapped using the Applications Management Screen.
Pie Chart List View

Top N Applications
Client and switch information
 When in the Pie Chart View of the Top N Applications Report you can identify:
 Clients accessing an application (by source IP address).
 Switches passing the application traffic.
 Right-click on a section of the Pie Chart and select the appropriate option.
A legend (not shown here)

identifies the client or switch
Clients by color and text, or you can
hover over a section to view
the client/switch IP address
(along with detailed flow
information).
Switches
Top N Applications
Detail View
 Provides a detailed view of the specified time interval.
 For example, if a report displays data for the last 24 hours, the Summary View will
display a summary of the data for the last 24 hours; and the Detail View will then
display data for each hour within those 24 hours.
Top N Applications
Trending information
 When in the Detail View, you can click on a bar in the chart to view usage
trends for each application for the selected time interval by "drilling down" on
a data set to see a subset of that data.
 The trend for an hour would be displayed in 15-minute increments.
Top N Clients
Summary View
 Displays information for the top network clients including the number of traffic
flows for each client.
 OmniVista uses the source IP address in the sFlow packet to determine the
client.
 Each client is displayed as a percentage of the total for the configured time interval
(e.g., last 24 hours).
List View
Pie Chart
Top N Clients
Detail View and Trending information
 Detail view provides a detailed view of  In the Detail View, you can click on a bar
the specified time interval in the chart to view usage trends for
 If a report displays data for the last 24 each client for the selected time interval
hours, the Detail View will display data for  Displayed in 15 minute increments.
each hour within those 24 hours.
 Click on a data point in the trending
 Information is displayed in a bar chart view for more detailed information.
view
Network Health
 Displays information for the top switches on the network in terms of the
switch's resource usage.
 Based on switch's CPU usage, memory usage, and temperature.
Top N Ports
Summary View
 Displays the top network ports based on utilization.
 Displayed as a percentage of the total utilization for all monitored ports.
 In this view, switches/ports are displayed in a list view from highest to lowest
utilization for the configured time period (e.g., day, week).
Top N Ports
Detail View
 Depending on the number of ports you configured for display (e.g., top 10
ports, top 15 ports), any monitored ports that qualify during the configured
time interval (e.g., last 24 hours) are displayed.
 Ports are simply stacked numerically in each bar by IP address and port number
(the order is not based on utilization).
Top N Ports
Trending View
 Used to view predicted future port utilization based on past utilization.
 Predictions can provide valuable insight for capacity management.
 OmniVista samples past port utilization for a period of time (Prediction:

Training Timeout), and predicts future utilization within a configurable error
rate (Prediction: Training Error) using a machine learning algorithm.
 The predicted utilization will appear in the display to the right of the current
utilization.
 The predicted usage area of the display will be slightly shaded to differentiate it from
current usage.
 The amount of predicted data displayed depends on the interval time

configured for the report
Configured Time Interval Amount of Predicted Data

Last 24 Hours 12 Hours
Last 7 Days 3 Days
Last 4 Weeks 2 Weeks
Top N Ports
Trending View
Current Predicted
Top N Reports
Customization
 Click on the Configuration icon in the upper right corner of the screen to
configure how information is displayed in the report.
 Default Devices - By default, all top switches/ports are displayed. However, you can
click on the Select Devices button to display only information from specific switches.
 Number of Top Applications/ Clients/ Switches/ Ports - Range = 1 – 20, Default = 10
 Interval Type - The time interval for the information:

 Up Until Now - Displays all information in the selected time interval (e.g., last 24 Hours).
 Custom - Sets the start and end time for the information you want to display. You can display up
to 3 months of data. When data reaches the 3-month maximum, it is overwritten with new data.
 Time Interval - Last 24 Hours, 7 Days, or 4 Weeks
 Auto Refresh Timer - In minutes (Range = 15 - 60, Default = 15).

Reports
Network Availability
 Displays the current operational state of all discovered network devices
(Up/Warning/Down).
 Each category is displayed as a percentage of all monitored switches
 Click on a category to display a list of switches in the category, with specific
information about each switch.
Reports
Alarms
 Displays network status/traps for all discovered switches.
 A graphical pie chart view or a list format can be displayed.
 The reported alarms in each severity level are displayed as a percentage of the
total alarms reported.
 Click on a severity level in the pie chart to view the switch(es) from which the alarms
originated, and the number of those alarms received.
Profiles
 Displays currently configured Analytics Profiles.
 Used to create, edit, and delete profiles.
 The first step in generating analytics information for any of the "Visibility"
Reports (Top N Applications, Top N Clients, Top N Switches, and Top N Ports
Utilization) is to create an Analytics Profile.
 A profile consists of the type of information you want to view (Profile Type)
and the switches/ports that you want to analyze.
Create Profile
Profiles
Configuration
 Configuration Screen
 Profile Name - User-configured name for the profile.
 Profile Type - Select a Profile Type from the drop-down menu:
 Top N Apps & Clients
 Top N Ports Utilization
 Sampling Rate (Top N Apps & Clients Only) - Ratio of packets observed at the data
source to the samples generated. For example, a sampling rate of 100 specifies that,
on average, 1 sample will be generated for every 100 packets observed.
Profiles
Configuration
 Device/Port Selection Screen
 Add/Remove Switches - From the list of switches, select those you want to analyze.
 Add/Remove Ports - Select a switch and click on the Add/Remove Ports button. From
the list of ports, select the port(s) that you want to analyze.
 Note: A switch can only be in one profile of a particular Profile Type.

Summary View
 Displays basic information for all discovered network switches,
 Including any Analytics Profiles to which a switch may belong.
Name - User-configured switch name.

Address - IP address of the switch.
Location - User-configured switch location (if no location was
configured by the user, the field will display "Unknown").
MAC Address - MAC address of the switch
Version - Switch AOS version.
Type - Switch type (e.g., OS10K, OS6900-X20).
Applications Management
 When generating a Top N Applications Report, the Analytics application uses
port numbers to identify application traffic.
 Traffic on a specific port is identified as coming from a specific application.
 The Application Management Screen is used to create, edit, and delete

application/port mapping.
 Well known ports (e.g., 161 for SNMP, 80 for HTTP) are automatically mapped.
Modes
 Mapping is done by choosing one of the two available modes:
 Range-Based - This mode is used to set a range of ports that are monitored by the
Analytics application.
 Traffic on these ports is monitored and can be displayed in the Top N Applications Report.
 Information for all of these ports is available to be displayed
 Only those ports that have been mapped will be labeled with the application.
 Other ports will be labeled as "Unknown".
 Enumerated - This mode requires that you define specific ports to be monitored.
 Only those ports you define when you create a mapping will be monitored.
Configuration
 Click on the Create icon and complete the fields as described below:
 Application Name - Enter the name of the application (e.g., SNMP) .
 Ports - Enter the port or port range to be associated with the application. If you are
entering a range of ports, separate the port numbers with a "-" (e.g., 20-21).
 An existing application ports mapping file (.json file) can be imported into
OmniVista 2500 NMS.
 Note that this new mapping will override the existing mapping.
Anomalies
 Displays any anomalies that are discovered in established port utilization
trends.
 The information is displayed in a list that describes the anomaly and its origins (e.g.,
IP address, Port).
 Anomaly detection uses Z-Score to check for anomalies in the latest port
utilization data gathered from hourly polling over the past 30 days.
 Z-Score is a statistical measurement of a score's relationship to the mean in a group of
scores.
 It measures utilization for a port for a specific hour to determine its relationship with
utilization for the same hour over the sampling period (30 days).
 A data point that deviates considerably from an established pattern is flagged as an
anomaly and displayed on the Anomalies Screen.
 Z-Score parameters are configured on the Preferences - Analytics Screen.
Anomalies
 Note: A minimum of 11 days of data is required for anomaly calculation.

 Seasonal variation for periods of more than 30 days cannot be adequately learned
using this method. For example, an annual usage pattern would be affected by lower
usage due to holidays/vacations.
REPORT
Report
Configuration
 This Application creates and schedules Analytics Reports that can be viewed
and stored as PDF documents.
 Includes:
 Information from specific Analytics Reports (e.g., Top N Users, Top N Apps)
 Specific views of that report (e.g., Summary View, Detailed View).
 A report is generated at specific times/intervals (e.g., Daily, Weekly).

 When it is generated, it takes a current snapshot of the Analytics information you
specified
Create Report
Report
Configuration
 A report is created in two steps:
1) In the Report Configuration screen, click on the Create icon and complete the
fields as described below:
 Report Title
 Schedule Settings
 Purging Policy – The report will be removed from the server at the selected interval. Select
"None" to never purge the report.
 Schedule – "Now” generates the report immediately.
“Periodically” creates the report at specific times/intervals.
- "Simple” schedules the report generation every "x" number of days, hours,
minutes, seconds (e.g., every 5 days, every 5 minutes).
- "Cron” schedules the report generation as a cron job (e.g., every minute,
every hour, every year).
 Other Settings - Optional report parameters (e.g., page size, orientation).
Report
Configuration
Report
Configuration
2) In the Analytics Application, go to the report that you want to include (e.g.
Alarms). In the upper right corner of the screen, click on the Export icon and
select Add to Report.
▪ On the Add to Report Window, select the Report from the Report Configuration drop-
down list and click OK.
▪ You can open different views (e.g., Summary View, Detailed View) and repeat
the procedure to include those views in the report.
Report
List
 Displays all generated reports.
 To download/view a report in PDF format, select the report and click on the
Download button.
 To delete a report(s), select the report(s) and click on the Delete icon , then
click OK at the confirmation prompt.
Application Visibility
Devices Management
 Displays all network switches that support Application Visibility.
 Name, IP address, and operational status of each switch,
 Indicates whether or not an Application Visibility Profile has been assigned to the
switch.
Signature Files
Signature Profile Creation
Signature Profile Creation
 Select one of the predefined groups or a custom application group can be
configured
 Two different types of groups can be created:
 Monitoring group: Used for the Analytics Reports
 Enforcement group: used for the QoS and Access Role applications
Signature Profile Assignment
 After the profile is created, it has to be assigned to the switches and its ports.
Displaying Application Reports
 In the Analytics screen, select Top N Applications – Advanced to display the
reports
 Click on any application to display
the switch that is identifying the flows

Policies
Policies
 These policies are treated like regular policies, only the policy condition is set
to the enforcement group that was configured during the Signature Profile
creation
QoS Enforcement
 The Policy has to be included in a Policy List.
 Then, the Policy List is included as part of the Access Role Profile configuration
OMNIVISTA 2500
How-to Setup Application Visibility
Abstract
Quick configuration guide on how to enable Application Monitoring on the OmniSwitch 6860E
and configure Application Visibility and Reporting on OmniVista.
OmniVista 2500
How-to setup Application Visibility
Table of Contents
1 INTRODUCTION 3
2 REFERENCES 3
3 APPLICATION MONITORING 3
3.1 OMNISWITCH 3
3.2 OMNIVISTA 2500 3
3.3 APPLICATION SIGNATURE DATA BASE 3
4 PREREQUISITES 4
4.1 OV 2500 5
4.2 SWITCH 5
5 TEST SETUP INFORMATION 5

5.1 HARDWARE 5
5.2 SOFTWARE 5
6 SWITCH CONFIGURATION 5
7 OV 2500 CONFIGURATION 5
7.1 IMPORT SIGNATURE FILES 5
7.2 CREATE SIGNATURE PROFILE AND ADD SWITCH/PORTS 7
7.3 APPLYING SIGNATURE PROFILE TO DEVICES 11
7.4 ADDING WIDGETS TO DASHBOARD 15
7.5 DISPLAY OUTPUT 16
7.5.1 FLOW DATA COUNT 16
7.5.2 FLOW DATA USAGE STATISTICS 18
7.6 VERIFY CONFIGURATION ON SWITCH 21
7.6.1 SHOW APP-MON CONFIG 21
7.6.2 SHOW APP-MON PORT 21
7.6.3 SHOW APP-MON STATS 22
7.6.4 SHOW APP-MON APP-RECORD 22
7.6.5 SHOW APP-MON FLOW TABLE 24
Alcatel-Lucent Enterprise – Quick Configuration Guide OmniVista 4.2.x OmniSwitch 6860E

1 Introduction
This document details the procedure needed to setup Application Visibility - Monitoring on OmniSwitch 6860E
switches and how to collect application flow data. This document does not cover per flow enforcement (QOS-ACL).
This document provides an overview of Application Monitoring for a detailed explanation of the feature please
refer to the documents listed under references.
2 References
1. OmniVista User Guide
2. AOS 8x Network Configuration Guide
3. AOS 8x CLI Reference Guide
3 Application Monitoring
Application Monitoring (app-mon) feature is available on the OS6860E’s. Since app-mon looks deeper into packets
received, it can detect application flows (e.g., YouTube, Netflix, Facebook etc.,).
App-mon has three components to work: a capable OmniSwith, OmniVista 2500 and an application signature data
base.
3.1 OmniSwitch
The OmniSwitch 6860E’s ASIC has Flow Tracker and a co-processor to accomplish app-mon. When a new flow is
received on the switch, a new entry is added to flow tracker (The flow tracker is 8K in size). When a port is enabled
st
for app-mon, the 1 few packets of the flow are trapped and sent to the co-processor. The co-processor runs a
regex pattern matching algorithm on the received packet to see if any patterns match with the application
signatures. When packet’s pattern match with application signatures, they are logged if Monitoring is enabled. If
Enforcement is enabled additional controls in the form of ACL’s can be applied to control the traffic.
The pattern for applications is provided by COSMOS.
3.2 OmniVista 2500

The OV 2500 manages signature files (from COSMOS). The signature files get updated when COSMOS provides new
updates based on applications changes. OV 2500 sends the files to the switches app-mon enabled.
The OV 2500 also configures the switches port for app-mon and enforcement. It also collects the data and displays
information on flow in graphical format.
3.3 Application Signature data base

Signatures are provided by COSMOS. They are available as a ZIP file. There are about 2000 application signatures
available. They get updated by COSMOS. An auto update mechanism for the signatures is available in OV 2500.
Multiple signatures may be needed to detect a particular application. The signatures in OV 2500 are grouped into
individual applications (YouTube, Facebook, twitter etc.,) and application groups (Audio/Video, Game, Peer to Peer,
ERP etc.,). OV 2500 allows for groups to be created based on need. There are 3 constructs in AOS app-mon
• App Pool – This is the set of all signatures (An application may need multiple signatures)
• App Group – Logical group of signatures
o AOS has pre-defined groups
o User can create groups according to need

• App List – This is a pre-defined list to which groups can be added/removed
o The app-list can be enabled for Monitoring or Enforcement
The Signatures can be configured to do
• Monitoring
• Enforcement
Monitoring counts the number of flows that are detected per application.
Enforcement has two levels of control.
§ Enabling enforcement will start collection statistics (traffic counters) for application traffic. For
each flow the amount of bandwidth will be collected (e.g., 30MB for YouTube traffic 5 MB of
Twitter traffic).
§ Enforcement can also be used to apply QOS (ACL) on a per flow basis.
4 Prerequisites

4.1 OV 2500
1. OV 2500 has to be configured
2. Time and date should be set correctly on the VM (Based on the Virtualized environment)
3. The switch(s) should be discovered by OV 2500
4. The Signature file has to be downloaded and imported into OV 2500
4.2 Switch
1. Time and Date should be set
2. SNMP should be configured for OV 2500 to discover it
3. Switch should be setup to be accessed through OV 2500
4. Advanced Licenses should be applied to the switch(s)
5 Test setup Information

This section provides the software and hardware used.
5.1 Hardware
OS6860E-24
5.2 Software
AOS Software Release: 8.2.1.304
OV 25000 Release: 4.2.1.R01 (Build 69)
6 Switch Configuration
Since most of the configuration is done using OV 2500. There is not much to be done on the switch with respect to
app-mon.
The IPV6 Flow management has to be disabled. This has been fixed in future releases.
app-mon l3-mode ipv6 admin-state disable
7 OV 2500 Configuration
The DPI configurations from OV 2500 can be modified at any time based on customer need. Any number of
switches and ports can be added. The configuration applied during runtime will be applied immediately to the
switch (no need for a reboot of the switch). The data collection from OV 2500 relies on the hourly data collected
on the switch. The users might have to wait for an hour to see the display on the Dashboard.
Please follow the steps below to configure DPI
7.1 Import Signature Files

The signature file can be obtained from our support site (https://support.esd.alcatel-lucent.com/).
Click the Application Visibility Menu under Network from the OV 2500 Main page
Select Signature File From the left and Click on Import
Browse to the location of the file and import the file
Hit OK and the file will be imported

7.2 Create Signature Profile and Add Switch/Ports
The Signature profile will contain the following
1. Set of Application/Groups
2. Set of Switches and Ports on that switch where app-mon will be enabled
Go to Network->Application Visibility from the main page
Select Signature Profile on the left side and click on the “+” to create a new profile
Enter the Profile Name any String and the Description and click on Next
Select the Signature File.

