Wireless Access

Reply
Frequent Contributor II
Posts: 117
Registered: ‎09-29-2009

Dashboard analysis, What do you think about this screenshot?

Dashboard analysis, What do you think about this screenshot?

 

We are a University and we have a lot "legacy" devices (since a few 802.11b to a few 802.11ac devices) and mixed AP models (50% ac, 15% n, 35% legacy) just one controller (7220 AOS 6.3.1.13).

I ask for real world tips&tricks/BP, no just PoC about:

  • Recommended VAP RF profiles,
  • Band Steering check box &/or ARM &/or QOS Profiles (WMM & Traffic management) combination,
  • HT SSID advanced options profile,
  • SIP and other settings to Lync (We have Lync but we have "Deny inter user traffic checkbox active" that don´t permit works Lync inter users wifi).
  • Airgroup configurations.
  • Don´t allow 802.11b devices degrade the RF enviroment.
  • "IPS" Rougue detection and mitigation VLAN configuration/VLAN trunks-gw to get info from wired no aruba switches (Airwave server available).

By the way No ClearPass server available (By cost).

Airwave_DashBoards_Plus-Protocols-FrameAndType-Rates.jpg

Guru Elite
Posts: 21,260
Registered: ‎03-29-2007

Re: Dashboard analysis, What do you think about this screenshot?


Homerodesepcionado wrote:

Dashboard analysis, What do you think about this screenshot?

 

We are a University and we have a lot "legacy" devices (since a few 802.11b to a few 802.11ac devices) and mixed AP models (50% ac, 15% n, 35% legacy) just one controller (7220 AOS 6.3.1.13).

I ask for real world tips&tricks/BP, no just PoC about:

  • Recommended VAP RF profiles,
  • Band Steering check box &/or ARM &/or QOS Profiles (WMM & Traffic management) combination,  - ClientMatch will override and replace Band Steering if it is on.  ARM should be min 12 and Max 18 to start.  No traffic management.  WMM is automatically enabled in the background when 802.11n is enabled.
  • HT SSID advanced options profile, - Nothing should be changed.
  • SIP and other settings to Lync (We have Lync but we have "Deny inter user traffic checkbox active" that don´t permit works Lync inter users wifi).- You need to uncheck "Deny inter user traffic", otherwise lync will not work.
  • Airgroup configurations. - Leave at default (On) if you want users to use MDNS.
  • Don´t allow 802.11b devices degrade the RF enviroment.  - If you have 802.11b devices you have to support them.  Do not remove support for them day#1 unless you understand your environment.
  • "IPS" Rougue detection and mitigation VLAN configuration/VLAN trunks-gw to get info from wired no aruba switches (Airwave server available). - Access points can be placed in the same VLANs where rogue APs could be placed.

By the way No ClearPass server available (By cost).

Airwave_DashBoards_Plus-Protocols-FrameAndType-Rates.jpg


 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 117
Registered: ‎09-29-2009

Re: Dashboard analysis, What do you think about this screenshot?

10X cjoseph!

  • Ok, I´ll activate Band Steering and ClientMatch (I got that "the override" don´t cause conflicts).I´ll check the ARM values.
  • Ok, No Traffic management.
  • HT and VHT SSID adv options: Nothing should be changed :S (ok, default then).
  • SIP and other Lync settings: Ok, uncheck the "Deny inter user traffic" but Any recommendation about set of ACL -or work around- to deal with "evil/unwanted/chatty inter users traffic"? (by the way some VIP users (AD group) needs unrestricted or special access (different role/policies/VLAN, any link to tutorial video?) with NPS policies. (Again without clear pass server).
  • AirGroup configuration: On is the default?? seems like something else is missing... i need more information about this feature and know how this can help to provide freedom to users but without degrade security/performance... I want improve our network performance securely. In this momento (without config) I have this moment (900 online users, low usage on weekend) in the "Dashboard -> AirGroup" two lists: "AirGroup Users (247)" and "AirGroup Servers (19)".
  • I DONT WANT SUPPORT ANY 802.11b users just a,g,n, and ac!! any recomendation? (I read something about VAP>SSID Profile> Advanced: "802.11a, 802.11g  Basic and Transmit Rates check boxes but...:S )
  • IPS/VLAN rogue APs: Our APs are in diferent (and restricted) VLAN my comment is about if i create the Wired VLAN on the controller then the controller will get enough information (OUI-MAC-IP addresses) to "see" the rogue APs (in the wired side) and if can do something (pass information to AirWave->emailme, RST/blockport/blackhole/etc by scripting on the wired side...). Adicionally: "Advanced Services > All Profile Management > IDS profiles", default too?

 

Based on this history (same VAP on a/b only -legacy-, n and ac mixed APs) and all the context... an Update AOS from 6.3.13 to 6.4 will affect (legacy APs down, bad performance, etc..) or will improve the things? (i´m concern about some release notes).

 

 

Best regards! :)

Guru Elite
Posts: 21,260
Registered: ‎03-29-2007

Re: Dashboard analysis, What do you think about this screenshot?

- If ClientMatch is enabled, the bandsteering configuration on the VAP will not be used; steering clients to the correct band/ap will be done using Clientmatch instead.  If Clientmatch is enabled, you do not have to care about bandsteering.

- The Lync guide for Lync over wifi is here:  http://community.arubanetworks.com/t5/Validated-Reference-Design/Lync-Over-Aruba-WiFi/ta-p/199813

- Do not touch the Airgroup Configuration.  If your users are not complaining, there is nothing that you need to do.

- The negative about removing support for 802.11b users is if someone complains; Support for 802.11b should not necessarily be removed on the first day.  It should be done when the network is stable, so that you are only changing one thing at a time.  Removing support for 802.11b users *could* improve performance, but only in specific circumstances and only on the 2.4ghz band.  More and more devices support 5ghz, so they would not even be affected.  First, gain stability in your network, and the consider removing support for 802.11b users.

- IDS/IPS should be planned carefully and separately.  First you need to define what you are trying to accomplish.  You can do everything that you need to through rules in Airwave.  Airwave can then signal your Aruba controller to stop rogues.  Please read the Rapids section in Airwave documentation for details on this.

- Some legacy products will not work on 6.4.   Please check all of your hardware on the page here:  http://www.arubanetworks.com/support-services/end-of-life-products/

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: