WLAN 3 x Training OAW Products Alcatel-Lucent

Скачать презентацию WLAN 3 x Training OAW Products Alcatel-Lucent —

9e774b2b7adc253e0218b6782b2659ea.ppt

Количество слайдов: 144

WLAN 3. x Training OAW Products Alcatel-Lucent - Enterprise Solutions Division

Agenda 1. Products Overview 2. Wireless Basic 3. CLI Configuration Overview 4. GUI Configuration Overview 5. Basic System Setup 6. AP Configuration 7. Managing System Images 8. Basic Configuration Sample 9. Lab : Basic System Configuration 2 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

1. Products Overview

Why Alcatel-Lucent § Complete communication solutions provider § Market leadership in key data, voice, video and fixed mobile convergence technologies § turnkey solutions § over 500, 000 customers data/IP broadband § Presence invoice 130 countries over satellite outsourcing optical #1 in broadband, switching, optics, satellite, telecom, … 4 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009 submarine

What Can Alcatel-Lucent Enterprise Solutions Do For You? Build the IP Communications House Communications Applications Voice over IP IP Network Infrastructure 5 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Alcatel-Lucent EBG Product Portfolio IP Networking Core Layer/ Large Scale Distributed Layer/ Medium Scale Access Layer/ Small Scale Router(WAN) Omni. Stack 6200 Omni. PCX Office 7750/7450 Omni. Switch 7800 Omni. Switch 6600/ 6602 Omni. Switch 9800/9700 Omni. Switch 9600 Omni. Switch 6400 WLAN Vo. IP OAW 6000 s/SUP-III OAW 4 x 04 Omni. Access 780 Omni. Switch 6855 OAW 4324/08/04 Omni. PCX Enterprise Omni. Access 740 Omni. Switch 7700 Omni. Switch 6850/ 6850 Lite Omni. Access 720 s IP Phone OAW-AP 4 x/6 x/70/12 x/85 Omni. Vista 2500 Mobile 보안과 관리 NAC Brick Family Vital Suite/QIP Safeguard Cybergatekeeper 6 | Presentation Title | Month 2009 Firewall/ VPN Performance Management All Rights Reserved © Alcatel-Lucent 2009 Quarantine Manager NLG 3500

Alcatel-Lucent WLAN Solution

기존 무선랜 솔루션 vs. Omni. Access WLAN solution 기존 무선랜 솔루션 Access points Site survey Access points Packet capture Air monitors Wi. Fi IDS / IPS WLAN switches/blades 통합된 토탈 솔루션 제공 향상된 보안성 Captive portal 확장 용이 VPN concentrator 풍부한 기능 지원 편리한 관리 기능 LAN-speed firewall 쉬운 설치 투자비 감소 Qo. S devices 8 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Omni. Access Wireless Switches의 특징 Wi. Fi 관리 Adaptive RF, Packet Capture, Location Tracking Roaming, SSID Mgmt, RF Fingerprinting Wi. Fi 보안 Wi. Fi 환경 Radius LDAP Active Dir. Wi. Fi IDS/IPS, Rogue AP Defense 암호화 WEP, TKIP, AES, 3 DES 인증과 사용자 무결성 체크(HIC) MAC, Captive Portal, 802. 1 x, VPN 권한 제어 User/Flow Stateful FW + Content Inspection re-direction Network 접속제어 Service Provisioning Network Integration 트래픽 관리 Qo. S/Priority/Bandwidth Contracts 네트워크 서비스 Routing, VLANS, NAT, DHCP, Switching 9 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009 Management Wi. Fi 접속제어 Policy Control Wi. Fi IDS/IPS

Alcatel-Lucent WLAN System 소개 § Alcatel-Lucent WLAN System 구조 § § Alcatel-Lucent WLAN Switch § 무선랜을 위한 Alcatel 고유의 하드웨어 아 키텍쳐를 통한 성능 향상 § Performance 향상을 위해 각 기능별 4개의 별도 Processor사용 차세대 Access Point § 두 개의 주파수 대역을 지원하는 다목적 AP § 802. 11 a, b/g/n 지원가능 § User access and air monitoring § 프로그래밍 가능 § Linux 기반 § 응용 프로그램 사용 가능 § - 무선 패킷 캡쳐 가능 § - 위치 확인 § 설치의 용이성 § Alcatel 스위치를 통한 자동설정 10 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009 Wireless Control Processor Wireless Packet Processor Wireless Security Processor Wireless Switching Processor

Alcatel WLAN Switch 소개 § Alcatel WLAN Switch 제품군 § Omni. Access 6000 WLAN Switches § § § 4 Slot의 샤시형 Data 센터 내에서 Remote AP의 중앙 관리 가능 64 ~ 2048 AP 관리 가능 Line card 당 24 10/100 Po. E 지원 인터페이스 와 2 GE uplink 포트 제공 SUP-III당 2 10 GE 와 10 1 GE 지원 802. 11 a/b/g/n 지원 § Omni. Access 4504/4604/4704 Wireless Switches § 4 x Dual personality ports 10/1000 Base-T (RJ-45) or § 1000 Base-X (SFP) § 32/64/128 의 AP 관리 가능 § 802. 11 a/b/g/n 지원 § Omni. Access 4302/4308/4324 Wireless Switches § § 장비당 0/8/ 24 10/100 Po. E 인터페이스 제공 1 or 2 port Gigabit uplink 포트 제공 6/16/48 AP의 AP 관리 가능 802. 11 b&g and 802. 11 a/b&g (multimode) 11 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

OAW 6000 with Sup III § Capacity § Up to 2, 048 Campus Connected APs 40 x 1000 Base-X (SFP) § Up to 8, 192 Remote APs § Up to 32, 768 Users § Performance § 80 Gbps Clear (full-duplex) § 32 Gbps Crypto (3 DES, AESCBC 256) § 16 Gbps Crypto (AES-CCM) § Compatibility § Up to 4 Sup III per 6000 chassis § Supports legacy Line cards § Requires 400 watt PSU § All Components Modular, Hot-Swappable Fan Tray 8 x 10 GBase-X (XFP) Redundant PSUs Up to 4 M 3 Modules 12 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

OAW 4504, 4604, 4704 • • Capacity • OAW-4504 • Up to 32 Campus Connected APs • Up to 128 Remote APs • Up to 512 Users • OAW-4604 • Up to 64 Campus Connected APs • Up to 256 Remote APs • Up to 1, 024 Users • OAW-4704 • Up to 128 Campus Connected APs • Up to 512 Remote APs • Up to 2, 048 Users Performance • 1. 6 Gbps, 4 Gbps and 8 Gbps crypto performance (3 DES, AESCBC 256) • 800 Mbps, 2 Gbps, 4 Gbps crypto performance (AESCCM) • 3 Gbps, 4 Gbps, and 4 Gbps wired Non-encrypted Throughput Performance (full-duplex) Interfaces • 4 x Dual personality ports 10/1000 Base-T (RJ-45) or 1000 Base-X (SFP) • 1 x RJ-45 Serial Console Port Programmable Architecture • Multi-core, Multi-threaded Network Processor • Dedicated Crypto cores 13 | Presentation Title | Month 2009 Dedicated Network Processors Dedicated Hardware Crypto Cores Multiple Dedicated Control Processors 1 RU 19” Enclosure Serial Console Port Status LEDs All Rights Reserved © Alcatel-Lucent 2009 4 x Dual personality ports 10/1000 Base-T (RJ-45) or 1000 Base-X (SFP)

Alcatel-Lucent WLAN Switch 성능 Number of AP Branch 2048 Regional HQ Large Branch Medium-802. 11 n Large – 802. 11 n OAW-6000 -2048 (with Supervisor III) 512 OAW-6000 -512 (Dual Supervisor II) 256 128 OAW-4704 64 OAW-4604 OAW-4324 Pay as you grow capability 48 32 16 4 OAW-4504 OAW-4308 OAW-4304 1 Gbps / 200 Mbps 14 | Presentation Title | Month 2009 Performance (Clear text / encrypted) 2 Gbps / 400 Mbps 6 Gbps / 8 Gbps / 1. 6 Gbps 4 Gbps 8 Gbps / 8 Gbps All Rights Reserved © Alcatel-Lucent 2009 8 Gbps / 7. 2 Gbps 80 Gbps / 32 Gbps

Alcatel-Lucent Access Point 소개 (11 a/b/g) Single Radio APs § Software Configurable 802. 11 a OR b/g § AP / Air Monitor / Remote AP / Mesh § Internal or External Antenna Options OAW-AP 60 OAW-AP 61 Dual Radio APs § Dual-Radio 802. 11 a AND b/g § AP / Air Monitor / Remote AP / Mesh OAW-AP 70 OAW-AP 65 § Dual Fast Ethernet Interfaces (OAW-AP 70) for resiliency of secured RJ-45 port § Extensible USB Interface Port (OAW-AP 70) § Weatherproof, Outdoor (OAW-AP 85) OAW-AP 85 15 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Alcatel-Lucent Access Point 소개 (11 n) 802. 11 n Ready APs § Single Radio 802. 11 a OR b/g § AP / Air Monitor / Remote AP / Mesh § Adaptive Po. E (802. 3 af, Po. E+, 802. 3 at) § Dual Gigabit Ethernet Interfaces (resiliency and secured RJ-45 port) OAW-AP 120 abg OAW-AP 121 abg § 802. 11 n SW upgrade for future 802. 11 n MIMO APs § Dual Radio pre-802. 11 n a/n AND b/g/n § 3 x 3 MIMO 300 Mbps per radio § AP / Air Monitor / Remote AP / Mesh § Adaptive Po. E (802. 3 af, Po. E+, 802. 3 at) OAW-AP 124 16 | Presentation Title | Month 2009 OAW-AP 125 § Dual Gigabit Ethernet Interfaces (resiliency and secured RJ-45 port) All Rights Reserved © Alcatel-Lucent 2009

