Deploying Ascom i62 with Aruba Networks’ Secure Mobility ... · Deploying Ascom i62 with Aruba Networks’ Secure Mobility ... Networks®, Aruba Wireless Networks®, the registered

TechnologySolutionGuideDeployingAscomi62withArubaNetworks

SecureMobilitySolution

Ascomi62HandsetandOEMderivativesSoftwareversion4.3.12Aruba600/3000/6000/7200MobilityControllersAOSversion6.2.1.2ArubaAP92/93/104/105/124/125/134/135November11th2013

DeployingAscomsi62VoWiFihandsetwithArubaNetworksSecureMobilitySolution 1

WARRANTYDISCLAIMER

THEFOLLOWINGDOCUMENT,ANDTHEINFORMATIONCONTAINEDHEREINISPROVIDEDONAN"ASIS"BASIS.ARUBAMAKESNOREPRESENTATIONS,WARRANTIES,CONDITIONSORGUARANTEESASTOTHEUSEFULNESS,QUALITY,SUITABILITY,TRUTH,ACCURACYORCOMPLETENESSOFTHISDOCUMENTANDTHEINFORMATIONCONTAINEDINTHISDOCUMENT.

DISCLAIMEROFLIABILITY

ArubaNetworks,Inc.disclaimsliabilityforanypersonalinjury,propertyorotherdamagesofanynaturewhatsoever,whetherspecial,indirect,consequentialorcompensatory,directlyorindirectlyresultingfromthecertificationprogramortheactsoromissionsofanycompanyortechnologythathasbeencertifiedbyArubaNetworks.

CertificationdoesnotmeanthatthecompanyisasubcontractororunderthetechnicalcontrolordirectionofArubaNetworks.InconductingthecertificationprogramArubaNetworksisnotundertakingtorenderprofessionalorotherservicesfororonbehalfofanypersonorentity.


TableofContentsIntroduction..................................................................................................................................................3SolutionComponents...................................................................................................................................3

ArubaCampusWLANSolution.................................................................................................................3

AscomSolution.........................................................................................................................................4

ArubaEdgeSolutionQualification.................................................................................................................5QualificationObjective.............................................................................................................................5

NetworkTopology....................................................................................................................................5

TestMethodology....................................................................................................................................7

SummaryTestResults..............................................................................................................................7

KnowLimitations......................................................................................................................................9

Conclusion.....................................................................................................................................................9Appendix1..................................................................................................................................................10

Generalsettings(SSID,RadioandQoS).............................................................................................10

EncryptionandAuthenticationSettings............................................................................................13

Ascomi62SettingSummary..............................................................................................................16

APPENDIXB.................................................................................................................................................18TestSummary.........................................................................................................................................18

ArubaTestConfigurationFile.................................................................................................................19


IntroductionThisdocumentdescribesthestepsandguidelinesnecessarytoconfigureArubaswirelessLAN(AOSversion.6.2.1.2)infrastructuretoworkinteroperablewithAscomsi62handsets.

TheguideisintendedtobeusedinconjunctionwithArubaandAscomconfigurationguides.Pleasecontacttherespectivecompanyssalesengineeringorsupportgroupsshouldadditionalinformationberequired.

SolutionVerified: AscomPhones

ArubaProduct: ArubaCampusWLANSolutionOSversion6.2.x.x

PartnerSolutionTested: Ascomi62Handset;Softwareversion4.3.12

SolutionComponents

ArubaCampusWLANSolutionSecureandreliablemobilityistheresponsibilityoftheenterprisenetwork,whichmustsupportawiderangeofconvergedclientsoverwireless,wired,andremoteaccessnetworks.Laptopsandsmartphonesarecapableofsimultaneouslyrunningvoice,data,andnowvideoapplications,anoperatingmodelthatbreakstraditionaldedicatedVLANandSSIDarchitectures.Deliveringthequalityofservice(QoS),bandwidth,andmanagementtoolsnecessarytoaccommodatethesedevicesonagrandscalewithinacampusenvironment,tousersontheroad,andinbranchofficesrequiresaspeciallytailoredsystemdesign.

Arubasuniqueapplicationanddevicefingerprintingenablethesystemtodetectthetypesoftrafficflows,andthedevicesfromwhichtheyoriginate.ThenetworkcanthenbedynamicallyconditionedtodeliverQoSonanapplicationbyapplication,devicebydevicebasisasneededtoensurehighlyreliableapplicationdelivery.Arubasintegratedpolicyenforcementfirewallisolatesapplicationsfromoneanothertoessentiallycreatemultiplededicatedvirtualnetworks,andthenallocatesthenecessarybandwidthforeachuserandapplication.

ToensurereliableapplicationdeliveryinchangingRFenvironments,ArubasAdaptiveRadioManagement(ARM)technologyforcesclientdevicestoshiftawayfromthenoisy2.4GHzbandtothequieter5GHzband,adjustsradiopowerlevelstoblanketcoverageareas,loadbalancebyshiftingclientsbetweenaccesspoints,andevenallocatesairtimebasedonthecapabilitiesofeachclientdevice.Theresultisasuperbuserexperiencewithoutanyuserinvolvement.

Theseservicesarecomplementedbysecuritysystemsthatensuretheintegrityofthenetwork.Roguedetection,wirelessintrusionandprevention,accesscontrol,remotesiteVPN,contentsecurityscanning,endtoenddataencryption,andotherservicesprotectthenetworkandusersatalltimes.


Arubasextensiveportfolioofcampus,branch/teleworker,andmobilesolutionssimplifyoperationsandsecureaccesstounifiedcommunicationsapplicationsandservicesregardlessoftheuser'sdevice,location,ornetwork.Thisdramaticallyimprovesproductivity,loweringcapitalandoperationalcostswhileprovidingasuperioruninterrupteduserexperience.

AscomSolutionTheAscomi62VoWiFihandsetreplacestheAscomi75,offeringasleekerdesign,highresolutioncolorTFTdisplay,IP44compliantconstruction,andlongerbatterytime.Thei62,likeotherAscomhandsets,canbemanagedovertheair(OTA)andisdesignedtointeroperatewithinaWiFinetwork.WiththeAscomi62VoWiFihandset,usersgetasinglemobiledeviceforvoiceconversations,textmessagingandalarmsfromsystemsthroughouttheirhospitalorbusiness.

CertifiedProductSummary

Manufacturer AscomWirelessSolutions

ProductsCertified Ascomi62andOEMderivatives

HardwareModelNumbers WH1xxxx

SoftwareVersionNumbers 4.3.12

RFFeaturesTested

RadioSupported 802.11a/b/g/n

QoSFeaturesSupported/Tested WMM

PowersaveFeaturesTested UAPSD

EncryptionSupported WEP64/128,WPAPSK,WPA2PSK,PEAPMSCHAPv2,EAPTLS

EncryptionTested WPAPSK,WPA2PSK,PEAPMSCHAPv2,EAPTLS

802.11hSupported Yes

KeyCachingSupportforOptimizedRoaming

OKCandPMK

VoiceSpecificFeatures

ProtocolsSupported SIPUDP,H323

ControlTrafficPattern HandsettoServerandviceversa

VoiceTrafficPattern Peertopeer(betweenhandsets)

#ofCallsperAPTested 16 calls(notAPcapacitylimited)


ArubaEdgeSolutionQualification

QualificationObjectiveValidatetheinteroperabilityoftheAscomi62withtheArubaswirelessLANinfrastructure(version6.2.1.2).

NetworkTopology


SettingsontheArubaWLAN

EnableSNMPv2ontheArubaMobilityController,andconfigurethecommunitystringasfollows:

ThefollowingArubaMobilityControllerconfigurationsettingsarerecommendedforusewithAscomi62handsets:

RFRecommendedSettingsforAscomo BeaconInterval:100mo DTIMPeriod:5o WMM/UAPSDEnabledo 802.11dRegulatoryDomain:Countryspecific

EncryptionandAuthenticationo ThehandsetandtheWLANinfrastructuresupportandweretestedwithWPA/WPA2

enterpriseandPSK.PleaserefertheArubaconfigurationguideforadditionalinformationonhowtheSSIDsandencryption/authenticationmethodsshouldbeconfigured.

AdaptiveRadioManagemento EnableARM,voiceawarescanning,WMM/UAPSD,andbandsteering.

UserRolesandPoliciesTheAscomphonessupportSIPandH323.SoenablethevoiceACLortheSIPandH.323ACLs

AscomSettings

ThefollowingAscomi62HandsetconfigurationsettingsarerecommendedforusewithArubaMobilityControllers

Ascomi62Configuration:

WorldModeRegulatoryDomainsettoWorldmode. IPDSCPforVoice:0xC0(46)ExpeditedForwarding IPDSCPforSignaling:0x68(26)AssuredForwarding31 TransmitGratuitousARP:Enable

RefertoAppendixAforadditionaldetails.


TestMethodology

SummaryTestResultsThefeaturesandfunctionslistedbelowwereassessedduringinteroperabilitytesting.Thetestresultsarepresentedintherightmostcolumn

WLANControllerFeatures

HighLevelFunctionality Result

Association,OpenwithNoEncryption OK

Association,OpenwithStaticWEP64/128 Nottested

Association,WPAPSK,TKIP OK

Association,WPA2PSK,TKIP/AESEncryption OK

Association,PEAPMSCHAPv2Auth.,TKIPEncryption OK

Association,PEAPMSCHAPv2Auth.,AESEncryption OK

Association,EAPTLS OK

Association,MultipleESSIDs OK

BeaconIntervalandDTIMPeriod OK

Preauthentication N/A

PMKSACaching OK

WPA2Opportunistic/ProactiveKeyCaching OK

WMMPrioritization OK

ActiveMode(loadtest) OK

802.11PowerSaveMode OK

802.11eUAPSD OK

802.11eUAPSD(loadtest) OK


Roaming

HighLevelFunctionality Result

Roaming,OpenwithNoEncryption OK(Avgroamingtime22ms)*

Roaming,WPAPSK,TKIPEncryption OK(Avgroamingtime44ms)*

Roaming,WPA2PSK,AESEncryption OK(Avgroamingtime52ms)*

Roaming,PEAPMSCHAPv2Auth,AESEncryption OK(Avgroamingtime44ms)*/**

*)Statedroamingtimesweremeasuredusing802.11bg(n).RefertoAppendixBfordetails.

**)ResultsobservedwithOpportunisticKeyCachingenabled.Resultsaverage400mswithoutOpportunisticKeyCaching.


KnowLimitations

Therearenoknownlimitations.

ConclusionTheverification,includingassociation,authentication,roaming,andloadtestproducedverygoodresultsoverall.Roamingtimeswereingeneralgoodwithroamingtimesofaround4050msbothwhenusingWPA2PSK/AESandPEAPMSCHAPv2(WPA2/AES).

Loadtestingshowedthatmorethan16Ascomi62HandsetscouldmaintainacallviaasingleArubaaccesspointwhentestedbothinactiveandUAPSDmodes.Notethatthenumberof16wasthemaximumnumberofdevicestestedandnotthecapacitylimit.

2011ArubaNetworks,Inc.ArubaNetworkstrademarksinclude,ArubaNetworks,ArubaWirelessNetworks,theregisteredArubatheMobileEdgeCompanylogo,ArubaMobilityManagementSystem,MobileEdgeArchitecture,PeopleMove.NetworksMustFollow,RFProtect,andGreenIsland.Allrightsreserved.Allothertrademarksarethepropertyoftheirrespectiveowners.

Specificationsaresubjecttochangewithoutnotice.


Appendix1ThissectionincludesscreenshotsandexplanationsofbasicsettingsrequiredtouseAscomi62HandsetswithanAruba3400MobilityController.Pleasenotethesecuritysettingsofeachtestcase,astheyweremodifiedaccordingtoneedsofthetestcases.

Theconfigurationfileisfoundattheendofthisappendix

Generalsettings(SSID,RadioandQoS)

SetDTIMIntervalto5.Thisvalueisrecommendedformaximumbatteryconservationwithoutimpactingcallquality.Usingalowervaluewillalsodecreasethestandbytimeslightly.


Ascomrecommendsdisablingthelowestratesandrecommendsthat6mbitsisthelowestsupportedrate.

EnsurethatWMMandUAPSDareenabled.Tomatchthedefaultvaluesinthei62ensuretouseDSCP46forVoice,26forvideoand0forbesteffort.ItisalsorecommendedthatMaxTransmitAttemptsbesetto4

Note:Tofurtheroptimizeperformanceitisrecommendedthat802.11bclientsisdisallowedfromassociatingbysettingthe6Mbpsor12MbpsasBasicRatesinthe802.11gconfiguration.

SetMaximumTransmitFailuresto25.


Highthroughputenableenables802.11ncapabilitiesthataresupportedincombinationwithOpenencryptionandWPA2AES(PSKorEnterprise).

AscomrecommendsaBeaconIntervalof100msandadvertising802.11d/hcapabilities.

GeneralguidelineswhendeployingAscomi62handsets(SWversion2.5.7orlater)in802.11a/nenvironments:

1. Enablingmorethan8channelswilldegraderoamingperformance.Ascomstronglyrecommendsagainstgoingabovethislimit.

2. Using40MHzchannels(orchannelbonding)willreducethenumberofnonDFS*channelstotwoinETSIregions(Europe).InFCCregions(NorthAmerica),40MHzisamoreviableoptionbecauseoftheavailabilityofadditionalnonDFSchannels.Thehandsetcancoexistwith40MHzstationsinthesameESS.

3. MakesurethatallnonDFSchannelaretakenbeforeresortingtoDFSchannels.ThehandsetcancopeinmixednonDFSandDFSenvironments;however,duetounpredictabilityintroducedbyradardetectionprotocols,voicequalitymaybecomedistortedandroamingdelayed.HenceAscomrecommendsavoidingtheuseofDFSchannelsinVoWIFIdeployments.

*)DynamicFrequencySelection(radardetection)


AscomrecommendsaBeaconIntervalof100msandadvertising802.11d/hcapabilities.For802.11b/g/nuseonlychannels1,6and11.For802.11a/n,usechannelsinaccordancewithArubasguidelinesandincompliancewithlocalregulations.

EncryptionandAuthenticationSettings

WPA2PSK.SetthesecurityprofiletoWPA2PSK,AESencryption.


Enterprise/.1Xauthentication.

Step1:WhenconfiguringtheauthenticationmodeusingaRadiussever,theIPaddressandthesecretmustcorrespondtotheIPaddressandthecredentialusedbytheRadiusserver.TheRADIUSservershouldbeaddedtoaServerGroup.

Step2:Createan802.1XAuthenticationProfile.


Step3:Choosethe802.1XAuthenticationprofilecreatedinpreviousstepandconfiguretheAuthenticationServergroup.

ChooseconfiguredAAAProfileandsetWPA2/AESasthesecuritymode.

SeeAppendixBforthecontrollerconfigurationusedforthecertificationprocess.


Ascomi62SettingSummary

NetworksettingsforWPA2PSK


Networksettingsfor.1Xauthentication(PEAPMSCHAPv2)

802.1XAuthenticationrequiresarootcertificatetobeuploadedtothephonebyrightclicking>Editcertificates.EAPTLSwillrequirebotharootandaclientcertificate.

NotethatbotharootandaclientcertificateareneededforTLS.Otherwiseonlyarootcertificateisneeded.Servercertificatevalidationcanbeoverriddeninversion4.1.12andaboveperhandsetsetting(ValidateservercertificateunderNetworksettings).


APPENDIXB

TestSummary

Description Runs

Testspassed 22

TestsNotRun 9

Testsfail 0

TestNA 0

TotalNumberofTests 31


ArubaTestConfigurationFile

version6.2hostname"Aruba3400"clocktimezone0location"Building1.floor1"controllerconfig709ipNATpooldynamicsrcnat0.0.0.00.0.0.0ipaccesslistethvaliduserethaclpermitany!netservicesvcpcoip2tcptcp4172netservicesvcsnmptrapudp162netservicesvcnetbiosdgmudp138netservicesvccitrixtcp2598netservicesvcsmbtcptcp445netservicesvcikeudp500netservicesvcl2tpudp1701netservicesvcsyslogudp514netservicesvcdhcpudp6768algdhcpnetservicesvchttpstcp443netservicesvcicatcp1494netservicesvcpptptcp1723netservicesvctelnettcp23netservicesvchttpaccltcp88netservicesvcsccptcp2000algsccpnetservicesvcsecpapiudp8209netservicesvctftpudp69algtftpnetservicesvckerberosudp88netservicesvcsiptcptcp5060netservicesvcnetbiosssntcp139netservicesvcpcoipudpudp50002netservicesvcpcoiptcptcp50002netservicesvcpop3tcp110netservicesvcadpudp8200netservicesvccfgmtcptcp8211netservicesvcnoeudp32512algnoenetservicesvchttpproxy3tcp8888netservicesvclpdtcptcp631netservicesvcmsrpctcptcp135139netservicesvcrtsptcp554algrtspnetservicesvcdnsudp53algdnsnetservicevnctcp59005905netservicesvcvoceraudp5002algvoceranetservicesvch323tcptcp1720netservicesvch323udpudp17181719netservicesvchttptcp80netservicesvcntermtcp10261028netservicesvcsipudpudp5060netservicesvchttpproxy2tcp8080netservicesvcnoeoxoudp5000algnoenetservicesvcpapiudp8211netservicesvcftptcp21algftpnetservicesvcnattudp4500netservicesvcsvp119algsvpnetservicesvcmicrosoftdstcp445netservicesvcgre47netservicesvcsmtptcp25netservicewebtcplist"80443"netservicesvcsmbudpudp445netservicesvcsipstcp5061algsipsnetservicesvcnetbiosnsudp137netservicesvcesp50


netservicesvccupstcp515netservicesvcpcoip2udpudp4172netservicesvcbootpudp6769netservicesvcsnmpudp161netservicesvcv6dhcpudp546547netservicesvcicmp1netservicesvcntpudp123netservicesvcmsrpcudpudp135139netservicesvcsshtcp22netservicesvchttpproxy1tcp3128netservicesvcv6icmp58netservicesvclpdudpudp631netservicesvcvmwarerdptcp3389netexthdrdefault!timerangenighthoursperiodicweekday18:01to23:59weekday00:00to07:59!timerangeweekendperiodicweekend00:00to23:59!timerangeworkinghoursperiodicweekday08:00to18:00!ipaccesslistsessionallowdiskservicesanyanysvcnetbiosdgmpermitanyanysvcnetbiosssnpermitanyanysvcmicrosoftdspermitanyanysvcnetbiosnspermit!ipaccesslistsessioncontrolanyanysvcpapipermitanyanysvcsecpapipermituseranyudp68denyanyanysvcicmppermitanyanysvcdnspermitanyanysvccfgmtcppermitanyanysvcadppermitanyanysvctftppermitanyanysvcdhcppermitanyanysvcnattpermit!ipaccesslistsessionv6icmpacl!ipaccesslistsessionvalidusernetwork169.254.0.0255.255.0.0anyanydenyanyanyanypermitipv6hostfe80::anyanydenyipv6anyanyanypermit!ipaccesslistsessionvoceraaclanyanysvcvocerapermitqueuehigh!ipaccesslistsessionv6httpsacl!ipaccesslistsessionvmwareaclanyanysvcvmwarerdppermittos46dot1ppriority6anyanysvcpcoiptcppermittos46dot1ppriority6anyanysvcpcoipudppermittos46dot1ppriority6anyanysvcpcoip2tcppermittos46dot1ppriority6anyanysvcpcoip2udppermittos46dot1ppriority6!ipaccesslistsessionv6controlipv6anyanysvcpapipermitipv6anyanysvcsecpapipermit


ipv6useranyudp547denyipv6anyanysvcv6icmppermitipv6anyanysvcdnspermitipv6anyanysvccfgmtcppermitipv6anyanysvcadppermitipv6anyanysvctftppermitipv6anyanysvcdhcppermitipv6anyanysvcnattpermit!ipaccesslistsessionicmpaclanyanysvcicmppermit!ipaccesslistsessioncaptiveportaluseraliascontrollersvchttpsdstnat8081useranysvchttpdstnat8080useranysvchttpsdstnat8081useranysvchttpproxy1dstnat8088useranysvchttpproxy2dstnat8088useranysvchttpproxy3dstnat8088!ipaccesslistsessionv6dhcpacl!ipaccesslistsessionallowallanyanyanypermit!ipaccesslistsessionv6dnsacl!ipaccesslistsessiontest!ipaccesslistsessionsipaclanyanysvcsipudppermitqueuehighanyanysvcsiptcppermitqueuehigh!ipaccesslistsessionhttpsaclanyanysvchttpspermit!ipaccesslistsessioncitrixaclanyanysvccitrixpermittos46dot1ppriority6anyanysvcicapermittos46dot1ppriority6!ipaccesslistsessiondnsaclanyanysvcdnspermit!ipaccesslistsessionascomanyanyanypermit!ipaccesslistsessionraguardipv6useranyicmpv6rtradvdeny!ipaccesslistsessionallowprintservicesanyanysvccupspermitanyanysvclpdtcppermitanyanysvclpdudppermit!ipaccesslistsessionlogoncontroluseranyudp68denyanyanysvcicmppermitanyanysvcdnspermitanyanysvcdhcppermitanyanysvcnattpermit!ipaccesslistsessionvpnlogonuseranysvcikepermituseranysvcesppermitanyanysvcl2tppermitanyanysvcpptppermit


anyanysvcgrepermit!ipaccesslistsessionsrcnatuseranyanysrcnat!ipaccesslistsessionskinnyaclanyanysvcsccppermitqueuehigh!ipaccesslistsessiontftpaclanyanysvctftppermit!ipaccesslistsessionv6allowall!ipaccesslistsessioncplogoutuseraliascontrollersvchttpsdstnat8081!ipaccesslistsessiondhcpaclanyanysvcdhcppermit!ipaccesslistsessionhttpaclanyanysvchttppermit!ipaccesslistsessionv6httpacl!ipaccesslistsessioncaptiveportal6ipv6useraliascontroller6svchttpscaptiveipv6useranysvchttpcaptiveipv6useranysvchttpscaptiveipv6useranysvchttpproxy1captiveipv6useranysvchttpproxy2captiveipv6useranysvchttpproxy3captive!ipaccesslistsessionapuplinkaclanyanyudp68permitanyanysvcicmppermitanyhost224.0.0.251udp5353permit!ipaccesslistsessionapaclanyanysvcgrepermitanyanysvcsyslogpermitanyusersvcsnmppermituseranysvchttppermituseranysvchttpacclpermituseranysvcsmbtcppermituseranysvcmsrpctcppermituseranysvcsnmptrappermituseranysvcntppermituseraliascontrollersvcftppermit!ipaccesslistsessionsvpaclanyanysvcsvppermitqueuehighuserhost224.0.1.116anypermit!ipaccesslistsessionnoeaclanyanysvcnoepermitqueuehigh!ipaccesslistsessionv6apaclipv6anyanysvcgrepermitipv6anyanysvcsyslogpermitipv6anyusersvcsnmppermitipv6useranysvcsnmptrappermitipv6useranysvcntppermitipv6useraliascontroller6svcftppermit!ipaccesslistsessionh323aclanyanysvch323tcppermitqueuehigh


anyanysvch323udppermitqueuehigh!ipaccesslistsessionv6logoncontrol!vpndialerdefaultdialerikeauthenticationPRESHARE4c59c7e88b3480e67d8f9ff249f167ddcdcfbc36a07f7000!userroleaproleaccesslistsessioncontrolaccesslistsessionapaclaccesslistsessionv6controlaccesslistsessionv6apacl!userroledenyall!userroledefaultvpnroleaccesslistsessionallowallaccesslistsessionv6allowall!userrolecpbase!userrolevoiceaccesslistsessionsipaclaccesslistsessionnoeaclaccesslistsessionsvpaclaccesslistsessionvoceraaclaccesslistsessionskinnyaclaccesslistsessionh323aclaccesslistsessiondhcpaclaccesslistsessiontftpaclaccesslistsessiondnsaclaccesslistsessionicmpacl!userroleascomaccesslistsessionascom!userroledefaultviaroleaccesslistsessionallowallaccesslistsessionv6allowall!userroleguestlogoncaptiveportal"default"accesslistsessionlogoncontrolaccesslistsessioncaptiveportalaccesslistsessionv6logoncontrolaccesslistsessioncaptiveportal6!userroleguestaccesslistsessionhttpaclaccesslistsessionhttpsaclaccesslistsessiondhcpaclaccesslistsessionicmpaclaccesslistsessiondnsaclaccesslistsessionv6httpaclaccesslistsessionv6httpsaclaccesslistsessionv6dhcpaclaccesslistsessionv6icmpaclaccesslistsessionv6dnsacl!userrolestatefuldot1x!userroleauthenticatedaccesslistsessionallowallaccesslistsessionv6allowall!userrolelogon


accesslistsessionlogoncontrolaccesslistsessioncaptiveportalaccesslistsessionvpnlogonaccesslistsessionv6logoncontrolaccesslistsessioncaptiveportal6!!interfacemgmt shutdown!dialergroupevdo_usinitstringATQ0V1E0dialstringATDT#777!dialergroupgsm_usinitstringAT+CGDCONT=1,"IP","ISP.CINGULAR"dialstringATD*99#!dialergroupgsm_asiainitstringAT+CGDCONT=1,"IP","internet"dialstringATD*99***1#!dialergroupvivo_brinitstringAT+CGDCONT=1,"IP","zap.vivo.com.br"dialstringATD*99#!nospanningtreeinterfacegigabitethernet1/0 description"GE1/0" trusted trustedvlan14094!interfacegigabitethernet1/1 description"GE1/1" trusted trustedvlan14094!interfacegigabitethernet1/2 description"GE1/2" trusted trustedvlan14094!interfacegigabitethernet1/3 description"GE1/3" trusted trustedvlan14094!interfacevlan1 ipaddress192.168.0.13255.255.255.0!ipdefaultgateway172.20.106.1


ipdefaultgateway192.168.0.50uplinkdisableapmeshrecoveryprofileclusterRecovery3YY7svy9npuyoWT2wpahexkeyc91d04ae9d1cd6903de40223c83192b1c94a87680f124648d413c1cbdb93e23c825e65592b831f21d22cb5baea6c27b03bcb212fb64b2f4915247b552294b704790ba063ee92929dc849d8abd75f842bcryptoisakmppolicy20encryptionaes256!cryptoipsectransformsetdefaultbocbmtransformesp3desespshahmaccryptoipsectransformsetdefaultraptransformespaes256espshahmaccryptoipsectransformsetdefaultaesespaes256espshahmaccryptodynamicmapdefaultdynamicmap10000settransformset"defaulttransform""defaultaes"!cryptoisakmpeappassthrougheaptlscryptoisakmpeappassthrougheappeapcryptoisakmpeappassthrougheapmschapv2vpdngroupl2tp!!vpdngrouppptp!tunnelednodeaddress0.0.0.0adpdiscoveryenableadpigmpjoinenableadpigmpvlan0voicertcpinactivitydisablevoicealgbasedcacenablevoicesipmidcallreqtimeoutdisableapapblacklisttime3600mgmtuseradminroot5436b5a101681372db26d314e974065944317cd3e1fe6a5534nodatabasesynchronizedatabasesynchronizerfplandataipmobiledomaindefault!ipigmp!ipv6mld!nofirewallattackratecp1024ipv6firewallexthdrparselen100!


!firewallcppacketcapturedefaultstcpdisableudpdisableinterprocessdisablesysmsgdisableotherdisable!ipdomainlookup!countryUSaaaauthenticationmac"default"!aaaauthenticationdot1x"ArubaIntopdot1x_prof"!aaaauthenticationdot1x"ascom"machineauthenticationenablemachineauthenticationmachinedefaultrole"ascom"machineauthenticationuserdefaultrole"authenticated"reauthenticationterminationenableterminationeaptypeeappeapterminationinnereaptypeeapmschapv2!aaaauthenticationdot1x"default"!aaaauthenticationdot1x"Freeradius"machineauthenticationenablemachineauthenticationmachinedefaultrole"ascom"machineauthenticationuserdefaultrole"authenticated"!aaaauthenticationserverradius"Intop"host"192.168.0.2"key4c30ba7b0dba34f13c19d389cfc76ca9!aaaservergroup"ascom"authserverInternal!aaaservergroup"default"authserverInternalsetroleconditionrolevalueof!aaaservergroup"intop"authserverIntop!aaaprofile"ascom"initialrole"ascom"authenticationdot1x"ascom"dot1xdefaultrole"authenticated"dot1xservergroup"ascom"!aaaprofile"default"!aaaprofile"defaultdot1x"initialrole"ascom"authenticationdot1x"Freeradius"dot1xdefaultrole"authenticated"dot1xservergroup"intop"!aaaprofile"defaultdot1xpsk"initialrole"ascom"authenticationdot1x"defaultpsk"dot1xdefaultrole"authenticated"!aaaauthenticationcaptiveportal"default"!aaaauthenticationwispr"default"!aaaauthenticationvpn"default"!


aaaauthenticationvpn"defaultrap"!aaaauthenticationmgmt!aaaauthenticationstatefulntlm"default"!aaaauthenticationstatefulkerberos"default"!aaaauthenticationstatefuldot1xservergroup"intop"!aaaauthenticationwired!webserver!guestaccessemail!voicelogging!voicedialplanprofile"default"!voicerealtimeconfig!voicesip!aaapasswordpolicymgmt!controlplanesecuritynocpsecenable!idswmsgeneralprofilepollretries3!idswmslocalsystemprofile!validnetworkouiprofile!qosprofile"default"!policerprofile"default"!apsystemprofile"default"rfbanda!apregulatorydomainprofile"default"countrycodeUSvalid11gchannel1valid11gchannel6valid11gchannel11valid11achannel36valid11achannel40valid11achannel44valid11achannel48valid11achannel149valid11achannel153valid11achannel157valid11achannel161valid11achannel165valid11g40mhzchannelpair15valid11g40mhzchannelpair711valid11a40mhzchannelpair3640valid11a40mhzchannelpair4448valid11a40mhzchannelpair149153valid11a40mhzchannelpair157161!apwiredapprofile"default"


!apenetlinkprofile"default"!apmeshhtssidprofile"default"!aplldpmednetworkpolicyprofile"default"!apmeshclusterprofile"default"!aplldpprofile"default"!apmeshradioprofile"default"!apwiredportprofile"default"!idsgeneralprofile"default"!idsunauthorizeddeviceprofile"default"!idsprofile"default"!rfarmprofile"default"assignmentdisable!rfarmprofile"disable"assignmentdisablenoscanningnomultibandscan!rfoptimizationprofile"default"!rfeventthresholdsprofile"default"!rfamscanprofile"default"!rfdot11aradioprofile"ch36"channel36txpower30dot11harmprofile"disable"!rfdot11aradioprofile"ch40"channel40txpower50!rfdot11aradioprofile"default"armprofile"disable"!rfdot11gradioprofile"channel1"channel1dot11harmprofile"disable"!rfdot11gradioprofile"channel11"channel11txpower30dot11harmprofile"disable"!rfdot11gradioprofile"channel6"channel6dot11hbeaconperiod500armprofile"disable"!rfdot11gradioprofile"default"


!wlanhandovertriggerprofile"default"!wlanrrmieprofile"default"!wlanbcnrptreqprofile"default"!wlantsmreqprofile"default"!wlanvoipcacprofile"default"!wlanhtssidprofile"default"!wlanedcaparametersprofilestation"default"!wlanedcaparametersprofileap"default"!wlandot11kprofile"default"!wlanssidprofile"NEW"essid"ArubaIntop2"wmmvodscp"56"wmmvidscp"40"wmmbedscp"24"wmmbkdscp"8"!wlanssidprofile"default"essid"ArubaIntop"opmodewpa2pskaesdtimperiod5gbasicrates6gtxrates6121824364854maxretries4wmmwmmvodscp"46"wmmvidscp"40"wmmbedscp"26"wmmbkdscp"0"wepkey1f5999ea8f3aa90291ab9d8959e408196204d90e83c193b97wpapassphraseb25016e142b114fde2131b4a57876bc92e8c4ab655392842maxtxfail25!wlanssidprofile"test"opmodewpa2pskaeswmmvodscp"56"wmmvidscp"40"wmmbedscp"24"wmmbkdscp"8"wpapassphrasedeb8ba84cfa75bb902938e766554c9ed7f045519bbe42d6b!wlanvirtualap"default"aaaprofile"defaultdot1x"!approvisioningprofile"default"!rfarmrfdomainprofilearmrfdomainkey"49868e8b02680a8f03980ea4288197a4"!apgroup"default"virtualap"default"dot11aradioprofile"ch40"dot11gradioprofile"channel6"!apname"00:1a:1e:ca:2c:1a"dot11aradioprofile"ch36"dot11gradioprofile"channel11"


!apname"00:1a:1e:ca:2c:76"dot11aradioprofile"ch36"dot11gradioprofile"channel1"!apname"00:24:6c:cb:f8:b1"!apname"00:24:6c:cb:f9:00"dot11aradioprofile"ch36"dot11gradioprofile"channel11"!apname"3400ap61a"dot11gradioprofile"channel6"!apname"3400ap61b"dot11gradioprofile"channel6"!logginglevelwarningssecuritysubcatidslogginglevelwarningssecuritysubcatidsapsnmpserverenabletrapprocessmonitorlogend

WLAN TR

WLAN Interoperability Test ReportWLAN configuration:

Beacon Interval: 100ms

Test object - Handset:DTIM Interval: 5

Ascomi62 sw version 4.3.12802.11d Regulatory Domain: world (802.11d)

Test object - WLAN system:WMM Enabled (Auto/WMM)

Aruba AOS 6.2.1.2No Auto-tune

AP105AP135AP125Single Voice VLAN

2.4Ghz5.0Ghz2.4Ghz5.0Ghz2.4Ghz5.0Ghz

Test CaseDescriptionVerdictVerdictVerdictVerdictVerdictVerdictComment

TEST AREA ASSOCIATION / AUTHENTICATION

#101Association with open authentication, no encryptionPASSPASSPASSPASSPASSPASSz

#104Association with WPA-PSK authentication, TKIP encryptionPASSPASSPASSPASSPASSPASS

#105Association with WPA-PSK authentication, AES-CCMP encryptionPASSPASSPASSPASSPASSPASS

#106Association with WPA2-PSK authentication, TKIP encryptionPASSPASSPASSPASSPASSPASS

#107Association with WPA2-PSK authentication, AES-CCMP encryptionPASSPASSPASSPASSPASSPASS

#110Association with PEAP-MSCHAPv2 auth, AES-CCMP encryptionPASSPASSPASSPASSPASSPASSFreeRADIUSFAIL

#115Association with multiple ESSIDs on APPASSPASSPASSPASSPASSPASSSee Comment

#116Association with EAP-TLS authenticationPASSPASSPASSPASSPASSPASSFreeRADIUS, both server ant client certificate needed

TEST AREA POWER-SAVE AND QOSPASS

#150802.11 Power-save modePASSPASSPASSPASSPASSPASSFAIL

#151Beacon period and DTIM intervalNOT TESTEDNOT TESTEDNOT TESTEDNOT TESTEDNOT TESTEDNOT TESTEDNOT TESTED

#152802.11e U-APSDPASSPASSPASSPASSPASSPASSSee Comment

#202WMM prioritizationPASSPASSPASSPASSPASSPASSload generated with iPerf. No noticable degeneration of voice quality

TEST AREA "PERFORMANCE"

#301Active mode - unencryptedNOT TESTEDNOT TESTEDNOT TESTEDNOT TESTEDNOT TESTEDNOT TESTED

#303Active mode encrypted with WPA2-PSKNOT TESTEDNOT TESTEDNOT TESTEDNOT TESTEDNOT TESTEDNOT TESTED

#308Power-save mode U-APSD WPA2-PSKNOT TESTEDNOT TESTEDNOT TESTEDNOT TESTEDNOT TESTEDNOT TESTED

#310CAC - TSPECNOT TESTEDNOT TESTEDNOT TESTEDNOT TESTEDNOT TESTEDNOT TESTED

TEST AREA ROAMING AND HANDOVER TIMES

#401Handover with open authentication and no encryptionPASSPASSPASSPASSPASSPASSbgn:22ms , an: 23ms

#403Handover with WPA-PSK authentication and TKIP encryptionPASSPASSPASSPASSPASSPASSbgn:44ms , an: 43ms

#404Handover with WPA2-PSK auth and AES-CCMP encryptionPASSPASSPASSPASSPASSPASSbgn:52ms , an: 49ms

#408Handover with PEAP-MSCHAPv2 authentication and AES-CCMP encryptionPASSPASSPASSPASSPASSPASSbgn:44ms , an: 57ms

#410Handover using PMKSA cachingPASSPASSPASSPASSPASSPASSAlways enabled

#411Handover using PMKSA and opportunistic/proactive key cachingPASSPASSPASSPASSPASSPASSsame test case as #408

TEST AREA BATTERY LIFETIME

#501Battery lifetime in idleNOT TESTEDNOT TESTEDNOT TESTEDNOT TESTEDNOT TESTEDNOT TESTED

#502Battery lifetime in call with no power saveNOT TESTEDNOT TESTEDNOT TESTEDNOT TESTEDNOT TESTEDNOT TESTED

#504Battery lifetime in call with power save mode U-APSDPASSPASSPASSPASSPASSPASS15h+ both 2.4 and 5ghz. Test done in RF cage

TEST AREA STABILITY

#601Duration of call Active modePASSPASSPASSPASSPASSPASS

#602Duration of call U-APSD modePASSPASSPASSPASSPASSPASS

TEST AREA 802.11n

#801Frame aggregation A-MSDUPASSPASSPASSPASSPASSPASSNo downlink aggregation seen

#802Frame aggregation A-MPDUNOT TESTEDNOT TESTEDNOT TESTEDNOT TESTEDNOT TESTEDNOT TESTED

#80440Mhz channelsNOT TESTEDPASSNOT TESTEDPASSNOT TESTEDPASS40Mhz channels not recomended for 2.4Ghz band

