Aruba MeshOS 4.7 User Guide
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Aruba MeshOS 4.7
User
Gu
ide
Copyright
© 2013 Aruba Networks, Inc. Aruba Networks trademarks include , Aruba Networks®, Aruba Wireless Networks®, the registered Aruba the Mobile Edge Company logo, Aruba Mobility Management System®, Mobile Edge Architecture®, People Move. Networks Must Follow®, RFProtect®, Green Island®. All rights reserved. All other trademarks are the property of their respective owners.
Open Source Code
Certain Aruba products include Open Source software code developed by third parties, including software code subject to the GNU General Public License (GPL), GNU Lesser General Public License (LGPL), or other Open Source Licenses. Includes software from Litech Systems Design. The IF-MAP client library copyright 2011 Infoblox, Inc. All rights reserved. This product includes software developed by Lars Fenneberg et al. The Open Source code used can be found at this site:
http://www.arubanetworks.com/open_source
Legal Notice
The use of Aruba Networks, Inc. switching platforms and software, by all individuals or corporations, to terminate other vendors’ VPN client devices constitutes complete acceptance of liability by that individual or corporation for this action and indemnifies, in full, Aruba Networks, Inc. from any and all legal actions that might be taken against it with respect to infringement of copyright on behalf of those vendors.
Warranty
This hardware product is protected by the standard Aruba warranty of one year parts/labor. For more information, refer to the ARUBACARE SERVICE AND SUPPORT TERMS AND CONDITIONS.
Altering this device (such as painting it) voids the warranty.
www.arubanetworks.com
1344 Crossman Avenue
Sunnyvale, California 94089
Phone: 408.227.4500
Fax 408.227.4550
MeshOS 4.7 | User Guide 0511349-01 | May 2013
MeshOS 4.7 | User Guide
Contents
About this Guide..................................................................................................................17Audience..............................................................................................................17
Fundamentals ......................................................................................................17
WMI...............................................................................................................17
CLI.................................................................................................................17
Related Documents .............................................................................................18
Conventions.........................................................................................................18
Contacting Support .............................................................................................19
.............................................................................................................................19
Chapter 1 Web Management Interface .................................................................21Getting Started with WMI ....................................................................................21
Logging into the WMI....................................................................................21
WMI Layout and Homepage .........................................................................22
MST200 Quick Setup Wizard........................................................................23
Modifying the MST200 Parameters ........................................................24
Configuring the MST200 Parameters .....................................................24
Chapter 2 Basic Configuration...............................................................................25Using WMI to Configure the Basic Settings ........................................................25
Using CLI to Configure the Basic Settings..........................................................27
Configuring the Regulatory Domain..............................................................27
Configuring Public safety ..............................................................................27
Configuring the Installation Type ..................................................................27
Configuring the Hostname ............................................................................27
Configuring the Location Info........................................................................27
Configuring Local IP (optional but recommended) .......................................28
Configuring Telnet Access ............................................................................28
Chapter 3 Configuring Ethernet Interface.............................................................29Using WMI to Configure the Ethernet Interface...................................................29
Ethernet Configuration Page.........................................................................29
Basic Tab................................................................................................30
VLAN Tab................................................................................................30
IPv4 Tab..................................................................................................31
QoS Tab..................................................................................................33
Advanced Tab.........................................................................................33
Using CLI to Configure the Ethernet Interface ....................................................34
Configuring the Ethernet Port Settings .........................................................34
Description of the Ethernet Interface ............................................................34
Configuring the Access Category .................................................................34
Configuring VLAN settings............................................................................34
Configuring IPv4 Settings .............................................................................34
Configuring Advanced Settings ....................................................................35
Chapter 4 Configuring Wireless Interfaces...........................................................37802.11n Mode ...............................................................................................37
| 3
MIMO Technology ..................................................................................37
Channel Bundling ...................................................................................37
Frame Aggregation .................................................................................37
Using WMI to Configure Radio Interfaces ...........................................................38
Configuring Radio Interface Basic Settings ..................................................38
Configuring the Channel List ..................................................................41
Configuring Radio Interface Backhaul Settings ............................................42
Configuring Radio Interface Advanced Settings...........................................43
Using CLI to Configure the Wireless Interfaces...................................................44
Configuring a Radio Interface .......................................................................44
Changing the Radio parameters ...................................................................44
Configuring Advanced settings.....................................................................44
Chapter 5 Configuring VLAN ..................................................................................45VLAN Ports ..........................................................................................................45
VLAN Access Port.........................................................................................46
VLAN Trunk Port ...........................................................................................46
Application of VLAN ............................................................................................46
Using WMI to Configure a VLAN .........................................................................46
VLAN Interfaces Page ...................................................................................46
Adding a VLAN Interface...............................................................................47
Configuring VLAN Basic Settings .................................................................49
Configuring VLAN Interface IPv4 ..................................................................49
VLAN Interface Advanced Configuration ......................................................51
Deleting a VLAN Interface .............................................................................51
Using CLI to Configure a VLAN ...........................................................................52
Add a VLAN interface and Configure Basic Settings....................................52
Configure VLAN Interface IPv4 .....................................................................52
Example...............................................................................................................52
Topology .......................................................................................................52
CLI.................................................................................................................53
Configuring Loopback .........................................................................................54
Adding a Loopback Interface........................................................................54
Deleting an Existing Loopback Interface ......................................................56
Chapter 6 Configuring DHCP .................................................................................59Configure DHCP Relay Option 82.................................................................59
Relay Option 82 ......................................................................................59
Specifying the packet forwarding address.............................................59
Using WMI to Configure DHCP ...........................................................................60
DHCP Server Configuration ..........................................................................60
Adding a New DHCP Pool ......................................................................61
Configuring the New DHCP Pool............................................................62
DHCP Relay Configuration............................................................................67
Deleting a DHCP Relay...........................................................................67
Using CLI to Configure DHCP .............................................................................68
Configuring a DHCP Server ..........................................................................68
Default lease time..........................................................................................68
Max lease time ..............................................................................................68
DNS Addresses.............................................................................................68
Configuring a DHCP Pool .............................................................................68
Configuring DHCP Relay...............................................................................68
Configuring DHCP Relay Option82 (optional) ...............................................69
Chapter 7 Configuring NAT ....................................................................................71
4 | MeshOS 4.7 | User Guide
Using WMI to Configure NAT ..............................................................................71
Using CLI to Configure NAT ................................................................................71
Example...............................................................................................................71
Chapter 8 Configuring ACL ....................................................................................73Using WMI to Configure ACL Settings ................................................................73
Using CLI to Configure ACL Settings ..................................................................73
Define an ACL ...............................................................................................73
Apply the ACL to the interface. .....................................................................74
Examples .............................................................................................................74
Chapter 9 Access Mode Configuration .................................................................77Mapping BSS to DSCP .................................................................................77
802.11 Security Configuration ......................................................................77
Using WMI to Configure Access Mode ...............................................................79
Configuring a BSS Interface..........................................................................79
Creating a New BSS...............................................................................79
Deleting a BSS........................................................................................89
Using CLI to Configure Access Mode .................................................................90
Configuring a Radio Interface .......................................................................90
Configuring BSS on the Radio ......................................................................90
Configure Security ........................................................................................90
VLAN Configuration ......................................................................................90
Example...............................................................................................................91
Chapter 10 Configuring Multicast ............................................................................93RP Address ...................................................................................................93
IP Multicast Optimization ..............................................................................93
Configuring Advanced Parameters ...............................................................93
Using WMI to Configure Multicast.......................................................................93
Multicast Configuration Page........................................................................94
Using CLI to Configure Multicast ........................................................................95
Enable Multicast............................................................................................95
Configure Static RP Address for PIM............................................................95
Multicast Optimization ..................................................................................95
Example...............................................................................................................95
Chapter 11 Configuring Routing ..............................................................................97Static Routing ......................................................................................................97
Using WMI to Configure Static Routes .........................................................97
Static Routes Configuration Page ..........................................................97
Adding an IPv4 Static Route...................................................................98
Deleting an IPv4 Static Route.................................................................99
View IPv4 System Routing Table..........................................................100
Using CLI to Configure Static Routes .........................................................102
OSPF .................................................................................................................102
Application of OSPF....................................................................................102
Redistribute Mesh routing ....................................................................102
Routing summary .................................................................................102
Using WMI to Configure OSPF ...................................................................103
OSPF Configuration Page ....................................................................103
Adding an OSPF Network ....................................................................104
Deleting an OSPF Network...................................................................105
Adding a Summary Address.................................................................106
MeshOS 4.7 | User Guide | 5
Deleting Summary Address ..................................................................107
Using CLI to Configure OSPF .....................................................................108
Example ......................................................................................................108
Dynamic Routing with AWR ..............................................................................108
Advantages of AWR ....................................................................................108
Running AWR on Layer-3 interface.............................................................109
BSS/Interface VLAN .............................................................................109
WDS......................................................................................................109
Ethernet ................................................................................................109
Support for Multi-gateway ..........................................................................109
AWR Primary Gateway Election..................................................................110
Using the WMI to Configure AWR...............................................................110
AWR Configuration Page......................................................................110
Using CLI to Configure AWR ......................................................................111
Example ......................................................................................................111
Chapter 12 Configuring Active Video Transport...................................................113Using WMI to Configure AVT.............................................................................113
Enable the AVT service ...............................................................................113
Add an Ingress IP........................................................................................114
Deleting an Existing Ingress IP....................................................................115
Using CLI to Configure AVT...............................................................................115
Enable AVT Service.....................................................................................115
Configure the AVT Service ..........................................................................115
Add an Ingress IP........................................................................................116
Delete an Ingress IP ....................................................................................116
Example.............................................................................................................116
Configuring AVT Ingress: ............................................................................116
Configuring AVT Egress: .............................................................................117
Network Camera Fingerprinting ........................................................................117
Automatic Setting........................................................................................117
AVT Ingress...........................................................................................117
Station Mode Client List .......................................................................117
Cameras Supported....................................................................................117
Using WMI to View the Camera Database..................................................117
Using CLI to View the Camera Database....................................................118
Chapter 13 Configuring Client Mode .....................................................................119Auxiliary Device IP Address List (client-list) ................................................119
Using WMI to Configure Client Mode................................................................119
Clients Connections Page...........................................................................119
Creating a Client-mode Connection ...........................................................120
Client-mode Connection Basic Configuration......................................120
Configuring Client-mode Connection Security Settings.......................121
Configuring Client-mode Connection VLAN Settings .................................124
Configuring Client-mode Connection IPv4 Settings ...................................125
Configuring Client-mode Connection Scanning Settings ...........................126
Configuring Client-mode Connection Advanced Settings..........................127
Using CLI to Configure Client Mode..................................................................128
Creating a Client-mode Connection ...........................................................128
Configuring Basic Settings..........................................................................128
SSID......................................................................................................128
BSSID ...................................................................................................128
Description............................................................................................129
Configuring Security Settings .....................................................................129
Authentication Type..............................................................................129
6 | MeshOS 4.7 | User Guide
VLAN Settings .............................................................................................129
IPv4 Settings ...............................................................................................129
IP address.............................................................................................129
Client mode scanning settings....................................................................129
Scan Modes..........................................................................................129
Scan Interval .........................................................................................129
Scan Threshold.....................................................................................129
Advanced settings ......................................................................................129
AP Inactivity limit ..................................................................................129
Fragmentation Threshold......................................................................129
Example.............................................................................................................129
Chapter 14 Configuring VPLM................................................................................131Application of VPLM..........................................................................................131
Port Type in VPLM.............................................................................................131
Site Identifier (Site ID) ........................................................................................131
Automatic Configuration of Site-ID .............................................................132
Limitations ............................................................................................132
VPLM and QoS Policies ....................................................................................132
Using WMI to Configure VPLM..........................................................................132
VPLM Settings Page ...................................................................................132
Using the CLI to Configure VPLM .....................................................................133
Example.............................................................................................................133
Configuring VPLM on Router_A ..................................................................134
Configuring VPLM on Router_B..................................................................135
Configuring VPLM on Router_C..................................................................135
Chapter 15 Configuring Motrix...............................................................................137Using WMI to Configure Motrix .........................................................................137
Mobility Settings page ................................................................................137
Using CLI to Configure Motrix ...........................................................................138
Chapter 16 Configuring SNMP ...............................................................................139Using WMI to Configure SNMP.........................................................................139
Configuring Device Information ..................................................................139
Configuring SNMP Communities ................................................................140
Adding a New Community....................................................................141
Deleting a Community ..........................................................................141
Configuring SNMP Trap Receivers .............................................................142
Adding a New SNMP Trap Receiver.....................................................142
Deleting a SNMP Trap Receiver ...........................................................143
Configuring SNMP v3 Users .......................................................................144
Adding a New SNMPv3 User ...............................................................144
Deleting a SNMPv3 User ......................................................................146
Using CLI to Configure SNMP...........................................................................146
Configuring SNMP Device Information .......................................................146
Configuring SNMP Community...................................................................147
Configuring SNMP Trap ..............................................................................147
Configuring SNMPv3 Users ........................................................................147
Chapter 17 Configuring Radio Frequency Manager.............................................149Using WMI to Configure RFM............................................................................149
Mesh Configuration.....................................................................................149
Configuring Mesh Interface Basic Settings ..........................................149
MeshOS 4.7 | User Guide | 7
Configuring Mesh Interface Security Settings ......................................150
Click on the Apply Changes button to save the configuration. ..................153
Configuring Mesh ACL List Settings ....................................................153
Configuring Preferred Links Settings....................................................155
Configuring Mesh Advanced Settings ..................................................157
Using CLI to Configure RFM .............................................................................157
Configure the Mesh Interface......................................................................157
Configure Mesh Security Settings ..............................................................158
Configure the ACL settings for the Mesh....................................................158
Configure Preferred Links (optional) ...........................................................158
Example.............................................................................................................158
Chapter 18 Configuring Orphan Recovery............................................................163Orphan Node Recovery .....................................................................................163
Using WMI to recover a Orphan Node........................................................163
Using CLI to recover an Orphan Node........................................................164
Auto Orphan Recovery ......................................................................................164
Prerequisite .................................................................................................165
Limitations...................................................................................................165
Using WMI to enable AOR ..........................................................................165
Using CLI to enable AOR......................................................................166
Chapter 19 Troubleshooting Tools and Logs .......................................................167SNR Graph ........................................................................................................167
Using WMI for Antenna Alignment ..............................................................167
Adding Neighbors to the List ......................................................................167
Viewing the SNR Graph of a Neighbor........................................................167
Tools ..................................................................................................................168
Basic Tab ....................................................................................................169
Wireless Tab................................................................................................169
Network Tab................................................................................................169
Interface Tab ...............................................................................................170
Logs...................................................................................................................173
Viewing Logs...............................................................................................173
Downloading Logs ......................................................................................174
Chapter 20 Maintenance.........................................................................................175Upgrade.............................................................................................................175
Using WMI to Upgrade MeshOS.................................................................175
Using CLI to Upgrade MeshOS ..................................................................176
Import/Export Configuration..............................................................................177
Export a Configuration ................................................................................177
Importing a Configuration ...........................................................................177
Reboot ...............................................................................................................178
Using WMI to Reboot a Device...................................................................178
Using CLI to Reboot a Device.....................................................................179
Factory Reset ....................................................................................................179
Using WMI to Restore the Factory Default .................................................179
Using CLI to Restore the Factory Default ...................................................180
Changing the Password ....................................................................................180
Using WMI to Change the Password of a Device .......................................181
Using CLI to Change the Password of a Device.........................................181
LED Control .......................................................................................................181
Using WMI to Disable the LEDs ..................................................................182
8 | MeshOS 4.7 | User Guide
Using CLI to Disable the LEDs....................................................................182
Auto Recovery ...................................................................................................182
Using WMI to Enable Auto Recovery Feature.............................................182
Using CLI to Enable Auto Recovery Feature...............................................183
Chapter 21 Miscellaneous Settings .......................................................................185Syslog ................................................................................................................185
Configuring Syslog Client............................................................................185
Remote Syslog Service ...............................................................................185
Adding a Syslog Server...............................................................................186
Deleting a Syslog Server .............................................................................186
Adding Facility and Severity Level ..............................................................186
Deleting Facility and Severity ......................................................................187
NTP....................................................................................................................187
Using WMI to Configure NTP......................................................................187
Using CLI to Configure NTP........................................................................188
Appendix A Building a Four Node Mesh Network.................................................189Topology of a four-node mesh network ............................................................189
Basic configuration of a Four Node mesh network ...........................................189
Example of a Four Node Mesh Network Configuration.....................................190
Configuring Management IP Address ..................................................191
Configuring Hostname..........................................................................191
Configuring Mesh-ID ............................................................................191
Configuring Mesh Security ...................................................................191
Configuring Preferred Links (optional) ..................................................191
Limiting the Max Allowed Links and Enabling Auto WDS Meshing on a
Radio ....................................................................................................192
Configuring Max Neighbor Distance on radio ......................................192
Configuring Mode and Site-ID on Ethernet ..........................................193
Connecting the Mesh Network to Wired Network................................193
Validating the Four Nodes Network......................................................193
Validating the mesh network links ........................................................193
Validating the network connectivity......................................................193
Appendix B Configuring an Access Network ........................................................195Topology of an Access Network .......................................................................195
Additional configuration for an access network ................................................195
Example of an Access Network Configuration..................................................196
Configuring Auto WDS Meshing, Preferred Link, Ethernet Mode, and Site-
ID on Radio 0 ........................................................................................197
Disable Auto WDS Meshing on Radio 1 ...............................................198
Configuring the Wireless Mode/Channel on Radio 1 ...........................199
Configuring Channel Policy on Radio 1................................................199
Creating a New Access BSS on Radio 1 and Configuring SSID..........199
Configuring Security for Access BSS...................................................199
Configuring Access VLAN for BSS.......................................................200
Enable VPLM mode ..............................................................................200
Connect the Mesh Network to Wired Network.....................................200
Validating the Wireless Access Network ..............................................200
Validating the mesh network links ........................................................200
Validating the VPLM Configuration.......................................................200
Validating the network connectivity......................................................201
Validating the wireless access..............................................................201
Appendix C Configuring an AirMesh Router as a Client.......................................203
MeshOS 4.7 | User Guide | 9
Topology of a Hybrid Network...........................................................................203
Additional Configuration for a Hybrid Network..................................................204
Example Hybrid wireless Network Configuration ..............................................204
Configuring Auto WDS Meshing on Radio 0 ........................................206
Configuring Access BSS on Radio 1....................................................207
Configuring Client device on Node-4 ...................................................208
Appendix D Troubleshooting Mesh Networks.......................................................211Troubleshooting the Point-to-Point Network ....................................................211
Checking Active Links on Each Node.........................................................211
Verifying Mesh Configuration on Each Node ..............................................212
Getting Device List within Same Mesh-ID ..................................................212
Device List of Node-1 ..........................................................................212
Device List of Node-2 ..........................................................................213
Getting Radio Status of Each Radio ...........................................................213
Radio 1 status on Node-1 ....................................................................213
Getting Neighbor AirMesh Devices.............................................................213
All neighbors for Node-1 ......................................................................214
Aligning Antenna in a Real Deployment ......................................................214
Failure Error Codes............................................................................................215
Appendix E Acronyms and Terms ..........................................................................217Acronyms...........................................................................................................217
Terms.................................................................................................................224
Index...................................................................................................................................233
10 | MeshOS 4.7 | User Guide
MeshOS 4.7 | User Guide
Figures
Figure 1 WMI log in............................................................................................................22
Figure 2 WMI Homepage...................................................................................................22
Figure 3 WMI MST200 Wizard...........................................................................................23
Figure 4 Basic Settings Page ............................................................................................26
Figure 5 Ethernet Ports Page ............................................................................................29
Figure 6 Ethernet Configuration Basic Tab........................................................................30
Figure 7 Ethernet Interface VLAN Tab ...............................................................................30
Figure 8 Ethernet Interface IPv4 Tab .................................................................................32
Figure 9 Ethernet Interface QoS Tab .................................................................................33
Figure 10 Ethernet Interface Advanced Tab .......................................................................34
Figure 11 Radio Settings Page ............................................................................................38
Figure 12 Radio Interfaces Basic Configuration Page.........................................................39
Figure 13 Channel Selection Window..................................................................................41
Figure 14 Apply Channel Selection ....................................................................................42
Figure 15 Radio Interface Backhaul Configuration Tab.......................................................42
Figure 16 Radio Interface Advanced Configuration Tab .....................................................43
Figure 17 Ethernet Frame with 802.1Q................................................................................45
Figure 18 802.1Q Label Head..............................................................................................45
Figure 19 VLAN Interfaces Page..........................................................................................47
Figure 20 Adding VLAN Interface Page...............................................................................48
Figure 21 Basic Settings for the New VLAN Interface.........................................................49
Figure 22 IPv4 Configuration Screen...................................................................................50
Figure 23 VLAN Interface Advanced Configuration Screen ................................................51
Figure 24 Deleting a VLAN Interface....................................................................................52
Figure 25 Typical Topology of VLAN Application ................................................................53
Figure 26 Loopback Configuration Page.............................................................................54
Figure 27 Adding a Loopback Interface ..............................................................................55
Figure 28 Loopback Interface Settings Page ......................................................................56
Figure 29 Deleting an Existing Loopback Interface.............................................................57
Figure 30 Packet Forwarding Process ................................................................................60
Figure 31 DHCP Server Configuration Page .......................................................................61
Figure 32 DHCP Pools Page ...............................................................................................62
Figure 33 Adding a New DHCP Pool...................................................................................62
Figure 34 Basic Configuration of a DHCP Pool...................................................................63
Figure 35 Deleting DHCP Option.........................................................................................64
Figure 36 Adding a New IP Address Range ........................................................................64
Figure 37 Deleting an Existing IP Address Range ...............................................................65
Figure 38 Adding a Fixed Assignment.................................................................................66
Figure 39 Deleting an Existing Fixed Assignment ...............................................................66
Figure 40 Deleting an Existing DHCP Pool..........................................................................67
Figure 41 DHCP Relay Configuration Page.........................................................................67
Figure 42 Deleting a DHCP Relay Configuration .................................................................68
Figure 43 Multi-Multi address translation. ...........................................................................71
Figure 44 Model of 802.1x Authentication...........................................................................78
| 11
Figure 45 BSS List Page......................................................................................................79
Figure 46 BSS Configuration Page - New BSS...................................................................80
Figure 47 BSS Configuration Page......................................................................................80
Figure 48 BSS Security Configuration Tab..........................................................................81
Figure 49 Open WEP Security Configuration Page .............................................................82
Figure 50 Shared WEP Security Configuration Page .........................................................82
Figure 51 WPA Security Configuration Page.......................................................................83
Figure 52 WPA2 Security Configuration Page.....................................................................84
Figure 53 VLAN Configuration Page....................................................................................85
Figure 54 IPv4 Configuration Page......................................................................................86
Figure 55 QoS Configuration Page......................................................................................87
Figure 56 BSS Advanced Configuration Page.....................................................................88
Figure 57 Deleting an Existing BSS.....................................................................................90
Figure 58 802.1x Network Topology ...................................................................................91
Figure 59 Multicast Configuration Page ..............................................................................94
Figure 60 Typical Multicast Configuration ...........................................................................95
Figure 61 Static Routes Page..............................................................................................98
Figure 62 Adding a Static Route..........................................................................................99
Figure 63 IPv4 Static Route Successfully Added ................................................................99
Figure 64 Deleting IPv4 Static Route.................................................................................100
Figure 65 IPv4 System Routing Table Page ......................................................................101
Figure 66 Running OSPF Protocol at the Mesh Gateway .................................................102
Figure 67 OSPF Configuration Page .................................................................................103
Figure 68 Adding a New OSPF Network ...........................................................................105
Figure 69 Deleting an Existing OSPF Network ..................................................................106
Figure 70 Adding Summary Address.................................................................................107
Figure 71 Deleting an Existing Summary Address ............................................................107
Figure 72 Typical OSPF Configuration ..............................................................................108
Figure 73 Multi-gateway Simulation Map..........................................................................109
Figure 74 AWR Configuration Page...................................................................................110
Figure 75 Simulated Configuration Map for AWR .............................................................111
Figure 76 AVT Configuration Page ....................................................................................114
Figure 77 Adding an Ingress IP .........................................................................................115
Figure 78 Deleting an Existing Ingress IP ..........................................................................115
Figure 79 Video surveillance network topology.................................................................116
Figure 80 Viewing Camera Database ................................................................................118
Figure 81 Client Connections Page ...................................................................................120
Figure 82 Creating a Client-mode Connection..................................................................120
Figure 83 Client-mode Connection Basic Configuration Page..........................................121
Figure 84 Client-mode Connection Security Configuration Page .....................................122
Figure 85 Client-mode Connection Open WEP Configuration Page.................................122
Figure 86 Client-mode Connection Shared WEP Configuration Page ..............................123
Figure 87 Client-mode Connection WPA Configuration Page ..........................................123
Figure 88 Client-mode Connection WPA2 Configuration Page ........................................124
Figure 89 Client-mode Connection VLAN Configuration Page .........................................125
Figure 90 Client-mode Connection IPv4 Configuration Page ...........................................126
Figure 91 Client-mode Connection Scanning Configuration Page ...................................127
Figure 92 Client-mode Connection Advanced Configuration Page ..................................128
Figure 93 Network Topology at Bridge Mode ...................................................................130
Figure 94 Site IDs ..............................................................................................................132
12 | MeshOS 4.7 | User Guide
Figure 95 VPLM Configuration Page .................................................................................133
Figure 96 Network Topology -VPLM .................................................................................134
Figure 97 Mobility Settings Page.......................................................................................137
Figure 98 SNMP Device Information Page ........................................................................140
Figure 99 SNMP Communities Configuration Page ..........................................................141
Figure 100 Adding a New SNMP Community .....................................................................141
Figure 101 Deleting a SNMP Community............................................................................142
Figure 102 SNMP Trap Receivers Configuration Page .......................................................142
Figure 103 Adding a New SNMP Trap Receiver .................................................................143
Figure 104 Deleting a Trap Receiver ...................................................................................144
Figure 105 SNMPv3 Users Configuration Page ..................................................................144
Figure 106 Adding a New SNMPv3 User ............................................................................145
Figure 107 Deleting a SNMPv3 User ...................................................................................146
Figure 108 Mesh Basic Configuration Page ........................................................................150
Figure 109 Mesh Security Configuration Page....................................................................151
Figure 110 Mesh Open WEP Security Configuration Page .................................................151
Figure 111 Mesh Shared WEP Security Configuration Page .............................................152
Figure 112 Mesh WPA Security Configuration Page...........................................................152
Figure 113 Mesh WPA2 Security Configuration Page.........................................................153
Figure 114 Mesh ACL List Configuration Page ...................................................................154
Figure 115 Adding or Deleting a Neighbor List Entry ..........................................................155
Figure 116 Mesh Preferred Links Configuration Page.........................................................155
Figure 117 Create Preferred Link Page ...............................................................................156
Figure 118 Configure Preferred Links Page ........................................................................156
Figure 119 Mesh Advanced Configuration Page.................................................................157
Figure 120 Topology Before Powering Up ..........................................................................159
Figure 121 Topology After Configuring ...............................................................................160
Figure 122 Orphan Recovery Tool.......................................................................................164
Figure 123 Auto Orphan Recovery ......................................................................................165
Figure 124 SNR Graph Page ...............................................................................................167
Figure 125 Dynamic SNR Graph Page ................................................................................168
Figure 126 Troubleshooting Tools Page - Basic Tab ..........................................................168
Figure 127 Wireless Tab - Troubleshooting Tools Page......................................................169
Figure 128 Network Tab - Troubleshooting Tools Page......................................................170
Figure 129 Interface Tab - Troubleshooting Tools Page .....................................................170
Figure 130 Ping IP Address Page........................................................................................172
Figure 131 Logs Page..........................................................................................................173
Figure 132 Viewing a Log ....................................................................................................174
Figure 133 Downloading Logs.............................................................................................174
Figure 134 Upgrade Page....................................................................................................175
Figure 135 Upgrade Status .................................................................................................175
Figure 136 Upgrade Successful ..........................................................................................176
Figure 137 Reboot Device ...................................................................................................176
Figure 138 Export Configuration Page ................................................................................177
Figure 139 Import Configuration Page ................................................................................178
Figure 140 Import Configuration Successful .......................................................................178
Figure 141 Reboot Page......................................................................................................179
Figure 142 Reboot Process Page........................................................................................179
Figure 143 Factory Reset ....................................................................................................180
Figure 144 Reboot Process Page........................................................................................180
MeshOS 4.7 | User Guide | 13
Figure 145 Change Password Page ....................................................................................181
Figure 146 LED Setting Page ..............................................................................................182
Figure 147 Auto Recovery Configuration Page ...................................................................183
Figure 148 Syslog Client Configuration Page......................................................................185
Figure 149 Remote Logging ................................................................................................186
Figure 150 Adding a Syslog Server .....................................................................................186
Figure 151 Deleting a Syslog Server ...................................................................................186
Figure 152 Adding Facility and Severity Level.....................................................................187
Figure 153 Deleting a Facility and Severity Level ................................................................187
Figure 154 NTP Configuration Page....................................................................................188
Figure 155 Four Node Mesh Network ................................................................................189
Figure 156 Four Node Wireless Access Network ...............................................................195
Figure 157 Hybrid wireless network ...................................................................................203
14 | MeshOS 4.7 | User Guide
MeshOS 4.7 | User Guide
Tables
Table 1 Typographical Conventions.................................................................................18
Table 2 MST200 Quick Setup Parameters .......................................................................23
Table 3 Basic Settings Configuration ...............................................................................26
Table 4 Ethernet Interface Basic Configuration................................................................30
Table 5 Ethernet Interface VLAN Configuration ...............................................................31
Table 6 Ethernet Interface IPv4 Configuration .................................................................32
Table 7 Ethernet Interface QoS Configuration .................................................................33
Table 8 Ethernet Interface Advanced Configuration ........................................................34
Table 9 Radio Interface Basic Configuration....................................................................39
Table 10 Radio Interface Backhaul Configuration..............................................................42
Table 11 Radio Interface Advanced Configuration ............................................................43
Table 12 VLAN Interface Basic Configuration Settings......................................................49
Table 13 VLAN Interface IPv4 Configuration......................................................................50
Table 14 Ethernet Interface Advanced Configuration Settings ..........................................51
Table 15 Client-mode Connection Advanced Configuration Settings ...............................56
Table 16 DHCP Server Settings .........................................................................................61
Table 17 Settings for DHCP Pool .......................................................................................63
Table 18 Access-category to DSCP Mapping ...................................................................77
Table 19 BSS Basic Configuration .....................................................................................80
Table 20 WPA Security Configuration Settings..................................................................83
Table 21 WPA2 Security Configuration ..............................................................................84
Table 22 BSS VLAN Configuration.....................................................................................85
Table 23 BSS IPv4 Configuration.......................................................................................86
Table 24 BSS QoS Configuration.......................................................................................87
Table 25 BSS Advanced Configuration..............................................................................88
Table 26 Multicast Configuration Settings .........................................................................94
Table 27 Static Routes Configuration ................................................................................98
Table 28 System Routing Table .......................................................................................101
Table 29 OSPF Configuration Settings ............................................................................103
Table 30 AWR Route Configuration .................................................................................110
Table 31 AVT Configuration Settings ...............................................................................114
Table 32 Client-mode Connection Basic Configuration...................................................121
Table 33 Client-mode Connection WPA Configuration Settings......................................123
Table 34 Client-mode Connection WPA Configuration Settings......................................124
Table 35 Client-mode Connection VLAN Configuration...................................................125
Table 36 Client-mode Connection IPv4 Configuration.....................................................126
Table 37 Client-mode Connection Scanning Configuration.............................................127
Table 38 Client-mode Connection Advanced Configuration............................................128
Table 39 VPLM Settings Page..........................................................................................133
Table 40 Mobility Configuration .......................................................................................137
Table 41 SNMP Device Information .................................................................................140
Table 42 SNMP Trap Receiver Settings...........................................................................143
Table 43 SNMPv3 User Configuration Settings ...............................................................145
Table 44 Mesh Basic Configuration Page ........................................................................150
| 15
Table 45 Mesh WPA Security Configuration ....................................................................152
Table 46 WPA2 Security Configuration ............................................................................153
Table 47 Mesh ACL List Configuration.............................................................................154
Table 48 Mesh Preferred Links Configuration..................................................................156
Table 49 Mesh Advanced Configuration Settings............................................................157
Table 50 Factory default settings .....................................................................................159
Table 51 Node Configuration Summary ...........................................................................160
Table 52 Troubleshooting Tools .......................................................................................171
Table 53 Auto Recovery Configuration Settings ..............................................................183
Table 54 NTP Configuration Settings...............................................................................188
Table 55 Basic Configuration Information for a Four-Node Mesh Network.....................189
Table 56 Sample Four Node Mesh Network Configuration .............................................190
Table 57 Preferred Link Configuration for a Four Node Mesh Network...........................191
Table 58 Max Neighbor Distance Configuration ..............................................................192
Table 59 Mode and Site-ID Configuration........................................................................193
Table 60 Required Information to Setup Wireless Access Network ................................196
Table 61 Required Configuration on Radio 0 to Establish a Mesh Network ....................196
Table 62 Required Configuration on Radio 1 to Configure Access BSS .........................197
Table 63 Enable VPLM Mode...........................................................................................197
Table 64 Preferred Link Configuration..............................................................................198
Table 65 Ethernet Mode and Site-ID Configuration .........................................................198
Table 66 Required Information to Setup a Client Device .................................................204
Table 67 Required Information on Radio 0 to Establish the Mesh Network ....................204
Table 68 Sample Configurations on Radio 1 to Configure Access BSS..........................205
Table 69 Required Information to Configure a Client Device on the Fourth AirMesh Device
205
Table 70 VPLM configuration ...........................................................................................206
Table 71 Preferred Link Configuration..............................................................................206
Table 72 Ethernet Mode and Site-ID Configuration .........................................................207
Table 73 Failure Error Codes............................................................................................215
Table 74 List of acronyms ................................................................................................217
Table 75 List of terms.......................................................................................................224
16 | MeshOS 4.7 | User Guide
MeshOS 4.7 | User Guide
About this Guide
This user guide describes the features supported by MeshOS and provides instructions and examples to configure routers and to setup a mesh network. This chapter covers the following topics:
“Audience” on page 17
“Fundamentals” on page 17
“Related Documents” on page 18
“Conventions” on page 18
“Contacting Support” on page 19
AudienceThis guide is intended for system administrators responsible for configuring and maintaining wireless networks and assumes you are knowledgeable in Layer 2 and Layer 3 networking technologies.
FundamentalsThroughout this document references are made to routers; router categories are based on their architecture and application. Following are the two types of AirMesh routers:
MSR Series—MSR1200, MSR2000, and MSR4000.
MST Series—MST200
Configuring your router is accomplished using either the Web Management Interface (WMI) or the command line interface (CLI).
WMIEach router supports up to 22 simultaneous WMI connections. The WMI is accessible through a standard Web browser from a remote management console or workstation.
CLIThe CLI is a text-based interface accessible from a local console connected to the serial port on the controller or through a Telnet or Secure Shell (SSH) session.
When entering commands remember that:
the commands are not case sensitive
the space bar will complete your partial keyword
the backspace key will erase your entry one letter at a time
All screen shots displayed in this document are captured using a MSR4000 router and are for demonstration
purposes only. The exact screen output may vary depending on the model of the router used as well as your
browser and system settings.
By default, you access the CLI from the serial port or through a SSH session. You must explicitly enable Telnet on
your controller in order to access the CLI via a Telnet session.
About this Guide | 17
the question mark (?) will list available commands and options
Related DocumentsThe following items are part of the complete documentation for the Aruba MeshOS network:
Aruba MeshOS 4.7 Quick Start Guide
Aruba MeshOS 4.7 Command Line Reference Guide
Aruba MeshConfig 4.4 User Guide
Aruba MeshOS 4.7 Release Notes
Aruba MeshConfig 4.4 Release Notes
MSR and MST Installation Guides
ConventionsThe following conventions are used throughout this manual to emphasize important concepts:
The following informational icons are used throughout this guide:
Table 1 Typographical Conventions
Type Style Description
Italics This style is used to emphasize important terms and to mark the titles of books.
System items This fixed-width font depicts the following:
Sample screen output
System prompts
Filenames, software devices, and specific commands when mentioned in the text
Commands In the command examples, this bold font depicts text that you must type exactly as shown.
<Arguments> In the command examples, italicized text within angle brackets represents items that you should replace with information appropriate to your specific situation. For example:
# send <text message>In this example, you would type “send” at the system prompt exactly as shown, followed by the text of the message you wish to send. Do not type the angle brackets.
[Optional] In the command examples, items enclosed in brackets are optional. Do not type the brackets.
{Item A | Item B} In the command examples, items within curled braces and separated by a vertical bar represent the available choices. Enter only one choice. Do not type the braces or bars.
Indicates helpful suggestions, pertinent information, and important things to remember.
Indicates a risk of damage to your hardware or loss of data.
18 | About this Guide MeshOS 4.7 | User Guide
Contacting Support
Indicates a risk of personal injury or death.
Main Site arubanetworks.com
Support Site support.arubanetworks.com
Airheads Social Forums and Knowledge Base
community.arubanetworks.com
North American Telephone 1-800-943-4526 (Toll Free)
1-408-754-1200
International Telephones arubanetworks.com/support-services/aruba-support-program/contact-support/
Software Licensing Site licensing.arubanetworks.com/login.php
End of Support information www.arubanetworks.com/support-services/end-of-life-products/end-of-life-policy/
Wireless Security IncidentResponse Team (WSIRT)
arubanetworks.com/support/wsirt.php
Support Email Addresses
Americas and APAC [email protected]
EMEA [email protected]
WSIRT EmailPlease email details of any security problem found in an Aruba product.
MeshOS 4.7 | User Guide About this Guide | 19
20 | About this Guide MeshOS 4.7 | User Guide
MeshOS 4.7 | User Guide
Chapter 1
Web Management Interface
The Web Management Interface (WMI) allows administrators to manage wireless mesh routers from a remote location, conveniently and efficiently in a graphical interface accessible from most modern internet browsers, including Microsoft Internet Explorer or Mozilla Firefox.
The basic software requirement for the WMI is:
Web Browser: Internet Explorer 6.0 and above with Javascript enabled
Optimal Resolution: 1024 X 768 and above
Getting Started with WMIThis section covers the basic functionality and layout of the WMI.
Logging into the WMIAll AirMesh wireless mesh routers are provided with a WMI interface which can be accessed using the IP address of the router from a standard Web browser. To log in to the WMI of a mesh router, type in the IP address in the Web browser address field.
If the device is in the factory default state, use the following to access the device via the WMI:
Local IP address
By default, the local IP address is a fixed private IP 192.168.216.1/24. If this IP address conflicts with the IP address of any one of the interfaces on the device, the local IP address of the router is changed to an inactive state.
If the local IP address is not accessible or is inactive, the following methods may be used to access the device via the WMI:
Configure Management IP address
The mesh router is configured to obtain its Management IP address on the interface vlan 1. The interface vlan 1 is itself is configured to obtain IP address using DHCP in factory default. You need to use the USB console to set a static IP address on the interface VLAN 1. Once the Management IP is set, the WMI corresponding to the mesh router can be accessed using this IP address.
Wireless connection
The wireless connection is another method of accessing the device. Do not connect anything to the device’s Ethernet port and power it on.The default SSID of the BSS of the device is a hidden SSID “ArubaDefault”. As the default SSID is hidden and there is no DHCP service, a wireless laptop has to be manually configured to associate to this default BSS on the device using a static IP address on the 192.168.216.0/24 network. The WMI of the device is accessible through http://192.168.216.1.
On accessing the WMI, a popup window with the username and password fields is displayed. Enter the default username root and password public as shown in Figure 1.
Internet Explorer 8 and above with JavaScript enabled is recommended.
Web Management Interface | 21
Figure 1 WMI log in
After successful authentication of the user name and password, the homepage for the WMI is displayed. The homepage contains system information as shown in Figure 2.
Figure 2 WMI Homepage
WMI Layout and HomepageThe WMI is composed of the following components as shown in Figure 2:
Title banner (top)
Menu tree (left)
Configuration area (right)
We strongly recommend changing the default credentials in order to prevent unauthorized access to the router.
22 | Web Management Interface MeshOS 4.7 | User Guide
Locale selector (bottom right)
The Title banner shows the model name of the device and the company Logo. The Menu tree provides clear, hierarchical navigation to the various configuration areas. Clicking on one of the items in the Menu tree displays the respective configuration page in the Configuration area. The Locale selector allows you to configure the language and locale-specific style used by the WMI. Currently, US English and PRC Chinese are the only locales supported.
MST200 Quick Setup WizardMeshOS includes an additional Quick Setup wizard for the MST200 (PoE and AC versions) as shown in Figure 3.
Figure 3 WMI MST200 Wizard
The wizard requires you to enter only the following parameters:
The factory default version has only the Quick Setup menu.
Table 2 MST200 Quick Setup Parameters
Setting Description Default
Regulatory Domain The regulatory domain code United States
Management IP address
Management IP address of the MST200.
Format: A.B.C.D/M
Mesh Network ID Configures the Mesh ID DefaultMesh
Max Allowed Links Configure the maximum allowed links (1-6) on the radio interface
1
PSK Key String ASCII code or hexadecimal key. The length of the ASCII code is a string of length 8-63 alphanumeric characters and the length of hexadecimal key is 64 digits.
N/A
Max Neighbor Distance Configure the maximum distance between two neighbor nodes. The range of the value is 1 - 57000 meters. The value 0 is for unset.
0
MeshOS 4.7 | User Guide Web Management Interface | 23
All other parameters are auto populated into the MST200 configuration. The wizard is designed to simplify the configuration of the MST200 and to quickly get it up and running.
Modifying the MST200 Parameters
Once the MST200 is up and running, the other options in the menu tree may be used to modify the parameters.
Configuring the MST200 Parameters
Additional parameters for the MST200 may be configured using the other options in the menu tree.
24 | Web Management Interface MeshOS 4.7 | User Guide
MeshOS 4.7 | User Guide
Chapter 2
Basic Configuration
This chapter describes the configuration of the basic settings in an AirMesh wireless mesh router. The basic configuration of a wireless mesh router consists of the following:
Configuring the regulatory domain
Configuring public safety
Configuring the installation type
Configuring the hostname
Configuring the management IP (WMI only)
Configuring the location info
Configuring local IP (recommended)
Configuring the telnet access
Using WMI to Configure the Basic SettingsThe following steps illustrate the configuration of the basic settings for a router using the WMI:
1. Navigate to the Basic Settings > Basic Settings page as shown in Figure 4.
Basic Configuration | 25
Figure 4 Basic Settings Page
Table 3 describes the basic settings configuration.
Table 3 Basic Settings Configuration
Setting Description Default
Regulatory Domain The regulatory domain code United States
Public Safety Enables or disables the public safety feature.
This setting is applicable only for the United Statesand Japan regulatory domains. Using this option
you can enable the 4.9 G spectrum for use in the
public safety domain.
NOTE: This option requires a router reboot to take
NOTE: effect.
Disabled
Host Name Allows you to change the hostname of the mesh router. The hostname can be a mixed string of alphabets and numerals up to 32 characters.
The default host name includes the model number and the last three octets of the MAC address, for example MSR4000-11:70:1a
Location Info The longitude, latitude, and altitude value for the router. The Degrees Minutes Seconds (DMS) format (DDD MM SS.SS D) is used for the longitude and latitude information. The altitude is specified in meters with the range [-10000-10000].
Not applicable (N/A)
Management IP Address
Use DHCP: Configures the Management IP using the DHCP Option 60 (up to 64 characters)
Static IP/mask: You can manually configure a static IP/mask for the router, for example 10.65.40.210/24.
Do not configure: No IP address is configured.
N/A
26 | Basic Configuration MeshOS 4.7 | User Guide
2. Retrieve and edit the basic configuration of the router using this Basic Settings page.
3. Click on the Apply Changes button to save the changes.
Using CLI to Configure the Basic SettingsThe following steps illustrate the configuration of the basic settings using the CLI:
Configuring the Regulatory Domain(host)# configure terminal(host)(config)# country-code US(host)(config)#
Configuring Public safety(host)(config)# public-safety(13453)%%Warning: Need reboot for this change to take effect! Make sure you are authorized to use 4.9G!(host)(config)#
Configuring the Installation Type(host)(config)# mesh installation outdoor(13451)%%Warning: Need reboot for this change to take effect!(host)(config)#
Configuring the Hostname (host)(config)# hostname Office-1Office-1(config)#
Configuring the Location InfoOffice-1(config)# Location informationOffice-1(config)#Longitude LONGITUDE(DDD MM SS.SS D)Office-1(config)#Latitude LATITUDE(DDD MM SS.SS D)Office-1(config)#Altitude <-10000-10000>
Telnet Access Enables or disables the Telnet access to the router.
NOTE: The SSH session access to a router is always enabled and does not need to be explicitly enabled
Disabled
Table 3 Basic Settings Configuration (Continued)
Setting Description Default
This command is used to enable or disable the public safety feature. This setting is applicable only for the United
States and Japan regulatory domains. Using this option you can enable the 4.9 G spectrum for use in the public
safety domain. Change in this setting requires a router reboot to take effect.
This command is used to set the installation type - Indoor or Outdoor. The default for MSR1200 is Indoor and the
default for MSR2000, MSR4000, and MST200 is Outdoor. Change in this setting requires a router reboot to take
effect.
MeshOS 4.7 | User Guide Basic Configuration | 27
Configuring Local IP (optional but recommended)Office-1(config)# local-ip 1.1.1.1/24
Configuring Telnet AccessOffice-1(config)#exitOffice-1# ip telnet server
Changing the local IP address from the default fixed IP 192.168.216.1/24 is not recommended unless this IP address
conflicts with the IP address of any one of the interfaces on the device. In the case of such a conflict, MeshOS
changes the local IP address of the router to an inactive state. To verify the local IP address of a router, use the show
running-config command in the Config mode.
28 | Basic Configuration MeshOS 4.7 | User Guide
MeshOS 4.7 | User Guide
Chapter 3
Configuring Ethernet Interface
All AirMesh wireless mesh routers are provided with one physical Ethernet interface — gigabit Ethernet 0. This interface is used to connect the wireless mesh network to a wired network or a device. The interface supports auto-negotiation on 10Mbps, 100Mbps, and 1000Mbps, and the modes half-duplex and full-duplex.
Using WMI to Configure the Ethernet InterfaceThe following steps illustrate the configuration of the Ethernet interface using the WMI:
1. Navigate to Wired Settings > Ethernet Ports page as shown in Figure 5.
Figure 5 Ethernet Ports Page
The Ethernet interfaces that are available for configuration are listed in this page.
2. Click on the link in the Name column to access the Ethernet Configuration page for a specific Ethernet interface (for example, Eth 0) as shown in Figure 6.
3. Retrieve and edit the Ethernet Configuration of the router using this Ethernet Configuration page.
4. Click on the Apply Changes button to save the configuration. To discard the changes and return to the previous state, click on the Cancel Changes button.
Ethernet Configuration PageThe Ethernet Configuration page consists of the following tabs:
Basic—Basic configuration such as name, description, and status.
VLAN—Configuration of the VLAN interface.
IPv4—Configuration of IPv4.
QoS— Configuration of Quality of Service.
Advanced—Configuration of Advanced settings.
Configuring Ethernet Interface | 29
Basic Tab
The Basic configuration tab is the default tab displayed in the Ethernet Configuration page as shown in Figure 6.
Figure 6 Ethernet Configuration Basic Tab
VLAN Tab
The VLAN tab displays the VLAN configuration page as shown in Figure 7.
Figure 7 Ethernet Interface VLAN Tab
The basic configuration settings are listed in Table 4.
Table 4 Ethernet Interface Basic Configuration
Setting Description Default
Description Description of the Ethernet Interface N/A
Admin Status The status of the Ethernet Interface.
If the option down is selected, the interface is inactive (shutdown).
Up
30 | Configuring Ethernet Interface MeshOS 4.7 | User Guide
The Ethernet interface VLAN settings are as listed in Table 5.
The gigabit Ethernet ports can be set to access or trunk mode. By default, a port is in access mode and carries traffic only for the VLAN to which it is assigned. In trunk mode, a port can carry traffic for multiple VLANs. For a trunk port, specify whether the port will carry traffic for all VLANs configured on the controller or for specific VLANs. You can also specify the native VLAN for the port. A trunk port uses 802.1q tags to mark frames for specific VLANs. However, frames on a native VLAN are not tagged.
IPv4 Tab
The IPv4 tab displays the IPv4 configuration page as shown in Figure 8.
Table 5 Ethernet Interface VLAN Configuration
Setting Description Default
VLAN No VLAN - No VLAN configured.
Access VLAN - Configures the Ethernet interface as a VLAN access port with the VLAN access ID entered in the text field. The VLAN access ID can be between 1-4094. Use commas to separate multiple VLAN IDs and “-” to specify a range. For example, 10,20,30,40-50.
Trunk VLAN - Configures the Ethernet interface as a Trunk VLAN port with the specified Trunk VLAN ID.
NOTE: VLAN configuration is mutually exclusive with the IP address configuration. If you wish to configure a VLAN, select the Do not configure option in the IPv4 tab.
Trunk VLAN 1
Native VLAN ID Configures the local VLAN when the Ethernet interface acts as a Trunk port.
1
VPLM Site ID Configures a Ethernet domain ID. Used by VPLM for handling loop problem.
N/A
Changing the VLAN settings may make the router inaccessible via the Ethernet interface.
MeshOS 4.7 | User Guide Configuring Ethernet Interface | 31
Figure 8 Ethernet Interface IPv4 Tab
The Ethernet interface IPv4 settings are listed in Table 6.
Table 6 Ethernet Interface IPv4 Configuration
Setting Description Default
IP Address Use DHCP - Configures DHCP Option 60 with the Vendor ID (up to 64 characters) specified.
Static IP/mask - Manually configures static IP/mask, for example 10.65.40.210/24.
Do not configure - No IP address is configured.
Do not configure
Management Interface Yes - Configures the Ethernet interface as a management interface.
No - Cancels the configuration of the Ethernet interface as a management interface.
No
Router-ID Interface Yes - Configures the Ethernet interface as a Router-ID interface.
No - Cancel the configuration of the Ethernet interface as a Router-ID interface.
No
Layer-3 Service Mode Configures the layer-3 working mode at the interface:
No layer-3 service - Do not enable layer-3 mode.
Layer-3 access - Enable layer-3 access mode.
Layer-3 gateway - Enable layer-3 gateway mode.
Layer-3 backhaul - Enable layer-3 backhaul mode.
No layer-3 service
32 | Configuring Ethernet Interface MeshOS 4.7 | User Guide
QoS Tab
The QoS tab displays the Quality of Service (QoS) configuration page as shown in Figure 9.
Figure 9 Ethernet Interface QoS Tab
The Ethernet interface QoS settings are listed in Table 7.
Advanced Tab
The Advanced tab displays the advanced configuration page as shown in Figure 10.
DHCP Server/Relay DHCP server and relay settings:
Disabled DHCP Server
DHCP Pool - Configures the DHCP address pool.
DHCP RelayOption 82 Circuit ID configuration
Disabled
Table 6 Ethernet Interface IPv4 Configuration
Setting Description Default
Changing the IP address from Static IP/Mask or Use DHCP to Do not configure may make the router
inaccessible via the Ethernet interface.
Table 7 Ethernet Interface QoS Configuration
Setting Description Default
Access-Category Configure the mapping relations of QoS priorities None
MeshOS 4.7 | User Guide Configuring Ethernet Interface | 33
Figure 10 Ethernet Interface Advanced Tab
The Ethernet interface advanced setting are listed in Table 8.
Using CLI to Configure the Ethernet InterfaceThe following steps illustrate the configuration of the Ethernet interface using the CLI:
Configuring the Ethernet Port Settings(host)# configure terminal(host)(config)# interface gigabit-ethernet 0(host)(config-eth)#
Description of the Ethernet Interface(host)(config-eth)# description interface1(host)(config-eth)#
Configuring the Access Category(host)(config-eth)# access-category vi(host)(config-eth)#
Configuring VLAN settings(host)(config-eth)# switchport access vlan 100
Configuring IPv4 Settings(host)(config-eth)# ip address dhcp
Table 8 Ethernet Interface Advanced Configuration
Setting Description Default
MTU Sets the Maximum Transmission Unit (MTU) of the interface in bytes. Controls the fragmentation of the Layer-3 packets when they are sent through this interface. Range: 256-1500
1500
Link auto-negotiate Enables or disable the auto-negotiate mode of the interface link.
Enable
Link speed/duplex This option is applicable only if Link auto-negotiate option is disabled.
auto-negotiate
34 | Configuring Ethernet Interface MeshOS 4.7 | User Guide
(host)(config-eth)# management
Configuring Advanced Settings(host)(config-eth)# link speed 100 duplex full(host)(config-eth)# mtu 1500(host)(config-eth)# end(host)#
MeshOS 4.7 | User Guide Configuring Ethernet Interface | 35
36 | Configuring Ethernet Interface MeshOS 4.7 | User Guide
MeshOS 4.7 | User Guide
Chapter 4
Configuring Wireless Interfaces
The Aruba AirMesh wireless mesh routers are provided with Dot11Radio interfaces that are used to connect with 802.11-compatible client devices. Based on the type of the radio interface card installed, wireless mesh routers can support different wireless modes, such as IEEE802.11a/b/g and IEEE802.11n.
802.11n ModeThe 802.11n mode improves the reliability of the wireless network and the transmission bandwidth of the data. 802.11n uses the following three main technologies:
MIMO (multiple input, multiple output)
Channel Bundling
Frame Aggregation
MIMO Technology
Communication between a traditional 802.11a/b/g wireless device and client is realized using a single antenna which sends a single spatial stream. 802.11n wireless devices and clients can transmit multiple spatial streams between each other which are received by the various receive antennae that are deployed. Advanced signal process technology is used to restore the multi-channel traffic. Devices with MIMO can use spatial division multiplexing technology to transmit different bits of streams to different antennae, to provide larger bandwidth. MIMO technology utilizes the reflected signal to increase the coverage area and reduce the “dead corner” of the coverage.
The wireless networks formed by APs and clients with MIMO technology can greatly increase the stability and throughput. The MIMO intelligent antennae can also significantly increase performance in spite of the MIMO technology being in used only the AP side while the client side uses traditional 802.11a/b/g technology. Compared to the traditional diversity antennae, MIMO allows wireless AP to offer more reliable receive signals over a long distance. For example, at some point the communication rate between a traditional AP and 802.11a/g client drops from 54Mbps to 48Mbps or 36Mbps, whereas the communication rate between an AP with MIMO technology and 802.11a/g client still remains at 54Mbps.
Channel Bundling
The most straightforward way to increase the capacity of a network is to increase the operating bandwidth. Conventional wireless technologies are limited to transmitting over one of several 20 MHz channels. 802.11n networks employ a technique called channel bundling to combine two adjacent but non-overlapping 20 MHz channels into a single 40 MHz channel. Channel bundling is most effective in the 5 GHz frequency band given the far greater number of available channels. The 2.4 GHz frequency band only has three non-overlapping 20 MHz channels, so combining two 20 MHz channels uses 2/3 of total frequency capacity. To ensure best performance IEEE defines a regulation on when the wireless devices can work at 40MHz channel in 2.4 GHz frequency.
Frame Aggregation
In the traditional wireless transport concept, the access overhead is the same no matter what the size of transmitted frame in the channel is. If the transmission rate is increased, the time spent to transmit the
Channel bundling is recommended for use in the 5 GHz frequency band.
Configuring Wireless Interfaces | 37
frame is reduced, but its access overhead remains the same. In the case of 802.11 high-speed transmissions, the access overhead of the frame may be larger than the frame itself. By aggregating multiple frames into one frame for transmission, 802.11n can significantly increase the transmission efficiency. With this method, 802.11n network can use the access overhead of one frame to transmit multiple frames. The frame aggregation technology is really beneficial for file transfer, but not for the real-time service such as voice service, since the frame aggregation of voice frames may cause unnecessary latency. However, voice and other multimedia applications can also benefit from other MIMO technology.
A radio interface working in the 802.11n mode is backward compatible with the 802.11a/b/g clients. However, the 802.11a/b/g clients access to the 802.11n network will affect the throughput of the network. The degree of the effect varies based on the types of clients connected to the network.
Using WMI to Configure Radio InterfacesThe following steps illustrate the configuration of a radio interface using the WMI:
1. Navigate to the Wireless Settings > Radio > Radio Settings page as shown in Figure 11.
This page displays the physical radio interfaces of the router.
Figure 11 Radio Settings Page
2. Click on the name link of a radio interface (for example Radio 0) to open the Radio Configuration page shown in Figure 12.
3. Configure the Radio Interface Settings (Basic, Backhaul, and Advanced) by selecting the respective tab.
4. Click on the Apply Changes button to save the configuration. To discard the changes and return to the previous state, click on the Cancel Changes button.
Configuring Radio Interface Basic SettingsTo view or change the configuration for a particular radio, click the name link of the radio interface (for example Radio 0). The Radio Configuration page is displayed as shown in Figure 12.
IEEE 802.11g uses CTS frames to allow IEEE 802.11b clients to detect frames sent at higher rates. This is useful in mixed mode networks consisting of both 802.11b and 802.11g stations. It is disabled automatically if there are no 802.11b stations associated with the AP. CTS protection can be enabled only on the IEEE 802.11g AP, if there are IEEE 802.11b stations on the same channel using another AP. Disabling CTS protection even when IEEE 802.11b stations are present can improve performance, if most of the traffic is between IEEE 802.11g devices.
38 | Configuring Wireless Interfaces MeshOS 4.7 | User Guide
Figure 12 Radio Interfaces Basic Configuration Page
The Radio interface basic settings are listed in Table 9.
Table 9 Radio Interface Basic Configuration
Setting Description Default
Radio Index 0-3; 0 stands for Radio0 interface N/A
Mode Configures the wireless settings of the radio interface.
802.11a 802.11b 802.11g: Compatible with 802.11b.
802.11na 20 MHz 802.11ng 20 MHz 802.11na 40 MHz Plus: Combines two neighboring 20MHz
channels into one 40MHz channel. The control channel is the configured channel, and the frequency of the extension channel is higher than that of the control channel.
802.11na 40 MHz Minus: Combines two neighboring 20MHz channels into one 40MHz channel. The control channel is the configured channel, and the frequency of the extension channel is lower than that of the master channel.
802.11ng 40 MHz Plus: Combines two neighboring 20MHz channels into one 40MHz channel. The control channel is the configured channel, and the frequency of the extension channel is higher than that of the control channel.
802.11ng 40 MHz Minus: Combines two neighboring 20MHz channels into one 40MHz channel. The control channel is the configured channel, and the frequency of the extension channel is lower than that of the control channel.
802.11g-only: Not compatible with 802.11b.
NOTE: The g mode is compatible with 802.11b mode; g-only mode is not compatible with the 802.11b mode. ng, ng-ht40plus, ng-ht40minus mode is compatible with 802.11g; na, na-ht40plus, na-ht40minus mode is compatible with 802.11a. By default, the MSR/MSA only support 802.11b/g, other modes need license.
Radio0: 802.11na 40MHz Plus Radio1: 802.11g
Channel List This option is used to specify the channel list or channel numbers for the 802.11bg and 802.11a modes. For additional details refer to “Configuring the Channel List” on page 41.
N/A
MeshOS 4.7 | User Guide Configuring Wireless Interfaces | 39
Antenna Type This option is used to specify the Omni or directional antenna for the device radios. The following types of antennas can be configured:
ANT-2x2-2005 (Aruba Certified, 2.4-2.5 GHz, Omnidirectional Antenna, 5 dBi)
ANT-2x2-2714 (Aruba Certified, 2.4-2.483 GHz, 70 degree Antenna, 14 dBi)
ANT-2x2-5005 (Aruba Certified, 4.9-5.875 GHz, Vpol and Hpol Antenna, 5 dBi)
ANT-2x2-5010 (Aruba Certified, 4.9-5.875 GHz, Vpol and Hpol Antenna, 10 dBi)
ANT-2x2-5614 (Aruba Certified, 4.9-5.875 GHz, 60 degree Antenna, 14 dBi)
ANT-2x2-5614L (Aruba Certified, 4.9-5.5 GHz, 60 degree Antenna, 14 dBi)
ANT-2x2-5614U (Aruba Certified, 5.5-5.9 GHz, 60 degree Antenna, 14 dBi)
ANT-2x2-D607 (Aruba Certified, 2.4-2.5 and 4.9-5.875 GHz, Dual-band Sector Antenna, 7 dBi)
ANT-2x2-D805 (Aruba Certified, Dual-band, Two-element, 120 Degree, Sector Antenna, 5 dBi)
AP-ANT-13B (Aruba Certified for MSR1200, Indoor, Downtilt, Omni, Dual-band Antenna, 4 dBi)
AP-ANT-16 (Aruba Certified for MSR1200, Indoor, Triple-element, Downtilt, Omni, Dual-band Antenna, 4 dBi)
AP-ANT-17 (Aruba Certified for MSR1200, Indoor/Outdoor, Triple-element 120 Degree Sector Antenna, Dual-band, 6 dBi)
AP-ANT-18 (Aruba Certified for MSR1200, Indoor/Outdoor, Triple-element 60 Degree Sector Antenna, Dual-band, 7 dBi)
AP-ANT-19 (Aruba Certified for MSR1200, Indoor/Outdoor, Dual-band, Omnidirectional Antenna, 6dBi)
AP-ANT-1B (Aruba Certified for MSR1200, 2.4-2.5 GHz/5 GHz, 5.0 dBi Tri-band, Omnidirectional Antenna)
AP-ANT-90 (Aruba Certified, Dual-band, Downtilt, Omnidirectional Antenna, 3 dBi)
third-party-Omni (Third-party Omni antenna)
third-party-directional (Third-party directional antenna)
NOTE: This feature is available from MeshOS 4.6 and applies only to the MSR2000 and MSR4000 series of routers, including the AC/DC/POE versions. MST200 uses an internal, high gain, directional antenna which cannot be changed. MSR1200 is an indoor product. Although this feature is enabled in the WMI and CLI of the MSR1200, the MSR1200 does not get any additional EIRP benefit when using a directional antenna.
NOTE: This feature does NOT apply to the 4.9 GHz band.
NOTE: The factory default setting for Antenna Type in MeshOS is third-party-Omni with Antenna Gain value 0. When you configure an Aruba certified antenna for a radio, MeshOS assigns the Antenna Gain value based on the Aruba certified antenna selected. If a third party antenna is configured, you need to specify both the Antenna Type (Omni or Directional) and the Antenna Gain value.
third-party-Omni
Antenna Gain Configures the antenna gain. The range of value is 0-255
NOTE: This parameter is usually set during deployment and is usually not changed thereafter.
0
Table 9 Radio Interface Basic Configuration
Setting Description Default
40 | Configuring Wireless Interfaces MeshOS 4.7 | User Guide
Click on the Apply Changes button to save the configuration. To discard the changes and return to the previous state, click on the Cancel Changes button.
Configuring the Channel List
To configure the channel list for a radio interface:
1. Click on the Select button in the Channel List section of the Radio Configuration page.
The channel selection pop up window as shown in Figure 13 is displayed. The window displays only the valid channels for the radio mode selected.
Figure 13 Channel Selection Window
2. Select the radio channel(s) by marking the checkboxes.
3. Click on the Select button to apply the selection.
The selected channels are applied to the radio as shown in Figure 14.
Click on the Cancel button to cancel the selection.
Tx Power Configures the transmission (Tx) power in dBm. The maximum value that can be configured is limited by the Tx power of the radio interface.
The value 0 is for uncontrolled transmission.
NOTE: This parameter should be changed with caution
0
Admin Status Status of the Interface. Up
Table 9 Radio Interface Basic Configuration
Setting Description Default
MeshOS 4.7 | User Guide Configuring Wireless Interfaces | 41
Figure 14 Apply Channel Selection
Configuring Radio Interface Backhaul SettingsClick on the Backhaul tab to display the Backhaul configuration page as shown in Figure 15.
Figure 15 Radio Interface Backhaul Configuration Tab
The Radio interface Backhaul settings are listed in Table 10.
Click on the Apply Changes button to save the configuration. To discard the changes and return to the previous state, click on the Cancel Changes button.
Table 10 Radio Interface Backhaul Configuration
Setting Description Default
Radio Index 0 stands for Radio0 interface N/A
Auto WDS Meshing Used to enabled or disable the Auto WDS Meshing feature.
Radio 0: Disabled
Radio 1: Enabled
Max Allowed Links Configure the maximum allowed links (1-6) on the radio interface
1
42 | Configuring Wireless Interfaces MeshOS 4.7 | User Guide
Configuring Radio Interface Advanced SettingsClick on the Advanced tab to display the Radio interface Advanced configuration page as shown in Figure 16.
Figure 16 Radio Interface Advanced Configuration Tab
The radio interface advanced settings are listed in Table 11.
Table 11 Radio Interface Advanced Configuration
Setting Explanation Default
Radio Index 0, means Radio0 interface N/A
Max Neighbor Distance Configure the maximum distance between two neighbor nodes. The range of the value is 1 - 57000 meters. The value 0 is for unset.
0
CTS Protection Enables or disables the CTS protection on the radio interface. This setting is used to handle a mix of 802.11b and 802.11g clients on the interface.
This parameter is usually set at deployment time and rarely needs to change.
Disabled
Beacon Interval Configure the time interval in milliseconds between sending beacons from the radio interface (100-1000 milliseconds).
100
Preamble Mode Preamble is the part of the data packet head which includes information required while sending and receiving data packets between AP and clients.
Short: Improve throughput.
Long: Used for clients that only support long preamble.
Long
Short GI This setting is used to enable the short interval feature of the radio interface under 802.11n mode (needs license). If the multipath effect is not obvious, this setting can adjust the Tx interval of signals from 800ns to 400ns, improving the throughput.
NOTE: This setting is not recommended if the multipath effect is visible.
Disabled
MeshOS 4.7 | User Guide Configuring Wireless Interfaces | 43
Click on the Apply Changes button to save the configuration. To discard the changes and return to the previous state, click on the Cancel Changes button.
Using CLI to Configure the Wireless InterfacesThe following steps illustrate the configuration of a radio interface using the CLI:
Configuring a Radio Interface(host)# configure terminal(host)(config)# interface dot11radio 0(host)(config-dot11radio)# wireless-mode ng(host)(config-dot11radio)# channel-list bg 1,6,11(host)(config-dot11radio)#
Changing the Radio parameters(host)(config-dot11radio)# antenna-gain 100(host)(config-dot11radio)# txpower 10
Configuring Advanced settings(host)(config-dot11radio)# distance 1(host)(config-dot11radio)# cts-protection enable(host)(config-dot11radio)# beacon-interval 150(host)(config-dot11radio)# preamble-short(host)(config-dot11radio)# short-gi(host)(config-dot11radio)#
Detailed information on configuring the BSS interface is available at “Configuring a BSS Interface” on page 79. Configuration of the Mesh interface is described in “Mesh Configuration” on page 149. For information on Client Mode configuration, refer to the “Clients Connections Page” on page 119.
44 | Configuring Wireless Interfaces MeshOS 4.7 | User Guide
MeshOS 4.7 | User Guide
Chapter 5
Configuring VLAN
VLAN (Virtual Local Area Network) technology allows the network administrator to logically divide a physical LAN into different broadcast domains. Each VLAN contains of a group of PC stations that have similar requirements and the same attributes as the physical LAN. The broadcast and unicast traffic in a VLAN will not be forwarded to other VLANs. This controls the traffic, reduces the investment on equipment, simplifies network management, and improves network security.
A VLAN is identified by its four- byte 802.1Q label header which is added to the normal data packet, as illustrated in Figure 17 and Figure 18.
Figure 17 Ethernet Frame with 802.1Q
Figure 18 802.1Q Label Head
The 802.1Q label header consists of the following:
TPID (Tag Protocol Identifier)
TPID is 2 bytes in length and takes the value 0x8100.
TCI (Tag Control Information)
TCI is 2 bytes in length and consists of the following components:
VLAN ID:
The VLAN ID is 12 bits in length. Wireless mesh routers can support VLAN IDs from 1 to 4094.
CFI (Canonical Format Indicator):
The CFI is 1 bit in length and is used for the bus Ethernet and FDDI frame format when the token ring network exchanges data.
Priority:
The Priority is 3 bit in length and specifies the priority of the frame. There are 8 priority levels in total, specially designed to prioritize data transmission.
VLAN PortsThe following are the two types of VLAN ports available based on the category of the VLAN switches:
Access Port
Trunk Port
Configuring VLAN | 45
VLAN Access PortIn the context of VLAN, access refers to a host-to-switch link. An Access port refers to a special port which must be connected to only one VLAN. This port cannot receive VLAN information from other VLANs or send out information to other VLANS. The VLAN information must first go through the Layer-3 routing process before it is sent to the port. A host does not belong to any particular VLAN and the host hardware does not support frames tagged by a VLAN. The frames sent and received by hosts are not tagged.
VLAN Trunk PortVLAN Trunk (Trunk) is a package technology which uses the IEEE802.1Q method. The Trunk port supports switch-to-switch and switch-to-router links as well as 802.1Q standard host-to-switch and router-to-router links. The main function of the Trunk port is to connect several VLANs via one link. The messages are identified at the Trunk port by their VLAN ID. The switch (host or router) that receives the message uses the Trunk port to identify the message by its VLAN ID and forwards it to the corresponding port.
Application of VLANThe following are some of the applications of the VLAN feature:
BSS and Fast-Ethernet can be configured as the access port on a wireless mesh router.
When the wireless mesh router is the access point for several VLANs, the Ethernet can be configured as the trunk port and connected with the Trunk port of the switch.
Support for layer-3 VLAN interface to achieve communication between different VLANs.
Using WMI to Configure a VLANThe following steps illustrate the configuration of the VLAN service using the WMI:
1. Navigate to the Network Settings > VLAN > VLAN Interfaces page as shown in Figure 19.
2. Click on the Add VLAN Interface to add a new VLAN interface and open the VLAN Configuration page for the interface.
or
Click on the interface links in the VLAN Interfaces page to open the VLAN Configuration page for an existing VLAN interface.
3. Configure/Modify the VLAN settings (Basic, IPv4, and Advanced) of the VLAN interface in the VLAN Configuration page.
4. Click on the Apply Changes button to save the configuration. To discard the changes and return to the previous state, click on the Cancel Changes button.
VLAN Interfaces PageSelect the Network Settings > VLAN option in the Menu tree to display the VLAN Interfaces page as shown in Figure 19.
46 | Configuring VLAN MeshOS 4.7 | User Guide
Figure 19 VLAN Interfaces Page
Adding a VLAN InterfaceTo add a new VLAN interface, click on the Add VLAN Interface button to open the Add VLAN Interface page as shown in Figure 20.
MeshOS 4.7 | User Guide Configuring VLAN | 47
Figure 20 Adding VLAN Interface Page
The new VLAN ID is added to the list in the VLAN Interfaces page.
48 | Configuring VLAN MeshOS 4.7 | User Guide
Configuring VLAN Basic SettingsThe Configure VLAN Settings page as shown in Figure 21 is displayed when you click the Add VLAN Interface button in the Add VLAN Interface page.
Figure 21 Basic Settings for the New VLAN Interface
The VLAN Interface basic settings are listed in the Table 12.
Click on the Apply Changes button to save the configuration. To discard the changes and return to the previous state, click on the Cancel Changes button.
Configuring VLAN Interface IPv4To configure the VLAN interface IPv4, click on the IPv4 tab to display the IPv4 configuration page as shown in Figure 22.
Table 12 VLAN Interface Basic Configuration Settings
Setting Explanation Default
Description Description of the VLAN interface N/A
Admin Status Admin status of the Interface.
Up
Down
If the status is Down, the interface is inactive (shutdown).
Up
MeshOS 4.7 | User Guide Configuring VLAN | 49
Figure 22 IPv4 Configuration Screen
The IPv4 settings for the network VLAN as listed in Table 13.
Click on the Apply Changes button to save the configuration. To discard the changes and return to the previous state, click on the Cancel Changes button.
Table 13 VLAN Interface IPv4 Configuration
Setting Explanation Default
IP Address Use DHCP - Configures DHCP Option 60 with the Vendor ID (up to 64 characters) specified.
Static IP/mask - Manually configures static IP/mask, for example 10.65.40.210/24.
Do not configure - No IP address is configured.
Do not configure
Management Interface Yes - Configures the Ethernet interface as a management interface.
No - Cancels the configuration of the Ethernet interface as a management interface.
No
Router-ID Interface Yes - Configures the Ethernet interface as a Router-ID interface.
No - Cancel the configuration of the Ethernet interface as a Router-ID interface.