Enterprise WLAN The Business Benefits Mobility Location tracking § enterprise-wide WLAN § users § guest access § equipment assets § internal WLAN hotspots § security § remote / branch office access § small office, home office access Converged communication services § converged mobile devices § fixed / mobile convergence 17 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Enterprise WLAN Requirements / Challenges Deployment § no disruption of existing network § RF engineering § new infrastructure § network redesign and upgrades Management § design and configuration § monitoring § troubleshooting § growth Security § authentication and encryption § identity-based security and guest access § rogues, ad-hoc networks, hacks and attacks § firewalling Availability § coverage § reliability § mobility § performance Convergence § Qo. S § security § load balancing § voice-aware 18 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Addressing the Management Challenges Planning, Deploying and Managing § Simplest RF planning tool § Zero-touch AP deployment model § Adaptive radio management § Real-time coverage maps § Centralized configuration and monitoring § Integrated packet capture for easy troubleshooting § Integrated location tracking 19 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Addressing the Availability Challenges Reliability, Coverage and Mobility § § VRRP-based redundancy requires no AP provisioning Split-second VRRP Failover APs automatically become aware of redundant topology when deployed across L 3 boundary § Modular architecture for scalability § Remote office connectivity with site-tosite VPN § Home office connectivity with remote AP § Hot. Standby Data Center Built-in Site-tosite IPSec VPN Internet Branch Office Mobile office connectivity with client VPN Remote AP with IPSec VPN Regional Office Auto-awareness of Redundant topology (No priming needed) Home Office Public Hotspot OAW Client 20 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Addressing the Security Challenges Authentication, Authorization and Control § Integrated stateful firewall § Role-based access control § Built-in client integrity § Centralized 802. 11 i security § Built-in AAA services § L 1 -L 7 wireless IPS § Rogue detection services Direct Interface to Microsoft Active Directory Wireless Controller Centralized Encryption Keys Rights, Qo. S, VLAN Built-in Rogue Detection & Containment Wired L 2 / L 3 Transport Access Point § Quarantine Manager SSID: GUEST SSID: CORP SSID: VOICE Rogue AP Scan & Quarantine Un-trusted Users Employees 21 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009 Voice Guest

Addressing Enterprise Applications Convergence Services to Meet the Needs of Business § Qo. S for application-aware traffic management § Security to protect the network, users, and remote clients § Load-balancing automatically distributes clients across multiple APs § Application-aware design allows better management of time sensitive applications (voice) 22 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Adding Vo. IP is Easy with Omni. Access Wireless § Bi-directional Qo. S on wired and wireless network 1 Protocol-aware voice § Voice flow classification ensures Qo. S for converged devices with single SSID for voice and data flow classification and security 2 802. 1 p or DSCP prioritized voice packets Wired Data Packets 3 Call admission control § § distributes call volume between access points Call admission control ensures Qo. S in the wireless environment 4 Secure devices that support only MAC auth against spoofing RF management 5 channel scanningstops when Converged voice and data packet stream with WMM tags voice clients are present 23 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009 Wireless Single ESSID for Voice & Data