Click on Groups and or Apps to select groups or applications. You can also create a new group and select
applications. For the purposes of this document, we will select “Groups” and Select all Groups. This is done for
Monitoring
Application groups can be searched and selected or “+” sign can be clicked to add the groups to the profile.
For the purposes of this document, we will select the entire list (all application groups).

All groups selected and click OK.
Click Next to Select Enforcement Groups.

Follow the Same procedure to select the Enforcement application groups. For the purposes of this document don’t
the UNP/QOS profiles are not created.
Choose all App Groups and Select OK.

After all the Enforcement groups are selected create the profile (No need to configure UNP/QOS for the purposes
of this document).
7.3 Applying Signature Profile to Devices

This setup is to apply the created signature profile to port(s) on switch(s).
Select the signature profile and click on “Apply to Devices”

Select the switch that needs to be configured for app-mon monitoring. Click OK.
Select the Ports in the Switch by clicking on Add Port and selecting the ports on that switch

User search bar and or “+” sign to select the ports and click to add to selected ports.
Click OK to select the ports needed.

Click on “Apply” at the bottom. This will take a few minutes (since we have selected all ports and all groups). Wait
till all the signatures are pushed to the switch(s). Hit “OK” at the end. If there are errors they will be displayed.
SPB Service statistics have to be disabled for App Mon Statistics to work (since they use the same counters).
This completes the assignment of Signature profiles to switches and enabling of app-mon on port(s) on the
switch(s).

7.4 Adding Widgets to Dashboard
This section lists the steps needed to configure the widgets used for displaying the graphs on the dashboard
Click on the Widget Icon on the top right corner of the OV 2500 dashboard (main page)
Click on “Add Widget”
This will open a Widget screen.
Scroll down to Select the following
1. Application Discovery 6860

2. Application Count Summary View
3. Application Count Detailed View.
The out of those screens are provided in the next section.

7.5 Display Output
7.5.1 Flow Data Count

This Widget shows the number of flow received by the switch(s) for each application. Moving the mouse over
provides information about each application.

Clicking on More provides with detailed information on the applications.

7.5.2 Flow Data Usage Statistics
This Widget shows the total network bandwidth. This is collected using the hardware statistics (as one part of
enforcement).

Detailed View

7.6 Verify Configuration on Switch
This section lists the set of CLI commands on the switch used to verify what has been configured by OV 2500.
This section also covers how to look at the flows that are being received on the switch
7.6.1 Show app-mon config

This command shows the overall configuration
6860E-24-APMON-> show app-mon config

Admin State : Disable,
Operational State : Disable,
L3-IPv4 : Enable,
L3-IPv6 : Disable, (IP V6 Disabled)
Enforcement Flow-Table Stats : Enable,
Enforcement Flow-Sync Interval : 60 seconds,
Monitor Logging Threshold : 20000,
Enforcement Logging Threshold : 20000,
App-Pool Applications : 2001, <<- Signatures configured
Monitor Applied Applications : 2001,
Enforcement Applied Applications : 2001,
Upgraded Signature File Type : Production,
AOS Compatible Signature Kit Version : 1,
Signature Kit version : 1.1.2
7.6.2 Show app-mon port

This command displays port configuration for app-mon
6860E-24-APMON-> show app-mon port

Port Admin-Status Oper-Status L4-mode
----------+-------------+------------------+---------------
1/1/1 Enable Up TCP-UDP

7.6.3 Show app-mon stats
6860E-24-APMON-> show app-mon stats

Chassis/ Total Enforcement Total Total TCP Total UDP
Slot Matched Flows Used Flows Overflow Flows Overflow Packets
--------+------------------+-----------+---------------+----------------
1/1 41 35 0 0
Total 41 35 0 0
7.6.4 Show app-mon app-record
This command shows app-records for current hour, hourly and a twenty four hour period. This is what is collected
in OV 2500 and displayed.
6860E-24-APMON-> show app-mon app-record current-hour
Sampling Interval Every 5-minutes

Application Application group
Total Detected Flows
----------------------------------------------------------------+--------------------------------
+------------------------
2017-01-14 14:00:00 PST 0d 00h 38m 58s
google Web
2
twitter Web
1
google_analytics Web
1
gstatic Web
21
hulu Audio/Video
1
instagram Web
4
--------------------------------
Number of Applications: 6
6860E-24-APMON-> show app-mon app-record hourly
Sampling Interval Every 5-minutes

Application Application group
Total Detected Flows
----------------------------------------------------------------+--------------------------------
+------------------------
2017-01-13 19:00:00 PST 0d 01h 00m 00s
dns Network Service
78
google Web
2889
google_maps Web
6
ntp Network Service
10
snmp Network Management
26
ssh Encrypted
9
youtube Web
9317
facebook Web
2579
google_ads Web
1647

ocsp Encrypted
3
twitter Web
9506
firefox_update Web
8
netflix Audio/Video
21
780
gstatic Web
9163
mozilla Web
3
hulu Audio/Video
13123
instagram Web
2889
amazon_aws Web
1
akamai Web
1551
cloudflare Web
1
google_accounts Web
48
snapchat Web
243
nielsen Web
247
appnexus Web
3
--------------------------------
--------------------------------
Number of Applications: 25
--------------------------------+---------------------------------------------------
2017-01-13 20:00:00 PST 0d 01h 00m 00s
dns Network Service
49
google Web
3930
google_maps Web
8
ntp Network Service
10
snmp Network Management
34
ssh Encrypted
12
youtube Web
12537
facebook Web
3485
google_ads Web
2233
ocsp Encrypted
1
twitter Web
12852
netflix Audio/Video
29
1085
gstatic Web
12858
mozilla Web
1
google_play Application Service
1

hulu Audio/Video
19024
instagram Web
3904
amazon_aws Web
1
akamai Web
2210
cloudflare Web
1
google_accounts Web
105
snapchat Web
353
scorecardresearch Web
1
nielsen Web
355
appnexus Web
4
--------------------------------
--------------------------------
7.6.5 Show app-mon Flow Table
This command provided Flow Table for monitoring/Enforcement. For the purposes of this document we only do
monitoring
6860E-24-APMON-> show app-mon ipv4-flow-table monitor

SrcIP DestIP SrcPort DestPort Proto App Name App Group
---------------+---------------+-----------+-----------+---------+------------------+------------
-----
10.255.10.80 10.255.135.177 8080 51392 TCP google Web
10.255.10.80 10.255.135.178 8080 31436 TCP google_analytics Web
10.255.10.80 10.255.135.178 8080 31437 TCP twitter Web
10.255.10.80 10.255.135.178 8080 31439 TCP gstatic Web
10.255.10.80 10.255.135.178 8080 31440 TCP gstatic Web
10.255.10.80 10.255.135.178 8080 31441 TCP gstatic Web
10.255.10.80 10.255.135.178 8080 31442 TCP gstatic Web
10.255.10.80 10.255.135.178 8080 31443 TCP gstatic Web
10.255.10.80 10.255.135.178 8080 31444 TCP gstatic Web
10.255.10.80 10.255.135.178 8080 31445 TCP gstatic Web
10.255.10.80 10.255.135.178 8080 31446 TCP gstatic Web
10.255.10.80 10.255.135.178 8080 31447 TCP gstatic Web
10.255.10.80 10.255.135.178 8080 31448 TCP gstatic Web
10.255.10.80 10.255.135.178 8080 31449 TCP gstatic Web
10.255.10.80 10.255.135.178 8080 31450 TCP gstatic Web
10.255.10.80 10.255.135.178 8080 31451 TCP gstatic Web
10.255.10.80 10.255.135.178 8080 31452 TCP gstatic Web
10.255.10.80 10.255.135.178 8080 31453 TCP gstatic Web
10.255.10.80 10.255.135.178 8080 31454 TCP gstatic Web
10.255.10.80 10.255.135.178 8080 31455 TCP gstatic Web
10.255.10.80 10.255.135.178 8080 31456 TCP google Web
10.255.10.80 10.255.135.178 8080 31457 TCP instagram Web
10.255.10.80 10.255.135.178 8080 31460 TCP gstatic Web
10.255.10.80 10.255.135.178 8080 31461 TCP gstatic Web
10.255.10.80 10.255.135.178 8080 31463 TCP gstatic Web
10.255.10.80 10.255.135.178 8080 31464 TCP hulu
Audio/Video
10.255.10.80 10.255.135.178 8080 31465 TCP gstatic Web
Number of Flows : 30