No
DHCP Server/Relay DHCP server and relay settings:
Disabled DHCP Server
DHCP Pool - Configures the DHCP address pool.
DHCP RelayOption 82 Circuit ID configuration
Disabled
50 | Configuring VLAN MeshOS 4.7 | User Guide
VLAN Interface Advanced ConfigurationClick on the Advanced tab in the VLAN configuration page to display the Advanced VLAN Configuration page as shown in Figure 23.
Figure 23 VLAN Interface Advanced Configuration Screen
The advanced settings for the VLAN interface are listed in Table 14.
Click on the Apply Changes button to save the configuration. To discard the changes and return to the previous state, click on the Cancel Changes button.
Deleting a VLAN InterfaceTo delete an existing VLAN interface, select the interface by checking the box in front of it and click on the Delete Selected VLAN Interface(s) button as shown in Figure 24.
Table 14 Ethernet Interface Advanced Configuration Settings
Setting Explanation Default
MTU Maximum transmission unit in bytes. The MTU controls how Layer-3 packets would be fragmented when they are sent through this interface. The value range is 256-1500.
1500
Traffic Isolation Enable or disable the traffic isolation feature. Disabled
MeshOS 4.7 | User Guide Configuring VLAN | 51
Figure 24 Deleting a VLAN Interface
Using CLI to Configure a VLANThe following steps illustrate the configuration of the VLAN service using the CLI:
Add a VLAN interface and Configure Basic Settings(host) # configure terminal(host)(config) # interface dot11radio 0(host)(config-dot11radio) # bss 0(host)(config-bss) # switchport access vlan 20(host)(config-bss) # exit
Configure VLAN Interface IPv4(host)(config)# interface vlan 1(host)(config-vlan)# ip address 10.65.12.91/24(host)(config-vlan) # management(host)(config-vlan) # end(host)(config)# write memory
ExampleThe following example show the Layer-2 configuration of the VLAN applications:
TopologyThe topology is illustrated in Figure 25. The configuration details are as follows:
52 | Configuring VLAN MeshOS 4.7 | User Guide
M1: Configure an AP on radio0, and assign BSS0 to VLAN20, BSS1 to VLAN30, BSS15 to VLAN10. Eth0 is a Trunk port and allows VLAN10, VLAN20 and VLAN30 to pass. The native VLAN is 10.
M2: Configure an AP on radio0, and assign BSS0 to VLAN20, BSS1 to VLAN30, BSS15 to VLAN10. Eth0 is a Trunk port and allows VLAN10, VLAN20 and VLAN30 to pass. The native VLAN is 10.
Switch: The Trunk port is used to connect to both MSR1 and MSR2.
Figure 25 Typical Topology of VLAN Application
CLIM1 and M2 configuration:
MSR2000 # configure terminalMSR2000(config) # interface dot11radio 0MSR2000(config-dot11radio) # bss 0MSR2000(config-bss) # switchport access vlan 20MSR2000(config-bss) # exitMSR2000(config-dot11radio) # bss 1MSR2000(config-bss) # switchport access vlan 30MSR2000(config-bss) # exitMSR2000(config-dot11radio) # bss 15MSR2000(config-bss) # switchport access vlan 10MSR2000(config-bss) # endMSR2000 # configure terminalMSR2000(config) # interface vlan10MSR2000(config-vlan) # MSR2000(config-vlan) # ip address dhcp option 60 ascii ARUBAMSR2000(config-vlan) # endMSR2000 # configure terminalMSR2000(config) # interface gigabit-ethernet 0MSR2000(config-eth)# switchport trunk allowed-vlan 10,20,30MSR2000(config-eth) switchport trunk native vlan 10MSR2000(config-eth) endMSR2000(config) # write memory
In this example the native VLAN of the MSR Access Point and management VLAN are both 10. Hence the native VLAN of the Trunk port that connects with the switch is also 10.
MeshOS 4.7 | User Guide Configuring VLAN | 53
Configuring LoopbackThis section illustrates the configuration of the loopback interface.
Select the Network Settings > Loopback option in the Menu tree to display the Loopback Interfaces page as shown in Figure 26.
Figure 26 Loopback Configuration Page
Adding a Loopback InterfaceTo add a new Loopback interface, click on the Add button in the Loopback Interfaces page to display the Loopback Interface Configuration page as shown in Figure 27.
54 | Configuring VLAN MeshOS 4.7 | User Guide
Figure 27 Adding a Loopback Interface
Select the Loopback Index from the drop down list and click on the Create button. The Loopback Interface Settings page is displayed as shown in Figure 28.
MeshOS 4.7 | User Guide Configuring VLAN | 55
Figure 28 Loopback Interface Settings Page
The loopback configuration settings are listed in Table 15.
Click on the Apply Changes button to save the configuration. To discard the changes and return to the previous state, click on the Cancel Changes button.
Deleting an Existing Loopback InterfaceTo delete an existing loopback interface, select the interface by checking the box in front of the Loopback Index and click on the Delete button as shown in Figure 29.
Table 15 Client-mode Connection Advanced Configuration Settings
Setting Explanation Default
Description Description of the loopback interface. N/A
IP Address Configures the IP address for the loopback interface:
Static IP/Mask Generated from MAC Do not configure
Do not configure
Management Interface Specifies if the interface should be configured as the Management interface.
No
Router-ID Interface Specifies if the interface should be configured as the Router-ID interface.
No
56 | Configuring VLAN MeshOS 4.7 | User Guide
Figure 29 Deleting an Existing Loopback Interface
MeshOS 4.7 | User Guide Configuring VLAN | 57
58 | Configuring VLAN MeshOS 4.7 | User Guide
MeshOS 4.7 | User Guide
Chapter 6
Configuring DHCP
Dynamic Host Configuration Protocol (DHCP) is a communication protocol that lets network administrators automate the assignment of Internet Protocol (IP) addresses in a network and manage the network. DHCP allows devices connected to a network to automatically obtain IP addresses from a DHCP server.
In order to ensure that each wireless client can communicate with the external internet and/or between each other, an IP address should be assigned. The MSR routers provide DHCP services such as DHCP server and DHCP Relay to dynamically assign such addresses.
Configuring DHCP consists of the following:
Configuring a Server
Configuring a Relay
DHCP Relay is a service provided by mesh routers that allows client devices connecting to the router to obtain IP Address from an external DHCP server. The mesh router relays the DHCP request from the client to the DHCP server and the reply from the server to the client.
A BSS uses either a DHCP address pool or DHCP relay. If DHCP relay is enabled in a BSS, the DHCP address pool is disabled.
Configure DHCP Relay Option 82
Relay Option 82
Automatic DHCP address allocation is typically based on an IP address, whether it is the gateway IP address or the incoming interface IP address. In some networks, it is necessary to use additional information to further determine which IP addresses to allocate. By using the relay agent information option (option 82), relay agents can include additional information about themselves when forwarding client-originated DHCP packets to a DHCP server.
The relay agent will automatically add the circuit identifier sub-option and the remote ID sub-option to the relay agent information option and forward them to the DHCP server. The DHCP server can use this information to assign IP addresses, perform access control, and set quality of service (QoS) and security policies (or other parameter-assignment policies) for each subscriber of a service provider network.
Specifying the packet forwarding address
This setting configures the DHCP relay agent to forward packets to a DHCP server.
DHCP clients need to use User Datagram Protocol (UDP) broadcasts to send their initial DHCPDISCOVER messages as they do not have information on the network to which they are attached. If the client is on a network segment that does not include a server, UDP broadcasts normally are not forwarded because most routers are configured not to forward broadcast traffic. You can remedy this situation by configuring the interface of your router that is receiving the broadcasts to forward certain classes of broadcasts to a helper address. You can use more than one helper address per interface.
The relay agent information option is inserted into the DHCP packet as illustrated in Figure 30 in the following steps:
1. The DHCP client generates a DHCP request and broadcasts it on the network.
Configuring DHCP | 59
2. The DHCP relay agent intercepts the broadcast DHCP request packet and inserts the relay agent information option (option 82) in the packet. The relay agent information option contains the related sub-options.
3. The DHCP relay agent unicasts the DHCP packet to the DHCP server.
4. The DHCP server receives the packet and uses the sub-options to assign IP addresses and other configuration parameters and forwards them back to the client. The sub-option fields are stripped off of the packet by the relay agent while forwarding to the client.
Figure 30 Packet Forwarding Process
Using WMI to Configure DHCPThe following steps illustrate the configuration of the DHCP using the WMI:
1. Navigate to the Network Settings > DHCP > DHCP Server > Configure DHCP Server Settings page as shown in Figure 31.
2. Select the Basic tab to configure the basic DHCP settings and click on the Apply Changes button to save the changes.
3. Select the DHCP Pools tab to display the DHCP pools configured.
4. Click on the Add New Pool button to add a new DHCP pool.
5. Configure the settings (Basic, IP Address Ranges, and Fixed Assignments) for the new DHCP pool.
6. Click on the Apply Changes button to save the configuration.
7. Navigate to the Network Settings > DHCP > DHCP Relay > DHCP Relay Configuration page as shown in Figure 41.
8. Enter a comma-separated list of external DHCP server IP addresses and click on the Apply Changes button.
DHCP Server ConfigurationClick on the Network Settings > DHCP > DHCP Server option in the Menu tree to display the Configure DHCP Server Settings page as shown in Figure 31.
60 | Configuring DHCP MeshOS 4.7 | User Guide
Figure 31 DHCP Server Configuration Page
The DHCP server settings are listed in Table 16.
Click on the Apply Changes button to save the configuration.
Adding a New DHCP Pool
Click on the DHCP Pools tab in the Configure DHCP Server Settings page. The DHCP Pools page is displayed as shown in Figure 32.
Table 16 DHCP Server Settings
Setting Explanation Default
Default lease time The amount of time (in seconds) allowed for an IP address assignment (hereby referred to a lease) before it expires. The range for the value is 0-31536000s
7200
Max lease time The maximum amount of time (in seconds) allowed for a lease regardless of the client’s request. The range for this value is 0-31536000s
86400
DNS Addresses A comma-separated list of DNS server addresses that could be assigned to the clients along with the lease. For example, 10.1.1.50.
N/A
MeshOS 4.7 | User Guide Configuring DHCP | 61
Figure 32 DHCP Pools Page
Click on the Add New Pool button. The Add New Pool page is displayed as shown in Figure 33.
Figure 33 Adding a New DHCP Pool
Enter the Pool Name in the box provided and click on the Add New Pool to open the Configure Pool page opens as shown in Figure 34.
Configuring the New DHCP Pool
The Configure Pool page is used to configure the following parameters for the DHCP pool:
Basic IP address ranges Fixed assignments
62 | Configuring DHCP MeshOS 4.7 | User Guide
Basic DHCP Settings
The Basic tab in the Configure Pool page is displayed by default as shown in Figure 34.
Figure 34 Basic Configuration of a DHCP Pool
The DHCP pool basic settings are listed in Table 17.
Click on the Apply Changes button to save the configuration.
Deleting an Existing DHCP Option
To delete an existing DHCP Option, delete the content in the box beside the DHCP option and click on the Apply Changes button as shown in Figure 35.
Table 17 Settings for DHCP Pool
Setting Explanation
Pool Name An alphanumeric name for the pool to be created. This name must start with a letter and cannot contain any spaces. For example, Test.
NOTE: This parameter cannot be changed after the pool is created.
Domain Name The network domain name that will be given to DHCP clients which will use the addresses from this DHCP pool. For example, Arubanet.com.
Network IP address/Mask of the network from which the IP addresses in the DHCP pool will be derived. The format is A.B.C.D/M.
Gateway The gateway information. DHCP server will provide the gateway information to the DHCP clients.
DNS Server Configures a DNS Server. The format is A.B.C.D,A.B.C.D.
Option 7 (Log Server) Configures a Log Server. The format is A.B.C.D,A.B.C.D.
Option 66 (TFTP Server) Configures a TFTP Server. The format is A.B.C.D.
Option 151 (NetLink SVP Server)
Configures a NetLink SVP Server. The format: A.B.C.D,A.B.C.D.
MeshOS 4.7 | User Guide Configuring DHCP | 63
Figure 35 Deleting DHCP Option
Adding an IP Address Range
IP address range(s) make up the available addresses in the DHCP pool. DHCP clients can only obtain IP addresses from these IP addresses. To define an IP address range, click on the IP Address Ranges tab in the Configure Pool page to open the Edit the Pool Parameters page as shown in Figure 36.
Figure 36 Adding a New IP Address Range
Enter the Begin IP Address and End IP Address values in the boxes and click on the Add IP Range button. The IP Address range will be added to the list area. Click on the Return to previous configuration button to return to the DHCP Pool basic configuration page.
Deleting an IP Address Range
To delete an existing IP address range, check the box in front of the IP address range to be deleted and click on the Delete IP Range button as shown in Figure 37.
64 | Configuring DHCP MeshOS 4.7 | User Guide
Figure 37 Deleting an Existing IP Address Range
Adding a Fixed IP Assignment
The DHCP protocol assigns unused addresses arbitrarily from each DHCP pool. This behavior allows the number of clients that could access the network to be greater than that of the IP addresses, as long as these clients do not connect at the same time. However, this causes the IP address obtained by the same client to vary from session to session. A network administrator or a client user may have the need to obtain the same IP address at all times. The solution to this issue is the Fixed IP Assignment where a set of fixed IP Address are assigned beneath the IP Address ranges. Fixed IP assignments are allocated based on the MAC address of each client device.
To create a fixed assignment, click on the Fixed Assignment tab in the Configure Pool page to open the Fixed Assignments page as shown in Figure 36. Specify the MAC Address and the desired IP address and click on the Add Fixed IP Assignment button as shown in Figure 38. The fixed assignment is added to the list area.
MeshOS 4.7 | User Guide Configuring DHCP | 65
Figure 38 Adding a Fixed Assignment
Deleting an Existing Fixed Assignment
To delete an existing Fixed Assignment, select the fixed assignment by checking the box in front of it and click on the Delete Fixed IP Assignment button as shown in Figure 39.
Figure 39 Deleting an Existing Fixed Assignment
Deleting an Existing DHCP Pool
To delete an existing DHCP pool, select the pool by checking the box in front of it and click on the Delete Selected Pool button as shown in Figure 40.
66 | Configuring DHCP MeshOS 4.7 | User Guide
Figure 40 Deleting an Existing DHCP Pool
DHCP Relay ConfigurationTo configure a DHCP Relay service, select the Network Settings > DHCP > DHCP Relay option in the Menu tree to display the DHCP Relay Configuration page as shown in Figure 41.
Figure 41 DHCP Relay Configuration Page
Enter a comma-separated list of external DHCP server IP addresses and click on the Apply Changes button.
Deleting a DHCP Relay
To delete an existing DHCP relay configuration, delete the IP address in the box beside DHCP Servers and click on the Apply Changes button.
MeshOS 4.7 | User Guide Configuring DHCP | 67
Figure 42 Deleting a DHCP Relay Configuration
Using CLI to Configure DHCPThe following steps illustrate the configuration of the DHCP using the CLI:
Configuring a DHCP Server(host)# configure terminal(host)(config)# ip dhcp server(host)(config-dhcp)#
Default lease time (host)(config-dhcp)# default-lease-time 14400
Max lease time(host)(config-dhcp)# max-lease-time 172800
DNS Addresses (host)(config-dhcp)# dns 10.1.1.4, 10.1.1.5
Configuring a DHCP Pool(host)(config-dhcp)# pool test(host)(config-pool)# domain-name arubanetworks.com(host)(config-pool)# network 10.1.1.0/24(host)(config-pool)# gateway 10.1.1.1(host)(config-pool)# range 10.1.1.1 10.1.1.9(host)(config-pool)# option 7 10.65.12.97,10.65.12.98(host)(config-dhcp)# quit
Configuring DHCP Relay(host)(config)# ip dhcp relay(host)(config-dhcp)# dhcp-servers 10.1.1.2,10.1.1.3(host)(config-dhcp)# quit
68 | Configuring DHCP MeshOS 4.7 | User Guide
(host)(config)# interface dot11radio 0(host)(config-dot11radio)# bss 0(host)(config-bss)# dhcp relay(host)(config-bss)#
Configuring DHCP Relay Option82 (optional)(host)(config-bss)# dhcp relay option circuit-id Aruba(host)(config-bss)#
MeshOS 4.7 | User Guide Configuring DHCP | 69
70 | Configuring DHCP MeshOS 4.7 | User Guide
MeshOS 4.7 | User Guide
Chapter 7
Configuring NAT
Network Address Translation (NAT) is an Internet standard that enables a local area network (LAN) to use one set of IP addresses for internal traffic and a second set of addresses for external traffic. A NAT box located where the LAN meets the Internet makes all necessary IP address translations. The NAT service runs only in the mesh gateway.
Using WMI to Configure NATThe NAT service can be configured only through the CLI.
Using CLI to Configure NATThe following steps illustrate the configuration of NAT using the CLI:
(host)> enable(host)# configure terminal(host)(config)# ip access-list standard acl-nat(host)(config-acl-ip-std)# rule 10 permit 192.168.12.0 0.0.0.255(host)(config-acl-ip-std)# rule 20 permit 192.168.13.0 0.0.0.255(host)(config-acl-ip-std)# rule 30 permit 192.168.14.0 0.0.0.255(host)(config-acl-ip-std)# quit(host)(config)# interface gigabit-ethernet 0(host)(config-eth)# ip address 10.64.147.161/23(host)(config-eth)# mode gateway(host)(config-eth)# quit(host)(config)# ip nat(host)(config-nat)# pool public 10.64.147.161 10.64.147.171(host)(config-nat)# access-group acl-nat global pool public out-interface gigabit-ethernet 0(host)(config-nat)#
ExampleTypical examples for NAT configuration are illustrated below:
Multi-to-Multi address translation
This example illustrates a typical case of multi-to-multi address translation using the NAT feature. The topology corresponding to this example is illustrated in Figure 43.
Figure 43 Multi-Multi address translation.
Configuring NAT | 71
In this example of a mesh network, a host with IP addresses 192.168.12.0/24, 192.168.13.0/24, 192.168.14.0/24 needs to access the Internet via the MSR router. The MSR router accesses the Internet using 10 public IP address: 10.64.147.161/23 - 10.64.147.171/23.
MSR configuration:
MSR2000_161(config)# ip access-list standard acl-natMSR2000_161(config-acl-ip-std)# rule 10 permit 192.168.12.0 0.0.0.255MSR2000_161(config-acl-ip-std)# rule 20 permit 192.168.13.0 0.0.0.255MSR2000_161(config-acl-ip-std)# rule 30 permit 192.168.14.0 0.0.0.255MSR2000_161(config-acl-ip-std)# quMSR2000_161(config)# interface gigabit-ethernet 0MSR2000_161(config-eth)# ip address 10.64.147.161/23MSR2000_161(config-eth)# mode gatewayMSR2000_161(config-eth)# quitMSR2000_161(config)# ip natMSR2000_161(config-nat)# pool public 10.64.147.161 10.64.147.171MSR2000_161(config-nat)# access-group acl-nat global pool public out-interface gigabit-ethernet 0
Internal server
In the above example consider that the mesh network provides a Web server hosting the internal IP address: 192.168.12.20 with the TCP port number: 8080. To access the Web server from the Internet via NAT, the MSR router uses the IP address 10.64.147.161 with the TCP port 80.
MSR Configuration:
MSR2000_161(config)# interface gigabit-ethernet 0MSR2000_161(config-eth)# ip address 10.64.147.161/23MSR2000_161(config-eth)# mode gatewayMSR2000_161(config-eth)# quitMSR2000_161(config)# ip natMSR2000_161(config-nat)# server protocol tcp inside 192.168.12.20 8080 outside 10.64.147.161 80 out-interface gigabit-ethernet 0
72 | Configuring NAT MeshOS 4.7 | User Guide
MeshOS 4.7 | User Guide
Chapter 8
Configuring ACL
An Access Control List (ACL) is a list of rules that allows or denies the access request from the user based on some defined patterns. ACL can be applied in many different ways. When applied to an interface, ACL can be used to accept or reject incoming or outgoing packets based on the protocol information such as source or destination address and port number of the packets. The ACL usage can be classified into three categories:
Security Filtering
Protects the integrity of the device and network by only permitting well-understood traffic to get into the network and denies all other traffic.
Traffic Filtering
Protects the network bandwidth. Traffic filters behave similar to the security filters, but in the reverse logic. Traffic filters deny well-understood unwanted packets and permit everything else.
Packet Inspection
Identifies certain packets and provides the information to other function modules on the device such as QoS and routing.
The following four types of ACLs are defined:
IP standard ACL
IP Standard ACL filters packets based on the source IP address of the packet.
IP extended ACL
Extended ACL provides more flexible filtering methods such as:
IP information: Source IP address (host, wildcard, any), Destination IP address (host, wildcard, any), TOS/DSCP value.
ICMP information: ICMP type value, ICMP code value.
TCP information: TCP Source port number, TCP Destination port number.
UDP information: UDP Source port number, UDP Destination port number
MAC based ACL
MAC based ACL uses source MAC address to filter traffic
IP receive ACL
Using WMI to Configure ACL SettingsThis feature can be configured only through the CLI.
Using CLI to Configure ACL SettingsThe following steps illustrate the configuration of ACL using the CLI:
Define an ACL(host)> enable (host)# configure terminal (host)(config)# ip access-list extended OFFICE_1
Configuring ACL | 73
(host)(config-acl-ip-ext)# rule 10 deny ip host 192.168.8.2 192.168.9.0 0.0.0.255(host)(config-acl-ip-ext)# rule 20 permit ip 192.168.8.0 0.0.0.255 192.168.9.0 0.0.0.255(host)(config-acl-ip-ext)# rule 30 deny ip any any(host)(config-acl-ip-ext)# quit
Apply the ACL to the interface.(host)(config)# interface gigabit-ethernet 0(host)(config-eth)# ip access-group OFFICE_1 in(host)(config-eth)# end
ExamplesThe following are some typical examples for the ACL configuration:
IP standard ACL configuration
To allow 192.168.10.0/24 through the MSR router, but block the host 192.168.10.111 and deny any other, configure the MSR router as follows:
MSR2000_161(config)# ip access-list standard OFFICEMSR2000_161(config-acl-ip-std)# rule 10 deny host 192.168.10.111MSR2000_161(config-acl-ip-std)# rule 10 remark not_allow_111MSR2000_161(config-acl-ip-std)# rule 20 permit 192.168.10.0 0.0.0.255MSR2000_161(config-acl-ip-std)# rule 20 remark allow_other_192_168_10MSR2000_161(config-acl-ip-std)# rule 30 deny anyMSR2000_161(config-acl-ip-std)# rule 30 remark deny_any_otherMSR2000_161(config-acl-ip-std)# quitMSR2000_161(config)# interface gigabit-ethernet 0MSR2000_161(config-eth)# ip access-group OFFICE inMSR2000_161(config-eth)# end
IP extended ACL configuration
To restrict the host 192.168.8.2 from accessing 192.168.9.0/24, but to allow others in 192.168.8.0/24 network to access 192.168.9.0/24, configure the MSR as follows:
MSR2000_161(config)# ip access-list extended OFFICE_1MSR2000_161(config-acl-ip-ext)# rule 10 deny ip host 192.168.8.2 192.168.9.0 0.0.0.255MSR2000_161(config-acl-ip-ext)# rule 20 permit ip 192.168.8.0 0.0.0.255 192.168.9.0 0.0.0.255MSR2000_161(config-acl-ip-ext)# rule 30 deny ip any anyMSR2000_161(config-acl-ip-ext)# quitMSR2000_161(config)# interface gigabit-ethernet 0MSR2000_161(config-eth)# ip access-group OFFICE_1 inMSR2000_161(config-eth)# endAllow 192.168.8.0/24 access server 192.168.9.1 http, but only allow 192.168.9.1 access sshMSR2000_161(config)# ip access-list extended OFFICE_2MSR2000_161(config-acl-ip-ext)# rule 10 permit tcp 192.168.8.0 0.0.0.255 host 192.168.9.1 eq 80MSR2000_161(config-acl-ip-ext)# rule 20 permit tcp host 192.168.8.1 host 192.168.9.1 eq 22MSR2000_161(config-acl-ip-ext)# rule 30 deny ip any anyMSR2000_161(config-acl-ip-ext)# quitMSR2000_161(config)# interface gigabit-ethernet 0MSR2000_161(config-eth)# ip access-group OFFICE_2 inMSR2000_161(config-eth)# end
MAC based ACL configuration example
74 | Configuring ACL MeshOS 4.7 | User Guide
To permit a specific device with MAC address 00:13:ce:31:2f to access the interface and block the device with MAC address 00:13:ce:31:2f:22, configure the MSR as follows:
MSR2000_161(config)# mac access-list standard MAC_LIST1MSR2000_161(config-acl-mac-std)# rule 10 permit source-mac 00:13:ce:31:2f:1fMSR2000_161(config-acl-mac-std)# rule 10 deny source-mac 00:13:ce:31:2f:22MSR2000_161(config-acl-mac-std)# quitMSR2000_161(config)# interface dot11radio 0MSR2000_161(config-dot11radio)# bss 0MSR2000_161(config-bss)# mac access-group MAC_LIST1 inMSR2000_161(config-bss)# end
IP Receive ACL configuration example
To allow access to the SNMP server only from host 192.168.8.88 and access HTTP server only from 192.168.8.0 and block ping to the router (all other packet also will be blocked), configure the MSR as follows:
MSR2000_161(config)# ip access-list extended MANAGEMENTMSR2000_161(config-acl-ip-ext)# rule 10 permit udp host 192.168.8.8 any eq 161MSR2000_161(config-acl-ip-ext)# rule 20 permit tcp 192.168.8.0 0.0.0.255 any eq 80MSR2000_161(config-acl-ip-ext)# rule 30 deny icmp any anyMSR2000_161(config-acl-ip-ext)# rule 40 deny ip any anyMSR2000_161(config-acl-ip-ext)# quitMSR2000_161(config)# ip receive access-group MANAGEMENT
MeshOS 4.7 | User Guide Configuring ACL | 75
76 | Configuring ACL MeshOS 4.7 | User Guide
MeshOS 4.7 | User Guide
Chapter 9
Access Mode Configuration
When a Dot11Radio interface is configured in the access mode, a Basic Service Set (BSS) configured for that interface becomes a virtual AP that client devices may associate with. BSS is a set of all stations that communicate with each other. A wireless mesh router supports up to 16 BSSs on a radio interface.
Mapping BSS to DSCPA radio has eight hardware queues named BE, BK, ST, EE, CL, VI, VO, and NC. Each BSS can be mapped to the DSCP values by configuring these eight categories. The corresponding relationship is illustrated in Table 18.
When a station (that supports 802.11e) connects to a BSS configured with access categories, the frames forwarded by the BSS from the station will have the corresponding DSCP value. The frame with the highest DSCP will be sent on the highest priority. The frames from the BSS to this station will be sent from the corresponding forwarding queues based on the mapping.
802.11 Security ConfigurationWireless mesh routers support various security configurations in addition to the 802.11 standard authentication encryption methods such as WEP and WPA/WPA2. Wireless mesh routers also support basic MAC address access control list and station isolation. The 802.11 security standard defines a suite of wireless security protocols and implementations. Aruba AirMesh Routers support the following authentication methods:
Open
Shared key
WEP
WPA /WPA2
802.11x
Table 18 Access-category to DSCP Mapping
Category DSCP
be 0
bk 8
st 16
ee 24
cl 32
vi 40
vo 48
nc 56
Access Mode Configuration | 77
Open
Open authentication allows any wireless client to authenticate to the router.
Shared-key
Shared Key authentication looks for the clients that know the shared key. It is applicable only under WEP.
WEP
WEP (wired equivalent privacy) is the wireless security solution based on equivalent key, using RC4 encryption algorithm, of which the two ends use the same key for encryption and decipher. To enhance the security of WEP, WEP uses 4 different sequence keys and 3 different key lengths: 40 bits, 104bits, and 128 bits.
WPA
WPA (Wi-Fi protected access) and WPA2 are created in response to several serious weaknesses found in the WEP protocol. WPA supports pre-shared key mode (also known as the Personal mode) and EAP extension mode (also known as Enterprise mode). The main difference between WPA and WPA2 is the encryption algorithm. WPA uses TKIP (RC4), while WPA2 uses AES. Pre-shared key (PSK) is the encryption which achieves data communications through a symmetric approach. WPA and WPA2 also work with 802.1x to strengthen the wireless data communications security.
802.1x
The basic 802.11x authentication process is illustrated in Figure 44.
Figure 44 Model of 802.1x Authentication
The 802.1x based authentication is implemented as follows:
1. Access Point (AP) announces security suites in the Beacon and Probe Response frames.
2. Station (STA) chooses the correct security suite and password to connect to the AP.
3. A Layer-2 link is established between the station and the AP.
4. EAP is used for 802.1x authentication:
a. The station starts authentication by sending out the EAP start frame.
b. AP enters the identification state by sending the EAP-request to the station. The station replies with the EAP-response frame. The AP encapsulates the station’s EAP-response into the Access-request frame and then forwards it to the AS.
c. AS sends the authentication request through a challenge message to the station. The station retransmits the challenge message through the EAPoL-response message and changes the authentication status. The station and the AS derive the PMK (Pairwise Master Key). The AP receives the PMK from the AS.
d. AS transmits Access-Accept to the AP and the AP changes the status of the station to authenticated and transmits EAPoL-success to the station. The station changes its status to authentication successful when the EAPoL-success frame is received.
e. Authentication successful: AP and AS create a PTK (Pairwise Transient Key).
78 | Access Mode Configuration MeshOS 4.7 | User Guide
f. Access Point distributes GTK (Group Transient Key) using PTK’s KCK (EAPOL-Key Confirmation Key) and KEK (EAPOL-Key Encryption Key).
g. Station and AP shake hands four times creating a group of keys that protect the data during network transmission.
5. When the station authentication is successful, DHCP Discovery operates and provides access to Layer -3 address and access to the Internet by adding routing.
Using WMI to Configure Access ModeThe following steps illustrate the configuration of the access mode using the WMI:
1. Navigate to the Wireless Settings > BSS > BSS List page as shown in Figure 45.
2. Click on the Create New BSS button to create a new BSS on the Radio interface.
or
Click on the BSS name link of a BSS configuration to view an existing BSS (for example, Radio 0 BSS 1).
3. Modify/configure the BSS interface settings (Basis, Security, VLAN, IPv4, QoS, and Advanced) using the BSS Configuration page as shown in Figure 47.
4. Click on the Apply Changes button to save the configuration. To discard the changes and return to the previous state, click on the Cancel Changes button.
Configuring a BSS InterfaceClick on Wireless Settings > BSS option in the Menu tree to display the BSS List page as shown in Figure 45. The list of the BSS configurations and their status is displayed. Each radio supports up to 16 BSSs.
Figure 45 BSS List Page
Click on the BSS name link of a BSS configuration to view an existing BSS in the BSS List. To delete a BSS, select the BSS by enabling the check box preceding it and click on the Delete Selected BSS button.
Creating a New BSS
To create a new BSS, click on the Create New BSS button in the BSS list page. The BSS Configuration page is displayed as shown in Table 24.
MeshOS 4.7 | User Guide Access Mode Configuration | 79
Figure 46 BSS Configuration Page - New BSS
Select the index for the Radio interface and the BSS ID from the drop-down lists provided and click on the Create New BSS button. To discard the changes and return to the previous page, click on the Cancel Changes button.
The Create New BSS button opens the BSS Configuration page for the new BSS created using the Radio index and the BSS ID as shown in Figure 47.
Figure 47 BSS Configuration Page
Basic Configuration Tab
The BSS Configuration page displays the Basic tab by default as shown in Figure 47.
The BSS basic configuration settings are listed in Table 19.
Table 19 BSS Basic Configuration
Setting Description Default
BSS Name Displays the BSSs Radio interface and BSS ID. Each radio supports up to 16 BSS
N/A
SSID The 802.11 SSID for the BSS N/A
80 | Access Mode Configuration MeshOS 4.7 | User Guide
Click on the Apply Changes button to save the configuration. To discard the changes and return to the previous state, click on the Cancel Changes button.
Security Configuration Tab
BSS supports 802.11 security standards. Click on the Security tab in the BSS Configuration page to display the BSS Security page as shown in Figure 48.
Figure 48 BSS Security Configuration Tab
Select an Authentication Type for the BSS from the drop down list. A security configuration page is displayed based on the Authentication Type selected.
Description Description of the BSS N/A
Hide SSID Enable - The BSS ID is not broadcast. Clients cannot scan the SSID of the BSS. If a client needs to connect to this BSS, it needs to specify the SSID.
Disable - The SSID is broadcast periodically so that the clients can scan for the SSID.
Disabled
Station Isolation Enabled - Prevents the stations under the BSS from communicating with each other.
Disabled - The stations under the BSS can communicate with each other.
Disabled
Max Station Allowed The maximum number of clients that are allowed to associate with the BSS. The range is 1-255.
255
Station Inactivity Limit Configures the maximum amount of time (15-65535 seconds) a station/client is allowed to be inactive before the inactivity policy takes effect. If in this configured time, BSS does not receive any data from the client, BSS will disassociate itself from the client.
300
Table 19 BSS Basic Configuration
Setting Description Default
If Open/None is selected as the Authentication Type, no security configuration page is displayed.
MeshOS 4.7 | User Guide Access Mode Configuration | 81
Open WEP
The Open WEP security configuration page as shown in Figure 49 is display when the Open WEP option is selected as the Authentication Type in the BSS Security page.
Figure 49 Open WEP Security Configuration Page
In the WEP encryption mode, you can configure up to four keys and set one of them as the Default key.
Shared WEP
The Shared WEP security configuration page as shown in Figure 50 is displayed when the Shared WEP option is selected as the Authentication Type in the BSS Security page.
Figure 50 Shared WEP Security Configuration Page
In the WEP encryption mode, you can configure up to four keys and set one of them as the Default key.
WPA
The WPA security configuration page as shown in Figure 51 is display when the WPA option is selected as the Authentication Type in the BSS Security page.
82 | Access Mode Configuration MeshOS 4.7 | User Guide
Figure 51 WPA Security Configuration Page
The WPA Security configuration settings are listed in Table 20.
WPA2
The WPA2 security configuration page as shown in Figure 52 is display when the WPA2 option is selected as the Authentication Type in the BSS Security page.
Table 20 WPA Security Configuration Settings
Setting Description Default
BSS Name The BSS name. This name is a combination of the radio interface and the BSS ID. For example Radio0Bss2.
N/A
Authentication Type WPA N/A
Allowed Encryption Modes
Specifies the WPA encryption modes.
TKIP and AES - Both TKIP and AES encryption modes.
AES Only - AES encryption mode.
TKIP Only - TKIP encryption mode.
TKIP and AES
WPA Type Specifies the WPA Type:
WPA-PSK, ASCII Key WPA-PSK, Hex Key WPA-Radius - This option requires a Radius
server to be configured.
WPA-PSK, ASCII Key
PSK Key String ASCII code or hexadecimal key. The length of the ASCII code is a string of length 8-63 alphanumeric characters and the length of hexadecimal key is 64 digits.
N/A
Radius Servers Add or delete Radius servers N/A
MeshOS 4.7 | User Guide Access Mode Configuration | 83
Figure 52 WPA2 Security Configuration Page
The WPA2 security configuration settings are listed in Table 21.
Click on the Apply Changes button to save the configuration. To discard the changes and return to the previous state, click on the Cancel Changes button.
Table 21 WPA2 Security Configuration
Setting Explanation Default
BSS Name The BSS name. This name is a combination of the radio interface and the BSS ID. For example Radio0Bss2.
N/A
Authentication Type WPA2 N/A
Allowed Encryption Modes
Specifies the WPA2 encryption modes:
TKIP and AES - Both TKIP and AES encryption modes.
AES Only - AES encryption mode.
TKIP Only - TKIP encryption mode.
TKIP and AES
WPA Type Specifies the WPA Type:
WPA-PSK, ASCII Key WPA-PSK, Hex Key WPA-Radius - This option requires a Radius
server to be configured.
WPA-PSK, ASCII Key
PSK Key String ASCII code or hexadecimal key. The length of the ASCII code is a string of length 8-63 alphanumeric characters and the length of hexadecimal key is 64 digits.
N/A
Pre-authentication Enable or disable pre-authentication. Disabled
84 | Access Mode Configuration MeshOS 4.7 | User Guide
VLAN Configuration Tab
Click on the VLAN tab in the BSS Configuration page to display the VLAN Configuration page as shown in Figure 53.
Figure 53 VLAN Configuration Page
The BSS VLAN configuration settings are listed in Table 22.