#805802.11n ratesPASSPASSPASSPASSPASSPASSup and downlink verified ok

version 6.2hostname "Aruba3400"clock timezone 0location "Building1.floor1" controller config 709ip NAT pool dynamic-srcnat 0.0.0.0 0.0.0.0ip access-list eth validuserethacl permit any !netservice svc-pcoip2-tcp tcp 4172netservice svc-snmp-trap udp 162netservice svc-netbios-dgm udp 138netservice svc-citrix tcp 2598netservice svc-smb-tcp tcp 445netservice svc-ike udp 500netservice svc-l2tp udp 1701netservice svc-syslog udp 514netservice svc-dhcp udp 67 68 alg dhcpnetservice svc-https tcp 443netservice svc-ica tcp 1494netservice svc-pptp tcp 1723netservice svc-telnet tcp 23netservice svc-http-accl tcp 88netservice svc-sccp tcp 2000 alg sccpnetservice svc-sec-papi udp 8209netservice svc-tftp udp 69 alg tftpnetservice svc-kerberos udp 88netservice svc-sip-tcp tcp 5060netservice svc-netbios-ssn tcp 139netservice svc-pcoip-udp udp 50002netservice svc-pcoip-tcp tcp 50002netservice svc-pop3 tcp 110netservice svc-adp udp 8200netservice svc-cfgm-tcp tcp 8211netservice svc-noe udp 32512 alg noenetservice svc-http-proxy3 tcp 8888netservice svc-lpd-tcp tcp 631netservice svc-msrpc-tcp tcp 135 139netservice svc-rtsp tcp 554 alg rtspnetservice svc-dns udp 53 alg dnsnetservice vnc tcp 5900 5905netservice svc-vocera udp 5002 alg voceranetservice svc-h323-tcp tcp 1720netservice svc-h323-udp udp 1718 1719netservice svc-http tcp 80netservice svc-nterm tcp 1026 1028netservice svc-sip-udp udp 5060netservice svc-http-proxy2 tcp 8080netservice svc-noe-oxo udp 5000 alg noenetservice svc-papi udp 8211netservice svc-ftp tcp 21 alg ftpnetservice svc-natt udp 4500netservice svc-svp 119 alg svpnetservice svc-microsoft-ds tcp 445netservice svc-gre 47netservice svc-smtp tcp 25netservice web tcp list "80 443"netservice svc-smb-udp udp 445netservice svc-sips tcp 5061 alg sipsnetservice svc-netbios-ns udp 137netservice svc-esp 50netservice svc-cups tcp 515netservice svc-pcoip2-udp udp 4172netservice svc-bootp udp 67 69netservice svc-snmp udp 161netservice svc-v6-dhcp udp 546 547netservice svc-icmp 1netservice svc-ntp udp 123netservice svc-msrpc-udp udp 135 139netservice svc-ssh tcp 22netservice svc-http-proxy1 tcp 3128netservice svc-v6-icmp 58netservice svc-lpd-udp udp 631netservice svc-vmware-rdp tcp 3389netexthdr default!time-range night-hours periodic weekday 18:01 to 23:59 weekday 00:00 to 07:59!time-range weekend periodic weekend 00:00 to 23:59!time-range working-hours periodic weekday 08:00 to 18:00!ip access-list session allow-diskservices any any svc-netbios-dgm permit any any svc-netbios-ssn permit any any svc-microsoft-ds permit any any svc-netbios-ns permit !ip access-list session control any any svc-papi permit any any svc-sec-papi permit user any udp 68 deny any any svc-icmp permit any any svc-dns permit any any svc-cfgm-tcp permit any any svc-adp permit any any svc-tftp permit any any svc-dhcp permit any any svc-natt permit !ip access-list session v6-icmp-acl!ip access-list session validuser network 169.254.0.0 255.255.0.0 any any deny any any any permit ipv6 host fe80:: any any deny ipv6 any any any permit !ip access-list session vocera-acl any any svc-vocera permit queue high !ip access-list session v6-https-acl!ip access-list session vmware-acl any any svc-vmware-rdp permit tos 46 dot1p-priority 6 any any svc-pcoip-tcp permit tos 46 dot1p-priority 6 any any svc-pcoip-udp permit tos 46 dot1p-priority 6 any any svc-pcoip2-tcp permit tos 46 dot1p-priority 6 any any svc-pcoip2-udp permit tos 46 dot1p-priority 6 !ip access-list session v6-control ipv6 any any svc-papi permit ipv6 any any svc-sec-papi permit ipv6 user any udp 547 deny ipv6 any any svc-v6-icmp permit ipv6 any any svc-dns permit ipv6 any any svc-cfgm-tcp permit ipv6 any any svc-adp permit ipv6 any any svc-tftp permit ipv6 any any svc-dhcp permit ipv6 any any svc-natt permit !ip access-list session icmp-acl any any svc-icmp permit !ip access-list session captiveportal user alias controller svc-https dst-nat 8081 user any svc-http dst-nat 8080 user any svc-https dst-nat 8081 user any svc-http-proxy1 dst-nat 8088 user any svc-http-proxy2 dst-nat 8088 user any svc-http-proxy3 dst-nat 8088 !ip access-list session v6-dhcp-acl!ip access-list session allowall any any any permit !ip access-list session v6-dns-acl!ip access-list session test!ip access-list session sip-acl any any svc-sip-udp permit queue high any any svc-sip-tcp permit queue high !ip access-list session https-acl any any svc-https permit !ip access-list session citrix-acl any any svc-citrix permit tos 46 dot1p-priority 6 any any svc-ica permit tos 46 dot1p-priority 6 !ip access-list session dns-acl any any svc-dns permit !ip access-list session ascom any any any permit !ip access-list session ra-guard ipv6 user any icmpv6 rtr-adv deny !ip access-list session allow-printservices any any svc-cups permit any any svc-lpd-tcp permit any any svc-lpd-udp permit !ip access-list session logon-control user any udp 68 deny any any svc-icmp permit any any svc-dns permit any any svc-dhcp permit any any svc-natt permit !ip access-list session vpnlogon user any svc-ike permit user any svc-esp permit any any svc-l2tp permit any any svc-pptp permit any any svc-gre permit !ip access-list session srcnat user any any src-nat !ip access-list session skinny-acl any any svc-sccp permit queue high !ip access-list session tftp-acl any any svc-tftp permit !ip access-list session v6-allowall!ip access-list session cplogout user alias controller svc-https dst-nat 8081 !ip access-list session dhcp-acl any any svc-dhcp permit !ip access-list session http-acl any any svc-http permit !ip access-list session v6-http-acl!ip access-list session captiveportal6 ipv6 user alias controller6 svc-https captive ipv6 user any svc-http captive ipv6 user any svc-https captive ipv6 user any svc-http-proxy1 captive ipv6 user any svc-http-proxy2 captive ipv6 user any svc-http-proxy3 captive !ip access-list session ap-uplink-acl any any udp 68 permit any any svc-icmp permit any host 224.0.0.251 udp 5353 permit !ip access-list session ap-acl any any svc-gre permit any any svc-syslog permit any user svc-snmp permit user any svc-http permit user any svc-http-accl permit user any svc-smb-tcp permit user any svc-msrpc-tcp permit user any svc-snmp-trap permit user any svc-ntp permit user alias controller svc-ftp permit !ip access-list session svp-acl any any svc-svp permit queue high user host 224.0.1.116 any permit !ip access-list session noe-acl any any svc-noe permit queue high !ip access-list session v6-ap-acl ipv6 any any svc-gre permit ipv6 any any svc-syslog permit ipv6 any user svc-snmp permit ipv6 user any svc-snmp-trap permit ipv6 user any svc-ntp permit ipv6 user alias controller6 svc-ftp permit !ip access-list session h323-acl any any svc-h323-tcp permit queue high any any svc-h323-udp permit queue high !ip access-list session v6-logon-control!vpn-dialer default-dialer ike authentication PRE-SHARE 4c59c7e88b3480e67d8f9ff249f167ddcdcfbc36a07f7000!user-role ap-role access-list session control access-list session ap-acl access-list session v6-control access-list session v6-ap-acl!user-role denyall!user-role default-vpn-role access-list session allowall access-list session v6-allowall!user-role cpbase!user-role voice access-list session sip-acl access-list session noe-acl access-list session svp-acl access-list session vocera-acl access-list session skinny-acl access-list session h323-acl access-list session dhcp-acl access-list session tftp-acl access-list session dns-acl access-list session icmp-acl!user-role ascom access-list session ascom!user-role default-via-role access-list session allowall access-list session v6-allowall!user-role guest-logon captive-portal "default" access-list session logon-control access-list session captiveportal access-list session v6-logon-control access-list session captiveportal6!user-role guest access-list session http-acl access-list session https-acl access-list session dhcp-acl access-list session icmp-acl access-list session dns-acl access-list session v6-http-acl access-list session v6-https-acl access-list session v6-dhcp-acl access-list session v6-icmp-acl access-list session v6-dns-acl!user-role stateful-dot1x!user-role authenticated access-list session allowall access-list session v6-allowall!user-role logon access-list session logon-control access-list session captiveportal access-list session vpnlogon access-list session v6-logon-control access-list session captiveportal6!!

interface mgmtshutdown!

dialer group evdo_us init-string ATQ0V1E0 dial-string ATDT#777!

dialer group gsm_us init-string AT+CGDCONT=1,"IP","ISP.CINGULAR" dial-string ATD*99#!

dialer group gsm_asia init-string AT+CGDCONT=1,"IP","internet" dial-string ATD*99***1#!

dialer group vivo_br init-string AT+CGDCONT=1,"IP","zap.vivo.com.br" dial-string ATD*99#!

no spanning-tree

interface gigabitethernet 1/0description "GE1/0"trustedtrusted vlan 1-4094!




interface vlan 1ip address 192.168.0.13 255.255.255.0!

ip default-gateway 172.20.106.1ip default-gateway 192.168.0.50uplink disable

ap mesh-recovery-profile cluster Recovery3YY7svy9npuyoWT2 wpa-hexkey c91d04ae9d1cd6903de40223c83192b1c94a87680f124648d413c1cbdb93e23c825e65592b831f21d22cb5baea6c27b03bcb212fb64b2f4915247b552294b704790ba063ee92929dc849d8abd75f842bcrypto isakmp policy 20 encryption aes256!

crypto ipsec transform-set default-boc-bm-transform esp-3des esp-sha-hmaccrypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmaccrypto ipsec transform-set default-aes esp-aes256 esp-sha-hmaccrypto dynamic-map default-dynamicmap 10000 set transform-set "default-transform" "default-aes" !

crypto isakmp eap-passthrough eap-tlscrypto isakmp eap-passthrough eap-peapcrypto isakmp eap-passthrough eap-mschapv2

vpdn group l2tp!

