Summary of Contents for Siemens SCALANCE W1750D UI
Page 1
About this guide Security recommendations SIMATIC NET About SCALANCE W Setting up an AP SCALANCE W1750D UI Automatic Retrieval of Configuration SCALANCE W User Interface Configuration Manual Initial Configuration Tasks Customizing AP Settings VLAN Configuration IPv6 Support Wireless Network Profiles...
Page 3
Continued Dynamic DNS Registration VPN Configuration AP-VPN Deployment Adaptive Radio Management Deep Packet Inspection and SCALANCE W1750D UI Application Visibility Voice and Video Services Configuration Manual AP Management and Monitoring Uplink Configuration Intrusion Detection Mesh AP Configuration Mobility and Client...
Page 4
Note the following: WARNING Siemens products may only be used for the applications described in the catalog and in the relevant technical documentation. If products and components from other manufacturers are used, these must be recommended or approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and maintenance are required to ensure that the products operate safely and without any problems.
Page 6
Configuring Per-AP SSID and Per-AP-VLAN Settings on a Wireless Profile ...... 134 11.2 Configuring Fast Roaming for Wireless Clients ..............135 11.2.1 Opportunistic Key Caching ....................135 11.2.2 Fast BSS Transition (802.11r Roaming) ................137 11.2.3 Radio Resource Management (802.11k) ................138 SCALANCE W1750D UI Configuration Manual, , C79000-G8976-C451-02...
Page 7
Accessing the Portal Page ....................186 13.7 Configuring Guest Logon Role and Access Rules for Guest Users ........187 13.8 Configuring Captive Portal Roles for an SSID ..............190 13.9 Configuring Walled Garden Access ..................194 SCALANCE W1750D UI Configuration Manual, , C79000-G8976-C451-02...
Page 8
Understanding VLAN Assignment ..................273 15.4.4 Configuring VLAN Derivation Rules ..................275 15.5 Using Advanced Expressions in Role and VLAN Derivation Rules ........277 15.6 Configuring a User Role for VLAN Derivation ..............279 SCALANCE W1750D UI Configuration Manual, , C79000-G8976-C451-02...
Page 9
Access Point Control......................347 21.2.5 Verifying ARM Configuration ....................348 21.3 Configuring Radio Settings ....................351 Deep Packet Inspection and Application Visibility ................357 22.1 Deep Packet Inspection ......................357 22.2 Enabling Application Visibility ....................358 SCALANCE W1750D UI Configuration Manual, , C79000-G8976-C451-02...
Page 10
Setting an Uplink Priority ...................... 435 26.5.3 Enabling Uplink Preemption ....................435 26.5.4 Switching Uplinks Based on VPN and Internet Availability ..........436 26.5.5 Viewing Uplink Status and Configuration ................438 Intrusion Detection ..........................441 SCALANCE W1750D UI Configuration Manual, , C79000-G8976-C451-02...
Page 11
Associating an Advertisement Profile to a Hotspot Profile ........... 511 33.2.4 Creating a WLAN SSID and Associating Hotspot Profile ............. 512 33.3 Sample Configuration ......................514 ClearPass Guest Setup ........................519 34.1 Configuring ClearPass Guest ....................519 SCALANCE W1750D UI Configuration Manual, , C79000-G8976-C451-02...
Page 12
SCALANCE W, ClearPass Policy Manager, and ClearPass Guest Requirements ....388 Table 24- 2 AirGroup Filtering Options ......................389 Table 24- 3 XML API Command ........................407 Table 24- 4 XML API Command Options ...................... 408 SCALANCE W1750D UI Configuration Manual, , C79000-G8976-C451-02...
Page 13
Figure 6-12 .................. 68 Client Distribution on AP Radio Figure 6-13 ....................72 Figure 6-14 Channel Availability Map for Clients .................... 72 Alerts Link Figure 6-15 ............................ 74 Figure 6-16 Client Alerts ..........................75 SCALANCE W1750D UI Configuration Manual, , C79000-G8976-C451-02...
Page 15
Routing of traffic when the client is away from its home network ..........455 Figure 29-2 L3 Mobility Window ........................458 Figure 30-1 Device List ..........................462 Figure 30-2 Channel Details .......................... 464 Figure 30-3 Channel Metrics for the 2.4 GHz Radio Channel ............... 465 SCALANCE W1750D UI Configuration Manual, , C79000-G8976-C451-02...
Page 16
Scenario 2 - IPsec: Single Datacenter with Multiple controllers for Redundancy ...... 536 Figure 35-3 Scenario 3 - IPsec: Multiple Datacenter Deployment with Primary and Backup Controllers for Redundancy .......................... 542 Figure 35-4 Scenario 4 - GRE: Single Datacenter Deployment with No Redundancy ......... 548 SCALANCE W1750D UI Configuration Manual, , C79000-G8976-C451-02...
Page 17
Siemens’ products and solutions undergo continuous development to make them more secure. Siemens strongly recommends that product updates are applied as soon as they are available and that the latest product versions are used. Use of product versions that are no longer supported, and failure to apply the latest updates may increase customer’s exposure...
Page 18
About this guide SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
# send In this example, you would type “send” at the system prompt exactly as shown, followed by the text of the message you wish to send. Do not type the angle brackets. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 20
Service & Support In addition to the product documentation, also check out the comprehensive online information platform of Siemens Industry Online Support at the following Internet address: (https://support.industry.siemens.com/cs/de/en/) Apart from news, there you will also find: ●...
● Keep the software up to date. Check regularly for security updates of the product. You will find information on this on the Internet pages "Industrial Security (https://www.siemens.com/industrialsecurity)" ● Inform yourself regularly about security advisories and bulletins published by Siemens ProductCERT (https://www.siemens.com/cert/en/cert-security-advisories.htm). ● Only activate protocols that you really require to use the device.
Page 22
● Verify certificates and fingerprints on the server and client to avoid "man in the middle" attacks. ● We recommend that you use certificates with a key length of 2048 bits. ● Change keys and certificates immediately, if there is a suspicion of compromise SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 23
● If you require non-secure protocols and services, operate the device only within a protected network area. ● Restrict the services and protocols available to the outside to a minimum. SCALANCE W1750D UI Configuration Manual, , C79000-G8976-C451-02...
Page 24
UDP/8211 Open Open Proprietary (dTable) UDP/8612 Open Open RADIUS UDP/1616 Open Open UDP/1892 Open Open SNMP UDP/161 Open Open TCP/22 Open Open TCP/2322 Open Open Syslog UDP/514 Open Open Telnet TCP/23 Open Open SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Virtual Controller. SCALANCE W continually monitors the network to determine the AP that should function as the Virtual Controller at any time, and the Virtual Controller will move from one AP to another as necessary without impacting network performance. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Continue login link on the Login page. Note To view the SCALANCE W UI, ensure that JavaScript is enabled on the web browser. Note The SCALANCE W UI logs out automatically if the window is inactive for 15 minutes. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
SSH access requires that you configure an IP address and a default gateway on the AP and connect the AP to your network. This is typically performed when the SCALANCE W network on an AP is set up. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 28
About SCALANCE W 3.3 SCALANCE W CLI SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
● PoE midspan—Connect the Enet0 port of the AP to the appropriate port on the PoE midspan. ● AC to DC power adapter—Connect the 12V DC power jack socket to the AC to DC power adapter. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
NTP traffic to pool.ntp.org, or provide alternative NTP servers under DHCP options. For more information on configuring an NTP server, see NTP-Server (Page 81). SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 32
APs in the same VLAN automatically find each other and form a single functioning network managed by a VC. Note Moving an AP from one cluster to another requires a factory reset of the AP. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
5. In the apboot mode, execute the following commands to disable the provisioning network: apboot> factory_reset apboot> setenv disable_prov_ssid 1 apboot> saveenv apboot> reset 4.2.2 Provisioning APs through Airwave AirWave Deployment For information on provisioning APs through AirWave, refer to the Guide SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
APs use. Within the regulated transmission spectrum, a high-throughput 802.11ac, 802.11a, 802.11b/g, or 802.11n radio setting can be configured. The available 20 MHz, 40 MHz, or 80 MHz channels are dependent on the specified country code. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 35
US and Japan for most of the AP models. For AP-RW variants, you can select from the list of supported regulatory domains. If the supported country code is not in the list, contact your Siemens Support team to know if the required country code is supported and obtain the software that supports the required country code.
You can use the question mark (?) to view the commands available in a privileged EXEC mode, configuration mode, or subcommand mode. Note Although automatic completion is supported for some commands such as , the complete exit and end commands must be entered at command prompt. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 37
CLI session are saved in the CLI context. The CLI does not support the configuration data exceeding the 4K buffer size in a CLI session. Therefore, Siemens recommends that you configure fewer changes at a time and apply the changes at regular intervals.
Page 38
Using Sequence-Sensitive Commands The SCALANCE W CLI does not support positioning or precedence of sequence-sensitive commands. Therefore, Siemens recommends that you remove the existing configuration before adding or modifying the configuration details for sequence-sensitive commands. You can either delete an existing profile or remove a specific configuration by using the no…...
Page 39
You can also specify a timeout value of 0 to disable CLI session timeouts. The users must re-login to the AP after the session times out. The session does not time out when the value is set to 0. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 40
Setting up an AP 4.4 Accessing the SCALANCE W CLI SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
APs, configure the managed mode command parameters. Prerequisites Perform the following checks before configuring the managed mode command parameters: ● When the APs are in the managed mode, ensure that the APs are not managed by AirWave. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
NOTE: Specify the retry interval in seconds within the range of 5–60 downloading the configuration file. seconds. The default retry interval is 5 seconds. (scalance)(managed-mode-profile)# end (scalance)# commit 8. Apply the configuration changes. apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
2. Verify the status of download by running the following command at the command prompt: (scalance)# show managed-mode logs If the configuration settings retrieved in the configuration file are incomplete, APs reboot with the earlier configuration. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
If SCALANCE W cannot detect the language, then English is used as the default language. You can also select the required language option from the Languages drop-down list located on the SCALANCE W main window. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 46
Logging into the SCALANCE W UI To log in to the SCALANCE W UI, enter the following credentials: ● Username — admin ● Password — admin The SCALANCE W UI main window is displayed. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
● Search Text Box ● Tabs ● Links ● Views Banner The banner is a horizontal gray rectangle that appears on the SCALANCE W main window. It displays the company name, logo, and the VC's name. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 48
The individual tabs can be expanded or collapsed by clicking the tabs. The list items in each tab can be sorted by clicking the triangle icon next to the heading labels SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Network tab. To delete a network, click the x link. For more information on the procedure to add or modify a wireless network, see Wireless Network Profiles (Page 109). SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
● Utilization (%)—Percentage of time that the channel is utilized. ● Noise (dBm)—Noise floor of the channel. An edit link is displayed on clicking the AP name. For details on editing AP settings, see Customizing AP Settings (Page 89). SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
● Speed (mbps)—Current speed at which data is transmitted. When the client is associated with an AP, it constantly negotiates the speed of data transfer. A value of 0 means that the AP has not heard from the client for some time. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
This link is displayed on the SCALANCE W main window only if a new image version is available on the image server and AirWave is not configured. For more information on the New version available link and its functions, see Upgrading an AP (Page 471) SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
AP (Page 471) for more information. ● Time Based Services—Allows you to configure a time profile which can be assigned to the SSID configured on the AP. See Configuring Time-Based Services. (Page 295) SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
● Custom Blocked Page URL—Use this tab to create a list of URLs that can be blocked using an ACL rule. For more information, see Creating Custom Error Page for Web Access Blocked by AppRF Policies (Page 260). SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
● About — Displays the name of the product, build time, AP model name, the SCALANCE W version, website address of Siemens, and copyright information. ● Configuration — Displays the following details: – Current Configuration — Displays the current configuration details.
VPN concentrator. See VPN Configuration (Page 303) for more information. The following figure shows an example of the IPsec configuration options available in the VPN window: VPN Window for IPsec Configuration Figure 6-3 SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
The following figures show the IDS window: IDS Window: Intrusion Detection Figure 6-4 IDS Window: Intrusion Protection Figure 6-5 For more information on wireless intrusion detection and protection, see Detecting and Classifying Rogue APs (Page 441). SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
● CALEA — Allows you configure support for Communications Assistance for Law Enforcement Act (CALEA) server integration, thereby ensuring compliance with Lawful Intercept and CALEA specifications. For more information, see CALEA Integration and Lawful Intercept Compliance (Page 409). SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
PAN, see Integrating an AP with Palo Alto Networks Firewall (Page 403) and Integrating an AP with an XML API Interface (Page 406). The following figure shows the default view of the Services window: Figure 6-7 Services Window: Default View SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
The DHCP Servers window allows you to configure various DHCP modes. The following figure shows the options available in the DHCP Servers window: DHCP Servers Window Figure 6-8 For more information, see DHCP Configuration (Page 281). SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Monitoring pane.The Monitoring pane consists of the following sections: ● Info ● RF Dashboard ● RF Trends ● Usage Trends ● Mobility Trail SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 62
WLAN SSIDs also indicates status of captive portal and CALEA ACLs and provides a link to upload certificates for the internal server. For more information, see Uploading Certificates (Page 238). SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 63
Channel—Indicates the channel that is currently used by the client. • Type—Displays the channel type on which the client is broadcasting. • Role—Displays the role assigned to the client. • Contents of the Info Section in the SCALANCE W Main Window SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Orange — Utilization is between 50% and 75%. • Red — Utilization is more than 75%. • To view the utilization graph of an AP, click the Utilization icon next to the AP in the Utiliza- tion column. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 65
• To view the errors graph of an AP, click the Errors icon next to the AP in the Errors col- umn. Contents of the Info Section in the SCALANCE W Main Window SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
3. Study the Signal graph in the RF Trends pane. For example, the graph shows that signal strength for the client is 54.0 dB at 12:23 hours. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
12:30 hours. put of the client for the last 15 minutes. To see the exact throughput at a particular time, move the cursor over the graph line. Client View—RF Trends Graphs and Monitoring Procedures SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
• pane. For example, the graph shows that SCALANCE W network at a particular time, one client is associated with the selected move the cursor over the graph line. network at 12:00 hours. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 69
3. Study the CPU Utilization graph in the Overview pane. For example, the graph shows that the CPU utilization of the AP is 30% at 12:09 hours. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 70
3. Study the Clients graph. For example, the with the selected AP at a particular time, move graph shows that six clients are associated the cursor over the graph line. with the AP at 12:11 hours. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 71
AP. The SCALANCE W UI shows the client and AP association over the last 15 minutes. ● Access Point—The AP name with which the client was associated. Note Mobility information about the client is reset each time it roams from one AP to another. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
RSSI, channel utilization details, and client count on each channel are displayed. The following figure shows the client view heat map for an AP radio: Figure 6-14 Channel Availability Map for Clients SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Ratio (SNIR). Spectrum monitors display spectrum analysis data seen on all channels in the selected band, and hybrid APs display data from the single channel that they are monitoring. For more information on spectrum monitoring, see Spectrum Monitor (Page 461). SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
The following figure shows the contents of details displayed on clicking the Alerts link: Alerts Link Figure 6-15 The Alerts link displays the following types of alerts: ● Client Alerts ● Active Faults ● Fault History SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Cleared by — Displays the module which cleared this fault. • Description — Displays the event details. • The following figures show the client alerts, active faults, and fault history: Figure 6-16 Client Alerts SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Corrective Actions Code 100101 Internal error The AP has encountered an internal error Contact the Siemens customer support team. for this client. 100102 Unknown SSID in The AP cannot allow this client to associ- Identify the client and check its Wi- Fi driver...
Page 77
If the AP is using the internal RADIUS server, connection failure using 802.1X because the RADIUS serv- Siemens recommends checking the related er did not respond to the authentication configuration as well as the installed certifi- request. If the AP is using the internal cate and passphrase.
Push Pin icon to view the information. The following figure shows an example for the intrusion detection log: Figure 6-19 Intrusion Detection For more information on the intrusion detection feature, see Intrusion Detection (Page 441). SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
The Configuration link provides an overall view of your VC, APs, and WLAN SSID configuration. The following figure shows the VC configuration details displayed on clicking the Configuration link. Figure 6-21 Configuration Link SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
In the Client view, all the clients in the SCALANCE W network are listed in the Clients tab. Click the IP address of the client that you want to monitor. For more information on the graphs and the views, see Monitoring (Page 61). SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
VLAN as the native VLAN of the up- stream switch, to which the AP is connected. By de- fault, the AP considers the uplink switch native VLAN value as 1. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 82
Mobility Access Switch to turn off ports where rogue access points are connected, as well as take actions such as increasing PoE priority and au- tomatically configuring VLANs on ports where SCALANCE W Access Points are connected. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 83
<start-hour> <end- week> <end-day> <end-month> <end- hour> (scalance)(config) Preferred Band The preferred band for the AP. # rf-band <band> NOTE: Reboot the AP after modifying the radio profile for changes to take effect. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 84
When Auto-Join feature is disabled, the inactive APs are displayed in red. (scalance)(config) Terminal access When terminal access is enabled, you can access the # terminal-access AP CLI through SSH. The terminal access is enabled by default SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 85
Internet but cannot communicate with each other, and the routing traffic between the clients is sent to the upstream device to make the forwarding decision. By default, the Deny local routing parameter is disa- bled. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 86
This setting protects user experience. Always Enabled in all APs—When selected, the • client and network management functions are pro- tected. This setting helps in large networks with high client density. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
3. Select the Hash Management Password check box. This will enable the hashing of the management user password. The check box will appear grayed out after this setting is enabled, as this setting cannot be reversed. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 88
(scalance)(config)# hash-mgmt-user john password cleartext password01 usertype read- only (scalance)(config)# end (scalance)# commit apply The following examples removes a management user with read-only privilege: (scalance)(config)# no hash-mgmt-user read-only (scalance)(config)# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
2. Click the edit link. 3. Edit the AP name in Name. You can specify a name of up to 32 ASCII characters. 4. Click OK. In the CLI To change the name: (scalance)# hostname <name> SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
2. Click the edit link. The edit window for modifying AP details is displayed. 3. Specify the AP zone in Zone. 4. Click OK. In the CLI To change the name: (scalance)# zone <name> SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
– Enter the domain name in the Domain name text box. 4. Click OK and reboot the AP. In the CLI To configure a static IP address: (scalance)# ip-address <IP-address> <subnet-mask> <NextHop-IP> <DNS-IP-address> <domain- name> SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
2. Select appropriate channel number from the Channel drop-down list for both 2.4 GHz and 5 GHz band sections. 3. Enter appropriate transmit power value in the Transmit power text box in 2.4 GHz and 5 GHz band sections. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 93
SCALANCE W CLI. For more information see Configuring WLAN Settings for a SSID Profile (Page 110). If the maximum clients setting is configured multiple times, using either the configuration mode or Privileged EXEC mode, the latest configuration takes precedence. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
5. Click OK. 6. Reboot the AP. In the CLI To configure an uplink VLAN: (scalance)# uplink-vlan <VLAN-ID> To view the uplink VLAN status: (scalance)# show uplink-vlan Uplink Vlan Current :0 Uplink Vlan Provisioned :1 SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
7. Reboot the AP. In the CLI To disable the USB port: (scalance)# usb-port-disable To re-enable the USB port: (scalance)# no usb-port-disable To view the USB port status: (scalance)# show ap-env Antenna Type:External usb-port-disable:1 SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
In most cases, the master election process automatically determines the best AP that can perform the role of VC, which will apply its image and configuration to all other APs in the same AP management VLAN. When the VC goes down, a new VC is elected. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 97
AP Settings - Provisioning Master AP 4. Click OK. In the CLI To provision an AP as a master AP: (scalance)# iap-master To verify if the AP is provisioned as master AP: (scalance)# show ap-env Antenna Type:Internal Iap_master:1 SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
To add an AP to the network: 1. On the Access Points tab, click the New link. 2. In the New Access Point window, enter the MAC address for the new AP. 3. Click OK. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
2. Click x to confirm the deletion. Note The deleted APs cannot join the SCALANCE W network anymore and are not displayed in the SCALANCE W UI. However, the master AP details cannot be deleted from the VC database. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 100
Customizing AP Settings 8.9 Removing an AP from the Network SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Internet. In such scenario, the SCALANCE W UI now displays the following alert message: Figure 9-1 Uplink VLAN Detection To resolve this issue, ensure that there is no mismatch in the VLAN configuration. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 102
VLAN Configuration 9.2 Uplink VLAN Monitoring and Detection on Upstream Devices SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
● With leading zeros omitted— 2001:db8:a0b:12f0:0:0:0:1 ● Switching from upper to lower case— 2001:DB8:A0B:12f0:0:0:0:1 IPv6 uses a "/" notation which describes the number of bits in netmask as in IPv4. 2001:db8::1/128 – Single Host 2001:db8::/64 – Network SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
1. Go to the System link, directly above the Search bar in the SCALANCE W UI. 2. Under General, select the Allow IPv6 Management check box. 3. Enter the IP address in the Virtual Controller IPv6 address text box. 4. Click OK. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 105
SNMP parameters, see Configuring SNMP (Page 481). To view the SNMP configuration: (scalance)# show running-config|include snmp snmp-server community e96a5ff136b5f481b6b55af75d7735c16ee1f61ba082d7ee snmp-server host 2001:470:20::121 version 2c Siemens-string inform SNTP Over IPv6 To view the SNTP configuration: (scalance)# show running-config|include ntp ntp-server 2001:470:20::121 SCALANCE W1750D UI...
2002::/64 17 0-65535 546-547 6— destined to host 2001::10 FTP is denied any 2001::10/128 6 0-65535 20-21 6— For all ACLs the AP will have an implicit IPv4 and IPv6 allow all acl rule SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
—displays the IPv6 routing information. show ipv6 route ● —displays IPv6 sessions. show datapath ipv6 session ● —displays IPv6 client details. show datapath ipv6 user ● —displays the details about AP clients show clients show clients debug SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
2. Enter a name that uniquely identifies a wireless network in the Name (SSID) text box. Note The SSID name must be unique and may contain any special character except for ' and ". SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 111
NOTE: When you enable DMO on multicast SSID profiles, ensure that the DMO feature is enabled on all SSIDs config- ured in the same VLAN. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 112
67. Time Range Click Edit, select a Time Range Profile from the list and spec- ify if the profile must be enabled or disabled for the SSID, and then click OK. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 113
TPSEC bandwidth to the desired value within the range of 200–600,000 Kbps. The default value is 2000 Kbps. Spectralink Voice Protocol (SVP)—Select the check box • to prioritize voice traffic for SVP handsets. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 114
The clients can connect to the Internet, but cannot communicate with each other, and the bridging traffic be- tween the clients is sent to the upstream device to make the forwarding decision. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
2. Select any for the following options for Client IP assignment. – Virtual Controller assigned—On selecting this option, the client obtains the IP address from the VC. – Network assigned—On selecting this option, the IP address is obtained from the network. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 118
String—Enter the string to match . – VLAN—Enter the VLAN to be assigned. 4. Click Next to configure security settings for the Employee network. For more information, see Configuring Security Settings for a WLAN SSID Profile (Page 120). SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 119
● When a client roams between the APs, the DHCP state and the client IP address will be synchronized with the new AP. By default, enforcing DHCP feature is disabled. To enforce DHCP: (scalance)(config)# wlan ssid-profile <name> (scalance)(SSID Profile <name>)# enforce-dhcp (scalance)(SSID Profile <name>)# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
– Open—On selecting the open security level, the authentication options applicable to an open network are displayed. The default security setting for a network profile is Personal. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 121
Wireless Network Profiles 11.1 Configuring Wireless Network Profiles The following figures show the configuration options for Enterprise, Personal, and Open security settings. Figure 11-3 Security Tab: Enterprise SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 124
64-bit or 128-bit . 4. Select an appropriate value for Tx key from the Tx Key drop-down list. You can specify 1, 2, 3, or 4. 5. Enter an appropriate WEP key and reconfirm. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 125
RADIUS and Open security servers is balanced. For more information on the dy- levels. namic load balancing mechanism, see Dynamic Load Balancing between Two Authentication Servers on page 154. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 126
To use a separate server for accounting, select Use • separate servers. The accounting server is distin- guished from the authentication server specified for the SSID profile. To disable the accounting function, select Disabled. • SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 127
Upload Certificate Click Upload Certificate and browse to upload a certifi- Enterprise, Personal, cate file for the internal server. For more information on and Open security certificates, see Uploading Certificates on page 177. levels SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
For more information, see Configuring Captive Portal Roles for an SSID on page 135. – Create a role assignment rule. For more information, see Configuring Derivation Rules on page 199. 2. Click Finish. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 133
(scalance)(Access Rule "WirelessRule")# rule any any match webreputation benign-sites permit (scalance)(Access Rule "WirelessRule")# rule any any match webreputation suspicious- sites deny (scalance)(Access Rule "WirelessRule")# rule any any match webreputation high-risk- sites deny (scalance)(Access Rule "WirelessRule")# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
To verify the per-ap-ssid and per-ap-vlan configurations: (scalance)# show ap-env Antenna Type:Internal name:TechPubsAP per_ap_ssid:PCCW per_ap_vlan:vlan lacp_mode:enable Note For information on configuring a native VLAN on a wired profile, see Configuring VLAN for a Wired Profile (Page 149). SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
You can enable OKC roaming for WLAN SSID by using the SCALANCE W UI or the CLI. In the SCALANCE W UI 1. Navigate to the WLAN wizard (Go to Network > New OR Go to Network > WLAN SSID and click edit). 2. Click the Security tab. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 136
(scalance)(config)# wlan ssid-profile <name> (scalance)(SSID Profile <name>)# dot11k (scalance)(config)# end (scalance)# commit apply To view the beacon report details: (scalance)# show ap dot11k-beacon-report <mac> To view the neighbor details: (scalance)# show ap dot11k-nbrs SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
3. Under Fast Roaming, select the 802.11r check box. 4. Click Next and then click Finish. In the CLI To enable 802.11r roaming on a WLAN SSID: (scalance)(config)# wlan ssid-profile <name> (scalance)(SSID Profile <name>)# dot11r (scalance)(config)# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
This interval may be used to assist in making channel measurements without interference from other stations in the BSS. Extended Capabilities IE ● —The extended capabilities IE carries information about the capabilities of an IEEE 802.11 station. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 139
To allow the AP and clients to exchange neighbor reports, ensure that Client match is enabled through RF > ARM > Client match > Enabled in the UI or by executing the client- match command in the arm configuration subcommand mode. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 140
To view the beacon report details: (scalance)# show ap dot11k-beacon-report <mac> To view the neighbor details: (scalance)# show ap dot11k-nbrs Example (scalance)(config)# wlan ssid-profile dot11k-profile (scalance)(SSID Profile "dot11k-profile")# dot11k (scalance)(config)# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
RTS/CTS threshold is set to 2333. To configure the RTS/CTS threshold: (scalance)(config)# wlan ssid-profile <ssid_profile> (scalance)(SSID Profile "<ssid_profile>")# rts-threshold <threshold> (scalance)(SSID Profile "<ssid_profile>")# end (scalance)# commit apply To disable RTS/CTS, set the RTS threshold value to 0. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
AP CLI. Short preamble is enabled by default. To disable the short preamble: (scalance)# config terminal (scalance)(config)# wlan ssid-profile <ssid_profile> (scalance)(SSID Profile "<ssid_profile>")# short-preamble-disable (scalance)(SSID Profile "<ssid_profile>")# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
1. On the Network tab, click the network that you want to delete. A x link is displayed beside the network to be deleted. 2. Click x. A delete confirmation window is displayed. 3. Click Delete Now. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
OpenDNS, select Enabled for Content Filtering. – Uplink—Select Enabled to configure uplink on this wired profile. If Uplink is set to Enabled and this network profile is assigned to a specific port, the port will be enabled SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 148
(scalance)(wired ap profile <name>)# no shutdown (scalance)(wired ap profile <name>)# poe (scalance)(wired ap profile <name>)# uplink-enable (scalance)(wired ap profile <name>)# content-filtering (scalance)(wired ap profile <name>)# spanning-tree (scalance)(wired ap profile <name>)# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
VLAN carried by the port in the Access mode. 2. Click Next. The Security tab details are displayed. 3. Configure security settings for the wired profile. For more information, see Configuring Security Settings for a Wired Profile (Page 151). SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 150
(scalance)(wired ap profile <name>)# end (scalance)# commit apply To configure a new VLAN assignment rule: (scalance)(config)# wired-port-profile <name> (scalance)(wired ap profile <name>)# set-vlan <attribute>{equals|not-equals|starts- with| ends-with|contains| matches-regular-expression} <operator> <VLAN-ID>|value-of} (scalance)(wired ap profile <name>)# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
– Internal server— If an internal server is selected, add the clients that are required to authenticate with the internal RADIUS server. Click the Users link to add users. For information on adding a user, see Managing AP Users on page 140. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 152
(scalance)(wired ap profile <name>)# radius-accounting (scalance)(wired ap profile <name>)# radius-accounting-mode {user-association|user- authentication} (scalance)(wired ap profile <name>)# radius-interim-accounting-interval <minutes> (scalance)(wired ap profile <name>)# radius-reauth-interval <Minutes> (scalance)(wired ap profile <name>)# trusted (scalance)(wired ap profile <name>)# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
VLANs for the wired network profile. For more information on role assignment rules and VLAN derivation rules, see Configuring Derivation Rules (Page 270) and Configuring VLAN Derivation Rules (Page 275). SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 154
(scalance)(wired ap profile <name>)# end (scalance)# commit apply To configure machine and user authentication roles: (scalance)(config)# wired-port-profile <name> (scalance)(wired ap profile <name>)# set-role-machine-auth <machine_only> <user-only> (scalance)(wired ap profile <name>)# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
LACP configuration to benefit from the higher (greater than 1 Gbps) aggregate throughput capabilities of the two radios. Note The LACP feature is supported only on AP-22x Series and AP-27x Series access points. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
To disable the static LACP mode on APs: (scalance)# lacp-mode disable Verifying Static LACP Mode To verify the static LACP configuration, execute the following command in the AP CLI: (scalance)# show ap-env Antenna Type:Internal name:TechPubsAP per_ap_ssid:1234 per_ap_vlan:abc lacp_mode:enable SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
APs. Ensure that the downlink port configured in a private VLAN is not used for any wired client connection. Other downlink ports can be used for connecting to the wired clients. The following figure illustrates a hierarchical deployment scenario: SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
– Internal Acknowledged—When is enabled, a guest user must accept the terms and conditions to access the Internet. – External captive portal—For external captive portal authentication, an external portal on the cloud or on a server outside the enterprise network is used. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
SSID are assigned IP addresses and an initial role. When a guest user tries to access a URL through HTTP or HTTPS, the captive portal web page prompting the user to authenticate with a username and password is displayed. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
When this option is enabled, multicast traffic can be sent at up to 24 Mbps. The default rate for sending frames for 2.4 GHz is 1 Mbps and 5 GHz is 6 Mbps. This option is disabled by default. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 164
802.11ac APs to function as 802.11n APs. If VHT is configured or disabled on an SSID, the changes will apply only to the SSID on which it is enabled or disabled. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 165
• Voice WMM— For voice traffic generated from the incoming and out- • going voice communication. For more information on WMM traffic and DSCP mapping, see Wi-Fi Mul- timedia Traffic Management (Page 376). SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 166
Specify the maximum number of clients that can be configured for each BSSID on a WLAN. You can specify a value within the range of 0 to 255. The default value is 64. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 167
You can select an existing DHCP scope for client IP and VLAN assignment or you can create a new DHCP scope by se- lecting New. For more information on DHCP scopes, see Configur- ing DHCP Scopes. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 168
Note If the client IP assignment mode is set to Network assigned in a guest SSID profile, the guest clients can log out of the captive portal network by accessing the https://securelogin.scalance.com/auth/logout.html URL. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 169
To manually assign VLANs for WLAN SSID users: (scalance)(config)# wlan ssid-profile <name> (scalance)(SSID Profile <name>)# vlan <vlan-ID> To create a new VLAN assignment rule: (scalance)(config)# wlan ssid-profile <name> (scalance)(SSID Profile <name>)# set-vlan <attribute>{equals|not-equals|starts- with|ends- with|contains|matches-regular-expression} <operator> <VLAN-ID>|value-of} SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
When the VC assignment is used, the source IP address is translated for all client traffic that goes through this interface. The VC can also assign a guest VLAN to a wired client. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 171
(scalance)(wired ap profile <name>)# switchport-mode {trunk|access} (scalance)(wired ap profile <name>)# allowed-vlan <vlan> (scalance)(wired ap profile <name>)# native-vlan {<guest|1…4095>} To configure a new VLAN assignment rule: (scalance)(config)# wired-port-profile <name> (scalance)(wired ap profile <name>)# set-vlan <attribute>{equals|not-equals|starts- with|ends-with|contains|matches-regular-expression} <operator> <VLAN-ID>|value-of} SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
MAC addresses in the xx:xx:xx:xx:xx:xx format are used. If the delimiter is not specified, the MAC address in the xxxxxxxxxxxx format is used. NOTE: This option is available only when MAC authentication is enabled. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 173
Configure an accounting interval in minutes within the range of 0– 60, to allow APs to periodically post accounting information to the RADIUS server. Encryption Select Enabled to configure encryption parameters. Select an encryption and configure a passphrase. (Applicable for WLAN SSIDs only.) SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 175
(scalance)(Captive Portal)# terms-of-use <text> (scalance)(Captive Portal)# use-policy <text> (scalance)(Captive Portal)# end (scalance)# commit apply To upload a customized logo from a TFTP server to the AP: (scalance)# copy config tftp <ip-address> <filename> portal logo SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
The specified text will be returned by the external server after a successful user authentication. IP or hostname Enter the IP address or the host name of the external splash page server. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 177
Sends the IP address of the VC in the redirec- tion URL when external captive portal servers are used. This option is disabled by default. Redirect URL Specify a redirect URL if you want to redirect the users to another URL. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
2. On the Security tab, select External from the Splash page type drop-down list. 3. From the Captive Portal Profile drop-down list, select a profile. You can select and modify a default profile, or an already existing profile, or click New and create a new profile. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 179
If the accounting mode is set to Association, the accounting starts when the client associates to the network successfully and stops when the client is disconnected. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
You can configure SCALANCE W to point to ClearPass Guest as an external captive portal server. With this configuration, the user authentication is performed by matching a string in the server response and that in the RADIUS server (either ClearPass Guest or a different RADIUS server). SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 182
Name configured in the ClearPass Guest RADIUS Web Login page. For example, if the Page Name is Siemens, the URL should be /name.php in the SCALANCE W UI. – Enter the Port number (generally should be 80). The ClearPass Guest server uses this port for HTTP services.
Page 183
AP intercepts this information to perform the actual RADIUS authentication with the server IP defined in the POST message. For more information on guest registration customization on ClearPass Guest User Guide ClearPass Guest, refer to the SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
7. Click OK. The SSID with the Facebook option is created. After the SSID is created, the AP automatically registers with Facebook. If the AP registration is successful, the Facebook configuration link is displayed in the Security tab of the WLAN wizard. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
– Require Wi-Fi code—When selected, the users are assigned a Wi-Fi code to gain access to the Facebook page. 5. Customize the session length and terms of service if required. 6. Click Save Settings. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Internet. 3. If you want to check in the business page, click Check In and provide your credentials. After checking in, click Continue Browsing to access the web page that was originally requested. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
When the captive portal authentication is successful, a new user role is assigned to the guest users based on DHCP option configured for the SSID profile instead of the pre-authenticated role. 2. Click Finish. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 189
(scalance)(Access Rule "WirelessRule")# rule any any match webreputation benign-sites permit (scalance)(Access Rule "WirelessRule")# rule any any match webreputation suspicious- sites deny (scalance)(Access Rule "WirelessRule")# rule any any match webreputation high-risk- sites deny (scalance)(Access Rule "WirelessRule")# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
2. On the Access tab, move the slider to Role-based access control by using the scroll bar. 3. Select a role or create a new one if required. 4. Click New to add a new rule. The New Rule window is displayed. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 191
Splash Page Type Select any of the following attributes: l Select Internal to configure a rule for internal captive portal authentica- tion. l Select External to configure a rule for external captive portal authentica- tion. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 192
– Auth Text—Indicates the authentication text returned by the ex- ternal server after a successful user authentication. 6. Click OK. The enforce captive portal rule is created and listed as an access rule. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 193
In the CLI To create a captive portal role: (scalance)(config)# wlan access-rule <Name> (scalance)(Access Rule <Name>)# captive-portal {external [profile <name>]|internal} (scalance)(Access Rule <Name>)# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
5. To modify the list, select the domain name/URL and click Edit . To remove an entry from the list, select the URL from the list and click Delete. 6. Click OK to apply the changes. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
MAC authentication failures, and configure encryption keys for authorized access. 4. If required, configure the security parameters 5. Click Next and then click Finish to apply the changes SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Access to local user database only Complete access to the AP read-only administrator No write privileges No write privileges guest administrator Access to local user database only Access to local user database only SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Note The user database is also used when an AP is configured as an internal RADIUS server. Note The local user database of APs can support up to 512 user entries. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 199
6. Click Add and click OK. The users are listed in the Users list. To edit user settings: 1. Select the user you want to modify from the Users list in the table. 2. Click Edit to modify user settings. 3. Click OK. SCALANCE W1750D UI Configuration Manual, 02/2018 , C79000-G8976-C451-02...
RADIUS or TACACS server. You can configure authentication parameters for local admin, read-only, and guest management administrator account settings through the SCALANCE W UI or the CLI. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 201
If using an internal authentication server: 1. Specify the Username and Password. 2. Retype the password to confirm. Authentication server If a RADIUS or TACACS server is config- ured, select Authentication server for authentication. SCALANCE W1750D UI Configuration Manual, 02/2018 , C79000-G8976-C451-02...
The guest management interface is displayed. 2. To add a user, click New. The New Guest User popup window is displayed. 3. Specify a Username and Password. 4. Retype the password to confirm. 5. Click OK. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
MAC authentication is successful and 802.1X authentication fails. If 802.1X authentication is successful, the mac-auth-only role is overwritten by the final role. The mac-auth-only role is primarily used for wired clients. SCALANCE W1750D UI Configuration Manual, 02/2018 , C79000-G8976-C451-02...
Page 204
ISP as per their service agreements. The AP assigns the default WISPr user role to the client when the client's ISP sends an authentication message to the AP. For more information on WISPr authentication, see Configuring WISPr Authentication. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
To use the AP’s internal database for user authentication, add the usernames and passwords of the users to be authenticated. Note Siemens does not recommend the use of LEAP authentication, because it does not provide any resistance to network attacks. Authentication Termination on AP APs support EAP termination for enterprise WLAN SSIDs.
To use an LDAP server for user authentication, configure the LDAP server on the VC, and configure user IDs and passwords. To use a RADIUS server for user authentication, configure the RADIUS server on the VC. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 207
An external RADIUS server authenticates network users and returns to the AP the vendor- specific attribute (VSA) that contains the name of the network role for the user. The authenticated user is placed into the management role specified by the VSA. SCALANCE W1750D UI Configuration Manual, 02/2018 , C79000-G8976-C451-02...
The secondary is used only if there are outstanding authentication sessions on the primary server. With this, the load balance can be performed across RADIUS servers of asymmetric capacity without the need to obtain inputs about the server capabilities from the administrators. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
20 seconds. The default value is 5 seconds. Retry count Specify a number between 1 and 5. Indicates the maximum number of authentication requests that are sent to the server group, and the default value is 3 requests. SCALANCE W1750D UI Configuration Manual, 02/2018 , C79000-G8976-C451-02...
Page 210
Admin password Enter a password for administrator. Base-DN Enter a distinguished name for the node that contains the entire user da- tabase. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 211
Note You can also add TACACS server by selecting the New option when configuring au- thentication parameters for management users. For more information, see Configuring Authentication Parameters for Management Users (Page 200). SCALANCE W1750D UI Configuration Manual, 02/2018 , C79000-G8976-C451-02...
Page 212
(scalance)(Auth Server <profile-name>)# drp-ip <IP-address> <mask> vlan <vlan> gateway <gateway-IP-address) (scalance)(Auth Server <profile-name>)# end (scalance)# commit apply To enable RadSec: (scalance)(config)# wlan auth-server <profile-name> (scalance)(Auth Server "name")# ip <host> (scalance)(Auth Server "name")# radsec [port <port>] SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 213
To configure a ClearPass Policy Manager server used for AirGroup CoA: (scalance)(config)# wlan auth-server <profile-name> (scalance)(Auth Server <profile-name>)# ip <host> (scalance)(Auth Server <profile-name>)# key <key> (scalance)(Auth Server <profile-name>)# cppm-rfc3576-port <port> (scalance)(Auth Server <profile-name>)# cppm-rfc3576-only (scalance)(Auth Server <profile-name>)# end SCALANCE W1750D UI Configuration Manual, 02/2018 , C79000-G8976-C451-02...
To configure the RadSec protocol in the UI: 1. Navigate to Security > Authentication Servers. The Security window is displayed. 2. To create a new server, click New. A popup window for specifying details for the new server is displayed. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 215
Edit. You can also associate the authentication servers when creating a new WLAN or wired profile. 2. Click the Security tab and select a splash page profile. 3. Select an authentication type. SCALANCE W1750D UI Configuration Manual, 02/2018 , C79000-G8976-C451-02...
