Configuration window is displayed.
||To create a new
WLAN window is displayed.
General tab, set the following parameters:
WLAN ID—From the
drop-down list, choose an ID number for this WLAN.
Name—Enter up to 32 characters for the profile name to be assigned
to this WLAN. The profile name must be unique.
SSID—Enter up to
32 characters for the SSID to be assigned to this WLAN.
the drop-down list, choose
Enabled to enable this WLAN. Otherwise choose
Disabled. The default is Enabled.
radio policy allows you to optimize the RF settings for all the APs associated
with a WLAN. The selected radio policy applies to the 802.11 radios. Each radio
policy specifies which part of the spectrum the WLAN is advertised on, whether
it is on 2.4 GHz (the 802.11b or 802.11g modes) or on 5GHz (802.11a mode) or
Set the RF
profiles for APs that are associated with the controller. Choose one of the
following from the
Radio Policy drop-down list:
Security tab, set the following parameters:
one of the following security authentication options from this drop-down list:
controller can provide guest user access on WLANs which are specifically
designated for use by guest users. To set this WLAN exclusively for guest user
access, choose the
set the authentication for guest users by choosing one of the following options
Guest Authentication drop-down list:
Require Username and Password—This is the default
option. Choose this option to authenticate guests using the username and
password which you can specify for guest users of this WLAN, under
Wireless Settings > WLAN Users. For more
Viewing and Managing WLAN Users.
Display Terms & Conditions—Choose this option to
allow guests access to the WLAN upon acceptance of displayed terms and
conditions. This option allows guest users to access the WLAN without entering
a username and password.
Require Email Address—Choose this option, if you
want guest users to be prompted for their e-mail address when attempting to
access the WLAN. Upon entering a valid email address, access it provided. This
option allows guest users to access the WLAN without entering a username and
Open—This option stands for Open authentication,
which allows any device to authenticate and then attempt to communicate with an
AP. Using open authentication, any wireless device can authenticate with the
Personal—This option stands for Wi-Fi Protected Access 2 with
pre-shared key (PSK). WPA2 Personal is a method used for securing your network
with the use of a PSK authentication. The PSK is configured separately both on
the controller AP, under the WLAN security policy, and on the client. WPA2
Personal does not rely on an authentication server on your network. This option
is used when you do not have an enterprise authentication server. If you choose
this option, then specify the PSK in the
Shared Key field.
Enterprise—This option stands for Wi-Fi Protected Access 2, with a
local authentication server or a RADIUS server. This is the default option.
a local authentication method, choose
AP in the
Authentication Server drop-down list. This option is
a Local EAP authentication method that allows users and wireless clients to be
authenticated locally. The controller in the master AP serves as the
authentication server and the local user database, which removes dependence on
an external authentication server.
a RADIUS server-based authentication method, choose
External Radius in the
Authentication Server drop-down list. RADIUS is a
client/server protocol that enables communication with a central server to
authenticate users and authorize their access to the WLAN. You can specify up
to two RADIUS authentication servers. For each server you need to specify the
- RADIUS IP—IPv4
address of the RADIUS server
RADIUS Port—Enter the communication port of the
RADIUS server. The default value is 1812.
Shared Secret—Enter the secret key used by the
RADIUS server, in ASCII format.
& Firewall tab, in the
VLAN Tagging drop-down list, choose
Yes to enable VLAN tagging of packets. Then, choose
ID from the drop-down list, to use for the tagging. By default VLAN
Tagging is disabled.
VLAN Tagging, the chosen VLAN ID is inserted into a packet header in order to
identify which VLAN (Virtual Local Area Network) the packet belongs to. This
enables the controller to use the VLAN ID to determine which VLAN to send a
broadcast packet to, thereby providing traffic separation between VLANs.
|| If you have
chosen to enable VLAN Tagging, then you have an option to enable a firewall for
the WLAN based on Access Control Lists (ACLs). An ACL is a set of rules used to
limit access to a particular WLAN to control data traffic to and from wireless
clients or to the controller CPU to control all traffic destined for the CPU.
To enable an
Enable Firewall drop-down list, choose
ACL Name field, enter a name for the new ACL. You
can enter up to 32 alphanumeric characters. The ACL name must be unique.
rules for the ACL, click
Note that ACL
rules are applied to the VLAN. Multiple WLANs can use the same VLAN, hence
inheriting ACL rules, if any.
rule for this ACL as follows:
Action drop-down list, choose
Deny to cause this ACL to block packets or
Permit to cause this ACL to allow packets. The
default is Permit. The controller can permit or deny only IP packets in an ACL.
Other types of packets (such as ARP packets) cannot be specified.
Protocol drop-down list, choose the protocol ID of
the IP packets to be used for this ACL. These are the protocol options:
Any—Any protocol (this is the default value)
TCP—Transmission Control Protocol
UDP—User Datagram Protocol
ICMP—Internet Control Message Protocol
ESP—IP Encapsulating Security Payload
GRE—Generic Routing Encapsulation
IP in IP—Internet Protocol (IP) in IP (permits or
denies IP-in-IP packets)
Eth Over IP—Ethernet-over-Internet Protocol
OSPF—Open Shortest Path First
Other—Any other Internet Assigned Numbers Authority
(IANA) protocol. If you choose Other, enter the number of the desired protocol
in the Protocol text box. You can find the list of available protocols in the
Dest. IP/Mask field, enter the IP address and
netmask of the specific destination.
have chosen TCP or UDP, you will need specify a
Destination Port. This destination port can be used
by applications that send and receive data to and from the networking stack.
Some ports are designated for certain applications such as Telnet, SSH, HTTP,
and so on.
DSCP drop-down list, choose one of these options to
specify the differentiated services code point (DSCP) value of this ACL. DSCP
is an IP header text box that can be used to define the quality of service
across the Internet. You can choose:
Any—Any DSCP (this is the default value)
Specific—A specific DSCP from 0 to 63, which you enter in the
DSCP edit box
Apply icon to commit your changes.
service (QoS) refers to the capability of a network to provide better service
to selected network traffic over various technologies. The primary goal of QoS
is to provide priority, including dedicated bandwidth, controlled jitter and
latency (required by some real-time and interactive traffic), and improved loss
Mobility Express controller supports the following four QoS levels. Under the
QoS tab, from the
QoS drop-down list, choose one of the following QoS
(Voice)—Ensures a high quality of service for voice over wireless.
(Video)—Supports high-quality video applications.
Effort)—Supports normal bandwidth for clients.
(Background)—Provides the lowest bandwidth for guest services.
Visibility classifies applications using the Network-Based
Application Recognition (NBAR2) engine, and provides application-level
visibility in wireless networks. Application Visibility enables the controller
to detect and recognize more than 1000 applications and perform real-time
analysis, and monitor network congestion and network link usage. This feature
contributes to the
Applications By Usage statistic in the
Application Visibility, choose
Enabled (the default option) from the
Application Visibility drop-down list. Otherwise,