Using Network, Configuration &
Administration Groups
Objectives
Lesson Summary
Learn how to use:

• Discovery Application
• Topology Application
• Locator Application
• Notification Application
• Audit Application
• Resource Manager Application
• CLI Scripting Application
Discovery
Discovery
Discovery wizard enables you to discover:
• Alcatel devices in the network.
• Links between devices
• Additional link information
• VLAN information
• Third-party devices from Cisco, 3Com, and Extreme.
• Any additional third-party devices for which support has been added via the Third Party Device Support
Preferences window in the Preferences application.
Discovering Devices
• OmniVista performs a discovery based on a specified IP address range and a Discovery Profile
• You can "re-discover" previously-discovered devices to update information about a device(s).
Discovery Profile - General
Discovery Profile contains the parameters that are used by OmniVista when performing a
discovery
General
• Name - Profile name.
• CLI/FTP User Name - Used to establish CLI and FTP sessions with the devices.
• CLI/FTP Password - Used to establish CLI and FTP sessions with the devices. Note that the user name and
password specified will be used to auto-login to the devices
Discovery Profile - SNMP
SNMP
• SNMP Version that OmniVista will use to communicate with the device. Default version for AOS devices is
v2, but v1 and v3 are also supported
• Timeout (msec) that OmniVista will wait for a switch to respond before assuming that the request has
timed-out (Default = 5,000)
• Read Community. The device's "get" community name. This enables OmniVista to read information from
the device
• Write Community - The device's "set" community name. This enables OmniVista to write information to
the device
• Retry Count - Number of times that OmniVista will attempt to connect to a switch (Default = 3).
Discovery Profile - Advanced
Advanced Services
• Trap Station Name - The device user name that will be used when an AOS device is configured to send
traps to OmniVista.
• Discover Link - Specifies how OmniVista will discover the physical links associated with the discovered
devices.
• Shell Preference - Specifies the default command line interface to be used for discovered devices: Telnet
or SSH
• Use Get Bulk - When enabled, the "Get Bulk" operation is used for retrieving large amounts of data,
particularly from large tables
• Max Repetitions - The number of rows of table data that the "Get Bulk" operation will request in each
"Get Next" operation.
Discover New Devices – IP Ranges
Define address ranges to discover devices
Associate Address Ranges to SNMP Setups
Discovery – Start Discovering
After creating the IP Range, click on the Discover Now button
Discovery – Managed Devices
Displays a list of all network devices that are currently being managed by OmniVista.
There are two tabs.
• "ALL“ displays all managed devices (LAN Devices and APs).
• "OAW“ displays only managed APs.
Discovery – Hardware Inventory
Displays inventory information (e.g., CMM, Chassis, Power Supplies) for any discovered device
Discovery - Links
Displays existing links in the network
• Automatically discovered using AMAP or LLDP
• Links can also be added manually
Discovery – Manual Link
Manual links are persistent and displayed in RED when the link goes down.
Recommended to configure critical links providing better monitoring capabilities.
Useful to create links between ALE devices and external devices.
Discovery - Ports
Displays information about ports on network devices
• Enables/Disables device ports
Discovery – SPB Ports
Displays information about SPB Services Ports on network devices. SPB Services are configured on
edge devices, so only edge devices are displayed.
Discovery – Third-Party Devices Support
Discovery and support of third-party (non-AOS) devices.
Once third-party devices have been discovered, OV supports the following:
• Web Browser, Telnet or SSH
• Custom MIBs
• Custom Icons
• Traps
• Locator
Discovery – Adding Third-party Device Support
Create Mibset
• OID: Device’s Object ID
• Display Name: Name to be used for the device
• Mib Directory Name: If you want to use MIB-2 level support for third-party devices, enter mib-2. This
generic directory already exists in OV. If you are not using standard MIB-2, enter a directory name.
Discovery – Import MIBs
Imports new or updated MIB files to Omnivista
All MIB files must have an file extension of .mib
If you create a new MIB directory, you must import a complete set of MIBs into that directory.
Select the Mibset to be updated from the drop-down box and click on the Import button
Topology
Topology – Geo Map View
Google Maps for Topology
• Display of Google Maps for geolocating sites
• Zoom-In / Zoom-Out on for displaying Countries / Cities / Sites
• Switch to Topology application for moving to floor plans
Sites / Devices on Google Maps

• Declare sites using address or coordinates
• Add custom notes on maps
• Link between sites showing health status
Topology – Physical Network View
Topology of discovered devices in the network
• All discovered devices (default)
• Highlight specific devices or links
• Re-arrange devices in a map
• Create custom maps
Topology - Maps
Create and Manage Maps
• Physical/Logical
• Background Images
• Custom Map
• Custom Color
Topology – Device Operations and Information
When clicking on a device in the map, you can:
• View detailed information
• Perform certain operations Left mouse click
Displays Detail panel on
the right of the screen
Pointing at the device
Right mouse click

Locator
Locator Application
Locates Switches and Devices
• IP Address
• Mac Address
• Authorized User
Locator – Browse
Displays
• Search Criterion
• Search Results
• Map Location
Notifications
Notifications
Notifications
• Displays traps for switches.
- View by table
- View by device tree
• Click on the trap to view detailed information.
Audit
Audit
Monitors client and server activity
• Date and time when a user logged into OmniVista
• Device added to the discovery database
• Configuration file was saved, etc.
OmniVista organizes this information and stores it in the following categories
Resource Manager
Resource Manager
Resource Manager – Backup/Restore
Backup and Restore to Manage Files
OmniVista • Compare config files
• Firmware • Edit Backup files
• Configuration Files • Save as new Backup
• Optimize Backup files
Resource Manager – Compare
Text file comparison Determine changes
(boot.cfg) • GUI
• Select files from list • Color coded
• Same or different backup
or switch
Edit/Save/Restore
• Save as new
Resource Manager - Upgrade Image
Upgrade Image
• Import/Upgrade
• Image files
• Firmware files
• Scheduled
Resource Manager - Inventory
Inventory from known Switches
• Software
• Hardware
Resource Manager – Auto Configuration
Auto Configuration
• Remote Configuration
• Remote Upgrade
Resource Manager – Switch File Set
Switch File Set • Captive Portal
• Background - Welcome
• Banner - Welcome Fail

- Login Help
• Logo
- Welcome Login
- Policy
- Welcome Status
CLI Scripting
Create Telnet Scripts
Create Exit & Apply Scripts
• Preconfigured files
• Create scripts in OV or text editor
• Import Scripts
Send Scripts
Select a Script
Select Switches
Schedule and
send the script
View Log
View Script Log
• Success / Error
• Syntax errors
SSH/Telnet
SSH/Telnet to a New Device
New from 4.3R2 and later

SNMP users and community strings need to be configured on devices before they can be
managed by OmniVista.
You can now SSH/Telnet to a newly added device that is not yet reachable by SNMP to
configure the device for OmniVista management.
Basic Routing Configuration
How to
✓ Configure routing using OmniVista and WebView.
Contents
1 Monitoring RIP/RIP v2 ........................................................................ 2
2 Summary ........................................................................................ 5
3 Lab Check ...................................................................................... 5
2
Implementation
1 Monitoring RIP/RIP v2
- In this lab we are going to monitor L3 routing by using WebView.
- Right-click on the 6900A (192.168.200.1) on the map, in the Topology application, and select Device -
WebPage to launch Web-View.
- Log into the switch using admin/switch

- After login, select the Networking tab on the left and click on IP.
Verify that the RIP protocol is loaded.
- From the top menu select RIP/RIPV2 >Interfaces.