3. Associate the authentication servers to SSID or a wired profile to which the clients connect. After completing the configuration steps mentioned above, you can authenticate the SSID users against the configured dynamic RADIUS proxy parameters. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 217
To configure dynamic RADIUS proxy in the SCALANCE W UI: 1. Go to Security > Authentication Servers. 2. To create a new server, click New and configure the required RADIUS server parameters as described in Table 33. SCALANCE W1750D UI Configuration Manual, 02/2018 , C79000-G8976-C451-02...
– To open the wired settings window, click More > Wired. In the Wired window, select a profile and click edit. You can also associate the authentication servers when creating a new WLAN or wired profile. 2. Click the Security tab. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 219
(scalance)(SSID Profile <name>)# end ((scalance)# commit apply To associate an authentication server to a wired profile: (scalance)(config)# wired-port-profile <name> (scalance)(wired ap profile <name>)# auth-server <name> (scalance)(wired ap profile <name>)# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018 , C79000-G8976-C451-02...
WEP and TKIP are limited to WLAN connection speed of 54 Mbps. The 802.11n connection supports only AES encryption. Siemens recommends AES encryption. Ensure that all devices that do not support AES are upgraded or replaced with the devices that support AES encryption.
None Voice Network or Handheld 802.1X or PSK as supported by AES if possible, TKIP or WEP if devices the device necessary (combine with securi- ty settings assigned for a user role). SCALANCE W1750D UI Configuration Manual, 02/2018 , C79000-G8976-C451-02...
2. In the Edit <profile-name> or the New WLAN window, ensure that all required WLAN and VLAN attributes are defined, and then click Next. 3. On the Security tab, under Enterprise security settings, select an existing authentication server or create a new server by clicking New. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 223
(scalance)# commit apply To view the cache expiry duration: (scalance)# show auth-survivability time-out To view the information cached by the AP: (scalance)# show auth-survivability cached-info To view logs for debugging: (scalance)# show auth-survivability debug-log SCALANCE W1750D UI Configuration Manual, 02/2018 , C79000-G8976-C451-02...
– Both (WPA-2 & WPA) – Dynamic WEP with 802.1X 4. If you do not want to use a session key from the RADIUS server to derive pairwise unicast keys, set Session Key for LEAP to Enabled. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
2. To upload server certificates for validating the authentication server credentials, complete the following steps: – Click Upload New Certificate. – Specify the URL from where you want to upload the certificates and select the type of certificate. 3. Click OK. SCALANCE W1750D UI Configuration Manual, 02/2018 , C79000-G8976-C451-02...
Page 228
(scalance)# download ap1xca <url> format pem To view the certificate details: (scalance)# show ap1xcert To verify the configuration, use any of the following commands: (scalance)# show ap1x config (scalance)# show ap1x debug-logs (scalance)# show ap1x status SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
– To enforce MAC authentication, click the Access tab and select Enforce MAC auth only role check box. 3. Click Next and then click Finish to apply the changes SCALANCE W1750D UI Configuration Manual, 02/2018 , C79000-G8976-C451-02...
Page 232
(scalance)(wired ap profile <name>)# captive-portal <type> (scalance)(wired ap profile <name>)# captive-portal {<type> [exclude-uplink <types>] |external [Profile <name>] [exclude-uplink <types>]} (scalance)(wired ap profile <name>)# set-role-mac-auth <mac-only> (scalance)(wired ap profile <name>)# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
7. Enter the E.164 Country Code for the WISPr Location ID in the E.164 country code text box. 8. Enter the SSID/Zone section for the WISPr Location ID in the SSID/Zone text box. SCALANCE W1750D UI Configuration Manual, 02/2018 , C79000-G8976-C451-02...
Page 234
RADIUS server profile for the WISPr server In the CLI (scalance)(config)# wlan wispr-profile (scalance)(WISPr)# wispr-location-id-ac (scalance)(WISPr)# wispr-location-id-cc (scalance)(WISPr)# wispr-location-id-isocc (scalance)(WISPr)# wispr-location-id-network (scalance)(WISPr)# wispr-location-name-location (scalance)(WISPr)# wispr-location-name-operator-name (scalance)(WISPr)# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
To blacklist a client: (scalance)(config)# blacklist-client <MAC-Address> (scalance)(config)# end (scalance)# commit apply To enable blacklisting in the SSID profile: (scalance)(config)# wlan ssid-profile <name> (scalance)(SSID Profile <name>)# blacklisting (scalance)(SSID Profile <name>)# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018 , C79000-G8976-C451-02...
Page 236
You can configure a maximum number of authentication failures by the clients, after which a client must be blacklisted. For more information on configuring maximum authentication failure attempts, see Configuring Security Settings for a WLAN SSID Profile (Page 120). SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 237
Auth Failure Blacklist Time 60 Manually Blacklisted Clients ---------------------------- MAC Time --- ---- Dynamically Blacklisted Clients ------------------------------- MAC Reason Timestamp Remaining time(sec) AP IP --- ------ --------- ------------------- ----- Dyn Blacklist Count 0 SCALANCE W1750D UI Configuration Manual, 02/2018 , C79000-G8976-C451-02...
– RadSec—The RadSec server certificate to verify the identity of the server to the client. – RadSec CA—The RadSec CA certificate for mutual authentication between the AP clients and the TLS server. 6. Select the certificate format from the Certificate format drop-down list. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 239
HTTPS message and sends it to the VC. After the VC receives this message, it draws the certificate content from the message, converts it to the right format, and saves it on the RADIUS server. SCALANCE W1750D UI Configuration Manual, 02/2018 , C79000-G8976-C451-02...
Page 240
– Select Server Cert for certificate Type, and provide the passphrase if you want to upload a server certificate. – Select either or certificate , if you want to upload a CA certificate. Figure 14-4 Server Certificate SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 241
The Virtual Controller Certificate section displays the certificates (CA cert and Server). 5. Click Save to apply the changes only to AirWave. Click Save and Apply to apply the changes to the AP. 6. To clear the certificate options, click Revert. SCALANCE W1750D UI Configuration Manual, 02/2018 , C79000-G8976-C451-02...
Page 242
Authentication and User Management 14.13 Uploading Certificate SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
● ACLs that permit or deny traffic based on network services, application, application categories, web categories, and security ratings. Note You can configure up to 128 access control entries in an ACL for a user role. Note The maximum configurable universal role is 4096. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
2. Select the role for which you want to configure access rules. 3. In the Access rules section, click New to add a new rule. The New Rule window is displayed. 4. Ensure that the rule type is set to Access Control. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 245
Select the Log check box if you want a log entry to be created when this rule is triggered. SCALANCE W supports firewall-based logging. Firewall logs on the APs are generated as security logs. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
3. To configure access rules for the network, move the slider to the Network-based access control type. To configure access rules for user roles, move the slider to the Role-based access control type. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 248
2. Ensure that the source IP address is associated with the IP address configured for the L3 subnet. 3. Create an access rule for the SSID profile with Source-NAT action as described in Configuring a Source-NAT Access Rule. The source-NAT pool is configured and corporate access entry is created SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 249
In the CLI To configure destination-NAT access rule: (scalance)(config)# wlan access-rule <access_rule> (scalance)(Access Rule "<access_rule>")# rule <dest> <mask> <match> <protocol> <sport> <eport> dst-nat ip <IP-address> [<port>] (scalance)(Access Rule "<access_rule>")# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Reboot the AP and the client, or wait for a few minutes to view the changes. In the CLI To configure protocols for ALG: (scalance)(config)# alg (scalance)(ALG)# sccp-disable (scalance)(ALG)# no sip-disable (scalance)(ALG)# no ua-disable (scalance)(ALG)# no vocera-disable (scalance)(ALG)# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
– Select to enable the AP to trigger an alert notifying the user about the ARP poisoning that may have been caused by the rogue APs. Figure 15-2 Firewall Settings - Protection Against Wired Attacks 4. Click OK. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
3. In Firewall section, select Disabled from the Auto topology rules drop-down list 4. Click OK. In the CLI (scalance)(config)# firewall (scalance)(firewall)# disable-auto-topology-rules (scalance)(firewall)# end (scalance)# commit apply To view the configuration status: Firewall -------- Type Value ---- ----- Auto topology rules disable SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Configuring Management Subnets. Note The inbound firewall is not applied to traffic coming through the GRE tunnel. You can configure inbound firewall rules through the SCALANCE W UI or the CLI. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 255
TCP, UDP, and Other. If you select the TCP or • UDP options, enter appropriate port numbers. If the Other option is selected, ensure that an appropriate ID is entered. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 256
Select the Classify media check box to prioritize video and voice traffic. When media enabled, a packet inspection is performed on all non-NAT traffic and the traffic is marked as follows: Video: Priority 5 (Critical) • Voice: Priority 6 (Internetwork Control) • SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 257
When the management subnets are configured, access through Telnet, SSH, and UI is restricted to these subnets only. You can configure management subnets by using the SCALANCE W UI or the CLI. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 258
– Click Add. 3. To add multiple subnets, repeat step 2. 4. Click OK. In the CLI To configure a management subnet: (scalance)(config) # restricted-mgmt-access <subnet-IP-address> <subnet-mask> (scalance)(config) # end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 259
2. Select Enabled from the Restrict Corporate Access drop-down list. 3. Click OK. In the CLI To configure restricted management access: (scalance)(config) # restrict-corp-access (scalance)(config) # end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Note Regardless of whether content filtering is disabled or enabled, the DNS requests to http://direct.siemens.com are always resolved internally on SCALANCE W. The content filtering configuration applies to all APs in the network and the service is enabled or disabled globally across the wireless or wired network profiles.
Page 261
To delete a domain, select the domain and click Delete. This will remove the domain name from the list. In the CLI To configure an enterprise domain: (scalance)(config)# internal-domains (scalance)(domain)# domain-name <name> (scalance)(domain)# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 262
5. To filter access based on the security ratings of the website: – Select Web reputation under Service section. – Move the slider to the required security rating level. – From the Action drop-down list, select Allow or Deny as required. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 263
To create a list of error page URLs: In the SCALANCE W UI 1. Navigate to Security > Custom Blocked Page URL. 2. Click New and enter the URL that you want to block. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 264
To configure an ACL rule to redirect blocked HTTP websites to a custom error page URL: (scalance)(config)# wlan access-rule <access_rule_name> (scalance) (Access Rule "<access_rule_name>")# dpi-error-page-url <idx> (scalance) (Access Rule "<access_rule_name>")# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 265
To configure an ACL rule to redirect blocked HTTPS to a custom error page URL: (scalance)(config)# wlan access-rule <access_rule_name> (scalance) (Access Rule "<access_rule_name>")# dpi-error-page-url <idx> (scalance) (Access Rule "<access_rule_name>")# redirect-blocked-https-traffic (scalance) (Access Rule "<access_rule_name>")# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Configuring Access Rules for a Wired Profile (Page 153). In the CLI To configure user roles and access rules: (scalance)(config)# wlan access-rule <access-rule-name> (scalance)(Access Rule <Name>)# rule <dest> <mask> <match> <protocol> <start-port> <end- port> {permit|deny|src-nat [vlan <vlan_id>|tunnel]|dst-nat {<IP-address> <port>|<port>}} [<option1…option9>] SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 267
7. Click OK. 8. Associate the user role to a WLAN SSID or a wired profile You can also create a user role and assign bandwidth contracts when configuring an SSID or a wired profile. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 268
Configuring ACL Rules for Network Services. (Page 244) 3. Select Enforce Machine Authentication and select the Machine auth only and User auth only roles. 4. Click Finish to apply these changes SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 269
(scalance)(SSID Profile <name>)# end To configure machine and user authentication roles for a wired (scalance)# commit apply profile: (scalance)(config)# wired-port-profile <name> (scalance)(wired ap profile <name>)# set-role-machine-auth <machine_only> <user_only> (scalance)(wired ap profile <name>)# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
The DHCP fingerprinting allows you to identify the operating system of a device by looking at the options in the DHCP frame. Based on the operating system type, a role can be assigned to the device. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
4. Select the attribute that matches with the rule from the Attribute drop-down list. The list of supported attributes includes RADIUS attributes, dhcp-option, dot1x-authentication-type, mac-address, and mac- address-and-dhcp-options. For information on a list of RADIUS attributes, see RADIUS Server Authentication with VSA (Page 209). SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 272
(scalance)(SSID Profile <name>)# end (scalance)# commit apply To configure role assignment rules for a wired profile: (scalance)(config)# wired-port-profile <name> (scalance) (wired ap profile <name>)# set-role <attribute>{{equals|not-equal|starts- with| ends-with|contains}<operator> <role>|value-of} (scalance)(wired ap profile <name>)# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
SCALANCE W supports role derivation based on the DHCP option for captive portal authentication. When the captive portal authentication is successful, the role derivation based on the DHCP option assigns a new user role to the guest users, instead of the pre- authenticated role. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 274
If the VSA and VLAN derivation rules are not matching, and the User Role does not contain a VLAN, the user VLAN can be derived by VLANs configured for an SSID or an Ethernet port profile. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
3. Select the attribute from the Attribute drop-down list. The list of supported attributes includes RADIUS attributes, dhcp-option, dot1x-authentication-type, mac-address, and mac-address-and-dhcp-options. For information on a list of RADIUS attributes, see RADIUS Server Authentication with VSA. (Page 209) SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 276
(scalance)(wired ap profile <name>)# set-vlan <attribute>{equals|not-equals|starts- with|ends-with|contains}<operator><VLAN-ID>|value-of} (scalance)(wired ap profile <name>)# end (scalance)# commit apply Example (scalance)(config)# wlan ssid-profile Profile1 (scalance)(SSID Profile "Profile1")# set-vlan mac-address-and-dhcp-options matches- regular- expression ..link 100 (scalance)(SSID Profile "Profile1")# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Where n is an integer. Matches the declared element exactly n times. For example, {2}link matches uplink, but not downlink. {n,} Where n is an integer. Matches the declared element at n times. For example, {2,}ink matches downlink, but not uplink. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 278
For information on how to use regular expressions in role and VLAN derivation rules, see the following topics: ● Creating a Role Derivation Rule (Page 271) ● Configuring VLAN Derivation Rules (Page 275) SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
– Select the operator to match attribute from the Operator drop-down list. – Enter the string to match in the String text box. – Select the role to be assigned from the Role text box. 4. Click OK. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 280
To assign VLAN role to a WLAN profile: (scalance)(config)# wlan ssid-profile <name> (scalance)(SSID Profile <name>)# set-role <attribute>{{equals <operator> <role>|not- equals <operator> <role>|starts-with <operator> <role>|ends-with <operator> <role>|contains <operator> <role>}|value-of} (scalance)(SSID Profile <name>)# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
This DHCP assignment mode is used in the Networks Address Translation (NAT) forwarding mode. ● Local, L2—In this mode, the VC acts as a DHCP server and the gateway located outside the AP. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 282
86 and Configuring VLAN for a Wired Profile on page 106. Network Specify the network to use. Netmask If Local; Local, L2; or Local, L3 is selected, specify the subnet mask. The subnet mask and the network determine the size of the subnet. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Based on the number of clients specified for each branch, the range of IP addresses is divided. Based on the IP address range and client count configuration, the DHCP server in the VC is configured with a unique subnet and a corresponding scope. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 285
2. To configure a distributed DHCP mode, click New under Distributed DHCP Scopes. The New DHCP Scope window is displayed. The following figure shows the contents of the New DHCP Scope window. Figure 16-1 New DHCP Scope: Distributed DHCP Mode SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 286
4. Click Next 5. Specify the number of clients to use per branch. The client count configured for a branch determines the use of IP addresses from the IP address range defined for a DHCP SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
SSID profile. For more information on SSID profile configuration, see Configuring VLAN Settings for a WLAN SSID Profile on page 86 and Configuring VLAN for a Wired Profile on page 106. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
You can configure a domain name, DNS server, and DHCP server for client IP assignment using the SCALANCE W UI or the CLI. In the SCALANCE W UI To configure a DHCP pool: 1. Navigate to More > DHCP Server. The DHCP Server tab contents are displayed. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 292
DHCP Configuration 16.2 Configuring the Default DHCP Scope for Client IP Assignment Figure 16-2 DHCP Servers Window SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 293
(scalance)(DHCP)# end (scalance)# commit apply To view the DHCP database: (scalance)# show ip dhcp database DHCP Subnet :192.0.2.0 DHCP Netmask :255.255.255.0 DHCP Lease Time(m) :20 DHCP Domain Name :example.com DHCP DNS Server :192.0.2.1 SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 294
DHCP Configuration 16.2 Configuring the Default DHCP Scope for Client IP Assignment SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
– When the timer ends, if the current time is greater than the end time, the SSID is brought UP. If the SSID is already UP, then there is no effect on the SSID. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
(scalance)(SSID Profile "<name>")# end (scalance)# commit apply To disable a time range profile on an SSID: (scalance)(config)# wlan ssid-profile <name> (scalance)(SSID Profile "<name>")# time-range <name> disable (scalance)(SSID Profile "<name>")# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, , C79000-G8976-C451-02...
The following command creates a periodic time range profile that executes during the weekend: (scalance)(config)# time-range timep4 periodic weekend 10:20 to 10:30 The following command removes the time range configuration: (scalance)(config)# no time-range testhshs12 SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
NOTE: When a key is configured, the update is • successful only if AP and DNS server clocks are in sync. 10.17.132.85 Server IP Enter the server IP address of the DNS server to which the client updates are sent. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 300
To configure a TSIG key and server IP address: (scalance)(config)# dynamic-dns-ap key <algo-name:keyname:keystring> (scalance)(config)# dynamic-dns-ap server <ddns_server> (scalance)(config)# end (scalance)# commit apply To configure a time interval: (scalance)(config)# dynamic-dns-interval <ddns_interval> (scalance)(config)# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
4. Click Next and then click Finish. In the CLI To enable DDNS for AP clients: (scalance)(config)# ip dhcp <profile name> (scalance)(DHCP profile "<name>")# dynamic-dns (scalance)(DHCP profile "<name>")# dynamic-dns key <algo-name:keyname:keystring> (scalance)(DHCP Profile "<name>")# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
You can also configure dynamic DNS on an AP or clients using the privileged execution mode in the CLI. For more information, refer to the show ddns clients command in the Function Manual. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
● Branch offices that require multiple APs. ● Individuals working from home and, connecting to the VPN. The survivability feature of APs with the VPN connectivity of RAPs allows you to provide corporate connectivity on non-corporate networks SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
VLAN on the corporate side is extended to remote branch sites. Wireless cli- ents associated with an AP gets the IP address from the DHCP server running on LNS. For this, the AP has to transparently allow DHCP transactions through the L2TPv3 tunnel. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Fast failover drop- down list. When fast failover is enabled and if the primary tunnel fails, the AP can switch the data stream to the backup tunnel. This reduces the total failover time to less than one minute. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 306
AP are encrypted. In the CLI To configure an IPsec VPN tunnel: (scalance)(config)# vpn primary <name> (scalance)(config)# vpn backup <name> (scalance)(config)# vpn fast-failover (scalance)(config)# vpn hold-time <seconds> (scalance)(config)# vpn preemption SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
AP. When enabled, the traffic to the corporate network is sent through a Layer-2 GRE tunnel from the AP itself and need not be forwarded through the master AP. Note By default, the Per-AP tunnel option is disabled. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 309
To view VPN configuration details: (scalance)# show vpn config To configure GRE tunnel on the controller: (scalance)(config)# interface tunnel <Number> (scalance)(config-tunnel)# description <Description> > (scalance)(config-tunnel)# tunnel mode gre <ID (scalance)(config-tunnel)# tunnel source <controller-IP> SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 310
4. Enter the IP address or the FQDN for the backup VPN/IPsec endpoint in the Backup host text box. This entry is optional. When you enter the primary host IP address and backup host IP address, other details are displayed. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 311
AP. When enabled, the traffic to the corporate network is sent through a Layer-2 GRE tunnel from the AP itself and need not be forwarded through the master AP. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
– Non-Preemptive: In this mode, when the backup tunnel is established after the primary tunnel goes down, it does not make the primary tunnel active again. You can configure an L2TPv3 tunnel and session profiles through the SCALANCE W UI or the CLI. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 314
1. Click the More > VPN link located directly above the Search bar in the SCALANCE W UI. The Tunneling window is displayed. Figure 19-4 L2TPv3 Tunneling 2. Select L2TPv3 from the Protocol drop-down list. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 315
– Enter a shared key for the message digest in the Shared Key text box. This key should match with the tunnel endpoint shared key. – If required, select the failover mode as Primary or Backup (when the backup server is available). SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 316
– Specify the remote end ID. – If required, enable default l2 specific sublayer in the L2TP session. – Click OK. 5. Click Next to continue. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
– Gateway—Specify the gateway to which the traffic must be routed. This IP address must be the controller IP address on which the VPN connection is terminated. If you have a primary and backup host, configure two routes with the same destination and SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 324
(scalance)# commit apply Note Routing profile is primarily used for AP-VPN scenarios, to control which traffic should flow between the master AP and the VPN tunnel, and which traffic should flow outside of the tunnel. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
7220 16,000 16,000 128,000 7240 32,000 32,000 128,000 ● Branches—The number of AP-VPN branches that can be terminated on a given controller platform. ● Routes—The number of L3 routes supported on the controller. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 328
In the Local, L2 mode, access to the corporate network is supported only in a single AP cluster. The traffic to the non-corporate network is locally bridged. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 329
For DHCP services in Centralized, L2 mode, Siemens recommends using an external DHCP server and not the DHCP server on the controller. Client traffic destined to datacenter resources is forwarded by the master AP (through the IPsec tunnel) to the client's default gateway in the datacenter.
IP with local IP with local IP with local IP of the VC of the VC of the VC of the VC of the VC Branch ac- cess from datacente r SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
You can configure the following VPN profiles for the AP-VPN operations. For more information, see Configuring a Tunnel from an AP to a Mobility Controller (Page 305). ● IPsec ● L2TPv3 ● Manual GRE ● Aruba GRE SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 332
You can create any of the following types of DHCP profiles for the AP-VPN operations: ● Local ● Local, L2 ● Local, L3 ● Distributed, L2 ● Distributed, L3 ● Centralized, L2 ● Centralized, L3 SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 333
For the AP-VPN scenario, the enterprise domain settings on the AP are used to determine how client DNS requests are routed. For information on how to configure enterprise domains, see Configuring Enterprise Domains (Page 334). SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Prefix Mask Contributing routes Cost ------ ---- ------------------- ---- 201.201.200.0 255.255.252.0 5 268779624 100.100.2.0 255.255.255.0 1 10 To verify the details of a configured aggregated route: (scalance) # show ip ospf rapng-vpn aggregated-routes <net> <mask> SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 335
Gateway of last resort is 10.15.148.254 to network 0.0.0.0 at cost 1 S* 0.0.0.0/0 [1/0] via 10.15.148.254* V 12.12.2.0/24 [10/0] ipsec map V 12.12.12.0/25 [10/0] ipsec map V 12.12.12.32/27 [10/0] ipsec map V 50.40.40.0/24 [10/0] ipsec map V 51.41.41.128/25 [10/0] ipsec map SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 336
APs in the external database or external directory server and then configure a RADIUS server to authenticate the APs using the entries in the external database or external directory server. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 337
The VPN profile configuration defines the server used to authenticate the AP (internal or an external server) and the role assigned to the AP after successful authentication. (scalance) (config) #aaa authentication vpn default-iap (scalance) (VPN Authentication Profile "default-iap") #server-group default (scalance) (VPN Authentication Profile "default-iap") #default-role iaprole SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 338
Munich d8:c7:c8:cb:d3:16 DOWN 0.0.0.0 London-c0:e1 6c:f3:7f:c0:e1:b1 UP 10.15.207.120 10.15.206.64/29 2 Instant-CB:D3 6c:f3:7f:cc:42:1e DOWN 0.0.0.0 Delhi 6c:f3:7f:cc:42:ca DOWN 0.0.0.0 Singapore 6c:f3:7f:cc:42:cb UP 10.15.207.122 10.15.206.120/29 2 Bid(Subnet Name) ---------------- b3c65c... b3c65c... b3c65c... 2(10.15.205.0-10.15.205.250,5),1(10.15.206.1-10.15.206.252,5) a2a65c... b3c65c... 7(10.15.205.0-10.15.205.250,5),8(10.15.206.1-10.15.206.252,5) b3c65c... SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Bid(Subnet Name). This means that either the AP is connected to a backup controller or it is connected to a primary controller without any Distributed, L2 or Distributed, L3 subnets. Note The command output does not display the Key and Bid(Subnet Name) details. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 340
AP-VPN Deployment 20.2 Configuring AP and Controller for AP-VPN Operations SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
When ARM is enabled, an AP dynamically scans all 802.11 channels within its 802.11 regulatory domain at regular intervals and sends reports to a VC on network (WLAN) coverage, interference, and intrusion detection. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 342
ARM computes coverage and interference metrics for each valid channel and chooses the best performing channel and transmit power settings for each AP RF environment. Each AP gathers other metrics on its ARM- assigned channel to provide a snapshot of the current RF health state. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
This feature prevents the clients from monopolizing resources. You can configure airtime fairness mode parameters through the SCALANCE W UI or the CLI. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
802.11ac-capable access points do not support the legacy band steering, station handoff assist, or load balancing settings; so these access points must be managed using client match. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 345
AP in the Access Points tab or a client in the Clients tab. Clicking this link provides a graphical representation of radio map view of an AP and the client distribution on an AP radio. For more information, see Client Match (Page 72). SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 346
Channel + Radio • 2. Click OK. In the CLI (scalance)(config)# arm (scalance)(ARM)# client-match calc-interval <seconds> (scalance)(ARM)# client-match calc-threshold <threshold> (scalance)(ARM)# client-match nb-matching <percentage> (scalance)(ARM)# client-match slb-mode 1 (scalance)(ARM)# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
802.11 regulatory domain at regular intervals and reports to the AP. This scanning report includes WLAN coverage, interference, and intrusion detection data. NOTE: For client match configuration, ensure that scanning is enabled. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Maximum Transmit Power 127 Band Steering Mode :prefer-5ghz Client Aware :enable Scanning :enable Wide Channel Bands :5ghz 80Mhz Support :enable Air Time Fairness Mode :fair-access Client Match :disable CM NB Matching Percent 75 SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Level 5—The AP completely disables PHY error reporting, • improving performance by eliminating the time the AP would spend on PHY processing. NOTE: Increasing the immunity level makes the AP to lose a small amount of range. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 352
(scalance)(RF dot11g Radio Profile)# end (scalance)# commit apply To configure 5 GHz radio settings: (scalance)(config)# rf dot11a-radio-profile (scalance)(RF dot11a Radio Profile)# beacon-interval <milliseconds> (scalance)(RF dot11a Radio Profile)# legacy-mode (scalance)(RF dot11a Radio Profile)# spectrum-monitor SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 353
To view the radio configuration: (scalance)# show radio config 2.4 GHz: Legacy Mode:enable Beacon Interval:100 802.11d/802.11h:enable Interference Immunity Level:2 Channel Switch Announcement Count:0 MAX Distance:600 Channel Reuse Type:disable Channel Reuse Threshold:0 Background Spectrum Monitor:disable SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 354
(scalance)# commit apply To configure Cell Size Reduction for 5 GHz radio profile in the CLI: (scalance)(config)# rf dot11a-radio-profile (scalance)(RF dot11a Radio Profile)# cell-size-reduction <reduction> (scalance)(RF dot11a Radio Profile)# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 355
● The client-aware parameter must be disabled in the ARM profile. In the CLI The following example triggers ARM scanning on a 2.4 GHz frequency band radio profile: (scalance)# ap-frequent-scan 2.4 To verify the status of ARM scanning: (scalance)# show ap debug am-config SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
The AppRF feature provides application visibility for analyzing client traffic flow. APs support the power of both in-device packet flow identification and dynamically updated cloud-based web categorization. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
2. Select All from the AppRF visibility drop-down list to view both application and web categories charts or either App or WebCC to view their DPI graphs separately. 3. Click OK. In the CLI To enable AppRF visibility: (scalance)(config)# dpi [app|webcc] (scalance)(config)# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
The permit and deny monitoring tabs in the All Traffic and Web Content sections provide enforcement visibility support. ● Permit represents the allowed or permitted traffic on the AP. ● Deny represents all the blocked URLs and traffic . SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 360
By clicking the rectangle area, you can view the following graphs, and toggle between the chart and list views. Figure 22-2 Application Categories Chart: Client View Figure 22-3 Application Categories List: Client View SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 361
The applications chart displays details on the client traffic towards the applications. By clicking the rectangular area, you can view the following graphs, and toggle between the chart and list views. Figure 22-5 Applications Chart: Client View SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 363
The web categories chart displays details about the client traffic to the web categories. By clicking the rectangle area, you can view the following graphs, and toggle between the chart and list views. Figure 22-8 Web Categories Chart: Client View Figure 22-9 Web Categories List: Client View SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 364
The web reputation chart displays details about the client traffic to the URLs that are assigned security ratings. By clicking in the rectangle area, you can view the following graphs, and toggle between the chart and list views. Figure 22-11 Web Reputation Chart: Client View SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 365