Click on the Apply Changes button to save the configuration. To discard the changes and return to the previous state, click on the Cancel Changes button.
IPv4 Configuration Tab
Click on the IPv4 tab in the BSS Configuration page to display the IPv4 Configuration page as shown in Figure 54.
Table 22 BSS VLAN Configuration
Setting Description Default
BSS Name The BSS name. This name is a combination of the
radio interface and the BSS ID. For example
Radio0Bss2.
N/A
VLAN Setting VLAN Setting:
No VLAN - The the BSS does not belong to any VLAN
Access VLAN - the BSS belongs to an access VLAN. with the specified ID. The value range for the Id is 0-4094. The value 0 stands for no access VLAN.
No VLAN
MeshOS 4.7 | User Guide Access Mode Configuration | 85
Figure 54 IPv4 Configuration Page
The IPv4 configuration settings are listed in the Table 23.
Click on the Apply Changes button to save the configuration. To discard the changes and return to the previous state, click on the Cancel Changes button.
QoS Configuration Tab
Click on the QoS tab in the BSS Configuration page to display the QoS Configuration page as shown in Figure 55.
Table 23 BSS IPv4 Configuration
Setting Description Default
BSS Name The BSS name. This name is a combination of the radio interface and the BSS ID. For example Radio0Bss2.
N/A
IP Address Configures the IPv4 address for the BSS:
Static IP address/Mask - A static IP in the format A.B.C.D/M is configured
Do not configure
Do not configure
DHCP Server/Relay Configures DHCP server and relay:
Disabled DHCP Server with DHCP pool DHCP relay with option 82
Disabled
86 | Access Mode Configuration MeshOS 4.7 | User Guide
Figure 55 QoS Configuration Page
The QoS configuration settings are listed in Table 24.
Click on the Apply Changes button to save the configuration. To discard the changes and return to the previous state, click on the Cancel Changes button.
Advanced Configuration Tab
Click on the Advanced tab in the BSS Configuration page to display the Advanced Configuration page as shown in Figure 56.
Table 24 BSS QoS Configuration
Setting Description Default
BSS Name The BSS name. This name is a combination of the radio interface and the BSS ID. For example Radio0Bss2.
N/A
Access-Category Configures the BSS 802.11e mapping priority:
None
0 Best Effort
1 Background
2 Standard
3 Excellent Effort
4 Control Load
5 Video Traffic
6 Voice Traffic
7 Network Control
None
WMM Enables or disables WMM service Enabled
Non-WMM stations Allowed - Allows clients that do not support WMM to access WMM.
Not Allowed - Only allows clients that support WMM access.
Allowed
MeshOS 4.7 | User Guide Access Mode Configuration | 87
Figure 56 BSS Advanced Configuration Page
The Advanced configuration settings for the BSS interface are listed in Table 25.
Table 25 BSS Advanced Configuration
Setting Explanation Default
BSS Name The BSS name. This name is a combination of the radio interface and the BSS ID. For example Radio0Bss2.
N/A
DTIM Interval DTIM stands for Delivery Traffic Indication Message. The DTIM carries the interval. At the DTIM interval, an AP sends out buffered multicast and broadcast frames to the clients in power-saving mode. The value range is 1-255. The default DTIM interval is 1, i.e., one beacon interval. An AP sends out buffered multicast and broadcast frames to power-saving clients at every beacon interval.
1
Fragmentation Threshold
Configures the threshold value for frame fragmentation. When the length of a frame exceeds the threshold value, the frame will be fragmented before it is sent. The range is 256-2346.
2346: disable fragmentation
2346
88 | Access Mode Configuration MeshOS 4.7 | User Guide
Click on the Apply Changes button to save the configuration. To discard the changes and return to the previous state, click on the Cancel Changes button.
Deleting a BSS
To delete an existing BSS, select the BSS by checking the box preceding it and click on the Delete Selected BSS button. The selected BSS is deleted.
RTS Threshold Configures the threshold value for sending the RTS frame. When the length of a frame exceeds the threshold value, a RTS frame will be sent before the frame. The range is 0-2347.
0: always enable RTS
2347: disable RTS
2347
Unicast Rate Configures the unicast rate of the BSS.
Auto
A fixed rate
The BSS will only apply the specified rate with the clients. The setting also prevents clients that do not support the specified rate from associating with the BSS.
Auto
Multicast Rate Configures the multicast rate of the BSS
Auto
A fixed rate
The BSS will attempt to only apply the specified rate between clients and the BSS.
Auto
Multicast Optimization Enable or disable multicast optimization. When multicast optimization is enabled the frames are designed in a way as to reduce packet loss rate of the multicast packet between the AP and the Client.
Disabled
Input Bandwidth Sets the input bandwidth. The range is 1...100000 kbits/s, 0 is for unset.
0
Input Burst This setting can reduce packet loss under bursty traffic conditions. The range is 2...1000 KByte, 0 is for unset.
0
Output Bandwidth Sets the output bandwidth. The range is 1...100000 kbits/s, 0 is for unset.
0
Output Burst This setting can reduce packet loss under bursty traffic conditions. The range is 2...1000 KByte, 0 is for unset.
0
Input Bandwidth Per Station
Configures the Input bandwidth per station.
Output Bandwidth Per Station
Configures the output bandwidth per station.
Table 25 BSS Advanced Configuration
Setting Explanation Default
MeshOS 4.7 | User Guide Access Mode Configuration | 89
Figure 57 Deleting an Existing BSS
Using CLI to Configure Access ModeThe following steps illustrate the configuration of the access mode using the CLI:
Configuring a Radio Interface(host)> enable(host)# configure terminal(host)(config)# interface dot11radio 0 (host)(config)# interface dot11radio 0(host)(config-dot11radio)# wireless-mode ng(host)(config-dot11radio)# channel-list bg 1,6,11
Configuring BSS on the Radio(host)(config-dot11radio)# bss 1(host)(config-bss)# ssid Aruba(host)(config-bss)# max-station-allowed 10
Configure Security(host)(config-bss)# authentication open key-management wpa2(host)(config-auth-wpa2)# wpa-compatible(host)(config-auth-wpa2)# encryption-mode-cipher aes(host)(config-auth-wpa2)# radius-server 192.168.10.69 auth-port 1812 key 123456(host)(config-auth-wpa2)# wpa-type 8021x(host)(config-auth-wpa2)# exit
VLAN Configuration(host)(config-bss) # switchport access vlan 1(host)(config-bss) # exit(host)(config)# interface vlan 1(host)(config-vlan)# ip address 10.65.12.91/24(host)(config-vlan) # management(host)(config-vlan) # end(host)(config)# write memory
90 | Access Mode Configuration MeshOS 4.7 | User Guide
ExampleThe following example illustrates a typical 802.1x Configuration:
In this example AAA represents the authentication server. The MSR router opens a WPA2 + 802.1x authentication. The client can associate with the MSR and reach the AAA server. The network topology is shown in Figure 58.
Figure 58 802.1x Network Topology
Configuration of the MSR Router:
…… interface dot11radio 0 wireless-mode ng channel 1
…….
bss 1ssid Aruba authentication open key-management wpa2 encryption-mode-cipher aes radius-server 192.168.10.69 auth-port 1812 key 123456 wpa-type 8021x …… switchport access vlan 1
……
MeshOS 4.7 | User Guide Access Mode Configuration | 91
92 | Access Mode Configuration MeshOS 4.7 | User Guide
MeshOS 4.7 | User Guide
Chapter 10
Configuring Multicast
The main purpose of the Multicast Routing Protocol is to establish a multicast distribution tree which can transmit the multicast packet to the corresponding multicast group member. There are two types of multicast routing protocols:
Protocol Independent Multicast Dense Mode (PIM-DM)
Protocol Independent Multicast-Sparse Mode (PIM-SM)
PIM-DM is mainly used in the network which has a sparse-distributed group, extensive scope and is large scale. The PIM-DM protocol assumes that all the hosts do not require to receive the multicast packet. The PIM-DM router forward the multicast packet only when the host specifically requests for it.
PIM-SM forwards the multicast message to all PIM-SM routers through the RP (rendezvous point) and establishes RP-based RPT (rp-rooted shared tree) through a Joining/Prune message. By doing so, it saves the bandwidth of data traffic, control messages, and decreases the handling overhead of the router. The multicast data flows to the network segment where the multicast group members resides along the shared tree. The multicast data stream can be switched to the multicast source-based SPT under certain conditions minimizing the network delay. PIM-SM does not rely on a specific unicast routing protocol, but performs a RPF checking on the existing unicast routing table. When PIM-SM is on, IGMP is enabled.
RP AddressWhen the router needs to join the shared tree in the PIM-SM protocol, this command guides it to send (*G) joining message to appropriate address. Each router (including the RP router) enabling multicast should configure the RP address. This address can be either the router-ID of the RP router or the address of another interface. RP can be placed at any convenient position in accordance with the actual situation. RP has stringent requirements on router resources which can be chosen according to the capacity of the network and the multicast table.
IP Multicast OptimizationThe IP multicast optimization feature reduces packet loss rate of the multicast packet between the AP and the client.
Configuring Advanced ParametersAdvanced parameters such as Force Multicast Transmission Rate allows you to specify a transmission rate to transmit the multicast data.
Using WMI to Configure MulticastThe following steps illustrate the configuration of the Multicast protocol using the WMI:
1. Navigate to the Network Settings > Routing > Multicast > Multicast Configuration page as shown in Figure 59.
2. Configure the multicast settings.
The RP address must be configured before enabling multicast.
Configuring Multicast | 93
3. Click on the Apply Changes button to save the configuration.
Multicast Configuration PageSelect the Network Settings > Routing > Multicast option in the Menu tree to display the Multicast Configuration page as shown in Figure 59.
Figure 59 Multicast Configuration Page
The multicast configuration settings are listed in Table 26.
Click on the Apply Changes button to save the configuration.
Table 26 Multicast Configuration Settings
Setting Explanation Default
Multicast Status Enable or disable multicast. Disabled
Debug Level Configures the debug level for AWR.
None
Error
State
Info
Dump
State
Static RP Address for PIM
Configures the IP address of the RP (Rendezvous Point). Each router (including the RP router) enabling multicast should configure the RP address. The value 0.0.0.0 is for unset.
0.0.0.0
94 | Configuring Multicast MeshOS 4.7 | User Guide
Using CLI to Configure MulticastThe following steps illustrate the configuration of the multicast protocol using the CLI:
Enable Multicast(host)# configure terminal (host)(config)# router multicast(host)(config-multicast)#
Configure Static RP Address for PIM(host)(config-multicast)# rp-address 10.3.3.3(host)(config-multicast)# enable(host)(config-multicast)#
Multicast Optimization(host)(config)# (host)(config)# interface dot11radio 0(host)(config-dot11radio)# bss 0(host)(config-bss)# multicast-optimization(host)(config-bss)# multicast-rate 6(host)(config-bss)#
ExampleA typical example of a multicast configuration is illustrated below:
The set up consists of four routers R1, R2, R3, and R4. R3 serves as the RP. The topology is shown in Figure 60.
Figure 60 Typical Multicast Configuration
The multicast configuration of the four nodes is as follows:
R1 Configuration:
R1# configure terminal R1(config)# router multicastR1(config-multicast)# rp-address 10.3.3.3R1(config-multicast)# enableR1(config-multicast)# debug stateR1(config-multicast)# end
R2 Configuration:
R2# configure terminal R2(config)# router multicast
MeshOS 4.7 | User Guide Configuring Multicast | 95
R2(config-multicast)# rp-address 10.3.3.3R2(config-multicast)# enableR2(config-multicast)# debug stateR2(config-multicast)# end
R3 (RP) Configuration:
R3# configure terminal R3(config)# router multicastR3(config-multicast)# rp-address 10.3.3.3R3(config-multicast)# enableR3(config-multicast)# debug stateR3(config-multicast)# end
R4 Configuration:
R4# configure terminal R4(config)# router multicastR4(config-multicast)# rp-address 10.3.3.3R4(config-multicast)# enableR4(config-multicast)# debug stateR4(config-multicast)# exitR4(config)# R4(config)# interface dot11radio 0R4(config -dot11radio)# bss 0R4(config-bss)# multicast-optimizationR4(config-bss)# end
96 | Configuring Multicast MeshOS 4.7 | User Guide
MeshOS 4.7 | User Guide
Chapter 11
Configuring Routing
A Routing table is the information database used by routers to track the topology of the network and to determine how each data packet should be forwarded. The following types of Routing processes are defined:
Static Routing
OSPF Protocol
OSPF is developed by the IETF organization based on the link state algorithm.
Dynamic Routing
Dynamic routing is the process through which a router learns and updates routes to other nodes in the network. For optimal performance in a wireless mesh environment, MSR series routers support the intelligent Adaptive Wireless Routing (AWR) protocol.
Static RoutingStatic routing allows the network administrator to have full control over the layer-3 topology and network data forwarding behavior. The administrator constructs the routing table by manually configuring routes for network destinations. A configured static route is installed in the routing table only when the route is active that is, the route’s next hop must be bound to an operational interface.
Using WMI to Configure Static RoutesThe following steps illustrate the configuration of a static route using the WMI:
1. Navigate to the Network Settings > Routing > Static Routes > Static Routes configuration page as shown in Figure 61.
2. Specify the Destination, Mask, and Gateway values for the static route in the text boxes provided.
3. Click on the Add Static Route button to add an IPv4 static route.
Static Routes Configuration Page
Select the Network Settings > Routing > Static Routes in the Menu tree to display the Static Routes configuration page as shown in Figure 61.
Configuring Routing | 97
Figure 61 Static Routes Page
The static routes configuration settings are listed in Table 27.
Adding an IPv4 Static Route
To add a new IPv4 Static Route, enter the Destination, Mask, and Gateway values in the Static Routes page and click on the Add Static Route button as shown in Figure 62.
Table 27 Static Routes Configuration
Column Explanation
Destination The destination network or host address for the route. Use 0.0.0.0 to create a default route.
Mask The mask indicating the prefix for the destination. The destination and the mask are used together to determine whether the destination address of a packet matches a particular route. Use 0.0.0.0 to create a default route.
Gateway The gateway IP address that the device points to. If an IP address is shown, packets are forwarded to the address. If an interface is shown, packets are forwarded using the interface.
98 | Configuring Routing MeshOS 4.7 | User Guide
Figure 62 Adding a Static Route
The IPv4 static route is added as shown in Figure 63.
Figure 63 IPv4 Static Route Successfully Added
Deleting an IPv4 Static Route
To delete an existing IPv4 static route, select the static route by checking the box in front of it and click on the Delete Static Route button as shown in Figure 64.
MeshOS 4.7 | User Guide Configuring Routing | 99
Figure 64 Deleting IPv4 Static Route
View IPv4 System Routing Table
To view the IPv4 system routing table, enter the Destination value (optional) and click on the View System Routing Table button as shown in Figure 65.
100 | Configuring Routing MeshOS 4.7 | User Guide
Figure 65 IPv4 System Routing Table Page
The system routing table columns are listed in Table 28.
Table 28 System Routing Table
Column Explanation
Destination The destination network or host address.
Mask The mask indicating the prefix for the destination. The destination and the mask are used together to determine whether the destination address of a packet matches a particular route. Use 0.0.0.0 to create a default route.
Gateway/Interface The gateway IP address that the device points to. If an IP address is shown, packets are forwarded to the address. If an interface is shown, packets are forwarded using the interface.
Hop Count The number of hops between the device and the destination network.
Directly: Indicates that the router is connected directly to the interface.
Type A three-character code that indicates the type of the route.
First character: K - kernel route
C - Directly-connected route
S - Static route
H - Host route
O - OSPF route
A - AWR route
d - Direct route obtained by DHCP.
Second character ‘>’: - The selected route. There are other routes with the same destination and mask.
Third character ‘*’: The route is active in the router kernel.
MeshOS 4.7 | User Guide Configuring Routing | 101
Using CLI to Configure Static RoutesThe following steps illustrate the configuration of a static route using the CLI:
(host)> enable(host)# configure terminal(host)(config)# ip route 10.0.0.0/8 10.0.0.1
OSPFOSPF is developed by the IETF organization based on the link state algorithm. Every router running OSPF protocol advertises local network connection (available interface information, reachable neighbor information and other parameters) through the Link State Advertisement (LSA) mechanism. The router then advertises the information to the whole autonomous system. Every OSPF router will receive LSAs generated by all other OSPF routers in the autonomous systems and this forms the link state database (LSDB). Since each LSA represents a piece of the network topology view from the advertising router, the whole LSDB represents the entire OSPF network topology. Based on the LSDB, each router runs the Shortest Path First (SPF) algorithm independently. Each router then builds the shortest path tree that makes itself the root, with the tree represents the routes to all other nodes in the autonomous system. Refer to the IETF RFC2328 for the detailed description of the OSPF protocol.
Application of OSPFAt the mesh gateway the MSR router enables the OSPF protocol which allows routes from AWR routing domain to be redistributed into OSPF routing domain. The MSR router does not support ABR.
Figure 66 shows a typical wireless mesh network topology running OSPF protocol at the mesh gateway.
Figure 66 Running OSPF Protocol at the Mesh Gateway
Redistribute Mesh routing
The OSPF protocol at the gateway can redistribute the AWR routes and connect routes to the OSPF domain as the second external routes to reach the same network routes.
Routing summary
Several continuous routes can be summarized to one route through redistribution and injected into the OSPF domain. The scope of the routes to be summarized should be continuous. Currently OSPF supports the summary of AWR and connected routes and can define the metric value of the redistribution route. For
102 | Configuring Routing MeshOS 4.7 | User Guide
example, the four routes 10.0.0.0/28, 10.0.0.16/28, 10.0.0.32/28, and 10.0.0.48/28) can be summarized to a new route 10.0.0.0/26 and redistributed to the OSPF area.
Using WMI to Configure OSPFThe following steps illustrate the configuration of OSPF using the WMI:
1. Navigate to the Network Settings > Routing > OSPF > OSPF Configuration page as shown in Figure 67.
2. Configure the OSPF settings and click on the Apply Changes button to save the configuration.
3. Specify the Network Prefix and Area ID values in the text boxes provided for the OSPF network and click on the Add OSPF Network button as shown in Figure 68 to add an OSPF network.
4. Specify the Summary Address details in the text box provided for the summary address and click on the Add Summary Address button to add a summary address to the OSPF network.
OSPF Configuration Page
Select the Network Settings > Routing > OSPF option in the Menu tree to display the OSPF Configuration page as shown in Figure 67.
Figure 67 OSPF Configuration Page
The OSPF settings are listed in Table 29.
Table 29 OSPF Configuration Settings
Setting Description Default
OSPF Status OSPF status.
Enabled
Disabled
Disabled
MeshOS 4.7 | User Guide Configuring Routing | 103
Click on the Apply Changes button to save the configuration.
Adding an OSPF Network
To add a new OSPF network, enter the Network Prefix and OSPF Area ID in the boxes and click on the Add OSPF Network button as shown in Figure 68.
Router Priority OSPF priority. The range of the value is 1-255. The value 0 is for unset, the router cannot be DR.
0
Redistribute AWR Enable/disable the Redistribute AWR function to the OSPF field:
Metric type - 1-2
Metric value
Disabled
Redistribute Connected
Redistribute Direct Connected Route to OSPF field:
Metric type - 1-2 (default 2)
Metric value
Disabled
Network Prefix Configures the network segment that runs OSPF route. The format is A.B.C.D/M
N/A
Area ID OSPF area ID. Integer or A.B.C.D. Only one area ID is supported at the moment.
N/A
Summary Address Summary address for OSPF route aggregation. OSPF supports route aggregation function, summarizing the specified network segment. The format is A.B.C.D/M
N/A
Table 29 OSPF Configuration Settings (Continued)
Setting Description Default
104 | Configuring Routing MeshOS 4.7 | User Guide
Figure 68 Adding a New OSPF Network
Deleting an OSPF Network
To delete a new OSPF network, enter the Network Prefix and OSPF Area ID in the boxes and click on the Delete OSPF Network button as shown in Figure 69.
MeshOS 4.7 | User Guide Configuring Routing | 105
Figure 69 Deleting an Existing OSPF Network
Adding a Summary Address
To add a new summary address, enter the Summary Address in the box provided and click on the Add Summary Address button as shown in Figure 70.
106 | Configuring Routing MeshOS 4.7 | User Guide
Figure 70 Adding Summary Address
Deleting Summary Address
To delete a summary address, select the Summary Address by checking the box in front of it and click on the Delete Summary Address button as shown in Figure 71.
Figure 71 Deleting an Existing Summary Address
MeshOS 4.7 | User Guide Configuring Routing | 107
Using CLI to Configure OSPFThe following steps illustrate the configuration of OSPF using the CLI:
(host)> enable(host)# configure terminal(host)(config)# router ospf(host)(config-ospf)# enable(host)(config-ospf)# router-priority 1(host)(config-ospf)# network 220.110.1.0/24 area 0(host)(config-ospf)# redistribute awr(host)(config-ospf)# redistribute connected(host)(config-ospf)# summary-address 220.110.1.1/24(host)(config-ospf)# end
ExampleThe following example illustrates a typical configuration of OSPF:
Figure 72 Typical OSPF Configuration
OSPF is running in the Mesh gateway and is added to area 0. The mesh internal routes are redistributed to the non-mesh network.
Configuration of the MSR (gateway):
MSR2000#MSR2000(config)# router ospfMSR2000(config-ospf)# enableMSR2000(config-ospf)# network 220.110.1.0/24 area 0MSR2000(config-ospf)# redistribute awrMSR2000(config-ospf)# redistribute connectedMSR2000(config-ospf)# end
Dynamic Routing with AWRMSR series routers support the intelligent Adaptive Wireless Routing (AWR) protocol. When AWR is activated, each MSR series router automatically maintains optimal routes to other MSR series router nodes in the network, clients associated to these nodes, and internet gateways. Criteria for measuring the quality of the routing path include: path hop count, path bandwidth, RSSI and radio interference. AWR selects the optimal path based on proprietary algorithm that balances path hop count and link quality.
AWR is a wireless routing protocol based on a Distance Vector algorithm for routing information exchange. AWR uses a unique router-ID to identify each router in a mesh network.
Advantages of AWR Adaptive, distributed, and proactive routing protocol designed specifically for wireless mesh networks.
Works well for both mobile and fixed wireless mesh networks.
Can handle low, moderate, and high mobility scenarios.
Can handle dynamic metrics that take radio link quality into the consideration.
Well suited for large, dense mesh networks.
Well suited for multi-radio, multi-hop wireless mesh networks.
108 | Configuring Routing MeshOS 4.7 | User Guide
Fast convergence enables high mobility.
Quickly adapts to both topological and link quality changes while avoiding transient routing loop.
Low computational and communication overhead, highly scalable.
Knows optimal path to every other node and gateway.
Supports multiple gateways for internet traffic load balancing.
Running AWR on Layer-3 interface
BSS/Interface VLAN
AWR sends the access interface information to the AWR network.
WDS
AWR learns and sends protocol update messages through WDS interface.
Ethernet
Ethernet interface can be the access interface, gateway interface, or backhaul interface. When Ethernet interface is a gateway interface (and the next hop of default route must be reachable) all routers in mesh regard this interface as the mesh egress interface.
Support for Multi-gatewayAWR supports a multi-gateway configuration. The topology of AWR with multiple gateways is shown in Figure 73.
Figure 73 Multi-gateway Simulation Map
M1
M2 M3
M4 M5
M6
STA1
STA2
Gateway 1
Radio 0 Radio 0
Radio 0 Radio 0
Radio 1
Radio 1
Radio 1
Radio 1 Radio 1Radio 1
Radio 1
Radio 1
Radio 1
Radio 1
Radio 0Radio 0
Radio 0
Radio 0
Radio 1Radio 1
Gateway 2
MeshOS 4.7 | User Guide Configuring Routing | 109
The AWR protocol is enabled on M1-M6, with M1 and M6 acting as the gateways. Wireless terminal STA1 is associated with M2 and the wireless terminal STA2 is associated with M4. STA1 will choose M1 as gateway while STA2 will choose M6. The advantages of having multi-gateway support are when there are multiple gateway portals to the wired network in the mesh, the nearest gateway is chosen and traffic flow is shared through load balancing. Gateway redundancy is supported by default.
AWR Primary Gateway ElectionAWR Primary Gateway Election (APGE) protocol is designed to support the gateway redundancy for an AWR mesh network. APGE chooses the primary (active) gateway according to the router-ID. With only one primary gateway, when the rest of gateways are in standby state and the primary gateway encounters a problem. One of the standby gateways can quickly take over as the primary gateway.
Using the WMI to Configure AWRThe following steps illustrate the configuration of AWR using the WMI:
1. Navigate to the Network Settings > Routing > AWR > AWR Configuration page as shown in Figure 74.
2. Configure the AWR routing settings.
3. Click on the Apply Changes button to save the configuration.
AWR Configuration Page
Select the Network Settings > Routing > AWR option in the Menu tree to display the AWR Configuration page as shown in Figure 74.
Figure 74 AWR Configuration Page
The AWR route settings are listed in Table 30.
Table 30 AWR Route Configuration
Setting Explanation Default
AWR Status Indicates the AWR status - Enabled. N/A
110 | Configuring Routing MeshOS 4.7 | User Guide
Click on the Apply Changes button to save the configuration.
Using CLI to Configure AWRThe following steps illustrate the configuration of AWR using the CLI:
(host)> enable(host)# configure terminal(host)(config)# router awr(host)(config-awr)# enable(host)(config-awr)# primary-gateway-election(host)(config-awr)# hello-on-wds(host)(config-awr)#
ExampleA typical example for the configuration of AWR is illustrated in Figure 75.
Figure 75 Simulated Configuration Map for AWR
Configuration:
M1(gateway):
M1# configure terminalM1# interface loopback 1M1(config-loopback)# ip address 10.2.2.1/32M1(config-loopback)# router-id
Debug Level Configures the debug level for AWR.
None
Error
Event
Info
Dump
Error
Use Hello Protocol on Mesh Links
Enable or disable the Use Hello Protocol on Mesh Links option.
Disabled
Primary Gateway Election
Enable or disable primary gateway election Disabled
Table 30 AWR Route Configuration
Setting Explanation Default
MeshOS 4.7 | User Guide Configuring Routing | 111
M1(config-loopback)# endM1#M1(config)# router awrM1(config-awr)# enableM1(config-awr)# exitM1(config)# interface gigabit-ethernet 0M1(config-eth)# mode gateway
M2(non-gateway):
M2# configure terminalM2# interface loopback 2M2(config-loopback)# ip address 10.2.2.2/32M2(config-loopback)# router-idM2(config-loopback)# endM2#M2(config)# router awrM2(config-awr)# enableM2(config-awr)# exit
112 | Configuring Routing MeshOS 4.7 | User Guide
MeshOS 4.7 | User Guide
Chapter 12
Configuring Active Video Transport
This chapter describes the configuration of the Active Video Transport (AVT) service.
AVT is a network transmission optimization technology specially designed by Aruba Networks for video applications such as fixed or mobile video surveillance. AVT reduces or eliminates packet loss, out-of-order delivery, and packet jitter caused by wireless networks. AVT also provides smooth and stable wireless transport for multiple video streams. With its in-network buffering, AVT addresses the issues that impact the quality of video transport in a wireless mesh network to achieve the best transport quality.
AVT service consists of the following two main components:
Ingress
MSR routers that directly connect to a camera/encoder. The video traffic enters the mesh network via these routers.
Egress
The MSR router from which the video traffic exits the mesh network. Usually it is the gateway of the mesh network with direct connection to the video surveillance center.
Using WMI to Configure AVTThe following steps illustrate the configuration of the AVT service using the WMI:
Enable the AVT serviceTo enable the AVT service:
1. Navigate to Services Settings >AVT option in the Menu tree to display the AVT Settings page as shown in Figure 76.
Each AVT ingress node supports a maximum of 4 video streams.
Ingress and egress should not be configured on the same MSR router.
The effectiveness of AVT is dependent on the wireless environment and parameters such as signal strength and interference.
AVT currently only works with the UDP video stream.
Configuring Active Video Transport | 113
Figure 76 AVT Configuration Page
2. Select the Status option Ingress or Egress.
3. Set the configuration for the AVT service.
The AVT configuration settings are listed in Table 31.
4. Click on Apply Changes to save the configuration.
To discard the changes and return to the previous state, click on the Cancel Changes button.
Add an Ingress IPTo add an ingress IP:
1. Enter the IP address in the Ingress IP box.
2. Click on Add as shown in Figure 77.
Table 31 AVT Configuration Settings
Setting Description Default
Status Disabled - Disable AVT service.
AVT Egress - Enable AVT service and set the router as egress
AVT Ingress - Enable AVT service and set the router as ingress.
Disabled
Buffer time The buffer time for the AVT steam. The value range is 100-10000 ms.
500
Ingress Interface Enables or disables the Ingress interface. When a video encoder connects to the Ethernet interface of the device, the Ethernet interface can act as AVT Ingress.
None
Ingress Encoder Sets the encoder type (video server)
Generic - Used for generic encoder such as Panasonic, Sony, AXIS, Pelco, and Hikvision
Tycosun - Tycosun encoder
Visiondigi - Visiondigi
Generic
114 | Configuring Active Video Transport MeshOS 4.7 | User Guide
Figure 77 Adding an Ingress IP
Deleting an Existing Ingress IPTo delete an Ingress IP:
1. Check the box in front of the Ingress IP to be deleted.
2. Click on the Delete button as shown in Figure 78.
Figure 78 Deleting an Existing Ingress IP
Using CLI to Configure AVTThe following steps illustrate the configuration of the AVT service using the CLI:
Enable AVT Service(host)(config)# service avt
Configure the AVT Service(host)(config-avt)# mode ingress
MeshOS 4.7 | User Guide Configuring Active Video Transport | 115
(host)(config-avt)# ingress-interface gigabit-ethernet 0(host)(config-avt)# buffer_time 3000(host)(config-avt)# encoder generic Set the generic manufacturer tycosun Set the tycosun manufacturer visiondig Set the visiondig manufacturer(host)(config-avt)# encoder generic
Add an Ingress IP(host)(config-avt)# ingress-ip 192.168.11.11
Delete an Ingress IP(host)(config-avt)# no ingress-ip
ExampleConsider the example of a video surveillance scenario. The network topology is as shown in Figure 79.
Figure 79 Video surveillance network topology
The configuration details are as follows:
The ethernet 0 of the AVT ingress router is connected to a video encoder, whose IP address is 192.168.11.11.
The ethernet 0 of the AVT egress router is connected to the surveillance center.
Configuring AVT Ingress:(host)(config)# interface gigabit-ethernet 0(host)(config-if-ethernet)# mode access(host)(config-if-ethernet)# switchport access vlan 10(host)(config-if-ethernet)# exit
(host)(config)# service vplm(host)(config-vplm)# allowed-vlan auto(host)(config-vplm)# enable(host)(config-vplm)# exit
(host)(config)# service avt (host)(config-avt)# mode ingress(host)(config-avt)# ingress-ip 192.168.11.11(host)(config-avt)# exit
116 | Configuring Active Video Transport MeshOS 4.7 | User Guide
Configuring AVT Egress:(host)(config)# interface gigabit-ethernet 0(host)(config-if-ethernet)# mode gateway(host)(config-if-ethernet)# switchport trunk allowed-vlan 10(host)(config-if-ethernet)# exit
(host)(config)# service vplm(host)(config-vplm)# allowed-vlan auto(host)(config-vplm)# enable(host)(config-vplm)# exit
(host)(config)# service avt (host)(config-avt)# mode egress(host)(config-avt)# exit
Network Camera FingerprintingMeshOS 4.7 automatically discovers the cameras in a mesh network once they are connected to the network and powered up.
The following information on the cameras is discovered:
IP address
MAC address
Camera manufacturer and type
The discovery methods include:
OUI address discovery
Multicast DNS
Broadcast UDP (camera specific)
Automatic SettingThe video information discovered by the Network Camera Fingerprinting feature can be used by other functions besides directly shown to the users. The functions that use the information from this feature automatically configure the settings once the fingerprinting information is available.
AVT Ingress
The information discovered using the Network Camera Fingerprinting can now be used to set the AVT parameter ingress-ip.
Station Mode Client List
The fingerprinting information can also be used to automatically generate a client list.
Cameras SupportedThe cameras from Axis, Sony, Pelco, Panasonic, D-Link, and Canon have been tested and are supported by this feature.
Using WMI to View the Camera DatabaseThe video cameras with the ingress IP specified are automatically discovered when they come up on the network and added to the camera list as shown in Figure 80.
MeshOS 4.7 | User Guide Configuring Active Video Transport | 117
Figure 80 Viewing Camera Database
Using CLI to View the Camera DatabaseThe camera database can be viewed in the CLI using the following command:
(host) # show camera database
118 | Configuring Active Video Transport MeshOS 4.7 | User Guide
MeshOS 4.7 | User Guide
Chapter 13
Configuring Client Mode
When a Dot11Radio interface is configured in the client mode, a station configured under this interface can associate to any IEEE802.11 standard compatible AP in the same manner as any other IEEE802.11 standard clients. The AP can either be a AirMesh router or an AP from another vendor. On each wireless mesh router, only one radio interface can operate in the client mode. Only one station can be created on a Dot11Radio interface.
Auxiliary Device IP Address List (client-list)The purpose of the client-list is to facilitate the auxiliary devices in the roaming scenario. When a radio works in the client mode, a variety of applications can be derived via the connection between the mesh network and the client. For example, up to four wired or wireless devices (such as camera encoder/decoder) can connect to the MSR router via Ethernet or radio interfaces, and connect to the mesh network via the client. Roaming support for the client also allows the auxiliary devices to roam within the mesh. Client-list is only required if you use static IP to configure the auxiliary devices and want good performance from the auxiliary devices when the client roams within the mesh. If there is no roaming requirement or if the auxiliary devices use DHCP, client-list is not required.
Using WMI to Configure Client ModeThe following steps illustrate the configuration of a router in client mode using the WMI:
1. Navigate to the Wireless Settings > Client Mode > List of Clients Connections page as shown in Figure 81.
2. Click on the Create button to open the Create Client-mode Connection page as show in Figure 82.
3. Specify the Radio and Sta index and click on the Create button to create a client-mode connection and open the Configure Client-mode Connection page.
4. Specify the client-mode settings (Basic, Security, VLAN, IPv4, Scanning, and Advanced).
5. Click on the Apply Changes button to save the configuration. To discard the changes and return to the previous state, click on the Cancel Changes button.
Clients Connections Page
Click the Wireless Settings > Client Mode option in the Menu tree to display the List of Clients Connections page as shown in Figure 81. A list of all the clients (STAs) of the router are displayed in this page.
Configuring Client Mode | 119
Figure 81 Client Connections Page
To view or modify the configuration settings of an existing client connection, click on the Sta Name link of the client. To delete an exiting client, select the client by checking the box in front of it and click on the Delete button.
Creating a Client-mode ConnectionClick on the Create button in the List of Client Connections page to display the Create Client-mode Connection page as shown in Figure 82.
Figure 82 Creating a Client-mode Connection
Select the Radio interface index and the Sta index from the drop down menu and click on the Create button. The Configure Client-mode Connection page is displayed as shown in Figure 83. To discard the changes and return to the previous page click on the Cancel Changes button.
Client-mode Connection Basic Configuration
Click on the Basic tab in the Configure Client-mode Connection page to display the client-mode basic settings page as shown in Figure 83.
120 | Configuring Client Mode MeshOS 4.7 | User Guide
Figure 83 Client-mode Connection Basic Configuration Page
The client-mode connection basic settings are listed in Table 32.
Click on the Apply Changes button to save the configuration. To discard the changes and return to the previous state, click on the Cancel Changes button.
Configuring Client-mode Connection Security Settings
Client-mode connection supports the 802.11 security standards. Click on the Security tab in the Configure Client-mode connection page to display the client-mode Security page as shown in Figure 84.
Table 32 Client-mode Connection Basic Configuration
Setting Explanation Default
Sta Name Sta Name, which is a combination of the radio interface index and station interface index of the client.
N/A
SSID of AP The 802.11 SSID for the AP N/A
BSSID of AP The 802.11 BSSID for the AP N/A
Description Description of the client-mode connection N/A
MeshOS 4.7 | User Guide Configuring Client Mode | 121
Figure 84 Client-mode Connection Security Configuration Page
Select an Authentication Type for the client-mode connection from the drop down list. A security configuration page is displayed based on the Authentication Type selected.
Open WEP
The Open WEP security configuration page as shown in Figure 85 is displayed when the Open WEP option is selected as the Authentication Type in the client-mode connection Security configuration page.
Figure 85 Client-mode Connection Open WEP Configuration Page
In the WEP encryption mode, you can configure up to four keys and set one of them as the Default key.
Shared WEP
The Shared WEP security configuration page as shown in Figure 86 is displayed when the Shared WEP option is selected as the Authentication Type in the client-mode connection Security configuration page.
If Open/None is selected as the Authentication Type, no security configuration page is displayed.
122 | Configuring Client Mode MeshOS 4.7 | User Guide
Figure 86 Client-mode Connection Shared WEP Configuration Page
In the WEP encryption mode, you can configure up to four keys and set one of them as the Default key.
WPA
The WPA security configuration page as shown in Figure 87 is displayed when the WPA option is selected as the Authentication Type in the client-mode connection Security configuration page.
Figure 87 Client-mode Connection WPA Configuration Page
The WPA settings are listed in Table 33.
Table 33 Client-mode Connection WPA Configuration Settings
Setting Explanation Default
Security Type WPA N/A
WPA Type Specifies the WPA Type:
WPA-PSK, ASCII Key WPA-PSK, Hex Key
WPA-PSK, ASCII Key
PSK Key String ASCII code or hexadecimal key. The length of the ASCII code is a string of length 8-63 alphanumeric characters and the length of hexadecimal key is 64 digits.
N/A
MeshOS 4.7 | User Guide Configuring Client Mode | 123
WPA2
The WPA2 security configuration page as shown in Figure 88 is displayed when the WPA2 option is selected as the Authentication Type in the client-mode connection Security configuration page.
Figure 88 Client-mode Connection WPA2 Configuration Page
The WPA2 settings are listed in Table 34.
Click on the Apply Changes button to save the configuration. To discard the changes and return to the previous state, click on the Cancel Changes button.
Configuring Client-mode Connection VLAN SettingsClick on the VLAN tab in the Configure Client-mode connection page to display the Client-mode VLAN page as shown in Figure 89.
Table 34 Client-mode Connection WPA Configuration Settings
Setting Explanation Default
Security Type WPA2 N/A
WPA Type Specifies the WPA Type:
WPA-PSK, ASCII Key WPA-PSK, Hex Key
WPA-PSK, ASCII Key
PSK Key String ASCII code or hexadecimal key. The length of the ASCII code is a string of length 8-63 alphanumeric characters and the length of hexadecimal key is 64 digits.
N/A
124 | Configuring Client Mode MeshOS 4.7 | User Guide
Figure 89 Client-mode Connection VLAN Configuration Page
The client-mode VLAN settings are listed in Table 35.
Click on the Apply Changes button to save the configuration. To discard the changes and return to the previous state, click on the Cancel Changes button.
Configuring Client-mode Connection IPv4 SettingsClick on the IPv4 tab in the Configure Client-mode connection page to display the Client-mode IPv4 page as shown in Figure 90.
Table 35 Client-mode Connection VLAN Configuration
Setting Explanation Default
VLAN Setting No VLAN - The client-mode connection does not belong to any VLAN;
Access VLAN - The client-mode connection belongs to a VLAN. The value range is 0-4094, 0 for no access to VLAN.
No VLAN
MeshOS 4.7 | User Guide Configuring Client Mode | 125
Figure 90 Client-mode Connection IPv4 Configuration Page
The client-mode IPv4 settings are listed in Table 36.
Click on the Apply Changes button to save the configuration. To discard the changes and return to the previous state, click on the Cancel Changes button.
Configuring Client-mode Connection Scanning SettingsClick on the Scanning tab in the Configure Client-mode connection page to display the Client-mode Scanning page as shown in Figure 91.
Table 36 Client-mode Connection IPv4 Configuration
Setting Explanation Default
IP Address Configures the IPv4 address for this client-mode connection:
Use DHCP - Configures an IP address through DHCP Option 60 using the Vendor ID specified (up to 64 characters).
Static IP address/Mask - Configures a static IP address in the format: A.B.C.D/M
Do not configure
Do not configure
126 | Configuring Client Mode MeshOS 4.7 | User Guide
Figure 91 Client-mode Connection Scanning Configuration Page
The client-mode scanning settings are listed in Table 37.
Click on the Apply Changes button to save the configuration. To discard the changes and return to the previous state, click on the Cancel Changes button.
Configuring Client-mode Connection Advanced SettingsClick on the Advanced tab in the Configure Client-mode connection page to display the client-mode Advanced page as shown in Figure 92.
Table 37 Client-mode Connection Scanning Configuration
Setting Explanation Default
Scan Modes Configures the scan modes Default
Scan Interval Configure the seconds between each scan. The value range is 15-300 seconds, 0 means unset
0
Scan Threshold Configures the threshold value for scanning 20
MeshOS 4.7 | User Guide Configuring Client Mode | 127
Figure 92 Client-mode Connection Advanced Configuration Page
The client-mode advanced settings are listed in Table 38.
Click on the Apply Changes button to save the configuration. To discard the changes and return to the previous state, click on the Cancel Changes button.
Using CLI to Configure Client ModeThe following steps illustrate the configuration of a router in client-mode using the CLI:
Creating a Client-mode Connection(host)# configure terminal(host)(config)# interface dot11radio 0(host)(config-dot11radio)# no bss all(host)(config-dot11radio)# no wds auto(host)(config-dot11radio)# sta 0(host)(config-sta)#
Configuring Basic Settings
SSID
(host)(config-sta)# access-point ssid TEST
BSSID
(host)(config-sta)# access-point bssid 00:17:7b:00:0b:95
Table 38 Client-mode Connection Advanced Configuration
Setting Explanation Default
AP Inactivity Limit Configures the maximum amount of time an AP is allowed to be inactive before the inactivity policy takes effect. The value range is 1-60 seconds.
2
Fragmentation Threshold
Configure the threshold value for frame fragmentation. When the length of a frame exceeds the threshold value, the frame will be fragmented before being sent. The value range is 256-2346, 2346 is for disable fragmentation.
2346
128 | Configuring Client Mode MeshOS 4.7 | User Guide
Description
(host)(config-sta)# description clienttest
Configuring Security Settings
Authentication Type
(host)(config-sta)# authentication open wep(13461)%%Warning: WEP/TKIP don't support 802.11n HT rate(host)(config-auth-open-wep)# exit
VLAN Settings(host)(config-sta)# switchport access vlan 1(host)(config-sta)# exit(host)(config)#
IPv4 Settings
IP address
(host)(config)# interface dot11radio 0(host)(config-dot11radio)# ip address 192.168.11.2/2(host)(config-dot11radio)#
Client mode scanning settings
Scan Modes
(host)(config-dot11radio)# sta 0(host)(config-sta)# scanning hardware-mode ag
Scan Interval
(host)(config-sta)# scanning interval 200
Scan Threshold
(host)(config-sta)# scanning threshold rssi 12
Advanced settings
AP Inactivity limit
(host)(config-sta)# ap-inactivity-limit 20
Fragmentation Threshold
(host)(config-sta)# frag-threshold 256
ExampleThe following is a typical example of a MSR configured in the client-mode:
A router can be made to work on bridge mode by configuring the STA interface and Ethernet interface in the same VLAN. The network topology is show in Figure 93. In this example MST200 is in the bridge mode.
MeshOS 4.7 | User Guide Configuring Client Mode | 129
Figure 93 Network Topology at Bridge Mode
MST200 Configuration:
…… interface dot11radio 0sta 0 access-point ssid video switchport access vlan 1
…….
interface gigabit-ethernet 0 switchport access vlan 1…….
interface vlan 1 ip address 192.168.11.2/24 ……
client-list 192.168.11.11/32……
130 | Configuring Client Mode MeshOS 4.7 | User Guide
MeshOS 4.7 | User Guide
Chapter 14
Configuring VPLM
VPLM (Virtual Private LAN over Mesh) is a tunnel technology used to provide native layer-2 access function over layer-3 mesh network. VPLM technology enables routers in a mesh network to exchange VLAN information and forward Layer-2 data. In the control plane, VPLM obtains the device VLAN information through information exchange among wireless routers and sets up the forwarding database accordingly. In the forwarding plane, VPLM searches the router list and forwards every frame that enters the Layer-2 interface to routers that have the same VLAN, through tunnels. The router that receives the frame sends it out to the respective Layer-2 interface on the same VLAN.
Application of VPLMThe following are the typical applications of the VPLM service:
Layer-2 interconnection
A VPLM enabled mesh network can be regarded as a layer-2 switch. The clients that access the same VLAN can communicate with each other.
User isolation
VPLM can be configured with the user isolation feature enabled. The user isolation feature can prevent clients inside the mesh from communicating with one another. However, the external communication still works.
Port Type in VPLMThe Ethernet interface should be assigned the access or trunk VLAN port for VPLM to automatically manage the interface. In the case of a radio interface, as long as the radio is in the access mode and the BSS of this radio interface is assigned the access VLAN port, VPLM will automatically manage this interface. VPLM will not manage any interface that is in the either backhaul mode or client mode.
Site Identifier (Site ID)A site is a network that is external to the VPLM enabled mesh network. Assign a unique site ID between 1-255 to each site manually to make it easy to select the sites. If multiple routers in a single VPLM mesh network connect to the same site, all mesh gateway routers need to be configured with this Site ID. If there is only one Ethernet interface connecting an external network (single gateway case), the site ID configuration is not required. If the VPLM enabled mesh networks have multiple gateways, the site ID has to be configured on all gateway routers.
Consider the scenario in Figure 94. Router-A and Router-B connect to the same external networks. Hence the same Site ID (for example, 11) needs to be configured on them. Router-C connects to another external network. Hence the Site ID of the network (13) is configured on Router-C.
Configuring VPLM | 131
Figure 94 Site IDs
Automatic Configuration of Site-IDIf you do not configure the VPLM Site-ID for a MSR/MST using the WMI or CLI, MeshOS automatically generates the Site-ID as follows:
If the site has only one AP, which is not configured with a Site-ID, the Site-ID is 0.
If all the APs on a site are not configured with Site-IDs, all of them are assigned the same Site-ID.
If an AP reboots or the Ethernet port status changes, the automatic Site-ID value generated may be different from the one before.
Limitations
If there are multiple gateway APs on one site, some are not configured with Site-IDs, and others are configured with Site-IDs, the Site-IDs generated may be different from the Site-IDs that are manually configure although all the APs are on the same site. In this case, the APs on the same site may have different Site-IDs. This situation must be avoided.
If there are multiple sites in one mesh, the Site-ID generated by this protocol may be the same. In this case, you must configure the Site-ID manually through CLI or WMI.
VPLM and QoS PoliciesVPLM supports CoS-DSCP mapping. VPLM automatically convert the CoS in layer-2 payload to DSCP of the VPLM tunnel’s header.
Using WMI to Configure VPLMThe following steps illustrate the configuration of the VPLM using the WMI:
1. Navigate to the Services Settings >VPLM settings page as shown in Figure 95.
2. Configure the VPLM settings.
3. Click on the Apply Changes button to save the configuration.
VPLM Settings PageClick on the Services Settings >VPLM option in the Menu tree to display the VPLM Settings page as shown in Figure 95.
When you upgrade to MeshOS 4.5 or above, make sure that this feature does not affect the existing mesh network.
132 | Configuring VPLM MeshOS 4.7 | User Guide
Figure 95 VPLM Configuration Page
The VPLM settings are listed in Table 39.
Click on the Apply Changes button to save the configuration. To discard the changes and return to the previous state, click on the Cancel Changes button.
Using the CLI to Configure VPLM(host)# configure terminal(host)(config)# service vplm(host)(config-vplm)# enable(host)(config-vplm)# allowed-vlan auto(host)(config-vplm)# quit(host)(config)# interface vlan 22(host)(config-vlan)# quit(host)(config)#
ExampleA typical example for the VPLM configuration is shown in Figure 96.
The network consists of:
Routers: Router-A, Router-B, and Router-C.
Clients: Laptop_A, Laptop_B, and PC_H.
Table 39 VPLM Settings Page
Setting Explanation Default
Status Specifies if the VPLM service is to be enabled or disabled
Enabled
Allowed VLAN Configure the VLANs that are allowed:
Auto
Manual - Specify a list of VLAN numbers that are allowed between 1-4094. Use the comma to separate multiple VLAN or VLAN ranges.
Auto
Spanning Tree Compatibility
Enable or disable Spanning Tree Compatibility Disabled
MeshOS 4.7 | User Guide Configuring VPLM | 133
Switch.
The routers are enabled for AWR and establish valid WDS links between each other.
The Ethernet interfaces of Router_A, Router_B, and PC_H all connect to a Layer-2 switch.
Laptop_A wirelessly connects to BSS1 of Router_C.
Laptop_B wirelessly connects to BSS1 of Router_B.
Laptop_A, Laptop_B, and PC_H belong to the same VLAN and have different IP address in the same IP subnet.
If the VPLM is not enabled, Laptop_A, Laptop_B and PC_H cannot ping each other.
If the VPLM is enabled, Laptop_A, Laptop_B, and PC_H can ping each other.
Figure 96 Network Topology -VPLM
Configuring VPLM on Router_ARouter_A# configure terminalRouter_A(config)# service vplmRouter_A(config-vplm)# enableRouter_A(config-vplm)# allowed-vlan autoRouter_A(config-vplm)# quitRouter_A(config)# interface vlan 22Router_A(config-vlan)# quitRouter_A(config)# interface gigabit-ethernet 0Router_A(config-eth)# switchport access vlan 22Router_A(config-eth)# switchport site-id 3Router_A(config-eth)# quitRouter_A(config)# interface dot11radio 0Router_A(config-dot11radio)# bss 1Router_A(config-bss)# ssid RouterAr0bss1Router_A(config-bss)# switchport access vlan 22Router_A(config-bss)# end
134 | Configuring VPLM MeshOS 4.7 | User Guide
Configuring VPLM on Router_BRouter_B# configure terminalRouter_B(config)# service vplmRouter_B(config-vplm)# enableRouter_B(config-vplm)# allowed-vlan autoRouter_B(config-vplm)# quitRouter_B(config)# interface vlan 22Router_B(config-vlan)# quitRouter_B(config)# interface gigabit-ethernet 0Router_B(config-eth)# switchport access vlan 22Router_B(config-eth)# switchport site-id 3Router_B(config-eth)# quitRouter_B(config)# interface dot11radio 0Router_B(config-dot11radio)# bss 1Router_B(config-bss)# ssid RouterBr0bss1Router_B(config-bss)# switchport access vlan 22Router_B(config-bss)# end
Configuring VPLM on Router_CRouter_C# configure terminalRouter_C(config)# service vplmRouter_C(config-vplm)# enableRouter_C(config-vplm)# allowed-vlan autoRouter_C(config-vplm)# quitRouter_C(config)# interface vlan 22Router_C(config-vlan)# quitRouter_C(config)# interface dot11radio 0Router_C(config-dot11radio)# bss 1Router_C(config-bss)# ssid RouterCr0bss1Router_C(config-bss)# switchport access vlan 22Router_C(config-bss)# end
MeshOS 4.7 | User Guide Configuring VPLM | 135
136 | Configuring VPLM MeshOS 4.7 | User Guide
MeshOS 4.7 | User Guide
Chapter 15
Configuring Motrix
Motrix is an Aruba designed, IEEE 802.11-based roaming protocol for wireless mesh networking. Motrix ensures that your communication is unaffected when a wireless client is roaming between different APs. Motrix optimizes processing and can handle unusual events/exceptions in the mesh network.
Using WMI to Configure MotrixThe following steps illustrate the configuration of the Motrix service using the WMI:
1. Navigate to the Services Settings >Mobility > Mobility Settings page as shown in Figure 97.
2. Configure the mobility (Motrix) settings.
3. Click on the Apply Changes button to save the configuration.
Mobility Settings pageClick on the Services Settings >Mobility option in the Menu tree to display the Mobility Settings page as shown in Figure 97.
Figure 97 Mobility Settings Page
The mobility configuration settings are listed in Table 40.
Table 40 Mobility Configuration
Configuration Explanation Default
Status Roaming service enabled or disabled. Disabled
Configuring Motrix | 137
Click on the Apply Changes button to save the configuration.
Using CLI to Configure MotrixThe following steps illustrate the configuration of Motrix using the CLI:
(host)> enable(host)# configure terminal(host)(config)# service roaming-motrix(host)(config-mtx)# enable(host)(config-mtx)# station 00:17:7b:2a:6c:9f 10.65.50.214/24(host)(config-mtx)# debug-level dump(host)(config-mtx)# end(host)#
Debug Level Configures the debug level for the roaming service:
None
Error
Event
Info
Frame
Dump
Dump
Table 40 Mobility Configuration
Configuration Explanation Default
138 | Configuring Motrix MeshOS 4.7 | User Guide
MeshOS 4.7 | User Guide
Chapter 16
Configuring SNMP
The AirMesh wireless mesh routers provide remote management through the Simple Network Management Protocol (SNMP). Using SNMP, network management products can read/write configuration and store data on the wireless mesh routers.
Configurations a SNMP service consists of the following:
Configuring Device Information
Configuring SNMP Communities
Configuring SNMP Trap Receivers
Configuring SNMPv3 User Accounts
Using WMI to Configure SNMPThe following steps illustrate the configuration of the SNMP service using the WMI:
1. Navigate to the SNMP Settings > Device Info page as shown in Figure 98.
2. Configure the Syslocation and Syscontact information.
3. Click on the Apply Changes button to save the configuration.
4. Navigate to the SNMP Settings > Community > SNMP Community page as shown in Figure 99
5. Specify the SNMP community in the text box provided and click on the Add Community button to add a new SNMP community.
6. Navigate to the SNMP Settings > Trap Receiver > Trap Receiver configuration page as shown in Figure 102.
7. Click on the Add SNMP Trap Receiver button to add a new SNMP Trap receiver.
8. Navigate to the SNMP Settings > v3 User page as shown in Figure 105.
9. Specify the SNMP v3 user settings and click on the Add SNMPv3 User button to add a new SNMP v3 user.
Configuring Device InformationSelect the SNMP Settings > Device Info option in the Menu tree to display the Device Info page as shown in Figure 98.
Configuring SNMP | 139
Figure 98 SNMP Device Information Page
The SNMP location and contact information configured are displayed. The SNMP device information settings are listed in Table 41.
Click on the Apply Changes button to save the configuration.
Configuring SNMP CommunitiesA SNMP Community is the basic authentication scheme used by SNMP v1 and v2. Each mesh router may have one or more community strings defined. Each of these strings can have an access-mode of read-only or read-write. When the router receives an SNMP command (which is usually a read or a write), it allows the operation if it matches a known community string with a matching access-mode.
Select the SNMP Settings > Community option in the Menu tree to display the SNMP Community page as shown in Figure 99. The SNMP communities that are configure and their access modes are displayed.
Table 41 SNMP Device Information
Setting Explanation Default
Sysname System Name N/A
Syslocation SNMP Agent location Beijing
Syscontact SNMP Agent contact info [email protected]
140 | Configuring SNMP MeshOS 4.7 | User Guide
Figure 99 SNMP Communities Configuration Page
Adding a New Community
To add a community, enter the community name in the text box at the end of the list, select the access mode from the drop down menu, and click on the Add Community button as shown in Figure 100.
Figure 100 Adding a New SNMP Community
Deleting a Community
To delete a community, select the community by checking the box in front of the community and click on the Delete Community button as shown in Figure 101.
The Community Name should be an alphanumeric string that starts with a letter and has no spaces.
MeshOS 4.7 | User Guide Configuring SNMP | 141
Figure 101 Deleting a SNMP Community
Configuring SNMP Trap ReceiversSNMP Trap receivers are external hosts that receive the SNMP trap message sent by the mesh router. These receivers are generally Network Management Systems (NMS). SNMPv1 and SNMPv2 are the only trap messages supported by MeshOS at the moment. Multiple receivers can be configured on one mesh router.
Select the SNMP Settings > Trap Receiver option in the Menu tree to display the Trap Receiver configuration page as shown in Figure 102. The receivers that are configured are displayed along with information on their ports and communities.
Figure 102 SNMP Trap Receivers Configuration Page
Adding a New SNMP Trap Receiver
To add a receiver, enter the Receiver Address, Port, and Community in the corresponding boxes at the bottom of the table and choose the Version and Type from the drop-down menu. Click on the Add SNMP Trap Receiver button to add a new SNMP Trap receiver.
142 | Configuring SNMP MeshOS 4.7 | User Guide
Figure 103 Adding a New SNMP Trap Receiver
The SNMP Trap receiver settings are listed in Table 42.
Deleting a SNMP Trap Receiver
To delete a SNMP trap receiver, select the trap receiver by checking the box in front of it and click on the Delete SNMP Trap Receiver button as shown in Figure 104.
Table 42 SNMP Trap Receiver Settings
Setting Description Default
Receiver Address The IP Address of the trap receiver. N/A
Port The port number at which the trap receiver will receive the trap messages.
N/A
Community The community string for the trap messages sent to this receiver. The community must be alphanumeric, starting with a letter, and contain no spaces.
N/A
Version The version of the trap receiver.
v1
v2c
v1
Type The message type of the trap receiver.
Trap
Inform
Trap
The Version v1 cannot be configured with the message Type Inform.
MeshOS 4.7 | User Guide Configuring SNMP | 143
Figure 104 Deleting a Trap Receiver
Configuring SNMP v3 UsersSNMPv3 introduces the concept of user accounts along with strong encryption and authentication methods. Mesh routers support SNMPv3 and allow the configuration of multiple SNMPv3 users, each with different access rights as well as authentication and encryption methods.
Select the SNMP Settings > v3 User option in the Menu tree to display the v3 User configuration page as shown in Figure 105. The SNMP v3 users configured are displayed.
Figure 105 SNMPv3 Users Configuration Page
Adding a New SNMPv3 User
To add a new SNMPv3 user, enter the user details in the Configure SNMPv3 Users page as show in Figure 106 and click on the Add SNMPv3 User button.
144 | Configuring SNMP MeshOS 4.7 | User Guide
Figure 106 Adding a New SNMPv3 User
The SNMPv3 user configuration settings are listed in table Table 43.
Table 43 SNMPv3 User Configuration Settings
Setting Explanation Default
v3 Username The SNMPv3 User Name. Alphanumeric string, starting with a letter, and should not include white spaces.
N/A
Access Mode Access mode for the SNMPv3 user:
Read-only - The user can retrieve information from the router MIB, but cannot change it.
Read-write - The user can both retrieve and change information from the router’s MIB.
Read-only
User Type The authentication and encryption methods used by the SNMPv3 user
NoAuthNoPriv - No secure authentication or encryption
AuthNoPriv - Uses secure authentication, but no encryption.
AuthPriv - Uses both secure authentication and encryption
No-auth No-priv
Auth Type The Authentication type used:
MD5
SHA
MD5
Auth Password The authentication password used for AuthNoPriv and AuthPriv users. Should be an alphanumeric string of up to length 8- 16 characters. For example, a1a2a3a4a5.
N/A
Priv type The encryption type used:
DES: DES encryption
AES:AES encryption
DES
MeshOS 4.7 | User Guide Configuring SNMP | 145
Deleting a SNMPv3 User
To delete a SNMPv3 User, select the v3 user by checking the box in front of it and click on the Delete SNMP v3 User button as shown in Figure 107.
Figure 107 Deleting a SNMPv3 User
Using CLI to Configure SNMPThe following steps illustrate the configuration of the SNMP service using the CLI:
Configuring SNMP Device Information(host)# config terminal(host)(config)# snmp-server community create a SNMP community host create a trap receiversyscontact set system contact syslocation set system location sysname set router sysname v3user create a SNMP USM user(host)(config)# snmp-server syslocation LINE system location(host)(config)# snmp-server syslocation China(host)(config)# snmp-server syscontact Aruba(host)(config)# snmp-server sysname Msr_mesh(host)(config)# quit (host)#
(host)# show running-config
Priv Password The encryption password used for AuthPriv users. Should be an alphanumeric string of up to length 8- 16 characters. For example, a1a2a3a4a5.
N/A
Table 43 SNMPv3 User Configuration Settings
Setting Explanation Default
146 | Configuring SNMP MeshOS 4.7 | User Guide
……interface vlan 1 ip address 10.64.147.197/23 management mtu 1500mesh installation indoorsnmp-server syscontact [email protected] syslocation BeiJingsnmp-server community public rosnmp-server community private rwsnmp-server trap open client_onlinesnmp-server trap open client_offline
Configuring SNMP Community(host)# config terminal(host)(config)#(host)(config)#snmp-server community [community] [ro|rw](host)(config)#
Configuring SNMP Trap(host)(config)#(host)(config)#snmp-server host [ip-address] [community] [udp-port] [v1|v2c] [trap|inform](host)(config)#
Configuring SNMPv3 Users(host)(config)#snmp-server v3user <user name> <ro|rw> <md5|sha|MD5PWD> <AUTH-PWD> <des|aes> <enc-pass> <auth|no-auth|priv>(host)(config)#
MeshOS 4.7 | User Guide Configuring SNMP | 147
148 | Configuring SNMP MeshOS 4.7 | User Guide
MeshOS 4.7 | User Guide
Chapter 17
Configuring Radio Frequency Manager
Radio Frequency Manager (RFM) module is mainly responsible for auto discovery and auto link formation in the mesh network. RFM module also monitors the quality of all the Wireless Distribution System (WDS) links and reports on the status of the links. RFM helps the AWR routing protocol to optimize the routing paths inside the mesh. WDS is the underlying technology that allows MSR series routers to communicate with each other through wireless and form the backhaul links of the mesh network. A WDS link is formed between two routers by creating logical WDS interfaces on each router. Each logical WDS interface is bound to a physical radio interface. Up to 6 logic WDS interfaces can be created on a single radio interface.
Using WMI to Configure RFMThe following steps illustrate the configuration of the RFM using the WMI:
1. Navigate to the Wireless Settings > Mesh > Mesh Configuration page as shown in Figure 108.
2. Configure the Basic mesh settings and click on the Apply Changes button to save the settings.
3. Navigate to the Wireless Settings > Mesh > Security Tab to display the mesh security page.
4. Configure the mesh Security settings and click on the Apply Changes button to save the settings.
5. Configure the Mesh ACL List Settings, Preferred List, and the Advanced settings by clicking on the respective tabs.
6. Click on the Apply Changes button in each case to save the settings.
Mesh ConfigurationClick the Wireless Settings > Mesh option in the Menu tree to display the Mesh Configuration page as shown in Figure 108.
Configuring Mesh Interface Basic Settings
The Mesh Basic configuration tab is displayed by default when the Mesh Configuration page is accessed.
Configuring Radio Frequency Manager | 149
Figure 108 Mesh Basic Configuration Page
The mesh basic configuration settings are listed in Table 44.
Click on the Apply Changes button to save the configuration. To discard the changes and return to the previous state, click on the Cancel Changes button.
Configuring Mesh Interface Security Settings
WDS supports 802.11 security standards. Click on the Security tab in the Mesh configuration page to display the mesh Security page as shown in Figure 109.
Table 44 Mesh Basic Configuration Page
Setting Explanation Default
Mesh Network ID Configures the Mesh ID DefaultMesh
WDS IP Pool Configures IP address pool for the WDS links:
Auto Generate from MAC - Automatically generated from MAC
Manually Configure - Configures an IP specified in the format A.B.C.D/M
Auto Generate from MAC
150 | Configuring Radio Frequency Manager MeshOS 4.7 | User Guide
Figure 109 Mesh Security Configuration Page
Select an Security Type for the Mesh from the drop down list. A security configuration page is displayed based on the Security Type selected.
Open WEP
The Open WEP security configuration page as shown in Figure 110 is displayed when the Open WEP option is selected as the Security Type in the Mesh Security configuration page.
Figure 110 Mesh Open WEP Security Configuration Page
In the WEP encryption mode, you can configure up to four keys and set one of them as the Default key.
Shared WEP
The Shared WEP security configuration page as shown in Figure 111 is displayed when the Shared WEP option is selected as the Security Type in the Mesh Security configuration page.
If Open/None is selected as the Security Type, no security configuration page is displayed.
MeshOS 4.7 | User Guide Configuring Radio Frequency Manager | 151
Figure 111 Mesh Shared WEP Security Configuration Page
In the WEP encryption mode, you can configure up to four keys and set one of them as the Default key.
WPA
The WPA security configuration page as shown in Figure 112 is displayed when the WPA option is selected as the Security Type in the mesh Security configuration page.
Figure 112 Mesh WPA Security Configuration Page
The WPA security configuration settings are listed in Table 45.
Table 45 Mesh WPA Security Configuration
Setting Description Default
Security Type WPA N/A
WPA Type Specifies the WPA Type:
WPA-PSK, ASCII Key WPA-PSK, Hex Key
WPA-PSK, ASCII Key
PSK Key String ASCII code or hexadecimal key. The length of the ASCII code is a string of length 8-63 alphanumeric characters and the length of hexadecimal key is 64 digits.
N/A
152 | Configuring Radio Frequency Manager MeshOS 4.7 | User Guide
WPA2
The WPA2 security configuration page as shown in Figure 113 is display when the WPA2 option is selected as the Authentication Type in the mesh Security page.
Figure 113 Mesh WPA2 Security Configuration Page
The WPA2 security configuration settings are listed in Table 46.
Click on the Apply Changes button to save the configuration.
Configuring Mesh ACL List Settings
Click on the Mesh ACL List tab to display the Mesh ACL List configuration page as shown in Figure 114.
Table 46 WPA2 Security Configuration
Setting Description Default
Security Type WPA2 N/A
WPA Type Specifies the WPA Type:
WPA-PSK, ASCII Key WPA-PSK, Hex Key
WPA-PSK, ASCII Key
PSK Key String ASCII code or hexadecimal key. The length of the ASCII code is a string of length 8-63 alphanumeric characters and the length of hexadecimal key is 64 digits.
N/A
MeshOS 4.7 | User Guide Configuring Radio Frequency Manager | 153
Figure 114 Mesh ACL List Configuration Page
The mesh ACL List configuration settings are listed in Table 47.
Click on the Apply Changes button to save the configuration. To discard the changes and return to the previous state, click on the Cancel Changes button.
Adding or Deleting a Neighbor List Entry
Select the Neighbor ID Type and enter the Neighbor ID in the text box provided as shown in Figure 115. The Neighbor ID could be that of an existing neighbor or a new one. Click on Add Neighbor List Entry to add the neighbor to the Neighbor list. Click on the Delete Neighbor List Entry to delete an existing neighbor from the list.
Table 47 Mesh ACL List Configuration
Setting Description Default
Neighbor List Type Used to select the neighbor list type:
Inactive - The neighbor list is not taken into consideration when forming WDS links.
White list - The neighbors defined in the neighbor list are allowed to form WDS links.
Black list - The neighbors defined in neighbor list are not allowed to form WDS links.
Inactive
Neighbor ID Type Used to select the neighbor ID type:
Hostname - Hostname of the router.
Router ID - ID of the router.
Host Name
Neighbor ID The neighbor Hostname or Router ID. N/A
154 | Configuring Radio Frequency Manager MeshOS 4.7 | User Guide
Figure 115 Adding or Deleting a Neighbor List Entry
Configuring Preferred Links Settings
Click on the Preferred Links tab to display the Preferred Links configuration page as shown in Figure 116.
Figure 116 Mesh Preferred Links Configuration Page
The preferred links that are configured are displayed in the list. To delete an existing preferred link, select the link from the list by checking the box in front of the link and click on the Delete Preferred Link button.
Creating a Preferred Link
To create a preferred link, click on the Create Preferred Link button in the Preferred Links configuration page. A Create Preferred Link page is displayed as shown in Figure 117.
MeshOS 4.7 | User Guide Configuring Radio Frequency Manager | 155
Figure 117 Create Preferred Link Page
Select a Link Index from the drop down list and click on the Create Preferred Link button. The Configure Preferred Link page is displayed as shown in Figure 118.
Figure 118 Configure Preferred Links Page
The Mesh Preferred Links settings are listed in Table 48.
Table 48 Mesh Preferred Links Configuration
Setting Explanation Default
Neighbor ID The neighbor Hostname or Router ID. N/A
Preferred Radio Used to select the radio to form the connection.
0-3 - MSR4000,
0-1 - MSR2000/MSR1200
None
Preferred Channel Used to select the preferred channel.
A valid 802.11 channel or blank for none.
N/A
Maximum Bandwidth Configures the maximum bandwidth for the preferred WDS link. The value range is 1-300000 kbits/s, 0 means not set.
0
156 | Configuring Radio Frequency Manager MeshOS 4.7 | User Guide
Click on the Apply Changes button to save the configuration. To discard the changes and return to the previous state, click on the Cancel Changes button.
Configuring Mesh Advanced Settings
Click on the Advanced tab to display the mesh Advanced configuration page as shown in Figure 119.
Figure 119 Mesh Advanced Configuration Page
The mesh Advanced configuration settings are listed in Table 49.
Click on the Apply Changes button to save the configuration.
Using CLI to Configure RFMThe following steps illustrate the configuration of the RFM using the CLI:
Configure the Mesh Interface(host)> enable(host)# configure terminal(host)(config)# mesh(host)(config-mesh)# mesh-id zhiyuan-mesh(host)(config-mesh)# exit(host) (config)# interface dot11radio 1(host) (config-dot11radio)# wireless-mode na(host) (config-dot11radio)#wds auto(host)(config-wds-auto)# max-auto-wds 3(host) (config-dot11radio)# end(host)#
Table 49 Mesh Advanced Configuration Settings
Setting Explanation Default
RSSI Minimum Limit Minimum RSSI required for links to form 15
Default Maximum Bandwidth
Configure maximum bandwidth for each WDS link. The value range is 1-300000 kbits/s, 0 means not set.
0
MeshOS 4.7 | User Guide Configuring Radio Frequency Manager | 157
Configure Mesh Security Settings(host)# configure terminal(host)(config)# mesh(host)(config-mesh)# authentication open key-management wp2(host)(config-auth-open-wpa)# psk ascii 1234567890(host)(config-auth-open-wpa)# end(host)#
Configure the ACL settings for the Mesh(host)# configure terminal(host)(config)# mesh(host)(config-mesh)# neighbor-list(host)(config-mesh)# neighbor-list-type white-list(host)(config-neighbor-list)# neighbor host zhiyuan-5(host)(config-neighbor-list)# neighbor router 10.65.50.212(host)(config-neighbor-list)# exit
Configure Preferred Links (optional)(host)(config)# mesh(host)(config-mesh)# preferred-link 0(host)(config-preferred-link)# neighbor host zhiyuan-5(host)(config-preferred-link)# preferred radio 0(host)(config-preferred-link)# preferred channel 100(host)(config-preferred-link)# end(host)#
ExampleThe following example illustrates the WDS link setup:
Consider there routers Node 1, Node 2, and Node 3. All routers are in the factory default setting. The routers will automatically form WDS links in 802.11na mode to establish a wireless mesh network. The network topology before the power up is shown in Figure 120.
158 | Configuring Radio Frequency Manager MeshOS 4.7 | User Guide
Figure 120 Topology Before Powering Up
Node1, Node2, and Node3 all have the factory default setting as shown in Table 50.
Let us now establish the WDS links between the routers under the 802.11na mode with WPA enabled as listed in Table 51. Log on to each of the nodes and configure the WDS using the CLI. The network topology after the configuration is as shown in Figure 121.