3
- Verify that the different interfaces are part of the RIP protocol.
- Verify all RIP routes including local, RIP and redistributed routes. Go to RIP/RIPv2 -> Routes
4
- Finally, remember to save your configuration. Go back to OmniVista. Select a switch from the Topology
map. Right-click the device and Select CLI Scripting – SSH/Telnet, it will open a new window, log in and
enter the command write memory flash-synchro.
- You can also use the SSH connection to make sure that your configuration is in order.
5
2 Summary
Not all features are supported directly from OmniVista. At times it may be necessary to launch either
WebView, Telnet, or SSH to configure some options.
3 Lab Check
1. Is it necessary to enter a username and password each time a Telnet or SSH session is open on
the switch?
2. Once changes are made using WebView, OmniVista can be used to save those changes to the
boot.cfg file. T/F
OmniAccess Stellar Wlan
VoWLAN
Portfolio for Voice
Enterprise Handset
 Enterprise and industrial handsets  Handset management & alarm tools
 ALE NOE (OT81x8) & SIP standard protocols handled

 Seamless Roaming
 Power Save
 Real-time handset location (Ekahau RTLS for
OT8128)
 Handset accessories
OT81x8 OT8128 SE Ascom

iOS & Android mobile, Laptop with Voice
Voice applications:
 Rainbow UCaaS client
 Rainbow mobility with OXO/OXE integration
 OTC mobile application
 Non-ALE softphones applications (Facetime,…)
Roaming assistance with 802.11r/k/v protocols

 iOS 8 and above
 Samsung Galaxy S7 minimum
 S9 minimum for 802.11v
Stellar Lineup for Voice
Support of Voice on all access points
 Since release 3.0.4.3058 in Express Mode only
 Since release 3.0.5.1046 for all Modes
AP1251
AP1231/AP1232 802.11ac Wave 2
802.11ac Wave 2 2 radios
AP1221/AP1222
AP1201 3 radios 2×2:2 @ 2.4GHz
802.11ac Wave 2
AP1201H 802.11ac Wave 2 4×4:4 @ 2.4GHz 2×2:2 @ 5GHz
2 radios
802.11ac Wave 2 2 radios Dual 4×4:4 @ 5GHz 2xGE
AP1101 2 radios
2×2:2 @ 2.4GHz
2×2:2 @ 2.4GHz BLE DPI
802.11ac Wave 1 4×4:4 @ 5GHz
2×2:2 @ 2.4GHz 2x2:2 @ 5GHz 1xGE + 1x2.5GbE
2 radios BLE w/USB
2x2:2 @ 5GHz BLE, Zigbee DPI
2×2:2 @ 2.4GHz 1 GE Port
BLE w/USB 1 GE port
2x2:2 @ 5GHz DPI
1 GE port DPI
1 GE port
3x GE downlink
RJ45 Passthrough
Voice on Stellar WLAN – Feature List
Features OmniAccess Stellar ap1101 OmniAccess Stellar ap12xx OmniAccess WLAN
Management mode Express/Enterprise/OV Cirrus Express/Enterprise/OV Cirrus Instant AP/Central/Controller-based
High Avaibility PVM+SVM/ov2500 HA redundancy PVM+SVM/ov2500 HA redundancy
PoE/PoE+ support
P P PoE+/HPoE for ap123X P
Technology 802.11g/a/n/ac wave 1 802.11g/a/n/ac wave 2 802.11g/a/n/ac wave 1 & wave 2
Client control Airtime fairness/Datarates/Band steering/load Airtime fairness/Datarates/Band steering/load Airtime fairness/Datarates/Band
balancing balancing steering/load balancing
Roaming 802.11/Okc 802.11/Okc 802.11/Okc
802.11r/k/v 802.11r/k/v 802.11r/k/v
L2/L3 with OS6860/E/6900 L2/L3 with OS6860/E/6900 L2/L3 with 4XXX controller
Sticky device avoidance Sticky device avoidance Sticky device avoidance
QoS 802.11e/WMM - DSCP/802.1p 802.11e/WMM - DSCP/802.1p 802.11e/WMM - DSCP/802.1p
WMM mapping WMM mapping WMM mapping

QoS awareness QoS awareness QoS awareness
APSD power saving APSD power saving APSD power saving
Call admission per AP
O O
Voice analytics NOE/SIP app. Visibility NOE/SIP app. Visibility
O
NOE/SIP app. enforcement NOE/SIP app. enforcement
O
Simultaneous call per AP 3 voice streams 24 voice streams 24 voice streams
Security WIDS/WIPS, rogue detection WIDS/WIPS, rogue detection WIDS/WIPS, rogue detection
EAP/PEAP with 802.1x EAP/PEAP with 802.1x EAP/PEAP with 802.1x
DHCP/SIP snooping with OSOS6860/E/6900 DHCP/SIP snooping with OSOS6860/E/6900 DHCP/SIP snooping
Voice WLAN deployment process
Voice over WLAN Deployment Steps Vowlan-deployment-guide-for-voice-Stellar-en.docx
Prepare Identify the Voice usages: understand the challenges and

requirements
Plan Requirements: wireless infrastructure, Voice devices,

environments, performance, security and management
Design Choice of architecture
Implement Deploy and manage Voice users as per design
Provide Voice service to users, maintain and extend the

Operate
service
Preparation 1
 Requirements Prepare
 What are the voice coverage requirements?
 What is the bandwidth required for the handsets and/or  Requirements for Voice
applications?
 What is the placement of the APs?  1 access point / 255 m²
 Number of users per AP –
Average of 20-25 users
 Actions -70dBm
Cells overlap Radius
 Site survey of cells
-60dBm
 Analyze the RF environment
 Discover the source of interferences and their level
 Number of APs required (Fig. 1) Figure 1
 AP placement calculation (Fig. 2)
 Identify areas that require multiple APs for High

Availability (eg: reception desk)
5 GHz Tx Power Figure 2 APs placement

Plan 2
 Define the Voice service Plan
 Bandwidth required
 « Voice » WLAN configuration
 Level of Security
 Select the appropriate level of encryption and authentication
 Recommanded configuration for « Voice »

 RF Management
 5GHz prefered (robust, best performance)
 Capacity planning
 20 to 25 clients per Aps, providing 36 Mbps user throughput
 Roaming:
 Activate the roaming options supported by the devices.
 Plan dedicated SSIDs for devices sharing the same capacities
 Reliable and redundant AP network
Design 3
 Antennas & Channels selection Design
 Channels selection is country dependent WMM Queuing
 Non-overlapping channels on adjacent APs Management Voice Application
Bandwidth Management
 Channels aggregation in 802.11ac QoS Aware RF Management
Voice Wireless LAN Edge LAN Core

Differenciated service
 QoS High priority traffic WMM Tagged DSCP, 802.1p Tagged DSCP, 802.1p
 Policies designed for Voice operations (VoIP real-time) WMM Tagged DSCP, 802.1p Tagged DSCP, 802.1p
(Fig.1) Collaborative apps
Best effort traffic Figure 1
 Policies designed for real-time conferencing
(Collaborative apps) (Fig.1) Deep Packet Inspection Network Analytics
(AP12XXs)
 Voice enforcement (optional) with Stellar DPI/app Voice Signatures Kits
monitoring (Fig.2) Application visibility
Wireless LAN Core
 Architecture DPI reports, SCP
 802.11ac data throughput requires Gigabit user ports Tagged Voice Bandwidth enforcement
compatible on the access switches Application flows

Management Plan
Figure 2 Voice LAN

Implementation 4
Implement
 Planning of Deployment
 Cabling
 Install the Voice servers
 Configure Radius, DNS and DHCP servers
 Configure IMS3 server for Voice devices management
 Configure WLAN SSID for handsets
 Install, template and configure Voice handsets via IMS3
 OmniVista 2500 configuration

Operation 5
Monitoring Operate
 Voice coverage (level of SNR, RF scan)
 VoIP audit
 System performances
Updating the infrastructure
 Handsets, Hardware networking infrastructure, servers
Surveying
 Ekahau site survey PRO or Airmagnet Survey PRO
Support & Troubleshooting
Professional services
 Professional Services cover the build and run phases of all projects, including plan & design, integrate &
deploy, asses & migrate, and project management.
 Ekahau 3D site survey tool can be delivered as service by PS to design WLAN deployments
enterprise.alcatel-lucent.com
PolicyView
Objectives
Lesson Summary
Administrate and deploy a global Quality of

Service policy over a network
OmniVista PolicyView
PolicyView QoS OmniVista
• “OneTouch” QoS PolicyView
OmniVista 2500
Used to configure network-wide QoS policies
Infrastructure
Policies stored in LDAP server configured as part PolcyView

of OmniVista installation LDAP
Directory
• Switches notified to retrieve new policies from
Web Based ELMs
this server
OneTouch simplifies QoS configuration
• Reduces the amount of interfaces for configuring QoS for VoIP and time critical data operations
• Enables enhanced policy-based management across multiple devices
• Sets parameters once
• Distributed to devices at the same time
Operation modes
• OneTouch for Voice, Data & ACL
- QoS for one or more subnets of VoIP phones
- QoS priorities for selected data servers
- Accept/ Drop traffic for selected groups
• Wizard Expert Mode
- Advanced QoS controls for complex policies (including validation scheme)
PolicyView Home
QOS Rule configuration steps
Create a Policy Rule
Create a Policy Condition
Create a Policy Action
Apply the Policy