Deep Packet Inspection and Application Visibility 22.3 Application Visibility Figure 22-12 Web Reputation List: Client View Figure 22-13 Web Reputation Chart: AP View SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
To enable URL visibility: 1. Navigate to System > General. 2. Select Enabled from the URL visibility drop-down list. 3. Click OK. In the CLI To enable URL visibility: (scalance)(config)# url-visibility (scalance)(config)# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
4. Ensure that the rule type is set to Access Control. 5. To configure access to applications or application category, select a service category from the following list: – Application – Application category SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 368
Select Destination-NAT to allow changes to destination IP address. • Select Source-NAT to allow changes to the source IP address. • The destination-NAT and source-NAT actions apply only to the network • services rules. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 369
7. Click OK and then click Finish. In the CLI To configure access rules: (scalance)(config)# wlan access-rule <access-rule-name> (scalance)(Access Rule <Name>)#rule <dest> <mask> <match/invert> {app <app> {permit|deny} |appcategory <appgrp>}[<option1..option9>] (scalance)(Access Rule <Name>)# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 370
(scalance)(config)# wlan access-rule employee (scalance)(Access Rule "employee")# rule any any match app uoutube permit throttle- downstream 256 throttle-up 256 (scalance)(Access Rule "employee")# rule any any match appcategory collaboration permit (scalance)(Access Rule "employee")# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
– Select the categories to which you want to deny or allow access. You can also search for a web category and select the required option. – From the Action drop-down list, select Allow or Deny as required. – Click OK SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 372
– Log – Blacklist – Disable scanning – DSCP tag – 802.1p priority 8. Click OK on the Roles tab to save the changes to the role for which you defined ACL rules. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 373
(scalance)(Access Rule "URLFilter")# rule any any match webcategory gambling deny (scalance)(Access Rule "URLFilter")# rule any any match webcategory training-and- tools permit (scalance)(Access Rule "URLFilter")# rule any any match webreputation suspicious- sites deny (scalance)(Access Rule "URLFilter")# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Apple devices running the Facetime application. This section includes the following topics: ● Wi-Fi Multimedia Traffic Management (Page 376) ● Media Classification for Voice and Video Calls (Page 380) ● Enabling Enhanced Voice Call Tracking (Page 382) SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
To configure the WMM for wireless clients: 1. Navigate to the WLAN wizard. – Click Networks > New or – Click Networks, and select the WLAN SSID > edit. 2. Click Show advanced options under WLAN Settings. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
DSCP classifies packets based on network policies and rules. The following table shows the default WMM AC to DSCP mappings and the recommended WMM AC to DSCP mappings. Table 23- 2 WMM AC-DSCP Mapping DSCP Value WMM Access Category Background Best effort Video Voice SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 378
(scalance)# commit apply You can configure up to 8 DSCP mappings values within the range of 0-63. You can also configure a combination of multiple values separated by a comma, for example, wmm-voice- dscp 46,44,42,41 SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 379
(scalance)(SSID Profile "<ssid_profile>")# wmm-uapsd-disable (scalance)(SSID Profile "<ssid_profile>")# end (scalance)# commit apply To re-enable U-APSD on an SSID: (scalance)(config)# wlan ssid-profile <ssid_profile> (scalance)(SSID Profile "<ssid_profile>")# no wmm-uapsd-disable (scalance)(SSID Profile "<ssid_profile>")# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
(scalance)(example_s4b_test)# rule any any match tcp 5061 5061 permit log classify- media (scalance)(example_s4b_test)# rule any any match tcp 5223 5223 permit log classify- media (scalance)(example_s4b_test)# rule any any match any any any permit (scalance)(example_s4b_test)# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 381
Note The Type of Service (ToS) values for calls prioritized using the above mentioned media classification types will always carry a ToS of 40 fora voice session and 48 for a video session. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
SNMP server with the location (AP Name) of the VoIP caller. Following are the key parameters in the response sent by the Master AP: ● VoIP Client IP Address ● VoIP Client MAC Address ● AP MAC Address ● AP Name SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
2. APs maintain information for all AirGroup services. AP queries ClearPass Policy Manager to map each device’s access privileges to the available services and responds to the query made by a device based on contextual data such as user role, username, and location. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
As shown in the following figure, the AP1 discovers AirPrint (P1) and AP3 discovers Apple TV (TV1). AP1 advertises information about its connected P1 device to the other APs that is AP2 and AP3. Similarly, AP3 advertises TV1 device to AP1 and AP2. This type of distributed SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
The AP also enforces native policies such as disallowing roles and VLANs and the policies defined on ClearPass Policy Manager to determine the devices or services that are allowed and can be discovered in the network. Whenever a search request SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
● Allows or blocks AirGroup services for all users. ● Allows or blocks AirGroup services based on user roles. ● Allows or blocks AirGroup services based on VLANs. ● Matches devices to their closest services such as printers. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 387
When AirGroup discovers a new device, it interacts with ClearPass Policy Manager to obtain the shared attributes such as shared location and role. However, the current versions of APs do not support the enforcement of shared location policy. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
● Administrator-defined username, user role, and location attributes for shared devices. 24.1.5 Configuring AirGroup and AirGroup Services on an AP You can configure AirGroup services by using the SCALANCE W UI or the CLI. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 390
VLAN and AirGroup will not discover or enforce policies in guest VLAN. 6. Select the Enable Air Group across mobility domains check box to enable inter-cluster mobility. When enabled, the AP shares the mDNS database information with the other SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 391
ClearPass Policy Manager will be discovered by Bonjour devices, based on the ClearPass Policy Manager policy. In the CLI To configure AirGroup: (scalance)(config)# airgroup (scalance)(airgroup)# enable [dlna-only | mdns-only] (scalance)(airgroup)# cppm enforce-registration (scalance)(airgroup)# cppm-server <server> (scalance)(airgroup)# cppm-query-interval <interval> (scalance)(airgroup)# disallow-vlan <vlan-ID> SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 392
To configure AirGroup services: (scalance)(config)# airgroupservice <airgroup-service> (scalance)(airgroup-service)# id <airgroupservice-ID> (scalance)(airgroup-service)# description <text> (scalance)(airgroup-service)# disallow-role <role> (scalance)(airgroup-service)# disallow-vlan <vlan-ID> (scalance)(airgroup-service)# end (scalance)# commit apply To verify the AirGroup configuration status: (scalance)# show airgroup status SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
CPPM server 2 acts as a backup server. After the configuration is complete, this particular server will be displayed in the CoA server option. To view this server go to Services > AirGroup > ClearPass Settings > CoA server. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 394
RADIUS server with CoA , see Configuring an External Server for Authentication (Page 209). Note You can also create a CoA only server in the Services > AirGroup > Clear Pass Settings > CoA server window. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
3. Under Aruba, select the RTLS check box to integrate SCALANCE W with the AMP or Ekahau Real Time Location Server. The following figure shows the contents of the RTLS tab. Figure 24-6 RTLS Window SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 396
In the CLI To configure AirWave RTLS: (scalance)(config)# airwave-rtls <IP-address> <port> <passphrase> <seconds> include- unassoc- sta (scalance)(config)# end (scalance)# commit apply To configure Aeroscout RTLS: (scalance)(config)# aeroscout-rtls <IP-address> <port> include-unassoc-sta (scalance)(config)# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
You can configure an AP for ALE support by using the SCALANCE W UI or the CLI. In the SCALANCE W UI Configuring ALE support: 1. Click More > Services. 2. Click the RTLS tab. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 398
5. In the Report interval text box, specify the reporting interval within the range of 6–60 seconds. The AP sends messages to the ALE server at the specified interval. The default interval is 30 seconds. 6. Click OK. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 399
(scalance)(config)# ale-server <server-name | IP-address> (scalance)(config)# ale-report-interval <seconds> (scalance)(config)# end (scalance)# commit apply Verifying ALE Configuration on an AP To view the configuration details: (scalance)# show ale config To verify the configuration status: (scalance)# show ale status SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Local Management Switch (LMS) is lost. PersistentConsole The built-in BLE chip of the AP provides access to the AP console over BLE and also operates in the Beaconing mode. 7. Click OK. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 401
(scalance)(config)# ble config <token> <url> (scalance)(config)# end (scalance)# commit apply To configure a BLE operation mode: (scalance)(config)# ble mode <opmode> (scalance)(config)# end (scalance)# commit apply To view the BLE configuration details: (scalance)# show ble-config SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
2. Enter the Username and Password to enable access to OpenDNS. 3. Click OK to apply the changes. In the CLI To configure OpenDNS credentials: (scalance)(config)# opendns <username> <password> (scalance)(config)# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
● After a client completes the authentication and is assigned an IP address, AP sends the login message. ● After a client is disconnected or dissociated from the AP, the AP sends a logout message. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 404
4. Provide the user credentials of the PAN firewall administrator in the Username and Password text boxes. 5. Enter the PAN firewall IP address. 6. Enter the port number within the range of 1–65,535. The default port is 443. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 405
To enable PAN firewall integration with the AP: (scalance)(config)# firewall-external-enforcement pan (scalance)(firewall-external-enforcement pan)# enable (scalance)(firewall-external-enforcement pan)# domain-name <name> (scalance)(firewall-external-enforcement pan)# ip <ip-address> (scalance)(firewall-external-enforcement pan)# port <port> (scalance)(firewall-external-enforcement pan)# user <name> <password> (scalance)(firewall-external-enforcement pan)# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
5. Enter the subnet mask of the XML API Server in the Mask text box. 6. Enter a passcode in the Passphrase text box, to enable authorized access to the XML API Server. 7. Re-enter the passcode in the Retype box. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
IPv6 address. If not dual-stack, the client reverts to the initial role. user_authenticate This command authenticates against the server group defined in the captive portal profile. This is only applicable to captive portal users. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
32/40 bytes for MD5/SHA- version The version of the XML API interface Current version is XML API 1.0 available in the VC. This is mandato- ry in all XML API requests. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
SCALANCE W supports CALEA integration in a hierarchical and flat topology, mesh AP network, the wired and wireless networks. Note Enable this feature only if lawful interception is authorized by a law enforcement agency. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 410
GRE tunnel. Each AP sends GRE encapsulated packets only for its associated or connected clients. The following figure illustrates the traffic flow from the AP to the CALEA server. Figure 24-9 AP to CALEA Server SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 411
IPsec client traffic while GRE data is routed to the CALEA server. The following figure illustrates the traffic flow from AP to the CALEA server through VPN. Figure 24-10 AP to CALEA Server through VPN SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 412
68–1500. After GRE encapsulation, if packet length exceeds the configured MTU, IP fragmentation occurs. The default MTU size is 1500. 4. Click OK. In the CLI To create a CALEA profile: (scalance)(config)# calea (scalance)(calea)# ip <IP-address> (scalance)(calea)# ip mtu <size> SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 413
(scalance)(SSID Profile <name>)# end (scalance)(SSID Profile <name>)# commit apply To associate the access rule with a wired profile: (scalance)(config)# wired-port-profile <name> (scalance)(Wired ap profile <name>)# access-rule-name <name> (scalance)(Wired ap profile <name>)# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
3. Click the Factory Reset tab. Note On resetting the AP device from AirWave, all the configuration values will be set to default except for the per- ap-settings and VC Key value. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 418
APs irrespective of their location in the network and prevents authorized APs from being detected as rogue APs. It tracks and correlates the IDS events to provide a complete picture of network security. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 419
SCALANCE W device in range. VisualRF provides graphical access to floor plans, client location, and RF visualization for floors, buildings, and campuses that host your network. Figure 25-1 Adding an AP in VisualRF SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 420
Configurable Port for AP and AirWave Management Server Communication You can now customize the port number of the AMP server through the server_host:server_port format, for example, amp.siemens.com:4343. The following example shows how to configure the port number of the AMP server: 24:de:c6:cf:63:60 (config) # ams-ip 10.65.182.15:65535...