!

vpdn group pptp!

tunneled-node-address 0.0.0.0

adp discovery enableadp igmp-join enableadp igmp-vlan 0

voice rtcp-inactivity disablevoice alg-based-cac enablevoice sip-midcall-req-timeout disableap ap-blacklist-time 3600

mgmt-user admin root 5436b5a101681372db26d314e974065944317cd3e1fe6a5534

no database synchronizedatabase synchronize rf-plan-data

ip mobile domain default!

ip igmp!

ipv6 mld!

no firewall attack-rate cp 1024ipv6 firewall ext-hdr-parse-len 100

!

!firewall cppacket-capture-defaults tcp disable udp disable interprocess disable sysmsg disable other disable!ip domain lookup!country USaaa authentication mac "default"!aaa authentication dot1x "ArubaIntop-dot1x_prof"!aaa authentication dot1x "ascom" machine-authentication enable machine-authentication machine-default-role "ascom" machine-authentication user-default-role "authenticated" reauthentication termination enable termination eap-type eap-peap termination inner-eap-type eap-mschapv2!aaa authentication dot1x "default"!aaa authentication dot1x "Freeradius" machine-authentication enable machine-authentication machine-default-role "ascom" machine-authentication user-default-role "authenticated"!aaa authentication-server radius "Intop" host "192.168.0.2" key 4c30ba7b0dba34f13c19d389cfc76ca9!aaa server-group "ascom" auth-server Internal!aaa server-group "default" auth-server Internal set role condition role value-of!aaa server-group "intop" auth-server Intop!aaa profile "ascom" initial-role "ascom" authentication-dot1x "ascom" dot1x-default-role "authenticated" dot1x-server-group "ascom"!aaa profile "default"!aaa profile "default-dot1x" initial-role "ascom" authentication-dot1x "Freeradius" dot1x-default-role "authenticated" dot1x-server-group "intop"!aaa profile "default-dot1x-psk" initial-role "ascom" authentication-dot1x "default-psk" dot1x-default-role "authenticated"!aaa authentication captive-portal "default"!aaa authentication wispr "default"!aaa authentication vpn "default"!aaa authentication vpn "default-rap"!aaa authentication mgmt!aaa authentication stateful-ntlm "default"!aaa authentication stateful-kerberos "default"!aaa authentication stateful-dot1x server-group "intop"!aaa authentication wired!web-server!guest-access-email!voice logging!voice dialplan-profile "default"!voice real-time-config!voice sip!aaa password-policy mgmt!control-plane-security no cpsec-enable!ids wms-general-profile poll-retries 3!ids wms-local-system-profile!valid-network-oui-profile!qos-profile "default"!policer-profile "default"!ap system-profile "default" rf-band a!ap regulatory-domain-profile "default" country-code US valid-11g-channel 1 valid-11g-channel 6 valid-11g-channel 11 valid-11a-channel 36 valid-11a-channel 40 valid-11a-channel 44 valid-11a-channel 48 valid-11a-channel 149 valid-11a-channel 153 valid-11a-channel 157 valid-11a-channel 161 valid-11a-channel 165 valid-11g-40mhz-channel-pair 1-5 valid-11g-40mhz-channel-pair 7-11 valid-11a-40mhz-channel-pair 36-40 valid-11a-40mhz-channel-pair 44-48 valid-11a-40mhz-channel-pair 149-153 valid-11a-40mhz-channel-pair 157-161!ap wired-ap-profile "default"!ap enet-link-profile "default"!ap mesh-ht-ssid-profile "default"!ap lldp med-network-policy-profile "default"!ap mesh-cluster-profile "default"!ap lldp profile "default"!ap mesh-radio-profile "default"!ap wired-port-profile "default"!ids general-profile "default"!ids unauthorized-device-profile "default"!ids profile "default"!rf arm-profile "default" assignment disable!rf arm-profile "disable" assignment disable no scanning no multi-band-scan!rf optimization-profile "default"!rf event-thresholds-profile "default"!rf am-scan-profile "default"!rf dot11a-radio-profile "ch 36" channel 36 tx-power 30 dot11h arm-profile "disable"!rf dot11a-radio-profile "ch 40" channel 40 tx-power 50!rf dot11a-radio-profile "default" arm-profile "disable"!rf dot11g-radio-profile "channel-1" channel 1 dot11h arm-profile "disable"!rf dot11g-radio-profile "channel-11" channel 11 tx-power 30 dot11h arm-profile "disable"!rf dot11g-radio-profile "channel-6" channel 6 dot11h beacon-period 500 arm-profile "disable"!rf dot11g-radio-profile "default"!wlan handover-trigger-profile "default"!wlan rrm-ie-profile "default"!wlan bcn-rpt-req-profile "default"!wlan tsm-req-profile "default"!wlan voip-cac-profile "default"!wlan ht-ssid-profile "default"!wlan edca-parameters-profile station "default"!wlan edca-parameters-profile ap "default"!wlan dot11k-profile "default"!wlan ssid-profile "--NEW--" essid "ArubaIntop2" wmm-vo-dscp "56" wmm-vi-dscp "40" wmm-be-dscp "24" wmm-bk-dscp "8"!wlan ssid-profile "default" essid "ArubaIntop" opmode wpa2-psk-aes dtim-period 5 g-basic-rates 6 g-tx-rates 6 12 18 24 36 48 54 max-retries 4 wmm wmm-vo-dscp "46" wmm-vi-dscp "40" wmm-be-dscp "26" wmm-bk-dscp "0" wepkey1 f5999ea8f3aa90291ab9d8959e408196204d90e83c193b97 wpa-passphrase b25016e142b114fde2131b4a57876bc92e8c4ab655392842 max-tx-fail 25!wlan ssid-profile "test" opmode wpa2-psk-aes wmm-vo-dscp "56" wmm-vi-dscp "40" wmm-be-dscp "24" wmm-bk-dscp "8" wpa-passphrase deb8ba84cfa75bb902938e766554c9ed7f045519bbe42d6b!wlan virtual-ap "default" aaa-profile "default-dot1x"!ap provisioning-profile "default"!rf arm-rf-domain-profile arm-rf-domain-key "49868e8b02680a8f03980ea4288197a4"!ap-group "default" virtual-ap "default" dot11a-radio-profile "ch 40" dot11g-radio-profile "channel-6"!ap-name "00:1a:1e:ca:2c:1a" dot11a-radio-profile "ch 36" dot11g-radio-profile "channel-11"!ap-name "00:1a:1e:ca:2c:76" dot11a-radio-profile "ch 36" dot11g-radio-profile "channel-1"!ap-name "00:24:6c:cb:f8:b1"!ap-name "00:24:6c:cb:f9:00" dot11a-radio-profile "ch 36" dot11g-radio-profile "channel-11"!ap-name "3400-ap-61-a" dot11g-radio-profile "channel-6"!ap-name "3400-ap-61-b" dot11g-radio-profile "channel-6"!logging level warnings security subcat idslogging level warnings security subcat ids-ap

snmp-server enable trap

process monitor logend

Documents

Deploying Ascom i62 with Aruba Networks’ Secure Mobility ... · Deploying Ascom i62 with Aruba Networks’ Secure Mobility ... Networks®, Aruba Wireless Networks®, the registered