Table 50 Factory default settings
Node IDRadio Interface
Mode Mesh-id Host-name
Node1 Radio 1 802.11na DefaultMesh MSR2000
Node2 Radio 1 802.11na DefaultMesh MSR2000
Node3 Radio 1 802.11na DefaultMesh MSR2000
MeshOS 4.7 | User Guide Configuring Radio Frequency Manager | 159
Figure 121 Topology After Configuring
Node 1 Configuration:
MSR2000> enableMSR2000# configure terminal MSR2000(config)# hostname Node 1Node 1(config)# mesh Node 1(config-mesh)# authentication open key-management wpa Node 1(config-auth-open-wpa)# psk ascii 1234567890Node 1(config-auth-open-wpa)# endNode 1# configure terminal Node 1(config)# interface dot11radio 1Node 1(config-dot11radio)# wireless-mode na channel 149Node 1(config-dot11radio)# wds autoNode 1(config-wds-auto)# max-auto-wds 2Node 1(config-dot11radio)# endNode 1#
Node 2 Configuration:
MSR2000> enableMSR2000# configure terminal MSR2000(config)# hostname Node 2Node 2(config)# mesh Node 2(config-mesh)# authentication open key-management wpa Node 2(config-auth-open-wpa)# psk ascii 1234567890Node 2(config-auth-open-wpa)# endNode 2# configure terminal Node 2(config)# interface dot11radio 1Node 2(config-dot11radio)# wireless-mode na channel 149Node 2(config-dot11radio)# wds autoNode 2(config-wds-auto)# max-auto-wds 2Node 2(config-dot11radio)# endNode 2#
Table 51 Node Configuration Summary
Node IDRadio Interfaces
Mode Mesh-id Hostname Encryption
Node1 Radio 1 802.11na DefaultMesh hostname1 WPA
Node2 Radio 1 802.11na DefaultMesh hostname2 WPA
Node3 Radio 1 802.11na DefaultMesh hostname3 WPA
160 | Configuring Radio Frequency Manager MeshOS 4.7 | User Guide
Node 3 Configuration:
MSR2000> enableMSR2000# configure terminal MSR2000(config)# hostname Node 3Node 3(config)# mesh Node 3(config-mesh)# authentication open key-management wpa Node 3(config-auth-open-wpa)# psk ascii 1234567890Node 3(config-auth-open-wpa)# endNode 3# configure terminal Node 3(config)# interface dot11radio 1Node 3(config-dot11radio)# wireless-mode na channel 149Node 3(config-dot11radio)# wds autoNode 3(config-wds-auto)# max-auto-wds 2Node 3 (config-dot11radio)# endNode 3#
After the three nodes are configured, the mesh network will automatically form within five minutes. Wait for about five minutes after the configuration and check the WDS link status.
MeshOS 4.7 | User Guide Configuring Radio Frequency Manager | 161
162 | Configuring Radio Frequency Manager MeshOS 4.7 | User Guide
MeshOS 4.7 | User Guide
Chapter 18
Configuring Orphan Recovery
This chapter describes the configuration of the Orphan Recovery features.
An orphan node (ON) is a mesh node which has lost all links with other nodes in a mesh network. MeshOS provides the following two features to recover an orphan node:
Orphan Node Recovery
Auto Orphan Recovery
Orphan Node RecoveryOrphan Node Recovery (ONR) is a troubleshooting feature used to recover an orphan node. This feature is available from MeshOS 4.3 onwards. A neighbor node is used to initiate the creation of a configuration file and the same is transferred to the orphan node. The ONR feature may reset some of the configuration settings on the recovered ON to the default settings. Hence check the settings on the recovered ON.
The following are the prerequisites for the ONR process:
MeshOS version: The MeshOS version, both of the neighbor and the ON is 4.3 or higher.
Topology: The transmission of messages between nodes that are separated by more than one hop is not possible.
ON: The ON can be scanned by at least one radio in the mesh point. At least one radio of a neighbor is in
WDS mode. The MAC address of the ON is known. The MAC address can be ethernet, radio (e.g. wifi*), or any VAP (e.g. WDS, STA, or AP).
Neighbor node: The ON and its neighbor are able to communicate at the physical layer with a RSSI greater than 15.
Using WMI to recover a Orphan NodeTo recover an orphan in WMI:
1. Open the Orphan recovery tool in Troubleshooting > Tools > Wireless tab as shown in Figure 122.
2. Type the MAC address of the neighbor in the text box provided.
3. Click on Execute.
Configuring Orphan Recovery | 163
Figure 122 Orphan Recovery Tool
Using CLI to recover an Orphan NodeTo recover an orphan node, use the prerequisites listed above to select a suitable neighbor for the ON. Run one of the following CLI commands from the selected neighbor node:
orphan-recovery mac <ADDR>ororphan-reboot mac <ADDR>
Examples:
(host)(config)# orphan-recovery mac **:**:**:**:**:**(host)(config)# orphan-reboot mac **:**:**:**:**:**
In the above example, mac **:**:**:**:**:** is the MAC address of the ON.
Auto Orphan RecoveryAuto Orphan Recovery (AOR) feature enables the orphan node (ON) to automatically reconnect back to the mesh network. The Orphan Node reboots itself if it stays in the orphan state for over 12 hours.
The AOR feature works as follows:
The Mesh Orphan Node’s Physical Neighbor (MPN) must be connected to the gateway through the WDS link or should have a WDS data link.
Once a node becomes a ON, it automatically ask for configuration from MPN. The communication takes place through RVL (Radio Virtual Link).
Once a node becomes a ON, it broadcasts the request for correct configuration to all physical neighbors by RVL (Radio Virtual Links), so that the transmission will not be limited by wireless mode and channel list.
If a MPN receives the request, it sends a configuration to ON.
The MPN sends a trap and the MIB info which includes the Ethernet MAC address of the ON to MeshConfig or Airwave. This information includes the MAC address of the ON and MPN.
When the ON receives the configuration, it checks the following to make sure that the profile is correct:
Group number — to make sure that the profile is the one asked by ON
RSSI level > 15
The information is correctly decrypted.
Once the ON receives the correct profile, it changes its configuration according to the profile and reboots automatically. The ON stops receiving other profiles until reboot.
164 | Configuring Orphan Recovery MeshOS 4.7 | User Guide
After the ON reboots itself, you can use the show auto-orphan-recovery history” to view what time it recovered itself and by which MPN.
For security purposes, all information is encrypted by AES. The basic key is set at the provisioning stage using WMI or CLI. The final key is generated using the basic-key and a DA MAC address. If two nodes are not set with the same basic key, they will not be able to communicate with each other during AOR.
PrerequisiteThe AOR function must be enabled and the AOR key must be set using the WMI or the CLI.
LimitationsThe following are the limitations of the AOR feature:
Not all radio shutdown cases are considered.
The working channel of MPN must be included in the channel list of ON.
If an orphan is in the default factory setup state, AOR cannot work because AOR-key has no value assigned.
Switching to a factory default state does not clear the AOR configuration.
Using WMI to enable AORTo enable Auto Orphan Recovery:
1. Open the Service Settings > AOR page as shown in Figure 123.
2. Set the AOR Status to Enabled.
3. Set the AOR Key.
4. Click on Apply Changes.
The Auto Orphan Recovery feature is now enabled.
Figure 123 Auto Orphan Recovery
MeshOS 4.7 | User Guide Configuring Orphan Recovery | 165
Using CLI to enable AOR
Use the following CLI commands for the Auto Orphan Recovery (AOR) feature:
(host) (config)# service auto-orphan-recovery
This command is used to enter the AOR.
(host)(config-aor)# aor-key 12345678
Use this command to set the AOR Key. The AOR key should be a string of 8-64 alphanumeric characters.
(host)(config-aor)# enable
This command enables AOR.
Example:
(host)# configure terminal
(host)(config)# service auto-orphan-recovery
(host)(config-aor)# aor-key 12345678
(host)(config-aor)# enable
(host)(config-aor)# end
166 | Configuring Orphan Recovery MeshOS 4.7 | User Guide
MeshOS 4.7 | User Guide
Chapter 19
Troubleshooting Tools and Logs
Wireless mesh routers are provided with the following to aid in network diagnostics:
SNR Graph
Tools
Logs
SNR GraphThe SNR graph also known as the antenna alignment tool is an useful aid in aligning the antennas of a router with respect to its neighbors.
Using WMI for Antenna AlignmentSelect the Troubleshooting > SNR Graph option from the menu tree to display the SNR Graph page as shown in Figure 124.
Figure 124 SNR Graph Page
Adding Neighbors to the ListTo add an existing neighbor node to the list:
1. Enter the MAC address of the neighbor in the Neighbor MAC field on the Troubleshooting > SNR Graph page.
2. Click on the Execute button.
The neighbor node is added to the list.
Viewing the SNR Graph of a NeighborTo view the SNR Graph of a neighbor:
1. Click on the Dynamic Graph link corresponding to each Neighbor MAC to view the SNR graph or enter the MAC address of a neighbor node in the Neighbor MAC field and click on Execute.
2. Set the Window and Refresh Interval parameters and enable the Audio option (optional).
Troubleshooting Tools and Logs | 167
The dynamic SNR Graph for the neighbor is displayed as shown in Figure 125.
Figure 125 Dynamic SNR Graph Page
The graph displays the real-time RSSI value of the neighbor node selected. The SNR Graph provides a visual interface for aligning the antennas. The Window (1-10 minutes) and the Refresh Interval (1-10 Seconds) parameters located on the bottom right hand side of this page may be used to tweak the SNR Graph. The Audio check box when enabled, indicates the change in the RSSI by sound and may be used as an aid to adjust the antennas.
ToolsSelect the Troubleshooting >Tools option from the menu tree as shown in Figure 126, to display the Troubleshooting Tools page.
Figure 126 Troubleshooting Tools Page - Basic Tab
The page provides many common tools to view the working status and performance of routers. You can run the troubleshooting commands and view the results directly on this page. The commands are organized under the following four tabs:
The Antenna Alignment Tool has been tested for Internet Explorer 9. Additional plug-ins may be required for
Internet Explorer 7 and 8, FireFox 11.0/12.0, and Safari browsers.
168 | Troubleshooting Tools and Logs MeshOS 4.7 | User Guide
Basic
Wireless
Network
Interface
Basic TabThe Basic tab consists of the following tools as shown in Figure 126.
Basic—Running configuration, Startup configuration, Mesh node list, Interface list, and Hardware Inventory.
Connectivity—Ping and Traceroute
Other—ARP Table, DHCP Server Lease, and AVT status
Wireless TabThe Wireless tab consists of the following tools as shown in Figure 127:
Mesh Links
Radio
RF Scan
Neighbor RSSI
Radio Client List
Client Details
Client Mode
Motrix
Multicast Optimization
Orphan Recovery
Figure 127 Wireless Tab - Troubleshooting Tools Page
Network TabThe Network tab consists of the following tools as shown in Figure 128:
Routing Table
AWR
OSPF
MeshOS 4.7 | User Guide Troubleshooting Tools and Logs | 169
Multicast Routing Table
PIM
IGMP
VPLM
Figure 128 Network Tab - Troubleshooting Tools Page
Interface TabThe Interface tab consists of the following tools as shown in Figure 129:
Ethernet Status
VLAN Interface
Figure 129 Interface Tab - Troubleshooting Tools Page
170 | Troubleshooting Tools and Logs MeshOS 4.7 | User Guide
Table 52 gives details on the troubleshooting tools.
Table 52 Troubleshooting Tools
Troubleshooting Tools Description
Basic Used to get basic information on the router:
Running Configuration
Startup Configuration
Mesh Node List
Interface List
Hardware Inventory
Connectivity Tools to check connectivity:
Ping
Traceroute
Other This list includes troubleshooting commands such as
View ARP table
DHCP server lease address
AVT status
Mesh Links Tools to check the status of the mesh links:
Active Links
Active Portals
Connection Attempts
Neighboring Nodes
Radio Admin Status —Admin status of the radio
Scanned Devices — The devices scanned by the radio
RF Scan Used to run a full spectrum scan of the radio interfaces to view the neighbor information.
Neighbor RSSI Used to monitor the neighbor RSSI status based on the Local Radio index, Neighbor MAC address, and Samples.
Radio Client List View the Radio client list based on the Radio index and BSS index.
Client Details View client information based on the MAC address of the client.
Client Mode View Client Mode information based on the Radio index and Station index.
Motrix View Motrix roaming information, including:
Status
Interface
Local client list
LMS client list
TGW client list
Clients detail (MAC address of the client required)
Multicast Optimization View the interfaces on which Multicast Optimization is enabled.
Orphan Recovery Used to recover Orphan Nodes (ONs). The MAC address of the mesh neighbor of the ON is used to execute this command. A mesh neighbor is one which can communicate with the ON at the physical layer with a RSSI of 15 or above. Additional details are available at “Orphan Node Recovery” on page 163.
NOTE: This feature is only available from MeshOS 4.3 onwards. The ON and the neighbor should both have MeshOS 4.3 or higher installed. Executing this feature may change the settings on the recovered ON to the default setting.
MeshOS 4.7 | User Guide Troubleshooting Tools and Logs | 171
For example, Ping is a common tool used to check the reachability of a destination network.
To run the Ping command:
1. Select the Basic tab in the Troubleshooting Tools page.
2. Select the Ping option from the drop down in the Connectivity field.
3. Enter the network IP address in the text box provided
4. Click on the Execute
The result is displayed in a window at the bottom of the page as shown in Figure 130.
Figure 130 Ping IP Address Page
Routing Table View the routing tables including:
AWR Routes
Connected Routes
OSPF Routes
Static Routes
Route Summary
AWR View AWR Database and Neighbor Information.
OSPF View OSPF database, Interfaces, and Neighbor Information.
Multicast Routing Table View the Multcast Routing table.
PIM View the PIM Interface or Neighbor Information.
IGMP View the IGMP Interface and Group.
VPLM View VPLM information.
MAC Table
Member Database
Ethernet Status View the Ethernet interface status
VLAN Interface View the VLAN interface status based on the VLAN ID.
Table 52 Troubleshooting Tools (Continued)
Troubleshooting Tools Description
172 | Troubleshooting Tools and Logs MeshOS 4.7 | User Guide
LogsMeshOS supports the following types of logs:
System Logs
Upgrade
Boot Log
AWR
RF Management
OSPF
PIM
IGMP
DHCP Server
DHCP Relay
Interface Management
Roaming
AVT
Bandwidth Control
Auto Recovery
SNMP
VPLM
Tech-Support
Click on the Troubleshooting > Logs option in the Menu Tree to display the View Log page as shown in Figure 131.
Figure 131 Logs Page
Viewing LogsTo view a specific log, select the log type from the drop down menu and click on the View Log button. The information in the log is displayed in a window at the bottom of the page as shown in Figure 132.
MeshOS 4.7 | User Guide Troubleshooting Tools and Logs | 173
Figure 132 Viewing a Log
Downloading LogsTo download logs, click on the Download All Logs button as shown in Figure 133.
Figure 133 Downloading Logs
174 | Troubleshooting Tools and Logs MeshOS 4.7 | User Guide
MeshOS 4.7 | User Guide
Chapter 20
Maintenance
MeshOS provides the following maintenance features:
Upgrade
Import/Export
Reboot
Factory Reset
Change Password
LED Disable
UpgradeWireless mesh routers can be easily upgraded using the latest software image file.
Using WMI to Upgrade MeshOSThe following illustrates the upgrade of the MeshOS using the WMI:
Click on the Maintenance > Upgrade option in the Menu tree to open the Upgrade page as shown in Figure 134.
Figure 134 Upgrade Page
Browse and select the image file using the Browse button. Click on the upgrade button, the upgrade process will begin as shown in Figure 135.
Figure 135 Upgrade Status
Maintenance | 175
A message is displayed in the status window as shown in Figure 136, when the upgrade process is complete. Click on the Reboot button to reboot the router.
Figure 136 Upgrade Successful
The system enters the reboot process, click on the Yes, perform reboot button to confirm the reboot.
Figure 137 Reboot Device
Using CLI to Upgrade MeshOSThe following illustrates the upgrade of MeshOS using the CLI:
(host)# upgrade ftp 10.64.146.120 4.4.0.0.img upimg upimg% Start downloading image
[ <=> ] 11,756,485 966.09K/s
% Start upgrading image, this will take several minutesChecking OKUpgrading!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!OKVerifying!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!OK% Upgrade successful, please reboot the router to activate the new image
(host)# upgrade url http://10.64.246.248/tftpboot/twin_peak/4.4.0.0.img% Start downloading image
100%[====================================>] 11,756,485 1.05M/s ETA 00:00
After an upgrade, the device should be rebooted to run the new image.
176 | Maintenance MeshOS 4.7 | User Guide
% Start upgrading image, this will take several minutesChecking OKUpgrading!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!OKVerifying!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!OK
% Upgrade successful, please reboot the router to activate the new image
Import/Export ConfigurationTo ensure the stability of the device, it is recommend that you backup the configuration file each time the configuration is changed or on a periodic basis.
Export a ConfigurationTo export the current configuration file, select the Maintenance > Import/Export option from the Menu tree to open the Import/Export Configuration page as shown in Figure 138.
Figure 138 Export Configuration Page
Click on the Export Current Configuration button, the configuration file (device.conf) opens up in the browser. Save the configuration file.
Importing a ConfigurationTo import a configuration file, click on the Browse button in the Import/Export Configuration page and choose the configuration file, for example, D:\device.conf, as shown in Figure 139. Click on the Import New Configuration button to import the configuration file.
The Save Recent Changes Before Export option should be checked before the configuration file is exported, to
save the recent changes in the router’s configuration settings.
MeshOS 4.7 | User Guide Maintenance | 177
Figure 139 Import Configuration Page
A message is displayed as shown in Figure 140 when the import process is complete. The device will use the new configuration file after reboot.
Figure 140 Import Configuration Successful
RebootCertain changes in settings such as the upgrade, public safety, and such other changes required the device to reboot for the changes to take effect. Reboot performs a hot restart of the router.
Using WMI to Reboot a DeviceThe following steps illustrate the reboot of a device using the WMI:
178 | Maintenance MeshOS 4.7 | User Guide
Click on the Maintenance > Reboot option in the Menu tree to open the Reboot Device page as shown in Figure 141.
Figure 141 Reboot Page
Click on Yes, perform reboot to reboot the device. A message indicating that the reboot process has started is displayed as shown in Figure 142. Alternatively, click on the No, return to home page in the Reboot Device page to return to the homepage.
Figure 142 Reboot Process Page
Using CLI to Reboot a DeviceThe following illustrates the reboot of a device using the CLI:
(host)> enable(host)# reboot(host)#
Factory Reset
Using WMI to Restore the Factory DefaultThe following illustrates the factory reset of a device using the WMI:
To restore the factory default setting, click on the Maintenance > Factory Reset option in the Menu tree to display the Reset to factory default state as shown in Figure 143.
Do not conduct any operation on the router when the reboot process is in progress.
MeshOS 4.7 | User Guide Maintenance | 179
Figure 143 Factory Reset
Click on Yes, perform factory reset button to restore the factory setting, or select No, return to home page button to go back to the homepage.
Figure 144 Reboot Process Page
Using CLI to Restore the Factory DefaultThe following illustrates the factory reset of a device using the CLI:
(host)> enable(host)# setup factory
Alternatively, use the following steps to manually restore the factory default state in a router:
Power off the router and power it back on. Wait for about 60 seconds.
When the router powers on for the seventh time, it will revert to the factory default state with the following user-defined configuration reserved:
Hostname
Mesh-ID
Authentication open key-management wpa2
psk ascii <key string>
However, if a device has experienced 6 times power cycling once before, when this device goes through the 6 times power cycling again, it will revert to the factory default state without any configuration reserved. The WMI connection fails. Re-configure IP address via CLI, and log into the WMI page using the configured IP address.
Changing the PasswordTo ensure the security of the router and to prevent unauthorized access, it is recommend that you change the password regularly.
The device needs a reboot after the factory reset process for the changes to take effect.
When a router is manually restored to the factory default state by the 6-times power cycling method, if the default
SSID of the BSS of the router is deleted, its configuration of authentication open key-management wpa2 will not be
reserved.
180 | Maintenance MeshOS 4.7 | User Guide
Using WMI to Change the Password of a DeviceThe following illustrates the changing the password of a device using the WMI:
To change the password, click on the Maintenance > Password option in the Menu tree and to open the Change Password page as shown in Figure 145.
Figure 145 Change Password Page
Enter the current password and the new password in the text boxes provided. The password should be an alphanumeric string, between 1-32 characters long that starts with a letter and has no spaces. Click on the Apply Changes button to change the password. When the password is changed, you will be asked to login again.
Using CLI to Change the Password of a DeviceThe following illustrates the changing the password of a device using the CLI:
(host)# router-user passwordChanging password for rootNew password:Retype password:Changing password for rootPassword for user root have been changed.
LED ControlThe LED control option allows you to turn off the LEDs in the MSR/MST devices using the WMI and the CLI.
This option may be used to disable the LED lights in a MSR/MST device that is mounted in an elevated place
on the city streets or residential areas, to avoid unwanted attention or disturbance. This feature turns off
only the LED lights that indicate the software status, for example the R0, R1, R2, R3, Radio 0, and Radio 1.
The LEDs that indicate the hardware status, for example Power, P/S, POE, HEAT, and ETH, cannot be
turned off using this feature.
We strongly recommend changing the default credentials, in order to prevent unauthorized access to the router.
The LEDs are enabled by default.
MeshOS 4.7 | User Guide Maintenance | 181
Using WMI to Disable the LEDsTo disable the MSR/MST LEDs:
1. Open the Maintenance > Led Setting page in the WMI as shown in Figure 146.
Figure 146 LED Setting Page
2. Select the Disable radio button for the Led Status option.
3. Click on Apply Changes.
Using CLI to Disable the LEDsTo turn the LEDs of a MSR/MST device to dark, use the following command:
(host)(config)# led off
Use the no led off command to turn the LEDs back on.
Auto RecoveryAuto Recovery is an advanced feature provided by the MSR series routers. If the Auto Recovery feature is enabled, the MSR routers can automatically detect and recover from certain system faults.
Using WMI to Enable Auto Recovery FeatureThe following illustrates the auto recovery feature using the WMI:
Click on the Services Settings >Auto Recovery option in the Menu tree to display the Auto Recovery Settings page as shown in Figure 147.
182 | Maintenance MeshOS 4.7 | User Guide
Figure 147 Auto Recovery Configuration Page
The Auto Recovery configuration settings are listed in Table 53.
Click on the Apply Changes button to save the configuration. To discard the changes and return to the previous state, click on the Cancel Changes button.
Using CLI to Enable Auto Recovery FeatureThe following illustrates the auto recovery feature using the CLI:
(host)> enable(host)# configure terminal(host)(config)# service recovery(host)(config-recovery)# enable(host)(config-recovery)#
Table 53 Auto Recovery Configuration Settings
Setting Explanation Default
Status Specifies if the Auto Recovery service is to be enabled or disabled
Enabled
Debug Level Configure the debug level:
Error Info Dump
Error
MeshOS 4.7 | User Guide Maintenance | 183
184 | Maintenance MeshOS 4.7 | User Guide
MeshOS 4.7 | User Guide
Chapter 21
Miscellaneous Settings
This chapter covers the miscellaneous settings such as:
Syslog
NTP
SyslogWireless mesh routers use the syslog feature to automatically send important events in the local system to a remote syslog server configured.
Configuring Syslog ClientSelect the Syslog > Client option in the Menu tree to display the Syslog Configuration page as shown in Figure 148. The syslog servers configured and their facilities/severity levels are displayed.
Figure 148 Syslog Client Configuration Page
Remote Syslog ServiceSelect the Remote Logging option from the drop-down menu and click on the Apply Changes button as shown in Figure 149. Remote logging is either enabled or disabled on the syslog client based on the selection.
Miscellaneous Settings | 185
Figure 149 Remote Logging
Adding a Syslog ServerTo add a syslog server, enter the server address in the box provided in the Syslog Servers section of the Syslog configuration page as shown in Figure 150 and click on the Add Syslog Server button.
Figure 150 Adding a Syslog Server
Deleting a Syslog ServerTo delete a syslog server, select the syslog server by checking the box in front of it as shown in Figure 151 and click on the Delete Syslog Server button.
Figure 151 Deleting a Syslog Server
Adding Facility and Severity LevelTo add facility and severity levels, select the Facility and Severity levels from the drop-downs provided and click on the Add Facility/Severity button.
186 | Miscellaneous Settings MeshOS 4.7 | User Guide
Figure 152 Adding Facility and Severity Level
Deleting Facility and SeverityTo delete a facility/severity, select the Facility/Severity by checking the box in front of the Facility name as shown in Figure 153 and click on the Delete Facility/Severity button.
Figure 153 Deleting a Facility and Severity Level
NTPAirMesh routers support NTP client protocol and are able to sync up with the network clock server.
Using WMI to Configure NTPThe following illustrates the Configuration of NTP service using the WMI:
Click on the Network Settings > NTP option in the Menu tree to display the NTP Settings page as shown in Figure 154.
MeshOS 4.7 | User Guide Miscellaneous Settings | 187
Figure 154 NTP Configuration Page
The NTP configuration settings are listed in Table below describes the settings for NTP.
Click on the Apply Changes button to save the configuration.
Using CLI to Configure NTPThe following illustrates the Configuration of NTP service using the CLI:
(host)(config)# service ntp(host)(config-ntp)# enable(host)(config-ntp)# clock timezone BJTime 8(host)(config-ntp)# interval 3600 (host)(config-ntp)# server 203.117.180.36(host)(config-ntp)#end
Table 54 NTP Configuration Settings
Setting Explanation Default
NTP Client Enables or disables the NTP client. Disabled
NTP Server Address Configures the IP address of NTP server. The format is A.B.C.D. The value 0.0.0.0 is for unset.
0.0.0.0
Refresh Interval Configures the NTP refresh interval in seconds (5-86400)
1024
Time Zone Name Name of the time zone N/A
Time Zone Offset Configures the time zone offset in hours and minutes.
0:0
188 | Miscellaneous Settings MeshOS 4.7 | User Guide
MeshOS 4.7 | User Guide
Appendix A
Building a Four Node Mesh Network
This chapter describes the configuration of a four node mesh network. The following topics are covered:
Topology of a four node mesh network
Basic configuration of a four-node mesh network
Sample of a four node mesh configuration
Topology of a four-node mesh networkA four node mesh network is a network build using four AirMesh wireless mesh routers. The four AirMesh routers are used to establish the mesh backhaul. Each AirMesh router will form mesh links with its two neighbors. One of the router (for example, AirMesh device#1) acts as a gateway node to connect to the intranet/internet. Stations connected to the mesh network can access the intranet/internet or can be accessed by the outside stations. This topology is illustrated in Figure 155.
Figure 155 Four Node Mesh Network
Basic configuration of a Four Node mesh networkThe basic configuration required to establish a four node mesh network is listed in Table 55.
Table 55 Basic Configuration Information for a Four-Node Mesh Network
Requirement Description
Management IP The IP address of the management interface. This IP address should be unique for each AirMesh device.
NOTE: By default, the interface vlan 1 is set to the management interface, and it's IP address is used as the management IP.
Building a Four Node Mesh Network | 189
Example of a Four Node Mesh Network ConfigurationIn order to establish the four node mesh network as illustrated in Figure 155, configure the AirMesh routers as per Table 56.
Mesh-ID Mesh identifier of a Mesh network. The default Mesh-ID is “DefaultMesh”.
NOTE: AirMesh devices in the same Mesh network should be configured with identical Mesh-IDs.
hostname A user-defined name used to refer to a router. You can specify a name of up to 32 characters.
The factory default is as per the format “MODEL-AA:BB:CC”, where MODEL is the router model name and AA:BB:CC are the last three octets of the MAC address. For example, a MSR2000 with MAC address 00:17:7B:EA:5B:C3 would have a default hostname of “MSR2000-EA:5B:C3.”
Security Type Security Type for the router. All routers in the same Mesh network should be configured with identical security types.
Security Key Security key for the router. All routers in the same Mesh network should be configured with identical security keys.
Preferred Link The preferred link is used to control link establishment as per pre-defined rules, such as local radio, remote MSR router and remote radio index, channel etc. The preferred link can be used to improve the link stability of the mesh network.
Max Allowed Links This is a radio parameter used to limit the max links that can be configured on a radio, when the radio is enabled for Auto WDS meshing.
Distance This is a radio parameter used to set the maximum distance between neighbors that can form a mesh link.
NOTE: This parameter is usually used in long distance links.
Gateway mode The router which is used to connected to the intranet/internet will act as a gateway node. The Ethernet Mode of this router should be configured to Gateway mode.
VPLM Site-ID The Virtual Private LAN over Mesh (VPLM) Site-ID is configured on the gateway node to indicate a wired connection to the intranet/internet. Different gateway nodes may be configured with different Site-IDs. The value range is 1 to 255.
NOTE: If a gateway node is the only node that connects the mesh network to the intranet/internet, the VPLM Site-ID need not be configured.
Table 56 Sample Four Node Mesh Network Configuration
Requirement AirMesh device #1 AirMesh device #2 AirMesh device #3 AirMesh device #4
HostName Node-1 Node-2 Node-3 Node-4
Mesh-ID MeshNetwork MeshNetwork MeshNetwork MeshNetwork
Management IP 192.168.11.1/24 192.168.11.2/24 192.168.11.3/24 192.168.11.4/24
Security Type WPA2-PSK WPA2-PSK WPA2-PSK WPA2-PSK
Security Key MeshNetworkKey MeshNetworkKey MeshNetworkKey MeshNetworkKey
Table 55 Basic Configuration Information for a Four-Node Mesh Network
Requirement Description
190 | Building a Four Node Mesh Network MeshOS 4.7 | User Guide
Configuring Management IP Address
Configure Management IPs for the four AirMesh routers as specified in Table 56. For instructions on configuring static management IP for a router, refer to the First Steps section of the Aruba MeshOS 4.7 Quick Start Guide.
Configuring Hostname
Configure hostnames for the four AirMesh routers as specified in Table 56. For instructions on changing the default hostname of a router, refer to the First Steps section of the Aruba MeshOS 4.7 Quick Start Guide.
Configuring Mesh-ID
Configure the Mesh-IDs for the four AirMesh routers as specified in Table 56. For instructions on configuring a mesh IDs for a router, refer to the First Steps section of the Aruba MeshOS 4.7 Quick Start Guide.
Configuring Mesh Security
Configure the Security Type “WPA2-PSK” and Security Key “MeshNetworkKey” for the four AirMesh routers as specified in Table 56. For instructions on configuring the Security Type and Security Key for a router, refer to the First Steps section of the Aruba MeshOS 4.7 Quick Start Guide.
Configuring Preferred Links (optional)
Create two preferred link indexed with 0 and 1 on each AirMesh device. The detailed configuration for preferred link 0 and preferred link 1 is described in Table 57.
Max Allowed Links
Radio 0: 1
Radio 1: 1
Radio 0: 1
Radio 1: 1
Radio 0: 1
Radio 1: 1
Radio 0: 1
Radio 1: 1
Preferred Link 0 Node-2
using radio 0
Channel 149
Node-1
using radio 0
Channel 149
Node-4
using radio 0
Channel 157
Node-3
using radio 0
Channel 157
Preferred Link 1 Node-4
using radio 1
Channel 161
Node-3
using radio 1
Channel 153
Node-2
using radio 1
Channel 153
Node-1
using radio 1
Channel 161
Max Neighbor Distance
Radio 0: 1000
Radio 1: 1750
Radio 0: 1000
Radio 1: 1250
Radio 0: 1500
Radio 1: 1250
Radio 0: 1500
Radio 1: 1750
Ethernet 0 Mode Gateway none none none
Ethernet 0 Site-ID
1 Not set Not set Not set
Table 57 Preferred Link Configuration for a Four Node Mesh Network
Host Name Preferred Link 0 Preferred Link 1
Node-1 Neighbor Host Name: Node-2
Preferred Radio: 0
Preferred Channel: 149
Neighbor Host Name: Node-4
Preferred Radio: 1
Preferred Channel: 161
Table 56 Sample Four Node Mesh Network Configuration
Requirement AirMesh device #1 AirMesh device #2 AirMesh device #3 AirMesh device #4
MeshOS 4.7 | User Guide Building a Four Node Mesh Network | 191
To configure the preferred link 0 on AirMesh device #1 (Node-1) in WMI:
1. Login to the Web UI, navigate to the Wireless Settings > Mesh page.
2. In the Preferred Links tab of the Mesh page, click on the Create Preferred Link button to open the Create Preferred Links page.
3. Choose 0 from the drop down list as the Link Index and click on the Create Preferred Link button to open the Configure Preferred Link page for link 0.
4. In the Configure Preferred Link page, enable the radio button for Host Name and specify Node-2 as the hostname (or Node-1 if you are configuring AirMesh device #2).
5. Choose 1 from the drop down list for Preferred Radio if your AirMesh device is MSR1200/MSR2000/MSR4000, and the value 0, If your AirMesh device is MST200.
Use the procedure described above and the appropriate values to complete the preferred links configuration for the other devices.
Limiting the Max Allowed Links and Enabling Auto WDS Meshing on a Radio
For each AirMesh device, configure the max allowed links to 1 on radio 0 and radio 1, and enable Auto WDS Meshing on radio 0 and radio 1. For additional details on configuring Max Allowed Links and enabling Auto WDS Meshing, refer to the First Steps section of the Aruba MeshOS 4.7 Quick Start Guide.
Configuring Max Neighbor Distance on radio
Configure the Max Neighbor Distance on each radio. The detailed configuration for radio 0 and 1 is shown in Table 58.
Node-2 Neighbor Host Name: Node-1
Preferred Radio: 0
Preferred Channel: 149
Neighbor Host Name: Node-3
Preferred Radio: 1
Preferred Channel: 153
Node-3 Neighbor Host Name: Node-4
Preferred Radio: 0
Preferred Channel: 157
Neighbor Host Name: Node-2
Preferred Radio: 1
Preferred Channel: 153
Node-4 Neighbor Host Name: Node-3
Preferred Radio: 0
Preferred Channel: 157
Neighbor Host Name: Node-1
Preferred Radio: 1
Preferred Channel: 161
Table 58 Max Neighbor Distance Configuration
AirMesh deviceMax Neighbor Distance (m)
Radio 0 Radio 1
Node-1 1000 1750
Node-2 1000 1250
Node-3 1500 1250
Node-4 1500 1750
Table 57 Preferred Link Configuration for a Four Node Mesh Network
Host Name Preferred Link 0 Preferred Link 1
192 | Building a Four Node Mesh Network MeshOS 4.7 | User Guide
To configure the Max Neighbor Distance on radio 0 of Node-1 to 1000:
1. Login to the WMI, navigate to the Wireless Settings > Radio page.
2. Click the Radio 0 link to navigate to the Basic tab page of radio configuration for radio 0.
3. Click on the Advanced tab, select Max Neighbor Distance field and enter 1000.
4. Click Apply Changes button at the bottom to save the new distance configuration on radio 0.
Configuring Mode and Site-ID on Ethernet
By default the Ethernet Mode for the devices is set to None and Site-ID is not set. The AirMesh devices in a four node mesh network are configured as shown in Table 59.
In this mesh network, you only need to configure the Mode and Site-ID on Node-1.
To configure the Mode and enable site-ID:
1. Login to the WMI, navigate to the Wired Settings > Ethernet page.
2. Click the Eth 0 link to navigate to the Basic tab of Ethernet configuration for Ethernet interface 0.
3. Click the IPv4 tab, select Layer3 Gateway from the drop-down list of the Layer3 Service Mode field.
4. Click the Apply Changes button at the bottom to configure Gateway mode on Ethernet interface 0.
5. Click the VLAN tab, select VPLM Site-ID field and enter 1.
6. Click the Apply Changes button at the bottom to configure VPLM Site-ID on Ethernet interface 0.
Connecting the Mesh Network to Wired Network
Connect the Ethernet port 0 of Node-1 to the wired network. For detailed description of the AirMesh devices refer to the Installation Guide for the respective device.
Validating the Four Nodes Network
After you have followed the above steps to configure each AirMesh device, save the configuration and reboot all the nodes. Verify the links and network connectivity of the mesh network.
Validating the mesh network links
Use the methods described in Appendix D: Troubleshooting Mesh Networks, to check and verify all the links of the four node mesh network.
Validating the network connectivity
Use the WMI to login to each router and validate the network connectivity.
For other radios on the same AirMesh device or radios on other AirMesh devices, the same method can
be applied to configure the Max Neighbor Distance.
Table 59 Mode and Site-ID Configuration
Host Name Mode Site-ID
Node-1 Gateway 1
Node-2 None (factory default) Not set (factory default)
Node-3 None (factory default) Not set (factory default)
Node-4 None (factory default) Not set (factory default)
MeshOS 4.7 | User Guide Building a Four Node Mesh Network | 193
To validate the network connectivity:
1. Login to the WMI, navigate to the Troubleshooting > Tools page.
2. In the Connectivity field, select Ping and enter the management IP address of other AirMesh devices or the IP address of a station in the text field.
3. Click the Execute button on the right-side corresponding to the Connectivity field to check the connectivity to other nodes.
Validating network connectivity
PING 192.168.11.2 (192.168.11.2) 56(84) bytes of data. 64 bytes from 192.168.11.2: icmp_seq=1 ttl=64 time=5.89 ms 64 bytes from 192.168.11.2: icmp_seq=2 ttl=64 time=1.38 ms 64 bytes from 192.168.11.2: icmp_seq=3 ttl=64 time=20.8 ms 64 bytes from 192.168.11.2: icmp_seq=4 ttl=64 time=0.912 ms --- 192.168.11.2 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3004ms rtt min/avg/max/mdev = 0.912/7.252/20.814/8.068 ms
194 | Building a Four Node Mesh Network MeshOS 4.7 | User Guide
MeshOS 4.7 | User Guide
Appendix B
Configuring an Access Network
This chapter describes the configuration of an access network. The following topics are covered:
Topology of an access network
Additional configuration for an access network
Sample of an access network configuration
Topology of an Access NetworkBesides the wireless mesh links, Aruba AirMesh devices can also provide wireless access for wireless clients. This section describes how to build a wireless access network using four AirMesh devices. The four node access network is shown in Figure 156.