5. Enter the shared key in the Shared key text box and reconfirm. This shared key is used for configuring the first AP in the SCALANCE W network. 6. Click OK. In the CLI To configure AirWave information: (scalance)(config)# organization <name> SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 422
Enabling DNS-Based Discovery of the Provisioning AMP Server APs can now automatically discover the provisioning AMP server if the DHCP option 43 and Activate cannot perform zero-touch provisioning (ZTP) and transfer the AirWave configuration to the AP. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 423
8. Select 043 Vendor Specific Info and enter a value for either of the following in the ASCII text box: ● airwave-orgn, airwave-ip, airwave-key; for example:Siemens,192.0.2.20, 12344567 ● airwave-orgn, airwave-domain; for example: Siemens, support.industry.siemens.com This creates DHCP options 60 and 43 on a global basis. You can do the same on a per- scope basis.
AirWave) Upon completion, the AP shows up as a new device in AirWave, and a new group called tme-store4 is created. Navigate to APs/Devices > New > Group to view this group. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
The following figure illustrates a scenario in which the APs join the VC as slave APs through a wired or mesh Wi-Fi uplink: Figure 26-1 Uplink Types The following types of uplinks are supported on SCALANCE W: ● Ethernet Uplink ● Cellular Uplink ● Wi-Fi Uplink SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
When PPPoE is used, do not configure Dynamic RADIUS Proxy and IP address of the VC. An SSID created with default VLAN is not supported with PPPoE uplink. You can also configure an alternate Ethernet uplink to enable uplink failover when an Ethernet port fails. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 427
To configure a PPPoE uplink connection: (scalance)(config) # pppoe-uplink-profile (scalance)(pppoe-uplink-profile)# pppoe-svcname <service-name> (scalance)(pppoe-uplink-profile)# pppoe-username <username> (scalance)(pppoe-uplink-profile)# pppoe-passwd <password> (scalance)(pppoe-uplink-profile)# pppoe-chapsecret <password> (scalance)(pppoe-uplink-profile)# pppoe-unnumbered-local-l3-dhcp-profile <dhcp- profile> (scalance)(pppoe-uplink-profile)# end (scalance)# commit apply To view the PPPoE configuration: SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 428
PPPoE Configuration ------------------- Type Value ---- ----- User testUser Password 3c28ec1b82d3eef0e65371da2f39c4d49803e5b2bc88be0c Service name internet03 CHAP secret 8e87644deda9364100719e017f88ebce Unnumbered dhcp profile dhcpProfile1 To view the PPPoE status: (scalance)# show pppoe status pppoe uplink state:Suppressed. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 430
To disable SIM PIN locking: (scalance)# no pin-enable <pin_current_used> To unlock a PIN with the PUK code provided by the operator: (scalance)# pin-puk <pin_puk> <pin_new> To renew the PIN: (scalance)# pin-renew <pin_current> <pin_new> SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
If the uplink wireless router uses mixed encryption, WPA-2 is recommended for the Wi-Fi uplink. 7. Select the band in which the VC currently operates, from the band drop-down list. The following options are available: – 2.4 GHz (default) – 5 GHz SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 432
To view the configuration status in the CLI: (scalance)# show wifi-uplink config ESSID : Cipher Suite : Passphrase : Band : (scalance)# show wifi-uplink auth log ---------------------------------------------------------------------- wifi uplink auth configuration: ---------------------------------------------------------------------- ---------------------------------------------------------------------- wifi uplink auth log: ---------------------------------------------------------------------- SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 433
Uplink Configuration 26.4 Wi-Fi Uplink [1116]2000-01-01 00:00:45.625: Global control interface '/tmp/supp_gbl' SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
3. Specify the Ethernet interface port number. 4. Click OK. The selected uplink is enforced on the AP. In the CLI To enforce an uplink: (scalance)(config)# uplink (scalance)(uplink)# enforce {cellular|ethernet | wifi | none} (scalance)(uplink)# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
1. Click System > show advanced settings > Uplink. The Uplink tab contents are displayed. 2. Under Management, ensure that the Enforce Uplink is set to none. 3. Select Enabled from the Pre-emption drop-down list. 4. Click OK. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
When VPN failover timeout is set to 0, uplink does not switch over. When uplink switching based on the Internet availability is enabled, the uplink switching based on VPN failover is automatically disabled. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 437
When is enabled, the AP ignores the VPN status, although uplink switching based on VPN status is enabled. In the CLI To enable uplink switching based on VPN status: (scalance)(config)# uplink (scalance)(uplink)# failover-vpn-timeout <seconds> SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Max allowed test packet loss :10 Secs between test packets 30 VPN failover timeout (secs) 180 Internet check timeout (secs) 10 ICMP pkt sent 1 ICMP pkt lost 1 Continuous pkt lost 1 VPN down time 0 SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 439
Ethernet uplink eth0 :DHCP Internet failover :disable Max allowed test packet loss 10 Secs between test packets 30 VPN failover timeout (secs) 180 Internet check timeout (secs) 10 Secs between test packets 30 SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
IDS scans for access points that are not controlled by the VC. These are listed and classified as either Interfering or Rogue, depending on whether they are on a foreign network or your network. Figure 27-1 Intrusion Detection SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
SCALANCE W: ● Windows 7 ● Windows Vista ● Windows Server ● Windows XP l Windows ME l OS-X ● iPhone ● iOS ● Android ● Blackberry ● Linux SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
More > IDS link on the SCALANCE W main window. The following levels of detection can be configured in the WIP Detection page: ● Off ● Low ● Medium ● High Figure 27-2 Wireless Intrusion Detection SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 444
Infrastructure Detection Policies The following table describes the detection policies enabled in the Client Detection Custom settings text box. Detection Level Detection Policy All detection policies are disabled. Detect Valid Station Misassociation • SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 445
• IDS Signature — ASLEAP • Client Detection Policies The following levels of detection can be configured in the WIP Protection page: ● Off ● Low ● High Figure 27-3 Wireless Intrusion Protection SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 446
All protection policies are disabled Protect Valid Station High Protect Windows Bridge Client Protection Policies Containment Methods You can enable wired and wireless containments to prevent unauthorized stations from connecting to your SCALANCE W network. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 447
The tarpit can be on the same channel or a different channel as the Access Point being contained. Figure 27-4 Containment Methods SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
The mesh portal broadcasts a mesh services set identifier (MSSID/ mesh cluster name) to advertise the mesh network service to other mesh points in that SCALANCE W network. This is not configurable and is transparent to the user. The mesh points authenticate to the SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 452
In the case of single Ethernet port platforms such as AP-105, you can convert the Eth0 uplink port to a downlink port by enabling Eth0 Bridging. For additional information, see Configuring Wired Bridging on Ethernet 0 for Mesh Point on page 333. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
The APs with valid uplink connections function as mesh portals. Note SCALANCE W does not support the topology in which the APs are connected to the downlink Ethernet port of a mesh point. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
To configure Ethernet bridging: (scalance)# enet0-bridging Note Make the necessary changes to the wired-profile when eth0 is used as the downlink port. For more information, see Configuring a Wired Profile on page 105 SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Routing of traffic when the client is away from its home network When a client first connects to an SCALANCE W network, a message is sent to all configured VC IP addresses to see if this is an L3 roamed client. On receiving an SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 456
L3 packet. If the subnet is not a local subnet and belongs to another SCALANCE W network, the client is treated as an L3 roamed client and all its traffic is forwarded to the home network through a GRE tunnel. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
In the SCALANCE W UI To configure a mobility domain: 1. Click the System link on the SCALANCE W main window. 2. In the Services section, click the Show advanced options link. The advanced options are displayed. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 458
5. Click New in the Virtual Controller IP Addresses section, add the IP address of a VC that is part of the mobility domain, and click OK. 6. Repeat Steps 2 to 5, to add the IP addresses of all VC that form the L3 mobility domain. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 459
– Enter the home VC IP address for this subnet in the Virtual controller IP text box. 8. Click OK. In the CLI To configure a mobility domain: (scalance)(config)# l3-mobility (scalance)(L3-mobility)# home-agent-load-balancing (scalance)(L3-mobility)# virtual-controller <IP-address> (scalance)(L3-mobility)# subnet <IP-address> <subnet-mask> <VLAN-ID> <virtual- controller-IP- address> (scalance)(L3-mobility)# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Wi-Fi devices currently seen by a spectrum monitor or hybrid AP radio. To view the device list, click Spectrum in the dashboard. The following figure shows an example of the device list details. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 462
Device duty cycle. This value represents the percent of time the device broadcasts a signal. Add-time Time at which the device was first detected. Update-time Time at which the device’s status was updated. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 463
Some in- dustrial, healthcare, or manufacturing environments may also have other equipment that functions like a microwave and may also be classified as a Microwave device. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 464
Channel Details Information shows the information that you can view in the Channel Details graph. Table 30- 3 Channel Details Information Column Description Channel An 802.11a or 802.11g radio channel. Quality(%) Current relative quality of the channel. Utilization(%) The percentage of the channel being used. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 465
To view this graph, click 2.4 GHz in the Spectrum section of the dashboard. Figure 30-3 Channel Metrics for the 2.4 GHz Radio Channel To view this graph, click 5 GHz in the Spectrum section of the dashboard. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 466
When a new non-Wi-Fi device is found, an alert is reported to the VC. The spectrum alert messages include the device ID, device type, IP address of the spectrum monitor or hybrid AP, and the timestamp. VC reports the detailed device information to AMP. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
5. Click OK. In the CLI To configure 2.4 GHz radio settings: (scalance)(config)# rf dot11g-radio-profile (scalance)(RF dot11g Radio Profile)# spectrum-monitor To configure 5 GHz radio settings: (scalance)(config)# rf dot11a-radio-profile (scalance)(RF dot11a Radio Profile)# spectrum-monitor SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 468
(scalance)(RF dot11a Radio Profile)# spectrum-band <type> To view the radio configuration: (scalance)# show radio config 2.4 GHz: Legacy Mode:disable Beacon Interval: 100 802.11d/802.11h: disable Interference Immunity Level: 2 Channel Switch Announcement Count: 0 SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
APs to reboot automatically after a successful upgrade. To reboot the AP at a later time, clear the Reboot all APs after upgrade check box. 4. Click Upgrade Now to upgrade the AP to the newer version. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 472
Figure Upgrade Progress ---------------------- Mac IP Address AP Class Status Figure Info Error Detail --- --------- -------- ------ ---------- ------------ d8:c7:c8:c4:42:98 10.17.101.1 Hercules image-ok image file none Auto reboot :enable Use external URL :disable SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
3. Click Browse to browse your local system and select the configuration file. 4. Click Restore Now. 5. Click Restore Configuration to confirm restoration. The configuration is restored and the AP reboots to load the new configuration. (scalance)(config)# copy config tftp://x.x.x.x/confgi.cfg SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
The following table describes the supported AP platforms and minimal ArubaOS version required for the Campus AP or Remote AP conversion. AP Platform ArubaOS Release SCALANCE W Release W1750D ArubaOS 6.4.4.0 or later versi- 6.5.1.0-4.3.1or later versions SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 475
Hostname or IP Address of Mobility Controller text box. Contact your local network administrator to obtain the IP address. Note Ensure that the Mobility Controller IP address is reachable by the APs. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 476
When an AP is converted to function in stand-alone mode, it cannot join a cluster of APs even if the AP is in the same VLAN. If the AP is in the cluster mode, it can form a cluster with other VC APs in the same VLAN. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 477
To convert an AP to a remote AP or campus AP: (scalance)# convert-aos-ap <mode> <controller-IP-address> To convert an AP to a stand-alone AP or to provision an AP in the cluster mode: (scalance)# swarm-mode <mode> SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
3. Turn on the AP without releasing the reset knob. The power LED flashes within 5 seconds indicating that the reset is completed. 4. Release the reset knob. The AP reboots with the factory default settings. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Reboot in Progress message is displayed indicating that the reboot is in progress. The Reboot Successful message is displayed after the process is complete. If the system fails to boot, the Unable to contact Access Points after reboot was initiated message is displayed. 5. Click OK. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
DES, the (private) privacy key with the privacy protocol is used. Configuring SNMP This section describes the procedure for configuring SNMPv1, SNMPv2, and SNMPv3 community strings by using the SCALANCE W UI or the CLI. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 482
Creating Community Strings for SNMPv3 Using SCALANCE W UI To create community strings for SNMPv3: 1. Click the System link on the SCALANCE W main window. 2. In the System window that is displayed, click the Monitoring tab. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 483
To configure SNMPv1 and SNMPv2 community strings: (scalance)(config)# snmp-server community <password> To configure SNMPv3 community strings: (scalance)(config)# snmp-server user <name> <auth-protocol> <password> <privacy- protocol><password> To view SNMP configuration: (scalance)# show snmp-configuration Engine ID:D8C7C8C44298 Community Strings ----------------- SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 484
– Inform—When enabled, traps are sent as SNMP INFORM messages. It is applicable to SNMPv3 only. The default value is Yes. 4. Click OK to view the trap receiver information in the SNMP Trap Receivers window.. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 485
Monitoring Devices and Logs 32.1 Configuring SNMP In the CLI To configure SNMP traps: (scalance)(config)# snmp-server host <IP-address> {version 1 | version 2 | version 3} <name> udp-port <port> inform (scalance)(config)# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
2. Click Show advanced options to display the advanced options. 3. Click the Monitoring tab. Figure 32-3 Syslog Server 4. In the Syslog server text box, enter the IP address of the server to which you want to send system logs. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 487
Significant events of a noncritical and normal nature. The default value for all Syslog facilities. Informational Messages of general interest to system users. Debug Messages containing information useful for debugging. 6. Click OK. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 488
(scalance)(config)# end (scalance)# commit apply To view syslog logging levels: (scalance)# show syslog-level Logging Level ------------- Facility Level -------- ----- ap-debug warn network warn security warn system warn user warn user-debug warn wireless error SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