OmniVista PolicyView QoS
One Touch Voice mode
Set Voice Conditions for IP or MAC Policies

One Touch Data mode
Set Data Server IP address and Priority

One Touch ACL mode
Set IP Network Group and traffic accessibility (Accept/ Drop)

Expert mode Create Policy
Expert mode Wizard
Initial Configuration
Set Conditions
Set Policy Rule name, Precedence and Advanced options

Expert Mode Wizard
Device Selection
Specify the devices to which the policy will be applied

Expert Mode Wizard
Set Condition and Action
Expert Mode Wizard
Validity Period and Review
Policy and Policy Manager
Policy
Administration LDAP
Repository
LDAP
LDAP LDAP
Policy Flow
User creates a policy using

2
Policy
Directory
Server
3
Policy Enabled
Switches
SSID Creation – Advanced options
Lesson summary
SSID Creation – Advanced options
• Understand and configure the advanced options of the
SSID wizard.
 Access Role Profile configuration
 Network:
 VLAN ID
 Tunnel ID and Tunnel Termination Switch (TTS) IP
 Walled Garden
 Wireless Client Social Login
 Wireless client authenticates through a social media vendor
(FaceBook Wi-Fi or Google)
 Whitelist Domain
 Allow a wireless client to access the URLs of the whitelist
without authentication
 Advanced Access Role Configuration

 Location/Period Policy
 Can a client access the network? Based on the time/date
and location of the client
 Bandwidth Control Setting
 Bandwidth allocated per user
Advanced WLAN Service Configuration
SSID SETTING
 802.11b & 802.11g support
 Hide SSID  Legacy clients are allowed/denied access to the network
 Classification Status
 Maximum number of clients per Band
 Role assignement if 802.1X/MAC authentication does not
 Maximum clients per band for this SSID
return a role
 Client Isolation
 Traffic between clients on the same AP (in the SSID) is
blocked
AP 1101 AP1201 AP123X AP1251

AP1201H
AP122X
SSID 8 per radio 16 per radio 8 per radio 8 per radio
Client per AP 256 512 768 512
Client per 128 256 256 256

band/radio
 QoS Setting  Broadcast Optimization
 Bandwidth Contract  Broadcast Key rotation
 Bandwidth limitation shared for all users, per radio  Only applicable for Enterprise
 WPA, WP2 and Dynamic WEP
 A unicast key (PTK) and a group key (GTK) are used to
encrypt traffic
 Rotate the keys periodically to avoid key cracking
 Default period: 15 min – Range 1 min – 24 hours
 Broadcast Optimization
 Broadcast Filter All
 Drop all broadcast packets except DHCP & ARP.
 Broadcast Filter ARP
 Convert broadcast ARP to unicast ARP
 Recommended if no specific multicast application is used
 Multicast Optimization
 Enabling Multicast Optimization = Convert
multicast to unicast
 Unicast key PTK used
 Uses the highest data rate (unicast)
 Limited to IP Multicast and IGMP Snooping traffic
 Multicast Optimization automatically stops on

high load
Upper limit of multicast optimization:
Channel Utilization (RF environment too poor to have
optimization) : default value 90%
Number of Clients (CPU load too high to support optimization)
: default value 6 (maximum number of high-throughput
clients)
WMM QoS Ex: DSCP Mapping
 Four categories
 QOS treatment per category
 Uplink802.1p/DSCP
 Downlink 802.1p/DSCP
DSCP=56
DSCP=56 DSCP=46
DOWNLINK DSCP UPLINK DSCP

DSCP = 8, 16 ? DSCP = 0, 24 ? BACKGROUND BEST EFFORT
BACKGROUND BEST EFFORT DSCP = 8 DSCP = 0
DSCP = 32, 40 ? DSCP = 48, 56 ? VIDEO VOICE

VIDEO VOICE DSCP = 32 DSCP = 46
WLAN Service – WMM QoS Recommendation
Recommended Settings
WMM 802.1p DSCP
Best Effort 0 0
Background 2 18 - AF 21
Voice 5 46 – EF
Video 4 34 – AF41
Default OV Settings
WMM 802.1p DSCP
Best Effort 0,3 0x00, 0x18 – 0, 24
Background 1,2 0x08, 0x10 – 8, 16
Voice 6,7 0x30, 0x38 – 48, 56
Video 4,5 0x20, 0x28 – 32, 40
Follow us on…
WiFi Express - Troubleshooting
At the end of this presentation, you will be able to
 Troubleshoot AP based issues
 Troubleshoot client based issues
 Troubleshoot performance based issues
AP Troubleshooting
AP Troubleshooting - Case 1 : AP can't be powered up
When the AP is powered up, the AP LED is “Green”. However, if the LED is off or LED has a different color,
please perform the following troubleshooting:
 Step 1: If LED is off, please check POE or adapter power output, OAW-AP will
comply with below standard or rule.
 Maximum (worst-case) power consumption: 12 W (802.3at PoE or DC)
 48 V DC (nominal) 802.3af/802.3at compliant source
 When both power sources are available, DC power takes priority
 Step 2: If LED isn't green, please check the LED color per below.
Blue Green Time Line Status

ON Power on
ON Bootloader-OS loading System start up
Flash System running Network abnormal (Interface down)
Flash System running Network normal, without SSIDcreated.
Network normal, single band working,

ON System running either 2.4Ghz or 5Ghzworking.
Network normal, dual bands working,
ON System running both 2.4Ghz and 5Ghz are working.
Red and Blue LED alternate flashing;
Flash Flash System running
OS is upgrading.
3 LEDs alternate flashing; Used for
Flash Flash Flash System running
locating an AP.
AP Troubleshooting - Case 2 : AP fails to get an IP address from the DHCP server
Stellar AP contacts the DHCP server to obtain an IP address or a static IP address is manually configured.
Step 1: Connect to the AP, using the web GUI with the default IP address 192.168.1.254.
 Configure the IP address of the PC in the same subnet than the AP.
 If the AP can be joined on the web GUI, ensure that the IP address is set to DHCP.
Step 2: If you can't access the AP using the web GUI,
access the AP using the console.
 Baud Rate: 115200

 Data Bits: 8
 Parity: None
 Stop bits: 1
 Check the IP mode of the AP ("option proto") using the command "cat /etc/config/network".
 If the "option proto" is set to static, use the command "ifconfig br-wan" to get the AP's IP address. Access
the web GUI of the AP using this IP and modify the IP type to DHCP (refer to the Step 1).
Step 3: If the AP still does not get an IP from the DHCP server, use "cd /tmp" and "ssudo tcpdump –i br-wan
–s0 –w X.pcap" commands to capture the DHCP messages. Send the file X.pcap to the tftp server using "tftp
–pl X.pcap <server-IP>", then open the X.pcap file using wireshark:
 A correct DHCP exchange looks like this:
 If you see the following DHCP messages, check the configuration of the DHCP server as well as the link
between the AP and the DHCP server:
AP Troubleshooting - Case 3 : Cannot ping or access the AP using web GUI, SSH or
console
If a PC cannot access the AP using the web GUI:
 Ping the AP's IP address. If ping fails, check the AP's IP address. If the IP is incorrect, refer to the case "AP
fails to get an IP address from the DHCP server".
 If the AP has a correct IP address, check the gateway using the command "route –n".
 If there is no gateway, check the network link.
 If the PC can't ping the AP, or the AP can't ping the gateway, check the presence of the following process
using the command "ps | grep lighttpd".
console
 If there is no lighttpd process, create the process using the command "/etc/init.d/lighttpd start".
 If the process already exists, reboot it, using the commands "/etc/init.d/lighttpd stop" and
"/etc/init.d/lighttpd stop".
 If you still can't access the AP using the web GUI, check the CPU usage with the command "top":
 If the idle is very low, kill the process using too much CPU or reboot the AP.
console
If you can't access the AP using SSH, check If you can't access the AP using console, check
the link following the previous steps and the quality of the serial port and the connection
check if the correct AP's IP address has been configuration:
used:
AP Troubleshooting - Case 4 : AP can't join a cluster
The cluster management module builds the cluster and set the role of the APs in the cluster: Primary
Virtual Manager (PVM), Secondary Virtual Manager (SVM) and MEMBER. A cluster is limited to a maximum of
32 AP1101 only or 64 mixed APs.
Check that the cluster ID value is similar on the AP and on the PVM.
 Access the AP using the console and use the command "cluster_mgt –x show=self" to check the cluster ID:
 If the cluster ID is different, modify it from the AP web GUI:

Check that the AP's IP address and PVC's IP address are in the same subnet.
 Use the command "ssudo tcpdump –i br-wan –s 0 port 32767 " to capture the PVM's messages.
 If the packets can't be captures, check the network environment
 If the AP stays in "Initializing" state for too long, reboot the AP.
Check if the AP is in a "joining" state.
 Access the PVM using the web GUI, and if the AP is in "joining" state, it must be joined manually.
 If the AP still can't join the cluster, check if the cluster has already reached the maximum number of APs
allowed (32 or 64 APs).
Use the command "ssudo tcpdump –i br-wan –s 0 port 32768" to capture the messages sent by the AP to the
PVM.
 If there is no message, reboot the AP.