Omni. Access Wireless Features and Services Base Feature Set OMNI VISTA WLAN Switch Base Omni. Access MOBILITY MANAGER Software § Alcatel-Lucent’s standard WLAN software provides unprecedented control over the entire wireless environment, offering intelligent / centralized WLAN switching and advanced services. Services Included in Base Software § § § § § WLAN switching and Dynamic RF management Embedded management Adaptive Radio resource Management (ARM) Authentication – MAC, 802. 1 x, Captive Portal Encryption – WEP, WPA 2 / 802. 11 i Mobility – seamless hand-over – L 2/L 3 Rogue Access Point Detection, Classification, Containment Wireless Qo. S – WMM, SVP, T-Spec, U-APSD Per SSID AAA server selection Switch to switch IPSec encryption for control traffic 24 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Omni. Access Wireless Features and Services Additional Hardware and Software Modules OMNI VISTA MOBILITY MANAGER Omni. Vista 3600 Air Manager § Centralized visibility of the mobile edge Switch level modules § Policy Enforcement Firewall module § Wireless Intrusion Protection (WIP) module § Voice Service Module § VPN Server Module § Mesh AP License Module § Remote AP License Module § External Services Interface Module § x. Sec Module 25 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Omni. Access Wireless Features and Services Policy Enforcement Firewall Module §Policy Enforcement Firewall module § User and group policy enforcement through an integrated, ICSA-certified stateful firewall § Security policies can be centrally defined and enforced on a per-user or per-group basis § Policies are enforced dynamically, following users as they move and taking into account a variety of metrics such as: User location Key benefits § Firewall permit/deny/drop/log (ICSA certified to version 4. 1 corporate standard) § Role-based services for user / group class of service differentiation, bandwidth contracts § Qo. S - priority traffic queues, BW contracts, traffic marking 802. 1 p/DSCP Time-of-day Device type Authentication method 26 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Omni. Access Wireless Features and Services Wireless Intrusion Protection Module §Wireless Intrusion Protection module § Patented classification technology that identifies and protects against vulnerabilities and malicious attacks § Ad-hoc networks § Client and AP impersonation § Denial of service attacks § Man-in-the-middle attacks Key benefits § Detection of: § Network probing and Do. S attacks, impersonation and man-in-the-middle attacks § Unauthorized devices (ad-hoc networks, Windows bridging, wireless bridges) § Prevention of: § Clients roaming to unauthorized APs § Attempted intrusion 27 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Omni. Access Wireless Features and Services Voice Service Module §Voice service module “off-hook” – active - phones § Stateful Vo. WLAN Qo. S § Voice Connection Admission Control § Stateful voice load balancing § Voice-aware ARM, 802. 1 x § Automatic Voice Prioritization § Troubleshooting and security § WMM, T-Spec enforcement § Phone number awareness § Voice flow quality measurement Key benefits “on-hook” phone § Improved end user experience • Qo. S mechanisms such as CAC ensures optimum audio quality even as network load increases • Mechanism such as voice-aware Qo. S and stateful load balancing minimizes call drops § Improved troubleshooting and security • Voice Clients are identified by phone numbers, key call quality metrics are availblr to network administrator • WMM and T-Spec security is enforced by stateful firewall 28 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Omni. Access Wireless Features and Services VPN Server Module §VPN Server module § Integration support for a variety of VPN implementations Eliminates need for discrete, external VPN concentrators § Hardware acceleration provides LAN-speed VPN connectivity § Both client termination as well as site-tosite VPNs are supported § Supported VPN protocols include: L 2 TP/IPSec IPSec/XAUTH PPTP Key benefits § Complete client VPN services - PPTP, L 2 TP/IPSec § Site-to-site VPN services - IPSec NAT-T transport mode tunnels between Omni. Access WLAN switches or third-party VPN concentrators 29 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Omni. Access Wireless Features and Services Mesh AP License Module Mesh Link Mesh Path Omni. Access Mesh Point Omni. Access Mesh Portal Omni. Access WLAN switch §Mesh AP module Wire-line network § Securely extend wireless network beyond the reach of wire-line infrastructure § Mesh Points and Mesh Portals allow seamless, campus-like WLAN connectivity § Mesh Points support Ethernet bridging over the mesh network Key benefits § Allows for coverage of areas such as university campuses, docks, ship yards, warehouses where wires cannot be used § Consistent services and management model with regular APs § Survivability – survives mesh points / mesh portal through dynamic L 2 routing protocols 30 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Omni. Access Wireless Features and Services Remote AP License Module §Remote AP module § Securely extend corporate wireless functionality to any location with an Internet connection § Remote APs allow seamless, corporate-like WLAN connectivity § Remote office § Home § Anywhere a mobile worker chooses to work Key benefits § Remote access point - termination of remotely deployed APs using IPSec transport § Flexible modes of operation: Tunnel mode – all traffic is tunneled to the WLAN switch Local bridging – all traffic is forwarded by the Remote AP at the remote location Split tunneling (requires PEF module) – policy-based forwarding of packets in the tunnel or locally § Survivability – survives WAN failure with pre-shared key auth/encryption 31 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Omni. Access Wireless Features and Services External Services Interface Module §External Services Interface module § Per FQDS AAA server selection § Allows an Omni. Access WLAN switch to communicate with external service devices (Fortinet cluster) § Supports advanced interaction with authentication, authorization, and accounting (AAA) services infrastructure Key benefits § Choice of AAA server for authentication § XML API for captive portal (external captive portal server support) § Content inspection with external appliance, Fortinet integration Note: requires that the Policy Enforcement Firewall module is installed 32 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Omni. Access Wireless Features and Services x. Sec Module §x. Sec module § Termination of highly secure x. Sec client sessions § Link-layer 256 -bit AES-CBC encryption with complete header obscuration for highly sensitive environments § Enables encryption of trunk ports between WLAN switches based on the same strong encryption standard X-Sec Tunnel Layer 2 Connectivity Key benefits § Client/server x. Sec: termination of AES layer 2 x. Sec secure VPN sessions § Point/point x. Sec: termination of AES layer 2 x. Sec secure VPN switch port session 33 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Completing the Solution Benefits of Alcatel-Lucent’s Enterprise Portfolio § End-to-end, highly available, consistent solution § complete set of switching solutions sharing common feature set thus enabling the perfect fit for any need § superior availability for better voice services § Smart Po. E for every need § Po. E flavors for all switching needs § dynamic power allocation allowing maximized efficiency § Enhanced security § unique support of 802. 1 x authentication § not recognition but authentication § Best in class support for Vo. WLAN § roaming, handover, Qo. S, security § Single management platform § wired, wireless and voice management on the same server § same GUI and look and feel across applications 34 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Wireless Network Management Platform Supported Platforms: Omni. Vista 3600 Air Manager § Hardware 2 servers to support the OV 3600 applications (OV 3600 -HWPRO, OV 3600 -HWENT) Software Centralized network management (Network Discovery, Firmware distribution, Real-time and historical trend reports) Granular administrative access (Role-based, Network segment based) Rogue Access Point Detection and Classification Display of location information for all wireless users and devices Up-to-date heatmaps and channel maps for RF diagnostics 35 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Summary: The Alcatel-Lucent WLAN solution §Delivering business benefits… §Best-in-class functionality for lowest TCO § mobility § location tracking § Easy to deploy § converged communication services § Easy to secure § Easy to manage §…by meeting the Wireless LAN challenges § management § Easy to scale § Easy to add voice § security § availability § convergence services 36 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