Figure 156 Four Node Wireless Access Network
This access network is slightly different from the four node mesh network described in Appendix A: Four-Node Mesh Network. One radio on each of the AirMesh devices is used to build the mesh network, another radio on the AirMesh devices is used to provide client access with a pre-defined SSID.
Additional configuration for an access networkThe information that is required to establish the access network is similar to the four node mesh network described in Table 55. Additional information required to configure the access network is described in
Configuring an Access Network | 195
Table 60.
Example of an Access Network ConfigurationIn order to establish the wireless access network as illustrated in Figure 156, radio 0 on each AirMesh device is used to establish the mesh network, and radio 1 on each AirMesh device is used to provide access service. The required radio 0 configuration for each of the AirMesh devices is summarized in Table 61.
Table 60 Required Information to Setup Wireless Access Network
Requirement Description
Wireless Mode Configure the wireless mode for the radio.
Channel Select the channel for the radio.
Access BSS Access BSS can be used to provide wireless access service. Each radio can support up to 16 access BSSs and each access BSS is identified by the BSS index 0 to 15.
SSID for Access BSS Define the SSID for specific access BSS
VLAN for Access BSS Define the access VLAN ID for an access BSS
Security for Access BSS
Configure the Security Type and Security Key for an access BSS
Table 61 Required Configuration on Radio 0 to Establish a Mesh Network
Requirement AirMesh device #1 AirMesh device #2 AirMesh device #3 AirMesh device #4
HostName Node-1 Node-2 Node-3 Node-4
Mesh-ID MeshNetwork MeshNetwork MeshNetwork MeshNetwork
Management IP 192.168.11.1/24 192.168.11.2/24 192.168.11.3/24 192.168.11.4/24
Security Type WPA2-PSK WPA2-PSK WPA2-PSK WPA2-PSK
Security Key MeshNetworkKey MeshNetworkKey MeshNetworkKey MeshNetworkKey
Auto WDS Meshing
Radio 0: Enabled
Radio 1: Disabled
Radio 0: Enabled
Radio 1: Disabled
Radio 0: Enabled
Radio 1: Disabled
Radio 0: Enabled
Radio 1: Disabled
Max Allowed Links
Radio 0: 2 Radio 0: 2 Radio 0: 2 Radio 0: 2
Preferred Link 0 To: Node-2
using radio 0
Channel 149
To: Node-1
using radio 0
Channel 149
To: Node-4
using radio 0
Channel 149
To: Node-3
using radio 0
Channel 149
Preferred Link 1 To: Node-4
using radio 0
Channel 149
To: Node-3
using radio 0
Channel 149
To: Node-2
using radio 0
Channel 149
To: Node-1
using radio 0
Channel 149
Ethernet 0 Mode Gateway none none none
Ethernet 0 Site-ID
1 No Set No Set No Set
196 | Configuring an Access Network MeshOS 4.7 | User Guide
The required radio 1 configuration for each of the AirMesh devices is summarized in Table 62.
The VPLM mode in the wireless access network is enabled on all nodes, thereby turning the whole network into a layer2 virtual switch.
Configuring Auto WDS Meshing, Preferred Link, Ethernet Mode, and Site-ID on Radio 0
Establish the wireless mesh network among the four AirMesh devices before proceeding with these configuration.
To run the Auto WDS Meshing configuration on each AirMesh device:
1. Configure the Management IP address.
For additional details, refer to the First Steps section of the Aruba MeshOS 4.7 Quick Start Guide.
2. Configure Hostname.
For additional details, refer to the First Steps section of the Aruba MeshOS 4.7 Quick Start Guide.
3. Configure the Mesh-ID as MeshNetwork.
For additional details, refer to the First Steps section of the Aruba MeshOS 4.7 Quick Start Guide.
4. Configure the mesh security with Security Type “WPA2-PSK” and Security Key “MeshNetworkKey”.
For additional details, refer to the First Steps section of the Aruba MeshOS 4.7 Quick Start Guide.
Table 62 Required Configuration on Radio 1 to Configure Access BSS
Requirement AirMesh device #1 AirMesh device #2 AirMesh device #3 AirMesh device #4
HostName Node-1 Node-2 Node-3 Node-4
Wireless mode for radio 1
ng ng ng ng
Channel for Radio 1
automatic automatic automatic automatic
Access BSS Radio 1 BSS 0 Radio 1 BSS 0 Radio 1 BSS 0 Radio 1 BSS 0
SSID for access BSS
AccessNetwork AccessNetwork AccessNetwork AccessNetwork
VLAN for Access BSS
1 1 1 1
Security for Access BSS
WPA2-PSK
accessnetworkkey
WPA2-PSK
accessnetworkkey
WPA2-PSK
accessnetworkkey
WPA2-PSK
accessnetworkkey
Table 63 Enable VPLM Mode
Requirement AirMesh device #1 AirMesh device #2 AirMesh device #3 AirMesh device #4
HostName Node-1 Node-2 Node-3 Node-4
VPLM enable enable enable enable
MeshOS 4.7 | User Guide Configuring an Access Network | 197
5. Configure the Preferred Link for radio 0. Create two preferred links indexed with 0 and 1, on each AirMesh device. The detailed configuration for preferred link 0 and 1 is shown in Table 64.
For additional details, refer to “Configuring Preferred Links (optional)” on page 191.
6. Limit the Max Allowed Links and enable Auto WDS Meshing on radio 0. For each AirMesh device, configure the max allowed links to 2 on radio 0, and enable Auto WDS Meshing on radio 0.
For additional details, refer to “Limiting the Max Allowed Links and Enabling Auto WDS Meshing on a Radio” on page 192.
7. Configure mode and Site-ID on Eth 0
The Mode and Site-ID for Eth 0 on each AirMesh device is configured as per Table 65.
For additional details, refer to “Configuring Mode and Site-ID on Ethernet” on page 193.
Disable Auto WDS Meshing on Radio 1
By default, radio 1 is configured to enable Auto WDS Meshing. If you want to use the radio 1 to provide wireless access service, disable Auto WDS Meshing on radio 1.
For additional details, refer to “Limiting the Max Allowed Links and Enabling Auto WDS Meshing on a Radio” on page 192
Table 64 Preferred Link Configuration
Host Name Preferred Link 0 Preferred Link 1
Node-1 Neighbor Host Name: Node-2
Preferred Radio: 0
Preferred Channel: 149
Neighbor Host Name: Node-4
Preferred Radio: 0
Preferred Channel: 149
Node-2 Neighbor Host Name: Node-1
Preferred Radio: 0
Preferred Channel: 149
Neighbor Host Name: Node-3
Preferred Radio: 0
Preferred Channel: 149
Node-3 Neighbor Host Name: Node-4
Preferred Radio: 0
Preferred Channel: 149
Neighbor Host Name: Node-2
Preferred Radio: 0
Preferred Channel: 149
Node-4 Neighbor Host Name: Node-3
Preferred Radio: 0
Preferred Channel: 149
Neighbor Host Name: Node-1
Preferred Radio: 0
Preferred Channel: 149
Table 65 Ethernet Mode and Site-ID Configuration
Host Name Mode Site-ID
Node-1 Gateway 1
Node-2 None (factory default) Not set (factory default)
Node-3 None (factory default) Not set (factory default)
Node-4 None (factory default) Not set (factory default)
198 | Configuring an Access Network MeshOS 4.7 | User Guide
Configuring the Wireless Mode/Channel on Radio 1
By default, radio 1 is configured to work on wireless mode “802.11na 20MHz” and channel 36. In order to provide wireless access service, change the wireless mode to g or ng, and specify a channel.
To configure the wireless mode and channel on radio 1:
1. Login to the WMI, navigate to the Wireless Settings > Radio page.
2. Click the Radio 1 link to navigate to the Basic tab of radio configuration for radio 1.
3. Select 802.11ng 20Mhz from the drop-down list for Mode, click on the respective channel field and enter 1(2.412HHz 20MHzBandwidth).
4. Click the Apply Changes button at the bottom to save the wireless mode/channel on radio 1.
Configuring Channel Policy on Radio 1
The wireless access service to client stations may get affected by external interference, which will limit the access performance of the network. In order to get better access performance, configure Auto mode for the Channel Policy, to enable the radio to select the best channel to work on.
To configure the wireless mode/channel on radio 1:
1. Login to the WMI, navigate to the Wireless Settings > Radio page.
2. Click the Radio 1 link to navigate to the Basic tab of the radio configuration for radio 1.
3. Click the Advanced tab, in the Channel Policy field, select Auto to enable automatic channel assignment.
4. Click the Apply Changes button at the bottom to enable automatic channel policy on radio 1.
Creating a New Access BSS on Radio 1 and Configuring SSID
In order to provide wireless access service to clients, configure an access BSS with the same SSID on each AirMesh device. Each radio can support up to 16 access BSSs that are identified by the BSS index 0 to 15. In the wireless access network illustrated in Figure 156, a BSS 0 configuration is created on radio 1 for each of the AirMesh devices.
To create a BSS 0 on Radio 1:
1. Login to the WMI, navigate to the Wireless Settings > BSS page.
2. Click the Create New BSS button to open the New BSS page.
3. In the BSS name field, select 1 for Radio and 0 for BSS from the drop-down list, click on the Create New BSS button to open the Basic page of the Configure BSS setting.
4. Enter AccessNetwork in the SSID field.
5. Click the Apply Changes button at the bottom to create the new BSS and set the SSID.
Configuring Security for Access BSS
Aruba AirMesh device supports a number of security types to secure the access service. These security types include Open WEP, Share WEP, WPA-PSK, and WPA2-PSK.
To configure the access BSS security of type WPA2-PSK:
1. Login to the WMI, navigate to the Wireless Settings > BSS page.
2. Select Radio 1 BSS 0 and click to enter the Basic tab of the configure BSS setting.
3. Click the Security tab, select WPA2-PSK from the drop-down list for Authentication Type field.
4. Select the PSK Key string field and enter AccessNetworkKey for the key string.
MeshOS 4.7 | User Guide Configuring an Access Network | 199
5. Click the Apply Changes button at the bottom to save the new Security configuration.
Configuring Access VLAN for BSS
The access VLAN for BSS enables the BSS to work in the layer 2 VLAN mode. When VPLM is enabled on each AirMesh device, a VLAN is created over the mesh network. This will connect the access VLAN for the BSS to the wired network, using layer 2 mode.
To configure access vlan 1 for access BSS Radio 1 BSS 0:
1. Login to the WMI, navigate to the Wireless Settings > BSS page.
2. Click on the access BSS Radio 1 BSS 0 to enter the Basic tab of configure BSS setting.
3. Click on the VLAN tab, select the access vlan radio button, and enter 1 in the text field.
4. Click the Apply Changes button at the bottom to apply the VLAN configuration for the access BSS.
Enable VPLM mode
Enable VPLM on each of the AirMesh devices. The wireless mesh network can then provide virtual LAN access to all the stations.
To enable VPLM:
1. Login to the WMI, navigate to the Service Settings > VPLM page.
2. Select enable from the drop-down list for the Status field.
3. Enable the Auto radio button for the Allowed VLAN field.
4. Click the Apply Changes button at the bottom to apply the new configuration.
Connect the Mesh Network to Wired Network
Connect the Ethernet port 0 of Node-1 to the wired network. For detailed description of the AirMesh devices refer to the Installation Guide for the respective device.
Validating the Wireless Access Network
After you have followed the above steps to configure each AirMesh device, save the configuration and reboot all the nodes. Verify the links, VPLM, network connectivity, and wireless access of the mesh network.
Validating the mesh network links
Use the methods which are described in Appendix D: Troubleshooting Mesh Networks, to check and verify all the links of the wireless access network.
Validating the VPLM Configuration
Check the VPLM configuration on each node.
To verify the mesh configuration on a node:
1. Login to the WMI, navigate to the Troubleshooting > Tools page.
2. Select Running Configuration from the drop-down list for the Basic field.
3. Click the Execute button on the right-side, corresponding to the Basic field, to get the running configuration of the node.
4. The running configuration is displayed at the bottom of the page. Check the VPLM part of the output. The configuration should be as follows:
Some additional steps are required to configure the security types Open-WEP and Share WEP as pre-defined WEP
keys have to be added to the configuration. For detailed steps, refer “Configuring a BSS Interface” on page 79.
200 | Configuring an Access Network MeshOS 4.7 | User Guide
VPLM configuration
… service vplm allowed-vlan auto enable …
Validating the network connectivity
Use the WMI to login to each node and validate the network connectivity.
To validate the network connectivity:
1. Login to the WMI, navigate to the Troubleshooting > Tools page.
2. In the Connectivity field, select Ping from the drop-down list and enter the management IP address of other MSR routers or the IP address of a station in the text field.
3. Click the Execute button on the right-side corresponding to the Connectivity field, to check the connectivity to other nodes.
Validating network connectivity on node-1
PING 192.168.11.2 (192.168.11.2) 56(84) bytes of data. 64 bytes from 192.168.11.2: icmp_seq=1 ttl=64 time=5.89 ms 64 bytes from 192.168.11.2: icmp_seq=2 ttl=64 time=1.38 ms 64 bytes from 192.168.11.2: icmp_seq=3 ttl=64 time=20.8 ms 64 bytes from 192.168.11.2: icmp_seq=4 ttl=64 time=0.912 ms --- 192.168.11.2 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3004ms rtt min/avg/max/mdev = 0.912/7.252/20.814/8.068 ms
Validating the wireless access
Use the WMI to login to each node and validate the wireless access configuration. You can then associate a wireless station with the access BSS to check whether the wireless station can successfully associate with the access BSS.
To validate the wireless access configuration:
1. Login to the WMI, navigate to the Troubleshooting > Tools page.
2. In the Basic field, select Running Configuration from the drop-down list.
3. Click the Execute button on the right-side corresponding to the Basic field, to get the running configuration of the node.
4. The running configuration will be displayed at the bottom of the page. Check the BSS part the configuration as follows:
Wireless Access Configuration
interface dot11radio 1 beacon-interval 100 bss 0 access-list authentication open key-management wpa2 encryption-mode-cipher aes-tkip preauth wpa-type psk ascii accessnetworkkey ssid AccessNetwork wmm channel-policy auto
MeshOS 4.7 | User Guide Configuring an Access Network | 201
cts-protection disable
wireless-mode ng channel 1
202 | Configuring an Access Network MeshOS 4.7 | User Guide
MeshOS 4.7 | User Guide
Appendix C
Configuring an AirMesh Router as a Client
This chapter describes the configuration of an AirMesh router as a client. This type of network is called a Hybrid Network and typically consists of a mesh network, a wireless access network, and a client device. The following topics are covered:
Topology of a hybrid network
Additional configuration for a hybrid network
Sample of a hybrid network configuration
Topology of a Hybrid NetworkAruba AirMesh devices can be configured as client devices, to connect to other standard 802.11 access networks. A device that is used as a client works as a client bridge to allow access to other devices connected to its ethernet and the wireless access network.
The topology of a hybrid wireless network is illustrated in Figure 157.
Figure 157 Hybrid wireless network
In this wireless network, three AirMesh devices are used to build the wireless mesh network and also provide access service. One radio on the three AirMesh devices is used to build the mesh network, another
Configuring an AirMesh Router as a Client | 203
radio is configured to work on access BSS with a pre-defined SSID. The fourth AirMesh device is used as a client device with one radio working on station mode, to associate with the access network with the pre-defined SSID.
Additional Configuration for a Hybrid NetworkThe information that is required to establish the mesh network and wireless access network is almost the same as described in Table 55 and Table 60. Additional information required to setup the client access is described in Table 66
Example Hybrid wireless Network ConfigurationIn order to establish the wireless network illustrated in Figure 157, the radio 0 on the first three AirMesh devices is used to establish the mesh network, and the radio 1 on the first three AirMesh devices is configured to work on access BSS. The radio 0 on the fourth AirMesh device is configured to work on station mode and radio 1 of the fourth AirMesh device is unused.
The configuration on the radio 0 of the first three AirMesh devices to establish the mesh network is summarized in Table 67:
Table 66 Required Information to Setup a Client Device
Requirement Description
New Client The station used to connect to 802.11 standard access network.
Only one station can be configured on each AirMesh device.
SSID for Client connection
Defines the SSID of the specific access BSS which the client will associate with.
VLAN for Client Connection
Defines the access VLAN ID for client.
Security for Client Connection
Configure the Security Type and Security Key for the client.
Ethernet VLAN Defines the access VLAN for the Ethernet.
Table 67 Required Information on Radio 0 to Establish the Mesh Network
Requirement AirMesh device #1 AirMesh device #2 AirMesh device #3 AirMesh device #4
HostName Node-1 Node-2 Node-3 Node-4
Mesh-ID MeshNetwork MeshNetwork MeshNetwork Not applicable
Management IP 192.168.11.1/24 192.168.11.2/24 192.168.11.3/24 192.168.11.4/24
Security Type WPA2-PSK WPA2-PSK WPA2-PSK No set
Security Key MeshNetworkKey MeshNetworkKey MeshNetworkKey No set
Auto WDS Meshing
Radio 0: Enabled
Radio 1: Disabled
Radio 0: Enabled
Radio 1: Disabled
Radio 0: Enabled
Radio 1: Disabled
Radio 0: Enabled
Radio 1: Disabled
Max Allowed Links
Radio 0: 2 Radio 0: 2 Radio 0: 2 No set
204 | Configuring an AirMesh Router as a Client MeshOS 4.7 | User Guide
The configuration for the first three AirMesh devices to setup the wireless access network is summarized in Table 68.
The configuration on the fourth AirMesh device to configure a client device is summarized in Table 69.
Preferred Link 0 To: Node-2
using radio 0
Channel 149
To: Node-3
using radio 0
Channel 149
To: Node-1
using radio 0
Channel 149
No set
Preferred Link 1 To: Node-3
using radio 0
Channel 149
To: Node-1
using radio 0
Channel 149
To: Node-2
using radio 0
Channel 149
No set
Ethernet 0 Mode Gateway none none none
Ethernet 0 Site-ID
1 No Set No Set No Set
Table 68 Sample Configurations on Radio 1 to Configure Access BSS
Requirement AirMesh device #1 AirMesh device #2 AirMesh device #3 AirMesh device #4
HostName Node-1 Node-2 Node-3 Node-4
Admin status for Radio 1
UP UP UP Down
Wireless mode for radio 1
ng ng ng ng
Channel for Radio 1
Automatic Automatic Automatic No set
Access BSS Radio 1 BSS 0 Radio 1 BSS 0 Radio 1 BSS 0 No set
SSID for access BSS
AccessNetwork AccessNetwork AccessNetwork No set
VLAN for Access BSS
1 1 1 No set
Security for Access BSS
WPA2-PSK accessnetworkkey
WPA2-PSK accessnetworkkey
WPA2-PSK accessnetworkkey
No set
Table 69 Required Information to Configure a Client Device on the Fourth AirMesh Device
Configuration AirMesh device #4
Host Name Node 4
New Client Radio 0 STA 0
SSID for Client Connection
AccessNetwork
Table 67 Required Information on Radio 0 to Establish the Mesh Network
Requirement AirMesh device #1 AirMesh device #2 AirMesh device #3 AirMesh device #4
MeshOS 4.7 | User Guide Configuring an AirMesh Router as a Client | 205
In this wireless network, enable the VPLM mode on the first three AirMesh devices and disable the VPLM mode on the fourth MSR router.
Configuring Auto WDS Meshing on Radio 0
Establish the wireless mesh network among the first three AirMesh devices.
To run the Auto WDS Meshing configuration:
1. Configure the Management IP address.
For additional details, refer to the First Steps section of the Aruba MeshOS 4.7 Quick Start Guide.
2. Configure Hostname.
For additional details, refer to the First Steps section of the Aruba MeshOS 4.7 Quick Start Guide.
3. Configure the Mesh-ID as MeshNetwork.
For additional details, refer to the First Steps section of the Aruba MeshOS 4.7 Quick Start Guide.
4. Configure the mesh security with security type “WPA2-PSK” and security key “MeshNetworkKey”.
For additional details, refer to the First Steps section of the Aruba MeshOS 4.7 Quick Start Guide.
5. Configure the preferred link for radio 0. Create two preferred links indexed with 0 and 1 on the first three AirMesh devices. The detailed configuration for preferred link 0 and preferred link 1 is summarized in Table 71.
VLAN for Client Connection
Access VLAN 1
Security for Client Connection
WPA2-PSK AccessNetworkKey
Ethernet VLAN Access VLAN 1
Table 70 VPLM configuration
Configuration AirMesh device #1 AirMesh device #2 AirMesh device #3 AirMesh device #4
HostName Node-1 Node-2 Node-3 Node-4
VPLM enable enable enable disable
Table 71 Preferred Link Configuration
Host Name Preferred Link 0 Preferred Link 1
Node-1 Neighbor Host Name: Node-2
Preferred Radio: 0
Preferred Channel: 149
Neighbor Host Name: Node-3
Preferred Radio: 0
Preferred Channel: 149
Node-2 Neighbor Host Name: Node-1
Preferred Radio: 0
Preferred Channel: 149
Neighbor Host Name: Node-3
Preferred Radio: 0
Preferred Channel: 149
Table 69 Required Information to Configure a Client Device on the Fourth AirMesh Device
Configuration AirMesh device #4
206 | Configuring an AirMesh Router as a Client MeshOS 4.7 | User Guide
For details, refer to “Configuring Preferred Links (optional)” on page 191.
6. Limit the max allowed links and enable Auto WDS Meshing on Radio 0 for the first three AirMesh device. Configure the max allowed links to 2 on radio 0, and enable Auto WDS Meshing on radio 0.
For details, refer to “Limiting the Max Allowed Links and Enabling Auto WDS Meshing on a Radio” on page 192.
7. Configure the Mode and Site-ID on Ethernet 0.
8. Configure the Mode and Site-ID on each AirMesh device as summarized in Table 72.
For details, refer to “Configuring Mode and Site-ID on Ethernet” on page 193.
Configuring Access BSS on Radio 1
Configure the access BSS on the first three AirMesh devices. The access BSS with the same SSID on these AirMesh devices can provide a wide area wireless access service to the client stations.
To run the access BSS configuration:
1. Disable Auto WDS Meshing on Radio 1
For details, refer to “Limiting the Max Allowed Links and Enabling Auto WDS Meshing on a Radio” on page 192.
2. Configure the Wireless Mode/Channel on Radio 1
For details, refer to “Configuring Radio Interface Basic Settings” on page 38.
3. Create a New Access BSS on Radio 1 and Set SSID
For details, refer “Creating a New BSS” on page 79.
4. Configure Security for Access BSS
For details, refer “Creating a New BSS” on page 79.
5. Configure VLAN for Access BSS
For details, refer “Creating a New BSS” on page 79.
6. Enable VPLM mode
For details, refer Chapter 14, “Configuring VPLM” on page 132.
Node-3 Neighbor Host Name: Node-1
Preferred Radio: 0
Preferred Channel: 149
Neighbor Host Name: Node-2
Preferred Radio: 0
Preferred Channel: 149
Table 72 Ethernet Mode and Site-ID Configuration
Host Name Mode Site-ID
Node-1 Gateway 1
Node-2 None (factory default) Not set (factory default)
Node-3 None (factory default) Not set (factory default)
Table 71 Preferred Link Configuration
Host Name Preferred Link 0 Preferred Link 1
MeshOS 4.7 | User Guide Configuring an AirMesh Router as a Client | 207
Configuring Client device on Node-4
Shutting down Radio 1
To shut down radio 1:
1. Login to the WMI, navigate to the Wireless Settings > Radio page.
2. Click the Radio 1 link to navigate to the Basic tab page of radio configuration for radio 1.
3. In the Admin Status field, select Down from the drop-down list.
4. Click the Apply Changes button at the bottom to shut down radio 1.
Disable Auto WDS Meshing on Radio 0
By default, all the radios are configured to enable Auto WDS Meshing. If you want to use the radio 0 to provide wireless access service, disable Auto WDS Meshing on radio 0.
For additional details, refer “Limiting the Max Allowed Links and Enabling Auto WDS Meshing on a Radio” on page 192
Deleting all Access BSS Configuration on Radio 0
Before you configure the client mode on radio 0, delete all BSS configuration on Radio 0.
To delete all the access BSS on Radio 0:
1. Login to the WMI, navigate to the Wireless Settings > BSS page.
2. Click the checkbox in front of each BSS name to select the BSS.
3. Click the Delete Selected BSS button to delete the selected BSSs.
Creating a New Client on Radio 0 and setting SSID
To create a STA 0 on Radio 0:
1. Login to the WMI, navigate to the Wireless Settings > Client Mode page.
2. Click the Create button to enter the client mode connection page.
3. In the STA name field, select 0 for Radio and 0 for STA from the drop-down list and click the Create button to enter the Basic page of Configure client mode connection.
4. Enter AccessNetwork in the SSID of AP field.
5. Click the Apply Changes button at the bottom to create the new BSS and set the SSID.
Configuring Security for Client
To configure security type WPA2-PSK for the client:
1. Login to the WMI, navigate to the Wireless Settings > Client Mode page.
2. Select Radio0Sta0 and click to open the Basic tab page of configure client mode connection.
3. Click the Security tab and select WPA2 from the drop-down list for the Authentication Type field.
4. Select the PSK Key string field and enter AccessNetworkKey.
5. Click the Apply Changes button at the bottom to save the new Security configuration.
Configuring VLAN for Client
To configure access vlan 1 for client Radio 0 STA 0:
1. Login to the WMI, navigate to the Wireless Settings > Client Mode page.
2. Select Radio0Sta0 and click to enter the Basic tab page of configure client mode connection.
3. Click the VLAN tab to enter the VLAN tab page of Configure client mode connection, enable the Access vlan radio button, and enter 1 in the text field.
208 | Configuring an AirMesh Router as a Client MeshOS 4.7 | User Guide
4. Click the Apply Changes button at the bottom to apply the VLAN configuration for the client.
Configuring VLAN for Ethernet 0
To configure access vlan 1 on Ethernet 0:
1. Login to the WMI, navigate to the Wired Settings > Ethernet page.
2. Select Eth0 and click to enter the Basic tab page of configure Ethernet.
3. Click the VLAN tab to enter the VLAN page of Configure Ethernet, set the Access vlan radio button, and enter 1 in the text field.
4. Click the Apply Changes button at the bottom to apply the VLAN configuration for the client.
Disable VPLM mode
The MSR router running as a client device should be configured to work on the VLAN mode and hence the VPLM mode is disabled.
To disable VPLM:
1. Login to the WMI, navigate to the Service Settings > VPLM page.
2. Check Disabled for the Status field.
3. Click the Apply Changes button at the bottom to apply the changes.
Connecting the Wireless Network to Wired Network
Connect the Ethernet port 0 of Node-1 to the wired network. For detailed description of the AirMesh devices refer to the Installation Guide for the respective device.
Validating the Wireless Network
After you have followed the above steps configure each AirMesh device, save the configuration and reboot all nodes. Verify the links, VPLM, network connectivity, wireless access network, and the client device. For details, refer to Appendix D: Troubleshooting Mesh Network.
Validating the Client Device
Use the WMI to login to node-4 and validate the client configuration.
To validate the client device configuration:
1. Login to the WMI, navigate to the Troubleshooting > Tools page.
2. In the Basic field, select Running Configuration from the drop-down list.
3. Click the Execute button on the right-side corresponding to the Basic field, to get the running configuration of node-4.
4. The running configuration is displayed at the bottom of the page. Verify the STA part of the configuration as follows:
Client configuration on Radio 0
interface dot11radio 0 beacon-interval 100 cts-protection disable sta 0 access-point ssid AccessNetwork authentication open key-management wpa2 wpa-type psk ascii accessnetworkkey switchport access vlan 1 wireless-mode na channel 36
You also need to check the radio status as follows:
1. Login to the WMI, navigate to the Troubleshooting > Tools page.
MeshOS 4.7 | User Guide Configuring an AirMesh Router as a Client | 209
2. In the Radio field, select Admin Status and 0 for Radio from the drop down list.
3. Click the Execute button on the right-side corresponding to the Radio field to get the radio status of radio 0 of node-4.
4. The radio status will be displayed at the bottom of the page.
Radio status on node-4
Distance: 0, Country or Regulatory Code: US Mac Address: 00:17:7b:2a:6c:58 Admin Status: up, Physical Status: up Configured HWmode: na, Configured Channel: 36 Operating HWmode: ng, Operating Channel: 4 Admission State: 1, Tx Power: 18dbm Radio Card Type: DNMA-92 Input Packets 11024922, Bytes 2374536165, Dropped 0, Multicast Packets 479 Input Errors 0, Fifo Error 0 Input Rate 138.37 Kbps Output Packets 579147, Bytes 40365334, Dropped 0 Output Errors 90960 Output Rate 0.00 Kbps COllisions 0 Up/Down Counter 0 station State: Associated SSID: AccessNetwork Access Point: 00:17:7b:2b:56:2f, RSSI: 84 Previous Access Point: 00:00:00:00:00:00 Security: open wpa2 Description: scanning threshold rssi 15 scanning interval 0 scanning hardware-mode ag channel-list 1,2,3,4,5,6,7,8,9,10,11,36,40,44,48,149,153,157,161,165
In the above example the station status of this radio 0 is display towards the end and can be verified.
210 | Configuring an AirMesh Router as a Client MeshOS 4.7 | User Guide
MeshOS 4.7 | User Guide
Appendix D
Troubleshooting Mesh Networks
This chapter describe the troubleshooting procedure for mesh networks. The following topics are covered:
“Troubleshooting the Point-to-Point Network” on page 211
“Failure Error Codes” on page 215
Troubleshooting the Point-to-Point NetworkDuring the configuration or staging of a mesh network you might come across issues with forming mesh links between the nodes or other setup issues. Some of the common reasons for these issues include:
Configuring a different Mesh-ID on the two nodes.
Mismatch in the mesh security configuration on the two nodes.
Radio on either of the nodes is down.
Auto WDS is disabled on a radio.
This section guides you through a series of procedures that can be used to troubleshoot and fix a mesh link. These procedures include:
Checking active links on each node.
Verifying mesh configuration on each node.
Getting device list within same Mesh-ID.
Getting radio status of each radio on each node.
Getting neighbor nodes.
Aligning antenna in real deployment.
Checking Active Links on Each NodeBefore troubleshooting a mesh network, it is important to get the active links on each node and check if these active links are as per your requirements.
To check the active links on a AirMesh device:
1. Login to the WMI, navigate to the Troubleshooting > Tools page.
2. In the RF Management field, select Active Links from the drop-down list.
3. Click the Execute button corresponding to the RF Management field, on the right-side, to get the active links information.
4. The result will be displayed at the bottom of the page. If there are no active links on this node, the display area is blank.
Following is an example on how to get the active links on AirMesh device Node-1 by executing the above steps:
Radio 1 Wireless mode:na, Wireless channel:165Link 0: Peer hostname: Node-2, Peer radio index: 1, Peer MAC: 00:17:7b:2a:6c:58, Local role: ap, Local interface name: dot11radio 0/wds 0, Local IP: 21.171.22.129, Peer IP: 21.171.22.130, Link state: physical up, Physical up time: 0:1:26,
Troubleshooting Mesh Networks | 211
Data rate: 130M, RSSI: 92, SNR: 92, Input rate: 2.87 Kbps, Output rate: 14.48 Kbps.
This example shows that an active link is formed on Radio 1 of Node-1, which works on “na” mode and uses channel 165. The Link 0 details indicate that an active link with index 1 is formed between the radio 1 of Node-1 and radio 1 of Node-2.
The active links on AirMesh device Node-2 are shown below:
Radio 1 Wireless mode:na, Wireless channel:165 Link 0: Peer hostname: Node-1, Peer radio index: 1, Peer MAC: 00:17:7b:2b:56:2e, Local role: sta, Local interface name: dot11radio 0/wds 7, Local IP: 21.171.22.130, Peer IP: 21.171.22.129, Link state: physical up, Physical up time: 0:1:59, Data rate: 19M, RSSI: 91, SNR: 91, Input rate: 19.21 Kbps, Output rate: 0.09 Kbps.
Verifying Mesh Configuration on Each NodeTo verify that the mesh configuration on each node is as per the requirement:
1. Login to the WMI, navigate to the Troubleshooting > Tools page.
2. In the drop-down list for Basic field, select Running Configuration.
3. Click the Execute button corresponding to the Basic field, on the right-side, to get the running configuration of the MSR router.
4. The running configuration will be displayed at the bottom of the page. Verify the mesh section in the running configuration.
… mesh neighbor-list authentication open key-management wpa2 psk ascii PointToPointMesh mesh-id PtP-Mesh neighbor-list-type inactive preferred-link 0 neighbor host Node-2 preferred radio 1…
Getting Device List within Same Mesh-IDUsing this tool you can get the list of devices that have the same Mesh-ID as the current node. This device list will give you information on the AirMesh devices that have formed links with the current node. The connectivity relationship among all the notes can be derived using the device list on each node.
To get the list of devices in a specific Mesh-ID:
1. Login to the WMI, navigate to the Troubleshooting > Tools page.
2. In the drop-down list for the Basic field, select Mesh Node List.
3. Click the Execute button corresponding to the Basic field, on the right-side. All devices with the same mesh-id as current node are displayed as below:
Device List of Node-1
DeviceMAC HostName GW ManagementIP 00:17:7b:2a:6c:57 Node-2 No 192.168.11.2 00:17:7b:2b:56:2d Node-1 No 192.168.11.1
212 | Troubleshooting Mesh Networks MeshOS 4.7 | User Guide
Device List of Node-2
DeviceMAC HostName GW ManagementIP 00:17:7b:2b:56:2d Node-1 No 192.168.11.1 00:17:7b:2a:6c:57 Node-2 No 192.168.11.2
The devices Node-1 and Node-2 are configured with the same mesh profile and are in the same network.
Getting Radio Status of Each RadioAlthough you may have followed all the instructions in the previous sections, it is possible that some MSR router did not form links as planned. To troubleshoot this problem you can check the radio status of the AirMesh device.
To get the radio status of each radio in a device:
1. Login to the WMI, navigate to the Troubleshooting > Tools page.
2. In the Radio field, select Admin Status and Radio index 0/1/2/3 from the drop down lists.
3. Click the Execute button corresponding to the Radio field, on the right-side. The Radio # and status on the current node is displayed.
Radio 1 status on Node-1
Interface radio 1 status Max Auto Wds: 1 Distance: 0, Country or Regulatory Code: US Mac Address: 00:17:7b:2b:56:2e Admin Status: up, Physical Status: up Configured HWmode: na, Configured Channel: 165 Operating HWmode: na, Operating Channel: 165 Admission State: 1, Tx Power: 12dbm Radio Card Vendor: WNC, Radio Card Type: DNMA-92 Input Packets 3810397, Bytes 1052082799, Dropped 0, Multicast Packets 422 Input Errors 0, Fifo Error 0 Input Rate 571.77 Kbps Output Packets 115253, Bytes 12343666, Dropped 3454 Output Errors 74448 Output Rate 0.00 Kbps Collisions 0 Up/Down Counter 0
After getting the above result on each radio, you should check the following:
1. Check the Admin Status and Physical Status to ensure that the radio is up. If both the Admin Status and Physical Status are “up” then the radio is up, else the radio is down.
2. Check the Configured HWmode and Operation HWmode to ensure that the HWmode is as per your requirement.
3. Check if the radio is working on Auto WDS Meshing mode. If the Max Auto WDS has the value 1 then the radio is working on Auto WDS meshing mode.
4. Check if the Max Auto WDS configured is as per the requirement.
Getting Neighbor AirMesh DevicesIf the mesh links between a given set of routers still does not come up, run the RF Management Tool to check for issues.
The same steps should be applied to check the radio status on each radio of the AirMesh devices.
MeshOS 4.7 | User Guide Troubleshooting Mesh Networks | 213
To get all the neighbor AirMesh devices for a specific router:
1. Login to the WMI, navigate to the Troubleshooting > Tools page.
2. In the RF Management field, select Neighboring Nodes from the drop-down list.
3. Click the Execute button on the right-side corresponding to the RF Management field to get all the neighbor AirMesh devices for the current node.