4. Enter the IP address of the TFTP server in the TFTP Dump Server text box. 5. Click OK In the CLI To configure a TFTP server: (scalance)(config)# tftp-dump-server <IP-address> (scalance)(config)# end (scalance)# commit apply SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
AP ARM History show ap arm history AP ARM Neighbors show ap arm neighbors AP ARM RF Summary show ap arm rf-summary AP ARM Scan Times show ap arm scan-times AP ARP Table show arp SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 491
AP Log PPPd show log pppd AP Log Rapper show log rapper AP Log Rapper Counter show log rapper-counter AP Log Rapper Brief show log rapper-brief AP Log Sapd show log sapd SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 492
AP Spectrum channel metrics show ap spectrum channel-metrics AP Spectrum channel summary show ap spectrum channel-summary AP Spectrum client table show ap spectrum client-list AP Spectrum device duty cycle show ap spectrum device-duty-cycle SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 493
VC WISPr Configuration show wispr config VC XML API Server Information show xml-api-server VC rfc3576-radius statistics show ap debug rfc3576-radius-statistics Note Use the support commands under the supervision of Siemens technical support. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
To transmit a GAS query for any advertisement protocol, the advertisement protocol ID must include the advertisement protocol information element (IE) with details of the advertisement protocol and its corresponding advertisement control. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 498
AP. The IEs are included in the following Management Frames when 802.11u is enabled: ● Beacon Frame ● Probe Request Frame ● Probe Response frame ● Association Request ● Re-Association request SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 499
The NAI realm settings on an AP act as an advertisement profile to determine the NAI realm elements that must be included as part of a GAS Response frame. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
ANQP IE in a GAS query response. To configure a NAI profile: (scalance)(config)# hotspot anqp-nai-realm-profile <name> (scalance)(nai-realm <name>)# nai-realm-name <name> (scalance)(nai-realm <name>)# nai-realm-encoding {<utf8>|<rfc4282>} (scalance)(nai-realm <name>)# nai-realm-eap-method <eap-method> (scalance)(nai-realm <name>)# nai-realm-auth-id-1 <authentication-ID> SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 501
● peapmschapv2 - To use PEAP with Microsoft Challenge Handshake Authentication Protocoversion 2 (MSCHAPv2). The associated numeric value is 29. ● eap-aka - To use EAP for UniversaMobile Telecommunications System (UMTS) Authentication and Key Agreement (AKA). The associated numeric value is 50. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 502
- The associated numeric value is 7. • none - The associated numeric value is 8. • reserved - The associated numeric value is 9. • vendor-specific - The associated numeric value is 10. • SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 503
11. • bar—The associated numeric value is 12. • coffee-shop—The associated numeric value is 13. • zoo-or-aquarium—The associated numeric value is 14. • emergency-cord-center—The associated numeric value is 15. • SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 504
4. • storage unspecified—The associated numeric value is 0. • The associated numeric value is 8. utility-misc unspecified—The associated numeric value is 0. • The associated numeric value is 9. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 505
● http-redirect—When configured, additional information on the network is provided through HTTP/HTTPS redirection. ● dns-redirect—When configured, additional information on the network is provided through DNS redirection. This option requires you to specify a redirection URL string as an IP address, FQDN, or URL. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 506
(scalance)# commit apply The Public Land Mobile Network (PLMN) ID is a combination of the mobile country code and network code. You can specify up to 6 PLMN IDs for a 3GPP profile. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 508
● Uplink load—Indicates the percentage of the WAN uplink currently utilized. The default value of 0 indicates that the downlink speed is unknown or unspecified. ● Uplink speed—Indicates the WAN uplink speed in Kbps. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 510
Specify this parameter to allow the AP to send an Information Element (IE) indicating that the network allows Internet access. p2p-cross-connect Specify this parameter to advertise support for P2P cross-connections. p2p-dev-mgmt Specify this parameter to advertise support for P2P device management. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
ClearPass Guest Setup 34.1 Configuring ClearPass Guest To configure ClearPass Guest: 1. From the ClearPass Guest UI, navigate to Administration > AirGroup Services. 2. Click Configure AirGroup Services. Figure 34-1 Configure AirGroup Services SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 520
ClearPass Guest Setup 34.1 Configuring ClearPass Guest 3. Click Add a new controller. Figure 34-2 Add a New Controller for AirGroup Services SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 521
Ensure that the port configured matches the CoA port (RFC 3576) set on the AP configuration. Figure 34-3 Configure AirGroup Services: Controller Settings 5. Click Save Configuration. In order to demonstrate AirGroup, either an AirGroup Administrator or an AirGroup Operator account must be created. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 522
Policy Manager UI: 1. Navigate to the ClearPass Policy Manager UI, and navigate to Configuration > Identity > Local Users. Figure 34-4 Configuration > Identity > Local Users Selection 2. Click Add User. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 523
ClearPass Guest Setup 34.1 Configuring ClearPass Guest 3. Create an AirGroup Administrator by entering the required values. Figure 34-5 Create an AirGroup Administrator 4. Click Add. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 524
AirGroup Operator IDs will be displayed in the Local Users UI screen. Figure 34-7 Local Users UI Screen 7. Navigate to the ClearPass Guest UI and click Logout. The ClearPass Guest Login page is displayed. Use the AirGroup admin credentials to log in. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 525
The Register Shared Device page is displayed. Figure 34-9 ClearPass Guest- Register Shared Device For this test, add your AppleTV device name and MAC address but leave all other boxes empty 9. Click Register Shared Device. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
4. Disconnect the OSX Mountain Lion/iOS 6 device and delete it from the controller’s user table. Reconnect using the username that was added to the Shared With box. The OSX Mountain Lion/iOS 6 device should once again have access to the AppleTV. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
34.3 Troubleshooting Table 34- 1 Troubleshooting Problem Solution Limiting devices has no effect. Ensure IPv6 is disabled. Apple Macintosh running Mountain Lion can use AirPlay but iOS Ensure IPv6 is disabled. devices cannot. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Scenario 2—IPsec: Single Datacenter with Multiple Controllers for Redundancy (Page 535) Scenario 3—IPsec: Multiple Datacenter Deployment with Primary and Backup Controllers for Redundancy (Page 541) Scenario 4—GRE: Single Datacenter Deployment with No Redundancy (Page 547) SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
5. RADIUS server within corporate network and authentication survivability for branch survivability. 6. Wired and wireless users in L2 and L3 modes, respectively. 7. Access rules defined for wired and wireless networks to permit all traffic. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 531
35.1 Scenario 1 - IPsec: Single Datacenter Deployment with No Redundancy Topology The following figure shows the topology and the IP addressing scheme used in this scenario. Figure 35-1 Scenario 1 - IPsec: Single datacenter Deployment with No Redundancy SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 532
NOTE: The IP range configuration on each branch will be the same. Each AP will derive a smaller sub- net based on the client count scope using the Branch ID (BID) allocated by controller. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 534
Datacenter Configuration For information on controller configuration, see Configuring a Controller for AP-VPN Operations. Ensure that the upstream router is configured with a static route pointing to the controller for the L3 VLAN. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
● Distributed, L3 and Centralized, L2 mode DHCP on all branches. L3 is used by the employee network and L2 is used by the guest network with captive portal. ● Wired and wireless users in L2 and L3 modes. ● Access rules defined for wired and wireless networks. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 536
35.2 Scenario 2 - IPsec: Single Datacenter with Multiple controllers for Redundancy Topology The following figure shows the topology and the IP addressing scheme used in this scenario. Figure 35-2 Scenario 2 - IPsec: Single Datacenter with Multiple controllers for Redundancy SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 537
4. Configure Enterprise DNS. See Configuring Enterprise (scalance)(domains)# domain-name * The configuration example in Domains the next column tunnels all DNS queries to the original DNS server of clients without proxying on AP. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 538
"presharedkey" assumes 802.1X SSID. (scalance)(Auth Server "server1")# exit (scalance)(config)# wlan auth-server server2 (scalance)(Auth Server "server2")# ip 10.2.2.2 (scalance)(Auth Server "server2")# port 1812 (scalance)(Auth Server "server2")# acctport 1813 (scalance)(Auth Server "server2")# key "presharedkey" SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 539
(scalance)(Access Rule "guest")# rule any any match any any any permit NOTE: Ensure that you execute the commit apply command in the SCALANCE W CLI before saving the configuration and propagating changes across the AP cluster. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 540
Datacenter Configuration For information on controller configuration, see Configuring a Controller for AP-VPN Operations. Ensure that the upstream router is configured with a static route pointing to the controller for the L3 VLAN. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
● Wired and wireless users in L3 and NAT modes, respectively. ● Access rules for wired and wireless users with source-NAT-based rule for contractor roles to bypass global routing profile. ● OSPF based route propagation on controller. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 542
The IP addressing scheme used in this example is as follows: ● 10.0.0.0/8 is the corporate network. ● 10.30.0.0/16 subnet is reserved for L3 mode –used by Employee SSID. ● 10.40.0.0/16 subnet is reserved for L3 mode –used by Contractor SSID. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 543
3. Configure Enterprise DNS for split See Configuring Enterpri- (scalance)(domains)# domain-name corpdo- DNS. The example in the next column se Domains main.com uses a specific enterprise domain to tunnel all DNS queries matching that domain to corporate. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 544
(scalance)(Auth Server "server1")# key "presharedkey" (scalance)(Auth Server "server1")# exit (scalance)(config)# wlan auth-server server2 (scalance)(Auth Server "server1")# ip 10.2.2.2 (scalance)(Auth Server "server1")# port 1812 (scalance)(Auth Server "server1")# acctport 1813 (scalance)(Auth Server "server1")# key "presharedkey" SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
● RADIUS server within corporate network and authentication survivability for branch survivability. ● Wired and wireless users in L2 mode ● Access rules defined for wired and wireless networks to permit all traffic SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 548
35.4 Scenario 4 - GRE: Single Datacenter Deployment with No Redundancy Topology The follwoing Figure shows the topology and the IP addressing scheme used in this scenario: Figure 35-4 Scenario 4 - GRE: Single Datacenter Deployment with No Redundancy SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
DHCP allows a computer to be configured automatically, eliminating the need for a network administra- tor. DHCP also provides a central database to keep track of computers connected to the network. This database helps in preventing any two computers from being configured with the same IP address. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 554
Derived from TACACS but an entirely new and separate protocol to handle AAA services. TACACS+ uses TCP and is not compatible with TACACS. Because it encrypts password, username, authoriza- tion, and accounting, it is less vulnerable than RADIUS. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 555
(RF) signals rather than through end-to- end wire communication. WLAN Wireless local area network (WLAN) is a local area network (LAN) that the users access through a wireless connection. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Appendix B.2 Acronyms and Abbreviations Acronyms and Abbreviations The following table lists the acronyms and abbreviations used in Siemens documents. Acronym or Abbreviati- Definition Third Generation of Wireless Mobile Telecommunications Technology Fourth Generation of Wireless Mobile Telecommunications Technology Authentication, Authorization, and Accounting...
Page 557
Distributed Coordination Function DDMO Distributed Dynamic Multicast Optimization Data Encryption Standard Dynamic Frequency Selection Discreet Fourier Transform DHCP Dynamic Host Configuration Protocol DLNA Digital Living Network Alliance Dynamic Multicast optimization Distinguished Name Domain Name System SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 558
Extended Service Set Identifier EULA End User License Agreement Federal Communications Commission Fast Fourier Transform FHSS Frequency Hopping Spread Spectrum Forwarding Information Base FIPS Federal Information Processing Standards FQDN Fully Qualified Domain Name SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 559
Internet of Things Internet Protocol Intelligent Power Monitoring Intrusion Prevention System IPsec IP Security ISAKMP Internet Security Association and Key Management Protocol Internet Service Provider JSON JavaScript Object Notation KBps Kilobytes per second SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 560
Multiprotocol Label Switching MPPE Microsoft Point-to-Point Encryption MSCHAP Microsoft Challenge Handshake Authentication Protocol Maximum Segment Size MSSID Mesh Service Set Identifier MSTP Multiple Spanning Tree Protocol Maximum Transmission Unit MU-MIMO Multi-User Multiple-Input Multiple-Output SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 561
PEAP-GTC Protected Extensible Authentication Protocol-Generic Token Card Policy Enforcement Firewall Perfect Forward Secrecy Per-hop behavior Protocol-Independent Multicast Personal Identification Number PKCS Public Key Cryptography Standard Public Key Infrastructure PLMN Public Land Mobile Network SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 562
Request to Send RTSP Real Time Streaming Protocol Routed VLAN Interface Rest of World Security Association SAML Security Assertion Markup Language Subject Alternative Name Station Control Block SCEP Simple Certificate Enrollment Protocol Secure Copy Protocol SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 563
TACACS Terminal Access Controller Access Control System TCP/IP Transmission Control Protocol/ Internet Protocol TFTP Trivial File Transfer Protocol TKIP Temporal Key Integrity Protocol Transport Layer Security Type-length-value Type of Service Transmit Power Control SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 564
Wide Area Network WebUI Web browser User Interface Wired Equivalent Privacy Wi-Fi Alliance WIDS Wireless Intrusion Detection System WINS Windows Internet Naming Service WIPS Wireless Intrusion Prevention System WISPr Wireless Internet Service Provider Roaming SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 565
Wi-Fi Multimedia WLAN Management System Wi-Fi Protected Access WSDL Web Service Description Language World Wide Web Wireless Zero Configuration XAuth Extended Authentication Extensible Markup Language XML-RPC XML Remote Procedure Call Zero Touch Provisioning SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
A specified range of frequencies of electromagnetic radiation. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 567
IEEE 802.11 standards The IEEE 802.11 is a set of standards that are categorized based on the radio wave frequency and the data transfer rate. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 568
These network elements or clients use radio signals to communicate with each other. Wireless networks are set up based on the IEEE 802.11 stand- ards. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...
Page 569
(RF) signals rather than through end-to- end wire communication. WLAN Wireless local area network (WLAN) is a local area network (LAN) that the users access through a wireless connection. SCALANCE W1750D UI Configuration Manual, 02/2018, C79000-G8976-C451-02...