Client Troubleshooting
Client Troubleshooting - Case 5 : 802.1X authentication not working
802.1X authentication involves the user (Access Client), the Access Point (or RADIUS client) and the RADIUS
server.
If authentication fails, check the following steps:
 User Side
 Whether the username and password are correct, if not, please reenter them
again
 Whether the terminal settings on the wireless network is correct, such as
security type, certificate and other required configuration.
 Make sure the terminals match the RADIUS Server authentication type.
 AP Side
 Check the WLAN's configuration
Client Troubleshooting - Case 5 : 802.1X authentication not working
 Whether it is reachable between AP and RADIUS Server using "tools-ping" on the web page:
 Ifabove tests have been performed and the authentication still fails, capture the data packets on the
AP using the command "ssudo tcpdump –i br-wan –s 0 dst <RadiusIP@>" to check the detailed
authentication process.
 Server Side
 Check the RADIUS Server Client configuration, such as the shared key,
RADIUS client IP or IP range, authentication port, certificate.
 If above items have been done, please capture the data packets on the
RADIUS server
Client Troubleshooting - Case 6 : Captive Portal redirection not working
If guest portal cannot pop up after connecting to the "Guest" SSID (open & portal), check the following:
 Whether the Captive Portal function in the WLAN is enabled. If not, enable it.
 Whether the Captive Portal authentication switch is turned on. If not, enable it.
Client Troubleshooting - Case 6 : Captive Portal redirection not working
 Check if the client MAC address is in the white list or if the client IP is in the walled garden list. If one or
both cases are true, the client cannot be redirected to the captive portal web page.
 Check if the client enters https URL. If so, enter a http URL because the https redirect for captive portal
web page is not yet supported.
 If you have checked the previous points and you are still not redirected to the captive portal web page,
use the console and enter the command "ps | grep eag" to check if the EAG process is running.
Client Troubleshooting - Case 7 : Client can't get an IP
Capture the DHCP messages from the AP and client. Use the command "cd /tmp" and "ssudo tcpdump –i br-
wan –s 0 –w X.pcap" to capture DHCP messages on the AP and send the file "X.pcap" to the tftp server using
the command "tftp –pl X.pcap <tftpIP@>". Then open the file "X.pcap" using wireshark.
 This is the expected DHCP result
If the DHCP messages of the client are incomplete and if the wireshark trace shows the same DHCP
message repeated multiple times:
 Check that the VLAN ID of the WLAN is
correct. Access the AP using the web
GUI and check the VLAN ID.
 If the VLAN ID is incorrect, modify it.

If the client does not send DHCP messages to the AP, check if the client is using DHCP and has no static IP
configuration .
If the client sends DHCP messages, but

the AP can't receive the DHCP messages,
capture the beacon frame on air and
check if the channel in the beacon frame
is the same than the one configured.
 Beacon frame:
 Channel configuration
on the AP web GUI:
 If the channel is
different, modify the
channel configuration:
Client Troubleshooting - Case 8 : Client is unable to connect to AP/Cluster
Client is unable to connect to the AP/cluster using WLAN and access the AP/cluster using web GUI.
Check the password. If it is wrong, re-log using the correct password.

If the password is correct, access the AP using the web GUI and check if the AP is in the blacklist.
 If the client is in the blacklist, click the red cross to delete the AP from the blacklist
If the client is not in the blacklist, check if the clients count reached the maximum number of clients
allowed .
 If the limit is already reached, modify the "MaxClients" parameter:

If the steps above didn't resolve the issue, clean the WLAN information saved in the wireless network card
of the client and reconnect to the AP/cluster.
Use the command "ps | grep wam" to check if the wam process of the ath port on which the client is
connected exists.
 If there are no process for athXX, use the command "wam –P /var/run/wifi-athXX.pid –B /var/run/wam-
athXX.conf –d –f /var/log/wam-athXX.log" to recreate that process.
If the client is still not connected to AP/cluster, use the command "cat /proc/kes_syslog | grep
<clientMAC@>" to check the process when a client connects to an AP/cluster
Client Troubleshooting - Case 9 : Captive Portal authentication fails
If the authentication fails after using a username/password, check the following points:
 Check if the username/password is correct. If not, enter the correct credentials.
 Check if the valid period of the user account has expired. If so, the user account is invalid and shall
disappear from the account list
Client Troubleshooting - Case 9 : Captive Portal authentication fails
If the authentication fails after using an access code, reenter the correct one:
If the previous changes did not resolve the problem, use the console and enter the command "ps | grep
eag" to check whether the EAG module is up and running. Enter "cat /proc/kes_syslog | grep eag" or "cat
/var/log/eag.log" to debug the problem.
Performance Troubleshooting
Performance Troubleshooting - Case 10 : How to check connection frames, signal
strength, PHY errors, etc
There are two ways to check the connection frames:
 Check the client details on the web page
 Enter the command "wlanconfig ath0X/1X list" in the console

 PHY errors can be checked by executing the command "athstats -i
wifi0" or "athstats –i wifi1"
Performance Troubleshooting - Case 11 : Low throughput/latency
If low throughput/latency is observed, check the following points:
 Is there a speed limit in the WLAN configuration (figure 1)
 Check the wireless mode that the client supports and the negotiation speed (figure 2 & 3)
 Is the ACS function enabled? If not, enable it (figure 4)
Figure 16-1 Figure 16-2 Figure 16-3 Figure 16-4
 Is there too much interference in the air?

If so, change to another channel.
 Check the bandwidth with your ISP.
Performance Troubleshooting - Case 12 : AP port errors
If port errors are detected on the AP, follow this debug procedure:
 Check if the connected cable is good and stable. If not, change it.
 Check if the AP gets an IP address with the command "ifconfig br-wan" on the console. If not, set an IP
address and check if the AP is reachable.
 Check the eth0 port configuration by using the

command "ethtool eth0" on the console.
Performance Troubleshooting - Case 13 : AP not supplied with PoE
If the AP does not get power supply after being connected to the PoE Switch, check the potential reasons:
 PoE is disabled on the Switch. Enable it first.
 The cable is too long. Replace it with a shorter cable, less than 100m.
 The crystal heads of the cable are not up to standard. Replace the cable.
 The PoE Switch does not meet the 802.3af or 802.3af standard. Change the PoE Switch.
 Swap the AP by another one in order to check if the issue is caused by the AP.
Performance Troubleshooting - Case 14 : Track a wireless client session on the AP
Enter the command "sfe" on the AP's console in order to track the wireless client session.
 The command result output format is the following
Src ip: Sport -> dest ip: Dport protocol type(TCP/UDP) Direction(O/R) flags packet number byte number
Performance Troubleshooting - Case 15 : Capture 802.11 management frames
between clients and AP
Capturing 802.11 management frames is
possible by using the Omnipeek tool on
the Wireless Network Card.
Troubleshooting Guide
This document is classified into several modules: reboot, setup wizard, cluster,
clients, wireless configuration, syslog, ACL, system management,
upload/download files, packet capture, portal, black list and user access etc.
Reboot
support@AP-0A:F0:~$ tech_support_command 10
Show the reboot cause of the last ten times, which includes the following：Power off
reboot，Button-reboot，Button-firstreboot，Clear all configuration，Restore all
configuration，Update firmware，Web-reboot，ZTP-reboot.
support@AP-0A:F0:~$ ssudo reboot
Reboot the ap.