2. Wireless Basic

무선랜의 개요 §네트웍 구축 시 기존의 트위스트 페어 케이블, 동축 케이블 등을 전송 신호로 이용하던 유선 랜 대신 고주파수의 전파 (Radio Frequency)나 적외선등을 이용하여 대기를 통신 채널로 이용하는 Network §데이터를 전송하는 방식은 여러가지 제품이 있으나 도달거리, 성능, 보안성을 고려하여 ISM 과 UNII Band를 이용하는 Spread Spectrum 방식의 무선랜이 가장 보편화되어 있음 §사용자들에게 높은 이동성과 편의성, 구축 용이성, 확장성을 제공 함으로서 기존 LAN의 보완 및 대체를 통한 효율성 및 생산성 제고 측면에서 널리 사용되고 있음 §ISM and UNII Spectra §국제 표준화는 1990년 10월부터 위원회에 IEEE 802. 11에 의해 무선 매체 접근제어 물리계층 규격에 대한 표준화가 OSI 참조모델에 준하여 진행되고 있다. 38 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

무선랜 표준 (802. 11 a/b/g) 802. 11 a 802. 11 b 802. 11 g 2. 4 Ghz 5 Ghz 2. 4 Ghz 1, 2 Mbps 54 Mbps 11 Mbps 54 Mbps OFDM DSSS OFDM 1. 2 Mbps 25 Mbps 20 Mbps 100 M 70 M 100 M Yes Yes 40 bit 104 bit RC 4 Protocol RC 4 802. 1 X 주파수대역 최대전송속도 변조방식 실제 최대 전송속도 평균 전송 거리 암호화 FHSS DSSS 40 bit 암호화 형태 RC 4 인증 방식 No 기 타 39 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

무선랜 표준 (802. 11 n) §SISO -> MIMO SISO (Single Input Single Outpur)를 MIMO (Multiple Input Multiple Output) 다중 송수신 안테나 기술을 채택하여 송수신 데이터 효율을 높였으며, MIMO 방식의 스마트 안테나는 노이즈를 최소화하여 원활한 데이터 전송경로를 조정 한다. §효율성이 강화된 MAC 실제 데이터 처리 속도를 물리적 계층의 속도와 가깝게 만들어 사용자들에게 최소100 Mbps의 속도 보장 (최대 600 Mbps) 기존의 시스템은 통신의 확실성을 위해 하나의 패킷을 보낼 때마다 엑세스 포인트로 부터 수신 성공 패킷(ACK)를 기다려야 한다. 그리고 공평한 송수신권 할당을 위해 무선랜 단말이 패킷을 계속해서 보내려 할 때에도 ACK 수신기에 일정 시간을 기다리지 않으면 다음 패킷을 송출할 수 없다. 802. 11 n에서는 프레임 집속 (Focusing) 기능을 통해 ACK 빈도를 최소화 하고 그 효율성을 최대화 한다. §복수의 안테나와 첨단 코딩을 통한 더 늘어난 송수신 가능 거리 일정한 무선 스피드를 유지하면서 접속 가능 범위 확대 (현재의 약 3배 정도) § 2010년 표준화 완료 예정 40 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

무선랜 표준 (802. 11 n) 802. 11 n Protocol 주파수대역 최대 전송속도 변조방식 실제 최대 전송속도 평균 전송 거리 암호화 형태 인증 방식 5 Ghz 2. 4 Ghz 약 600 Mbps 약 300 Mbps MIMO & 개선된 OFDM 300 Mbps 이상 150 Mbps 이상 약 210 M 약 300 M Yes 40 bit, 104 bit, 152 bit, RC 4 802. 1 X 기 타 41 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

무선랜 보안 기술 PEAP EAP-TTLS EAP-MD 5 Authentication Shared Key Dynamic WEP TKIP AES MAC Filtering Default 42 | Presentation Title | Month 2009 WPA Static WEP etc Not Secure MAC Authentication Open Encryption EAP-TLS SSID Disabled Authentication server All Rights Reserved © Alcatel-Lucent 2009 Most secure

무선랜 보안 접속 흐름도 AP STA IEEE 802. 11&11 i Radius 802. 11 Beacon 802. 11 Associate-Request 802. 11 Associate-Response IEEE 802. 1 X EAPOL-Start EAP-Request/Identity EAP-Response/Identity RADIUS-Access-Request EAP-Response(Credentials) RADIUS-Access-Request EAP-Success IEEE 802. 11 i EAPOL-Key(P, ANonce) EAPOL-Key(P, Snonce, MIC, RSN IE) EAPOL-Key(P, ANonce, MIC, RSN IE) EAPOL-Key(P, MIC) EAPOL-Key(G, Index, GNonce, RSC, MIC, GTK) EAPOL-Key(G, MIC) IEEE 802. 11 aa 44 | Presentation Title | Month 2009 RADIUS-Access-Challenge Access Allowed All Rights Reserved © Alcatel-Lucent 2009 RADIUS-Access-Accept & MS-MPPE(PMK)

WLAN Switch - Multi-Layered Security Application Security Network-Layer Security Link-Layer Security Wireless Intrusion Protection 45 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Centralized Wireless ACCESS DISTRIBUTION CORE DATA CENTER FLOOR x EMPLOYEE GUEST GRE Tunnel WLAN Controller §AP Communications 1. AP가 Switch port에 연결되어 있고 AP의 전원이 켜진다면 설정된 IP로 Controller를 찾는다. (AP가 DHCP 를 사용하는 경우에는 DHCP 서버로부터 IP를 받게됨) 2. AP는 Boot Image(TFTP)를 Controller로부터 받게되고 Control Protocol을 위한 PAPI (UDP 8211) 연결을 생성한다. 3. AP는 WLAN controller로부터 인증이 되고 AP와 Controller간에 GRE Tunnel이 생성된다. 4. 모든 Clent의 통신은 GRE tunnel에서 암호화 되어 Controller로 전송된다. 46 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

WLAN Switch의 동작 Flow 1. Client는 802. 11 association request을 보내고 그것은 자동적으로 AP를 통해서 WLAN switch로 전달된다. 2. WLAN switch는 association acknowledgement로 응답한다. 3. Client와 WLAN switch는 802. 1 x authentication 인증절차를 RADIUS server와 연동해서 진행한다. 4. Encryption key를 WLAN switch에 pass하고 user의 encryption keys를 획득 후 암호화된 data를 보내기 시작한다. 5. WLAN switch는. 11 MAC 기반으로 decrypts data, processes packet, applies services and forward packets들을 수행한다. Corp Backbone 5 3 4 2 1 RADIUS 47 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Generic Routing Encapsulation (GRE) 0 8 Ver HL 16 TOS Total Length Identification TTL 31 IP packet Flags Fragm. Offset Protocol Header Checksum Delivery Header GRE packet Src Address Dest Address C Reserved v Checksum (opt. ) Protocol Type Reserved 1(opt. ) Payload 48 | Presentation Title | Month 2009 GRE Header Payload Packet All Rights Reserved © Alcatel-Lucent 2009 Payload packet (original)

3. CLI Configuration Overview

CLI Configuration Overview q OAW Switch는 CLI와 GUI(Web)을 이용한 Configuration 방식을 지원 § CLI Access 방법 Local Serial Interface Remote Telnet or SSH session § GUI Access 방법 Remote Web browser Internet Explorer and Netscape/Firefox 지원 § CLI는 세가지 mode로 구성 User Enable or Privileged Configure 51 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

CLI Access q Default 상태에서는 Serial Console or SSH를 통해 접근 가능 § Serial Cisco-compatible RJ-45 serial cable 9600, N, 8, 1, No flow control § SSH Version 2 Password based q Telnet 접근을 가능하게 하기 위해서는 아래의 설정 필요 § (Alcatel 4324) (config) #telnet cli 52 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

CLI User Mode q User Mode § ( > )의 prompt 상태 (Alcatel 4324) > § Basic utilities (Ping, Traceroute, etc) 사용 가능 § User mode에서 아래의 항목은 사용 불가능 Display or changing of any info that might be a security risk, such as ACLs, Policies, SNMP, IP addressing, etc. Entry into Configuration mode – Must enter Enable mode first § “enable” 명령어에 의해 Enable mode로 변경 53 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

CLI Enable Mode q Enable Mode § (#)의 prompt 상태 (Alcatel 4324) # § 모든 configuration information에 대해 display 가능 § Configuration mode로 이동 가능 § “configure terminal” 명령어에 의해 Configuration mode로 변경 § “exit” 명령어에 의해 user mode로 return 54 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

CLI Configuration Mode q Configuration Mode § “(config) #” 의 prompt 상태 (Alcatel 4324) (config) # § User는 OAW switch에 대해 Config가 가능한 상태 § Enable mode에서만 Configuration mode로 변경 가능 § ^Z 또는 “exit” 명령어에 의해 Enable mode로 return 가능 § 사용한 명령어들은 running config 바로 적용됨 § Config를 Startup (NVRAM)로 저장하는 명령어 필요 (Alcatel 4324) (config) # copy running-config startup-config 55 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

CLI Feature Overview q Command Completion § key를 이용한 명령어 완성 가능 q Context-sensitive help § “? ” 명령어를 이용하여 다음에 사용 가능한 명령어 확인 가능 (Alcatel 4324) #cl? clear Clear configuration clock Configure the system clock (Alcatel 4324) #clock ? set Set the time and date 56 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

CLI Feature Overview q Configuration을 확인하는 명령어 (Alcatel 4324) #show running-config (Alcatel 4324) #show startup-config q Configuration 출력 시 다음의 Option 사용 가능 (Alcatel 4324) #show running-config | ? begin Begin with the Line that matches exclude Exclude Lines that match include Include Lines that match q Switch configuration 삭제 명령어 (Alcatel 4324) #write erase all All the configuration will be deleted. Press 'y' to proceed : y Write Erase successful Write erase : 전체 Configuration만 삭제 Write erase all : 전체 Configuration와 등록된 License도 삭제 57 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Omni. Access File System q 256 MB of Flash(기종별로 다름) q 3 partition으로 분할 § 2 system partitions (45 MB each) § 1 user partition (165 MB) q System partitions § Hold system software § 2 copies - Active and Backup q User partition § Holds everything else § Startup config § Databases § Log files 58 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

File System Commands q File system 명령어 § Dir flash file system의 file을 출력 § Delete flash file system의 file을 삭제 § Copy Enable or Config Mode에서 copy 명령어 사용 가능 (Alcatel 4324) #copy [source] [destination] Source and Destination can be: – – – – 59 | Presentation Title | Month 2009 flash: ftp: Log running-config startup-config system: tftp: All Rights Reserved © Alcatel-Lucent 2009

CLI Copy Command q TFTP server로 running configuration을 Backup 명령어 (Alcatel 4324) #copy running-config tftp: 172. 16. 1. 50 2400. cfg Saved Configuration 60 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Rebooting the Omni. Access Switch q ‘reload’ 명령어로 Switch reboot 가능 (Enable Mode) (Alcatel 4324) #reload Do you want to save the configuration(y/n): y Saving Configuration. . . Saved Configuration Do you really want to reset the system(y/n): y System will now restart! 61 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Port Naming Conventions q CLI 에서 Port type format § / § “Fast. Ethernet” - 10/100 Ethernet port § “Gigabit. Ethernet” - Gigabit Ethernet port q Exception § “port-channel” - Etherchannel - port-channel <#> 62 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

4. GUI Configuration Overview

GUI (Web) Management Access q Initial setup후에는 GUI를 통해 모든 system management가 가능 q GUI에서는 Wireless information의 변화에 대한 monitoring과 Wireless 구성에 대한 설 정이 가능 64 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