4. The result will be displayed at the bottom of the page.
All neighbors for Node-1
Total neighbors: 1 Radio 1 neighbors: RadioMAC Hostname Radio MeshID AuthType PCAP Mode Chan RSSI TimeSinceLastUpdate 00:17:7b:2a:6c:58 Node-2 0 PtP-Mesh Open WPA2 0 na 165 76 0:0:19
The result above displays one entry in the point-to-point configuration. The radio 1 of Node-1 can hear Node-2. If there are other AirMesh devices in the same area, the neighbor list will include these AirMesh devices.
If a neighbor node, which appears in the neighbor list for the current node, does not establish a link with the current node, the possible reasons may be:
1. The neighbor node is not powered on properly.
2. The neighbor node is configured incorrectly.
3. The Mesh-ID of the neighbor node is different from the current node. Check the Mesh-ID of the neighbor node that needs to form links with current node. If it is different, you should reconfigure the Mesh-ID to be the same as the current node. For additional details, refer “Verifying Mesh Configuration on Each Node” on page 212.
4. The mesh security on the neighbor node is configured incorrectly. This configuration includes the Security Type and Key String. If this is different, you should reconfigure the security on the expected node. For detailed steps, see “Verifying Mesh Configuration on Each Node” on page 212.
5. The neighbor radio has reached link limit. Check the PCAP column in the neighbor list. If it is 0, then the neighbor radio has already formed all the links that it can.
In this example, the Max Auto WDS on radio 1 has been set to 1 for Node-1 and Node-2. After an active link is formed between the two nodes, the PCAP is “0”.
6. The signal strength from the neighbor node is too weak. This can be checked from the RSSI column of the neighbor list. If the RSSI value is less than 15, the link will not for.
7. The node is too far away or the antenna is misaligned.
8. The interference in the area is too strong.
Aligning Antenna in a Real DeploymentSometimes two AirMesh devices which form a link may actually be quite far apart in a real deployment. In such a situation, it is very difficult to adjust the antennas to get higher RSSI on the radios. An antenna alignment tool is very helpful in this case. The AirMesh device provides you with a WMI based antenna alignment tool which can be used to align antennas, to get better RSSI.
To run the antenna alignment tool:
1. Login to the WMI, navigate to the Troubleshooting > Tools page.
2. In the RF Management field, select Neighboring Nodes from the drop-down list.
The same steps can be applied to each node to get their neighboring AirMesh devices.
214 | Troubleshooting Mesh Networks MeshOS 4.7 | User Guide
3. Click the Execute button on the right-side corresponding to the RF Management field to get al the neighbor AirMesh devices around the current node.
4. Check the result, copy the mac address of the matching AirMesh device.
5. In the Neighbor RSSI field, select the local radio from the drop-down list, on which the link will be formed.
6. Paste the copied MAC address to the neighbor mac field, and specify the number of Samples.
7. Click the Execute button on the right-side corresponding to the Neighbor RSSI field.
8. Current node begins to scan the RSSI of the neighbor radio corresponding to the copied MAC address, and continuously displays the scanned RSSI value at the bottom of the page.
9. During scanning, you can adjust the antenna and watch the scanned RSSI. When you get the highest RSSI for a certain position of the antenna, stop scanning. This is the best position to align the antenna.
Failure Error CodesTable 73 lists some of the error codes.
Table 73 Failure Error Codes
Error Description
Local_Prefer_Other_Radio This neighbor is already defined as a preferred link for a different radio in this unit
SNR_Below_Minimum The neighbor’s SNR value is below RSSI limit value or link dynamic threshold.
Local_Peer_Limit_Reached The maximum number of auto-WDS links on this radio has been reached.
Peer_Gateway_Cost_Higher The neighbor has higher path cost to the mesh gateway than this unit itself.
Local_Already_Connected A different radio in this unit already has a link with this neighbor.
Local_Channel_Conflict The channel used by the neighbor is already in use by a different radio in this unit.
Peer_Channel_Different The channel used by the neighbor is different from current channel where a different better neighbor is linked.
Local_Waiting A mesh link attempt with a different neighbor is already in progress on this radio.
Local_Channel_Switch_Failed The attempt to change channels failed. If a DFS channel was selected, it may be due to presence of radar.
Peer_Signal_Lost The neighbor is no longer beaconing on the selected channel.
Peer_Rate_Mismatch The connection was rejected because the peer has a different unicast data rate configured for the mesh.
Peer_Neighborlist_Deny The connection was rejected because this node is not configured in the peer’s allowed neighbor-list
Peer_Prefer_Other_Radio The connection was rejected because this unit is not configured in the neighbor’s allowed neighbor-list.
Peer_Limit_Reachd The maximum number of auto-WDS links on the neighbor radio has been reached.
MeshOS 4.7 | User Guide Troubleshooting Mesh Networks | 215
Peer_Already_Connected The peer is already connected to this unit by another radio.
Peer_Channel_Conflict The channel requested by the peer is already in use by another radio in this unit.
Link_Quality_Bad The connection was accepted but the mesh link is unable to form due to some type of physical error or interference.
Peer_Assn_Timeout The connection was accepted but an association response was not received from the peer in time.
Peer_PSK_Mismatch The connection was rejected because the peer’s WPA pre-shared key does not match.
Peer_Auth_Timeout The peer was associated but the authentication process failed to complete.
Table 73 Failure Error Codes
Error Description
216 | Troubleshooting Mesh Networks MeshOS 4.7 | User Guide
MeshOS 4.7 | User Guide
Appendix E
Acronyms and Terms
AcronymsThe following table lists the acronyms and their definitions used in this guide.
Table 74 List of acronyms
Acronym Definition
ABR area border router
AC access category
ACI adjacent channel interference
ACL access control list
ADP Aruba Discovery Protocol (ADP)
AES advanced encryption standard
AIFSN arbitrary inter-frame space number
ALG application level gateway
AM air monitor
AP access point
APM AP air monitor
ARM adaptive radio management
AVF AntiVirus Firewall
AVT active video transport
AWR adaptive wireless routing
A-MSDU aggregate MAC service data unit
BCMC broadcast and multicast
BRAS broadband remote access server
BRE basic regular expression
BPDU bridge protocol data unit
BSSID basic service set identifier
CA certification authority
Acronyms and Terms | 217
CAC call admission control
CAP campus AP
CCA clear channel assessment
CDP Cisco Discovery Protocol
CDR call detail records
CHAP Challenge Handshake Authentication Protocol
CRL certificate revocation list
CSA channel switch announcement
CSMA/CA carrier sense multiple access with collision avoidance
CSR certificate signing request
CSS content security service
CTS clear to send
CW contention window
DAS distributed antenna systems
DCF distributed coordination function
DES data encryption standard
DHCP Dynamic Host Configuration Protocol
DS differentiated services
DSCP differentiated services codepoint
DSSS direct sequence spread spectrum
DNS domain name system
DoS denial of service
DPD dead peer detection
DR designated router
DU data unit
DMO dynamic multicast optimization
EAP Extensible Authentication Protocol
EAP-TLS EAP-transport layer security
Table 74 List of acronyms (Continued)
Acronym Definition
218 | Acronyms and Terms MeshOS 4.7 | User Guide
EDCA enhanced distributed channel access
EIRP effective isotropic radiated power
ESI external service interfaces
ESS extended service set
ESSID extended service set identifier
FBD forwarding database
FE fast ethernet
FFT fast fourier transform
FHSS frequency-hopping spread spectrum
FIB forwarding information base
FRER frame receive error rate
FRR frame retry rate
FSPL free space path loss
FTP File Transfer Protocol
FQLN fully qualified location name
GRE generic routing encapsulation
GIS generic interface specification
GMT Greenwich Mean Time
GPP guest provisioning page
HD High Definition (display resolution of at least 720p 1280x720 pixels)
HMD high mobility device
HSPA high-speed packet access
HT high throughput
IAS internet authentication server
IDS intrusion detection system
IE information element
IEEE Institute of Electrical and Electronics Engineer
IGMP Internet Group Management Protocol
Table 74 List of acronyms (Continued)
Acronym Definition
MeshOS 4.7 | User Guide Acronyms and Terms | 219
IGP Interior Gateway Routing Protocol
IKE PSK internet key exchange pre-shared key
ISAKMP Internet Security Association and Key Management Protocol
LACP Link Aggregation Control Protocol
LAG link aggregation group
LD local debug
LDAP Lightweight Directory Access Protocol
LEAP Lightweight Extensible Authentication Protocol
LI listening interval
L2TP Layer-2 Tunneling Protocol
MAC media access control
MCS modulation and coding scheme
MDPU MAC protocol data unit
MIB management information base
MIMO multiple input, multiple output
MMS mobility management system
MP mesh point
MPP mesh portal
MPV mesh private VLAN
MSCHAP Microsoft Challenge Handshake Authentication Protocol
MSCHAPv2 MSCHAP version 2
MSSID mesh service set identifier
MSTP multiple spanning tree protocol
MPPE Microsoft point-to-point encryption
MTU maximum transmission unit
NAS network access server
NAT network address translation
NIC network interface card
Table 74 List of acronyms (Continued)
Acronym Definition
220 | Acronyms and Terms MeshOS 4.7 | User Guide
NMS network management servers
NOE new office environment
NTP Network Time Protocol
OCSP Online Certificate Status Protocol
OFDM orthogonal frequency division multiplexing
OKC opportunistic key caching
ON orphan node
ONR orphan node recovery
OSPF open shortest path first
OUI organizationally unique identifier
PAC protected access credential
PAP Password Authentication Protocol
PAPI proprietary access protocol interface
PFS perfect forward secrecy
PHB per hop behavior
PIN personal identification number
PKI public key infrastructure
PMK pairwise master key
PoE power over ethernet
PSK pre-shared key
PPPoE point-to-point protocol over ethernet
PPTP Point-to-Point Tunneling Protocol
PVST per VLAN spanning tree
QoS quality of service
RADIUS remote authentication dial-in user service
RAP remote AP
REGEX region with the regular expression
RF radio frequency
Table 74 List of acronyms (Continued)
Acronym Definition
MeshOS 4.7 | User Guide Acronyms and Terms | 221
RFID radio frequency identification
RoW rest of world
RSSI received signal strength indication
RSTP Rapid Spanning Tree Protocol
RTLS real-time locating systems
RTS request to send
SA security association
SDR software-defined radio
SIM subscriber identity module
SIP Session Initiation Protocol
SNIR signal-to-noise-and-interference ratio
SNMP Simple Network Management Protocol
SSID service set identifier
STP Spanning Tree Protocol
STRAP secure thin remote access point
SVP spectralink voice priority
TFTP Trivial File Transfer Protocol
TIM traffic indication map
TLS transport layer security
TOS type of service
TPM trusted platform module
TSPEC traffic specification
TXOP opportunity to transmit
UDP User Datagram Protocol
UTMS universal mobile telecommunication systems
U-APSD unscheduled automatic power save delivery
VBA virtual branch networking
VIA virtual intranet access
Table 74 List of acronyms (Continued)
Acronym Definition
222 | Acronyms and Terms MeshOS 4.7 | User Guide
VLAN virtual LAN
VoFI voice over Wi-Fi
VoIP voice over IP
VPN virtual private network
VPLM virtual private LAN over mesh
VRD validated reference design
VRRP Virtual Router Redundancy Protocol
VSA vendor specific attributes
VTP Virtual Trunking Protocol
WDS wireless distribution system
WEP wired equivalent privacy
WIDS wireless intrusion detection system
WINS windows internet naming service
WIPS wireless intrusion prevention system
WISPr wireless internet service provider roaming
WLAN wireless local area network
WMM wireless multimedia
WMS WLAN management system
WRM wireless resource manager
WSIRT wireless security incident response team
WZC wireless zero config
XAuth extended authentication
Table 74 List of acronyms (Continued)
Acronym Definition
MeshOS 4.7 | User Guide Acronyms and Terms | 223
TermsThe following table lists the terms and their definitions used in this guide.
Table 75 List of terms
Term Definition
802.11 An evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and CSMA/CA (carrier sense multiple access with collision avoidance) for path sharing.
802.11a Provides specifications for wireless systems. Networks using 802.11a operate at radio frequencies in the 5GHz band. The specification uses a modulation scheme known as orthogonal frequency-division multiplexing (OFDM) that is especially well suited to use in office settings.
802.11b WLAN standard often called Wi-Fi; backward compatible with 802.11. Instead of the phase-shift keying (PSK) modulation method historically used in 802.11 standards, 802.11b uses complementary code keying (CCK), which allows higher data speeds and is less susceptible to multipath-propagation interference.
802.11d A wireless network communications specification for use in countries where systems using other standards in the 802.11 family are not allowed to operate. Configuration can be fine-tuned at the Media Access Control layer (MAC layer) level to comply with the rules of the country or district in which the network is to be used. Rules subject to variation include allowed frequencies, allowed power levels, and allowed signal bandwidth. 802.11d facilitates global roaming.
802.11e A proposed adaptation to the 802.11a and 802.11b specifications that enhances the 802.11 Media Access Control layer (MAC layer) with a coordinated time division multiple access (TDMA) construct, and adds error-correcting mechanisms for delay-sensitive applications such as voice and video. The 802.11e specification provides seamless interoperability between business, home, and public environments such as airports and hotels and offers all subscribers high-speed Internet access with full-motion video, high-fidelity audio, and Voice over IP (VoIP).
802.11g Offers transmission over relatively short distances at up to 54 megabits per second (Mbps), compared with the 11 Mbps theoretical maximum of 802.11b. 802.11g employs orthogonal frequency division multiplexing (OFDM), the modulation scheme used in 802.11a, to obtain higher data speed. Computers or terminals set up for 802.11g can fall back to speeds of 11 Mbps, so that 802.11b and 802.11g devices can be compatible within a single network.
802.11h Intended to resolve interference issues introduced by the use of 802.11a in some locations, particularly with military radar systems and medical devices. Dynamic frequency selection (DFS) detects the presence of other devices on a channel and automatically switches the network to another channel if and when such signals are detected. Transmit power control (TPC) reduces the radio-frequency (RF) output power of each network transmitter to a level that minimizes the risk of interference.
802.11i Provides improved encryption for networks that use 802.11a, 802.11b, and 802.11g standards. Requires new encryption key protocols, known as Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES). Other features include key caching, which facilitates fast reconnection to the server for users who have temporarily gone offline, and pre-authentication, which allows fast roaming and is ideal for use with advanced applications such as Voice over Internet Protocol (VoIP).
224 | Acronyms and Terms MeshOS 4.7 | User Guide
802.11j Proposed addition to the 802.11 family of standards that incorporates Japanese regulatory extensions to 802.11a; the main intent is to add channels in the radio-frequency (RF) band of 4.9 GHz to 5.0 GHz. WLANs using 802.11j will provide for speeds of up to 54 Mbps, and will employ orthogonal frequency division multiplexing (OFDM). The specification will define how Japanese 802.11 family WLANs and other wireless systems, particularly HiperLAN2 networks, can operate in geographic proximity without mutual interference.
802.11k Proposed standard for how a WLAN should perform channel selection, roaming, and transmit power control (TPC) in order to optimize network performance. In a network conforming to 802.11k, if the access point (AP) having the strongest signal is loaded to capacity, a wireless device is connected to one of the underutilized APs. Even though the signal may be weaker, the overall throughput is greater because more efficient use is made of the network resources.
802.11n Wireless networking standard to improve network throughput over the two previous standards 802.11a and 802.11g with a significant increase in the maximum raw data rate from 54 Mbit/s to 600 Mbit/s with the use of four spatial streams at a channel width of 40 MHz.
802.11m An initiative to perform editorial maintenance, corrections, improvements, clarifications, and interpretations relevant to documentation for 802.11 family specifications. 802.11m also refers to the set of maintenance releases itself.
802.1X Standard designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework, allowing a user to be authenticated by a central authority. The actual algorithm that is used to determine whether a user is authentic is left open and multiple algorithms are possible.
access point (AP) An access point connects users to other users within the network and also can serve as the point of interconnection between the WLAN and a fixed wire network. The number of access points a WLAN needs is determined by the number of users and the size of the network.
access point mapping The act of locating and possibly exploiting connections to WLANs while driving around a city or elsewhere. To do war driving, you need a vehicle, a computer (which can be a laptop), a wireless Ethernet card set to work in promiscuous mode, and some kind of an antenna which can be mounted on top of or positioned inside the car. Because a WLAN may have a range that extends beyond an office building, an outside user may be able to intrude into the network, obtain a free Internet connection, and possibly gain access to company records and other resources.
ad-hoc network A LAN or other small network, especially one with wireless or temporary plug-in connections, in which some of the network devices are part of the network only for the duration of a communications session or, in the case of mobile or portable devices, while in some close proximity to the rest of the network.
A-MSDU A structure containing multiple MSDUs, transported within a single (unfragmented) data medium access control (MAC) protocol data unit (MPDU).
band A specified range of frequencies of electromagnetic radiation.
Table 75 List of terms (Continued)
Term Definition
MeshOS 4.7 | User Guide Acronyms and Terms | 225
digital wireless pulse Wireless technology for transmitting large amounts of digital data over a wide spectrum of frequency bands with very low power for a short distance. Ultra wideband radio can carry a huge amount of data over a distance up to 230 feet at very low power (less than 0.5 milliwatts), and has the ability to carry signals through doors and other obstacles that tend to reflect signals at more limited bandwidths and a higher power.
evil twin A home-made wireless access point that masquerades as a legitimate one to gather personal or corporate information without the end-user's knowledge. It's fairly easy for an attacker to create an evil twin by simply using a laptop, a wireless card and some readily-available software. The attacker positions himself in the vicinity of a legitimate Wi-Fi access point and lets his computer discover what name and radio frequency the legitimate access point uses. He then sends out his own radio signal, using the same name.
extensible authentication protocol (EAP)
Authentication protocol for wireless networks that expands on methods used by the point-to-point protocol (PPP), a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.
fixed wireless Wireless devices or systems in fixed locations such as homes and offices. Fixed wireless devices usually derive their electrical power from the utility mains, unlike mobile wireless or portable wireless which tend to be battery-powered. Although mobile and portable systems can be used in fixed locations, efficiency and bandwidth are compromised compared with fixed systems.
frequency allocation Use of radio frequency spectrum regulated by governments.
frequency spectrum Part of the electromagnetic spectrum.
hot spot A WLAN node that provides Internet connection and virtual private network (VPN) access from a given location. A business traveller, for example, with a laptop equipped for Wi-Fi can look up a local hot spot, contact it, and get connected through its network to reach the Internet and their own company remotely with a secure connection. Increasingly, public places, such as airports, hotels, and coffee shops are providing free wireless access for customers.
hot zone A wireless access area created by multiple hot spots located in close proximity to each other. Hot zones usually combine public safety access points with public hot spots. Each hot spot typically provides network access for distances between 100 and 300 feet; various technologies, such as mesh network topologies and fiber optic backbones, are used in conjunction with the hot spots to create areas of coverage.
Infrared Data Association (IrDA) An industry-sponsored organization set up in 1993 to create international standards for the hardware and software used in infrared communication links. In this special form of radio transmission, a focused ray of light in the infrared frequency spectrum, measured in terahertz, or trillions of hertz (cycles per second), is modulated with information and sent from a transmitter to a receiver over a relatively short distance
IR wireless The use of wireless technology in devices or systems that convey data through infrared (IR) radiation. Infrared is electromagnetic energy at a wavelength or wavelengths somewhat longer than those of red light. The shortest-wavelength IR borders visible red in the electromagnetic radiation spectrum; the longest-wavelength IR borders radio waves.
Table 75 List of terms (Continued)
Term Definition
226 | Acronyms and Terms MeshOS 4.7 | User Guide
microwave Electromagnetic energy having a frequency higher than 1 gigahertz (billions of cycles per second), corresponding to wavelength shorter than 30 centimeters. Microwave signals propagate in straight lines and are affected very little by the troposphere. They are not refracted or reflected by ionized regions in the upper atmosphere. Microwave beams do not readily diffract around barriers such as hills, mountains, and large human-made structures.
MIMO An antenna technology for wireless communications in which multiple antennas are used at both the source (transmitter) and the destination (receiver). The antennas at each end of the communications circuit are combined to minimize errors and optimize data speed. MIMO is one of several forms of smart antenna technology, the others being MISO (multiple input, single output) and SIMO (single input, multiple output).
MISO An antenna technology for wireless communications in which multiple antennas are used at the source (transmitter). The antennas are combined to minimize errors and optimize data speed. The destination (receiver) has only one antenna. MISO is one of several forms of smart antenna technology, the others being MIMO (multiple input, multiple output) and SIMO (single input, multiple output).
Motrix Motrix is an Aruba designed, IEEE 802.11-based roaming protocol for wireless mesh networking. Motrix ensures that your communication is unaffected when a wireless client is roaming between different APs. Motrix optimizes processing and can handle unusual events/exceptions in the mesh network.
near field communication (NFC) A short-range wireless connectivity standard (Ecma-340, ISO/IEC 18092) that uses magnetic field induction to enable communication between devices when they're touched together, or brought within a few centimeters of each other. The standard specifies a way for the devices to establish a peer-to-peer (P2P) network to exchange data.
optical wireless The combined use of conventional radio-frequency (RF) wireless and optical fiber for telecommunication. Long-range links are provided by optical fiber and links from the long-range end-points to end users are accomplished by RF wireless or laser systems. RF wireless at ultra-high frequencies (UHF) and microwave frequencies can carry broadband signals to individual computers at substantial data speeds.
OCSP Client The MeshOS controller can act as an OCSP client and issues OCSP queries to remote OCSP responders located on the intranet or Internet.
OCSP Responder The OCSP client retrieves certificate revocation status from an OCSP responder. The responder may be the certificate authority (CA) that has issued the certificate in question or it may be some other designated entity which provides the service on behalf of the CA.
radio frequency (RF) Portion of electromagnetic spectrum in which electromagnetic waves are generated by feeding alternating current to an antenna.
RF plan Aruba deployment modeling tool. This tool is provided in the Aruba Web-UI as well as the Aruba Mobility Management System.
structured wireless-aware network (SWAN)
A technology that incorporates a WLAN into a wired wide-area network (WAN). SWAN technology can enable an existing wired network to serve hundreds of users, organizations, corporations, or agencies over a large geographic area. A SWAN is said to be scalable, secure, and reliable.
Table 75 List of terms (Continued)
Term Definition
MeshOS 4.7 | User Guide Acronyms and Terms | 227
transponder A wireless communications, monitoring, or control device that picks up and automatically responds to an incoming signal. The term is a contraction of the words transmitter and responder. Transponders can be either passive or active.
ultra high frequency (UHF) International Telecommunication Union (ITU) band 9, 300-3000 MHz, 1m - 100 mm frequency wavelength.
ultra wideband (UVB) Is a wireless technology for transmitting large amounts of digital data over a wide spectrum of frequency bands with very low power for a short distance. Ultra wideband broadcasts very precisely timed digital pulses on a carrier signal across a very wide spectrum (number of frequency channels) at the same time. UWB can carry a huge amount of data over a distance up to 230 feet at very low power (less than 0.5 milliwatts), and has the ability to carry signals through doors and other obstacles that tend to reflect signals at more limited bandwidths and a higher power.
virtual private network (VPN) A network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network. A VPN ensures privacy through security procedures and tunneling protocols such as the Layer Two Tunneling Protocol (L2TP). Data is encrypted at the sending end and decrypted at the receiving end.
voice over WLAN (VoWLAN) A method of routing telephone calls for mobile users over the Internet using the technology specified in IEEE 802.11b. Routing mobile calls over the Internet makes them free, or at least much less expensive than they would be otherwise.
wideband code-division multiple access (W-CDMA)
Officially known as IMT-2000 direct spread; ITU standard derived from Code-Division Multiple Access (CDMA). W-CDMA is a third-generation (3G) mobile wireless technology that promises much higher data speeds to mobile and portable wireless devices than commonly offered in today's market.
Wi-Fi A term for certain types of WLANs. Wi-Fi can apply to products that use any 802.11 standard. Wi-Fi has gained acceptance in many businesses, agencies, schools, and homes as an alternative to a wired LAN. Many airports, hotels, and fast-food facilities offer public access to Wi-Fi networks.
WiMAX A wireless industry coalition whose members organized to advance IEEE 802.16 standards for broadband wireless access (BWA) networks. WiMAX 802.16 technology is expected to enable multimedia applications with wireless connection and, with a range of up to 30 miles, enable networks to have a wireless last mile solution. According to the WiMAX forum, the group's aim is to promote and certify compatibility and interoperability of devices based on the 802.16 specification, and to develop such devices for the marketplace.
wired equivalent privacy (WEP) A security protocol specified in 802.11b, designed to provide a WLAN with a level of security and privacy comparable to what is usually expected of a wired LAN. Data encryption protects the vulnerable wireless link between clients and access points; once this measure has been taken, other typical LAN security mechanisms such as password protection, end-to-end encryption, virtual private networks (VPNs), and authentication can be put in place to ensure privacy.
wireless Describes telecommunications in which electromagnetic waves (rather than some form of wire) carry the signal over part or all of the communication path.
Table 75 List of terms (Continued)
Term Definition
228 | Acronyms and Terms MeshOS 4.7 | User Guide
wireless abstract XML (WAX) Describes telecommunications in which electromagnetic waves (rather than some form of wire) carry the signal over part or all of the communication path.
wireless application service provider (WASP)
Provides Web-based access to applications and services that would otherwise have to be stored locally and makes it possible for customers to access the service from a variety of wireless devices, such as a smartphone or personal digital assistant (PDA).
wireless ISP (WISP) An internet service provider (ISP) that allows subscribers to connect to a server at designated hot spots (access points) using a wireless connection such as Wi-Fi. This type of ISP offers broadband service and allows subscriber computers, called stations, to access the Internet and the Web from anywhere within the zone of coverage provided by the server antenna, usually a region with a radius of several kilometers.
wireless service provider A company that offers transmission services to users of wireless devices through radio frequency (RF) signals rather than through end-to-end wire communication.
wireless local area network (WLAN)
A local area network (LAN) that users access through a wireless connection. 802.11 standards specify WLAN technologies. WLANs are frequently some portion of a wired LAN.
yagi antenna A unidirectional antenna commonly used in communications when a frequency is above 10 MHz.
Table 75 List of terms (Continued)
Term Definition
MeshOS 4.7 | User Guide Acronyms and Terms | 229
230 | Acronyms and Terms MeshOS 4.7 | User Guide
MeshOS 4.7 | User Guide Acronyms and Terms | 231
232 | Acronyms and Terms MeshOS 4.7 | User Guide
MeshOS 4.7 | User Guide
Index
AAccess Mode
802.11 Security Configuration 77BSS to DSCP Mapping 77Configuration
CLI 90Example 91
WMI 79Access Network
Configuration 195Access BSS 196
Security 196SSID 196VLAN ID 196
Channel 196Wireless Mode 196
Example 196Topology 195
ACL 73Configuration
CLI 73Examples 74
IP extended ACL 73IP receive ACL 73IP Standard ACL 73MAC based ACL 73Packet Inspection 73Security Filtering 73Traffic Filtering 73
Active Video Transport 113Antenna Type 40APGE 110Auto Recovery
CLI 183WMI 182
auto-negotiation 29AVT 113
ConfigurationBuffer time 114CLI 115
Example 116Ingress Encoder 114Ingress Interface 114Ingress IP
Add 114Delete 115
Status 114WMI 113
Egress 113
Ingress 113
BBasic Settings
ConfigurationCLI 27Hostname 26Location Info 26Management IP 26Regulatory Domain 26Telnet Access 27WMI 25
BSS 77Configuration
Advanced 87BSS Name 88DTIM Interval 88Fragmentation Threshold 88Input Bandwidth 89Input Bandwidth Per Station 89Input Burst 89Multicast Optimization 89Multicast Rate 89Output Bandwidth 89Output Bandwidth Per Station 89Output Burst 89RTS Threshold 89Unicast Rate 89
Basic 80BSS Name 80Description 81Hide SSID 81Max Station Allowed 81SSID 80Station Inactivity Limit 81Station Isolation 81
BSS Interface 79IPv4 85
BSS Name 86DHCP Relay 86DHCP Server 86IP Address 86
QoS 86Access-Category 87BSS Name 87Non-WMM station 87WMM 87
Index | 233
Security 81PSK Key String 83WPA
Allowed Encryption Modes 83BSS Name 83Radius Servers 83WPA Type 83
WPA2Allowed Encryption Modes 84Authentication Type 84BSS Name 84Pre-authentication 84PSK Key String 84WPA Type 84
VLAN 85BSS Name 85VLAN Settings 85
WPASecurity
Authentication Type 83Creation
BSS 79Deleting 89
CClient Mode 119
Client List 119Configuration
Client Mode ConnectionAdvanced 127
AP Inactivity Limit 128Fragmentation Threshold 128
Basic 120BSSID of AP 121Description 121SSID of AP 121Sta Name 121
CLI 128Example 129
Creation 120IPv4 125
IP Address 126Scanning 126
Scan Interval 127Scan Modes 127Scan Threshold 127
Security 121WPA 123
PSK Key String 123WPA Type 123
WPA2 124PSK Key String 124
WPA Type 124VLAN 124
VLAN Setting 125Clients Connection 119WMI 119
DDHCP 59
ConfigurationCLI 68DHCP Relay 67
Delete 67DHCP Server 60
Adding a DHCP Pool 61Default lease time 61DNS Addresses 61Max lease time 61Pool 62
Basic Tab 63DNS Server 63Domain Name 63Gateway 63Log Server 63NetLink SVP Server 63Network 63Option 151 63Option 66 63Option 7 63Pool Name 63TFTP Server 63
Fixed Assignments Tab 65IP Address Ranges Tab 64
WMI 60Packet Forwarding 60Relay 59
Option 82 59Server 59
EEthernet Configuration
Advanced Tab 33duplex 34Link auto-negotiate 34Link speed 34MTU 34
Basic Tab 30Admin Status 30Description 30
IPv4 Tab 31DHCP Relay 33DHCP Server 33IP Address 32Layer-3 Service Mode 32Management Interface 32Router-ID Interface 32
QoS Tab 33
234 | Index MeshOS 4.7 | User Guide
.
Access-Category 33VLAN Tab 30
Native VLAN ID 31VLAN Type 31VPLM Site ID 31
Ethernet InterfaceConfiguration
CLI 34WMI 29
Ethernet interfaceConfiguration 29
Ethernet modefull-duplex 29half-duplex 29
ExportConfiguration file 177
FFactory Reset
CLI 180WMI 179
IImport
Configuration file 177
LLoopback Configuration 54
MMesh Networks
Four Node 189Configuration
Auto WDS Meshing 192Basic 189Ethernet Mode 193Example 190Hostname 191Management IP 191Max Allowed Links 192Max Neighbor Distance 192Mesh Security 191Mesh-ID 191Preferred Links 191Site ID 193
Connecting Mesh Network to Wired Network 193Topology 189Validation
Connectivity 193Mesh Links 193Network 193
Hybrid 203Configuration 204
Client ConnectionEthernet VLAN 204Security 204SSID 204
VLAN ID 204Example 204New Client 204
Topology 203Router as a Client 203
MeshOSCLI 17
Motrix 137Configuration
CLI 138Debug Level 138Status 137WMI 137
MSR Series 17MSR1200 17MSR2000 17MSR4000 17
MST SeriesMST200 17
MulticastConfiguration
CLI 95Example 95
Debug Level 94Multicast Status 94Static RP Address for PIM 94WMI 93
Multicast Optimization 93PIM-DM 93PIM-SM 93RP Address 93
Multicast Routing Protocol 93
NNAT 71
ConfigurationCLI 71
Example 71NAT box 71
NTPConfiguration
CLI 188NTP Client 188NTP Server Address 188Refresh Interval 188Time Zone Name 188Time Zone Offset 188WMI 187
PPassword Change
CLI 181WMI 180
RRadio Configuration
Advanced Tab 43Beacon Interval 43CTS Protection 43
MeshOS 4.7 | User Guide Index | 235
Max Neighbor Distance 43Preamble Mode 43Radio Index 43Short GI 43
Backhaul Tab 42Auto WDS Meshing 42Max Allowed Links 42Radio Index 42
Basic Tab 38Admin Status 41Antenna Gain 40Channel List 39Mode 39Radio Index 39Tx Power 41
Radio Frequency Manager 149Radio Interfaces
ConfigurationCLI 44WMI 38
RebootCLI 179WMI 178
Related Documents 18RFM 149
ConfigurationCLI 157Mesh
ACL 153Neighbor ID 154Neighbor ID Type 154Neighbor List Type 154
Advanced 157Default Maximum Bandwidth 157RSSI Minimum Limit 157
Basic 149Mesh Network ID 150WDS IP Pool 150
Neighbor List EntryAdd 154Delete 154
Preferred Links 155Maximum Bandwidth 156Neighbor ID 156Preferred Channel 156Preferred Radio 156
Security 150WPA 152
PSK Key String 152WPA Type 152
WPA2 153PSK Key String 153WPA Type 153
RFM
CLIExample 158
WMI 149Routing
AWR 108Configuration
AWR Status 110CLI 111
Example 111Debug Level 111Primary Gateway Election 111Use Hello Protocol on Mesh Links 111WMI 110
Layer-3 Interface 109Multi-gateway 109Primary Gateway Election 110
Dynamic Routing 97, 108OSPF 102
ConfigurationArea ID 104CLI 108
Example 108Network Prefix 104OSPF Network
Add 104Delete 105
OSPF Status 103Redistribute AWR 104Redistribute Connected 104Router Priority 104Summary Address 104
Add 106Delete 107
WMI 103Redistribute Mesh Routing 102Routing Summary 102
OSPF Protocol 97Routing Table 97Static Route
ConfigurationCLI 102
IPv4Add 98Delete 99
Static Routing 97Configuration
Destination 98Gateway 98Mask 98Routing Table
View 100Destination 101Gateway 101
236 | Index MeshOS 4.7 | User Guide
.
Hop Count 101Interface 101Mask 101Type 101
WMI 97
SSNMP 139
ConfigurationCLI 146Device Information 139
Syscontact 140Syslocation 140Sysname 140
SNMP Communities 140Add 141Delete 141
SNMP Trap Receivers 142Add 142Community 143Delete 143Port 143Receiver Address 143Type 143Version 143
SNMP v3 Users 144Access Mode 145Add 144Auth Password 145Auth Type 145Delete 146Priv Password 146Priv Type 145User Type 145v3 Username 145
WMI 139Syslog
Configuration 185Remote Service 185Syslog Client 185Syslog Server
Add 186Delete 186Facility
Add 186Delete 187
Severity LevelAdd 186Delete 187
TTroubleshooting
Logs 173Auto Recovery 173
AVT 173AWR 173Bandwidth Control 173Boot Log 173DHCP Relay 173DHCP Server 173Download 174IGMP 173Interface Management 173OSPF 173PIM 173RF Management 173Roaming 173SNMP 173System Logs 173Tech-Support 173Upgrade 173View 173VPLM 173
Mesh Networks 211Aligning Antenna 214Mesh ID
Device List 212Neighbors 213Nodes
Checking Active Links 211Verifying Mesh Configuration 212
RadioRadio Status 213
Tools 168ARP Table 171AVT status 171AWR 172Basic 171Client Details 171Client Mode 171Connectivity 171DHCP server lease address 171Ethernet Status 172IGMP 172Motrix 171Multicast Optimization 171Multicast Routing Table 172Neighbor RSSI 171Orphan Recovery 171OSPF 172PIM 172Radio 171Radio Client List 171RF Scan 171Routing Table 172VLAN Interface 172VPLM 172
UUpgrade
CLI 176WMI 175
MeshOS 4.7 | User Guide Index | 237
VVLAN 45
802.1Q label header 45Add a VLAN Interface 47Deleting a VLAN Interface 51Ports 45
Access 46Trunk 46
VLAN ID 45VLAN Configuration
Advanced Tab 51MTU 51Traffic Isolation 51
Basic Tab 49Admin Status 49Description 49
CLIExample 52
IPv4 Tab 49DHCP Relay 50DHCP Server 50IP Address 50Management Interface 50Router-ID Interface 50
VLAN InterfaceConfiguration
CLI 52WMI 46
VPLM 131Application 131Configuration
Allowed VLAN 133CLI 133
Example 133Spanning Tree Compatibility 133Status 133WMI 132
CoS-DSCP Mapping 132Port Type 131QoS 132Site ID 131
WWireless Interface
802.11n Mode 37Channel Bundling 37Frame Aggregation 37MIMO 37
Dot11Radio interfaces 37WMI 21
Homepage 22locales 23
238 | Index MeshOS 4.7 | User Guide
Related Documents