Setup Wizard
support@AP-09:70:~$ getrevnumber
Check if the AP is in initialization state

If the number is zero, the AP is in initialization state. If the number is non-zero, the AP is not in initializing state.
support@AP-0A:F0:~$ ssudo firstboot
support@AP-0A:F0:~$ ssudo reboot
Use “ssudo firstboot”+”reboot” command to initialize the AP.

Cluster
support@AP-0A:F0:~$ show_cluster
Show the cluster member information: who is PVC, SVC and VC ， and their MAC/IP address,
priority, state, and authentication state.
support@AP-0A:F0:~$ cluster_mgt -x show=self
Check the role of the AP, and display its cluster ID, status in the cluster.
support@AP-0A:F0:~$ cluster_mgt -x show=pvc
Check who is PVC of the cluster it belongs to. And show the PVC’s IP/MAC address, priority and
status.
Clients
support@AP-0C:A0:~$ sta_list
Check how many and which clients are connected to the AP. Show their MAC/IP address, online
time, RX value, TX value, frequency and authentication way.
support@AP-0C:A0:~$ wlanconfig athxx list
Show the clients list of athxx interface, which includes MAC address, channel, TXRATE, RXRATE,
RSSI, ASSOCIATION TIME etc.
Wireless configuration
support@AP-09:70:~$ iwconfig
Show the information of wireless configuration.
support@AP-09:70:~$ iwconfig athxx
Show the information of specific wireless interface.
support@AP-09:70:~$ cat /etc/config/wireless

Show the WLAN configuration.
support@AP-09:70:~$ config_wlan list_wlan
Show the configuration of WLAN.
support@AP-09:70:~$ iwpriv athxx get_mode
Show the AP mode(a/b/g/n/ac).
HT20 show that AP using one channel.
HT40 and VHT80 show that AP using channel bonding.
Syslog
support@AP-0C:A0:~$ cat /proc/kes_syslog
Show the syslog of the AP.

support@AP-09:70:~$ cat /var/log/eag.log
Show the log of eag module.
ACL
support@AP-0C:A0:~$ iptables -nvL
Show which user hits which ACL
System management
support@AP-09:70:~$ uptime
Show how long time the AP has been running for, the information display is as follows: current time, the run
time, and the average load in the past 1 minutes, 5 minutes and 15 minutes.
support@AP-09:70:~$ date
Show the current time of the AP.

support@AP-09:70:~$ top
Show the performance of system.

The first line shows the memory performance and the parameters’ meaning is as follow sheet. The second line
shows the CPU performance and the parameters’ meaning is as follow sheet. The third line shows the average
load of CPU, and the fourth line shows the content of process.
The contents showed by “top” command refresh every five seconds.
support@AP-09:70:~$ free
Show the memory information of the AP.

support@AP-09:70:~$ ps
Show the running process of the system.
support@AP-09:70:~$ ps | grep XXX
Show the process of the xxx module.
support@AP-09:70:~$ sar 1
Show the CPU performance every one second.

Network management
support@AP-09:70:~$ route
Show the route information of the AP.
support@AP-09:70:~$ route -n
Show the destination with IP address.
support@AP-09:70:~$ route | grep x.x.x.x
Show the specific route.
support@AP-09:70:~$ cat /etc/config/network
Show the network configuration The option “ula_prefix” is Local IPv6 Unicast Address, and the rest of the
parameters are the configuration of the interface.
support@AP-09:70:~$ ifconfig
Show all the interface information such as link encap, MAC address, packets and etc.
support@AP-09:70:~$ ifconfig xxxx
Show the information of specific interface.
support@AP-09:70:~$ ssudo ifconfig br-wan x.x.x.x
Modify the IP address of br-wan.

support@AP-09:70:~$ athstats -i wifi0/wifi1
Show the wireless card information of the AP.
support@AP-09:70:~$ ethtool eth0
Show the information of eth0.

support@AP-09:70:~$ ssudo ping X.X.X.X
Check the network connectivity.Use “ctrl+c” to abort the ping.
support@AP-09:70:~$ ssudo traceroute X.X.X.X
Show the route information.
Upload/Download files
support@AP-09:70:~$ tftp -h
Show the parameters of tftp command. Use the “tftp” command to download/upload files, For example:
support@AP-09:70:~$ tftp -gr [file name] [tftp server]

Download files from tftp server.
support@AP-09:70:~$ tftp -pl [file name] [tftp server]

Upload files to tftp server.
Packet capture
support@AP-09:70:~$ tcpdump -h
Show the parameters of “tcpdump” command. Use the “tcpdump” command to capture packets, for example:
support@AP-09:70:~$ tcpdump -i br-wan -s0 -w 1.pcap
Capture the packets that br-wan received and sent, and save the packets named 1.pcap.
Portal
support@AP-09:70:~$ ssudo userm_cli -s
Show the account list of portal.
Black list
support@AP-0C:A0:~$ iwpriv athxx getmac
Show the blacklist MAC address.

User access
support@AP-09:70:~$ cat /etc/config/wireless
Show different security policy configuration of WLAN.
support@AP-09:70:~$ cat /etc/config/captive_portal
Show captive_portal configuration of WLAN.
support@AP-09:70:~$ cat /var/log/wam-athXX.log
Show user access with different security policy debug information.
support@AP-09:70:/$ cat /var/log/eag.log
Show user portal authentication debug information.

support@AP-09:70:/$ eag_cli show user all
Show portal user who have authenticated successfully.

Book your remote demo
through the
eDemo website!
• What’s in for you FREE SERVICE to conduct remote

 Demonstration booking forms
demonstrations on your premises or
 User guides
 Requirement lists the customer’s from our data center
 Videos on selected ALE Communications and
 Access to the help desk (from 9am to 6pm CET – PST) Network solutions
 And much more!
http://edemo.al-mydemo.com/
• Specific demonstrations can be handled upon request

Omnivista 2500 Nms &amp; Omniaccess - Alcatel-Lucent Enterprise

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Omnivista 2500 Nms &amp; Omniaccess - Alcatel-Lucent Enterprise

Uploaded by

Copyright:

Available Formats

OMNIACCESS STELLAR WLAN - R3

Standard Class Hours Break Badges for Participants Internet Access

The course is a combination of

‐ SSID Creation ‐ UPAM BYOD Access

• Alcatel-Lucent Enterprise Support

• Training & Certification

• RFC Technical documents

Two-sided PDF showcasing ALE

Directly from the Home page / My Recent Learning activity;

OmniAccess Stellar OmniAccess Stellar

OmniAccess Stellar Wlan

OmniAccess Stellar OmniAccess Stellar Wlan I=2,5 h

Lan/Wlan for SMB OmniVista 2500 NMS-E I= 75min

Full remote or Classroom

Small market segment Medium market segment

Describe OmniVista 2500 NMS main features

Define the management interfaces

Introduce the new features

Provisioning • Optimal troubleshooting process to provide

Traditional PC Rendering Tablet Rendering SmartPhone

USER INTERFACE • General UX (Real estate use improvement)

TOPOLOGY • NOC Topology style, Hierarchical Topology

• Platform “HA” High availability solution

• Left-Hand Side Menus automatically close after a

Increased view for NOC Topology display

• Increased Performance for HA with higher number of devices

Management Information Base (MIB)

• Same features in CLI and in WebView CLI WebView SNMP

CLI-MIP EMWEB-MIP SNMP-MIP

Applications in OmniVista 2500 NMS are:

1 Connecting to the Remote Desktop

Connect to the Remote Lab via an RDP session

Click on the shortcut corresponding to your operating system:

Expand the Show Options

Select the Advanced tab

Click on the Settings… button

Check Use these RD Gateway

Enter the Server name

Select the Login method:

Check the parameter Bypass

Check the parameter Use my

Click on the OK button

Go back to the General tab

Enter the Computer name

Click on the Connect button

In the username field, enter

In the password field, enter

Click on the OK button

Congratulations, you are now

You can directly go to Part 2

Expand the Show Options

Select the Advanced tab

Click on the Settings… button

Check Use these RD Gateway

Enter the Server name

Select the Login method:

Check the parameter Bypass

Check the parameter Use my

Click on the OK button

Go back to the General tab

Enter the Computer name

Click on the Connect button

In the username field, enter

Omnivista 2500 Nms & Omniaccess - Alcatel-Lucent Enterprise

Omnivista 2500 Nms & Omniaccess - Alcatel-Lucent Enterprise