5. Basic System Setup

Initial Setup Dialog q 초기 Booting시 (또는 Config를 초기화 후), switch는 basic switch parameter를 설정할 수 있는 initial setup dialog가 제공됨 q Initial setup는 Serial console에서만 사용 가능 q Initial setup은 skip이 불가능함 • ********* Welcome to the OAW-4308 setup dialog ********* • This dialog will help you to set the basic configuration for the switch. • These settings, except for the Country Code, can later be changed from the • Command Line Interface or Graphical User Interface. • Commands: Submit input or use [default value], Help • Back, Forward, Line begin, Line end • Delete, Delete back, Delete to end of line • Previous question Restart beginning 73 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Initial Setup Dialog Enter system name [Alcatel 4324]: Hostname은 CLI prompt 또는 SNMP system name으로 사용. GUI or Captive Portal에서 이 hostname으로 표 시됨 Enter VLAN 1 interface IP address [172. 16. 0. 254]: Switch의 default VLAN에 대한 interface IP address 설정 Enter VLAN 1 interface subnet mask [255. 0]: VLAN interface subnet mask 설정 Enter IP Default gateway [none]: Switch의 Default Route 설정. ( uplink된 router의 IP) Enter Switch Role, (master|local) [master]: Switch의 Role 설정. single-switch network라면 master를 선택하고 만약 기존 Network에 추가하는 것이라 면 local을 선택. 74 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Initial Setup Dialog Enter country code (ISO-3166), for supported list: Switch의 사용 국가 Country code 설정. 한국은 “ KR ”로 설정 Enter password for admin login (up to 32 chars): “admin”에 대한 Password 설정 Enter password for enable mode (up to 15 chars): Enable mode에 대한 password 설정 Do you wish to shutdown all the ports (yes|no)? [no]: 기본적으로 모든 port들을 shutdown할지 설정 75 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Initial Setup Dialog Current choices are: System name: OAW-4324 VLAN 1 interface IP address: 172. 16. 12. 2 VLAN 1 interface subnet mask: 255. 0 IP Default gateway: 172. 16. 12. 1 Switch Role: master Country code: KR Ports shutdown: no If you accept the changes the switch will restart! Type to go back and change answer for any question Do you wish to accept the changes (yes|no) 설정된 Basic config를 확인 후 Reboot하면 Basic config로 load 됨 76 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Setting Date and Time q Enable mode 에서 Date/Time Manual 설정 (Alcatel 4324) #clock set q NTP Server (Alcatel 4324) (config) # ntp server x. x q Timezone & DST 설정은 Config Mode에서 가능 (Alcatel 4324) (config) # clock timezone PST -8 (Alcatel 4324) (config) #clock summer-time PDT recurring first sunday april 02: 00 last sunday october 02: 00 -7 77 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Setting System Contact q System Contact는 SNMP query시 또는 GUI login page에서 표시됨 (Alcatel 4324) (config) # syscontact ”John Smith x 1234" 78 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Additional S/W Module License q “license add”의 명령어로 Software module을 등록 (Alcatel 4324) (config) # license add xxxxxx-xxxxx-xxxx q “license add”후에는 반드시 reload 필요 79 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Vlan Configuration q VLAN 설정은 GUI를 통해서도 가능 § Configuration/Network/VLAN § VLANs can be: Created Deleted Add L 3 VLAN Interfaces Assign DHCP Helper addresses § In the CLI: (Alcatel 4324) (config) #vlan 10 (Alcatel 4324) (config) #interface vlan 10 (Alcatel 4324) (config-subif)#ip address x. x (Alcatel 4324) (config) #interface Fast. Ethernet 1/0 (Alcatel 4324) (config-if) #switchport access vlan 10 82 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Port Configuration q Port 설정은 GUI를 통해서도 가능 § Configuration/Switch/Port § One or more ports can be selected and: Enabled or disabled Assigned to VLANs Made trusted or untrusted Enable 802. 3 af POE (default) or Cisco POE Assign a Firewall Policy (not used for AP connectivity) Made an 802. 1 q trunk port § GUI를 사용시에는 설정 후 반드시 “Apply”를 click하여 switch에 변경된 명령어를 update해야 하며 “Save Configuration” button을 click하여 현재 running config 를 startup config로 저장 필요 84 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Port Mirroring q Port Mirroring 은 CLI를 통해서만 설정 가능 (Alcatel 4324) (config) #interface fastethernet 1/22 (Alcatel 4324) (config-if)#port monitor fastethernet 1/0 q 위의 설정으로 1/0의 모든 Traffic은 1/22로 copy됨 86 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

DHCP Configuration q Two modes: § External DHCP Server (recommended) DHCP Relay (Helper Address) Configured on a per-VLAN basis at: Configuration/Network/VLAN § Internal DHCP Server Configured via: Configuration/Network/IP/DHCP Server Configured independently of VLANs - Subnet will match VLAN to DHCP scope Recommend naming scope after VLAN - ie “vlan-4” Must assign a complete subnet, then exclude ranges of addresses 87 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

ESSID Configuration q GUI에서 ESSID는 아래의 경로에서 먼저 profile을 생성 해야함 § Configuration/Advanced Services/All Profile Management/Wireless LAN 89 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

AP Provisioning q AOS-W <3. 0 § Location code (1 -256). (1 -163 § bldg. floor. location § Controller configuration ap location 0. 0. 0 All APs ap location 2. 3. 0 Bldg 2, floor 3 APs ap location 2. 3. 6 Bldg 2, floor 3, AP 6 q AOS-W 3. 0 § ap-name “ 63개 이상의 영문+숫자로 설정 가능” § ap-group “ 63개 이상의 영문+숫자로 설정 가능” § All controller config done through “ap-group” and “ap-name” statements 90 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

AP Provisioning q 초기의 AP default values § ap-name == AP wired MAC address § ap-group == “default” q 각 AP는 반드시 사용하는 ap-group에 속하도록 설정을 해야 함 91 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Spanning Tree q 기본적으로 Switch의 모든 port들은 Vlan 1에서 STP & RSTP spanning tree로 동작 q Spanning tree can be modified globally through the GUI at: Configuration/Network/Switch q To disable spanning tree in the CLI: § Globally: (Alcatel 4324) (config) #no spanning-tree § On a per-interface basis: (Alcatel 4324) (config) #interface fastethernet 1/0 (Alcatel 4324) (config-if)#no spanning-tree 94 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Profile Configuration q 2. 5에서 3. 0으로 OS가 변경되며 Wireless function에 대한 설정은 Profile형식으로 변경됨 q 생성한 Profile을 AP Configuration에서 적용하는 방식으로 설정 q GUI의 Configuration/Advanced Services/All Profile Management에서 각 Function별 Profile들을 생성 q GUI의 Configuration/AP Group에서 All Profile Management에서 생성한 Profile을 지정하 는 방식 95 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

6. AP Configuration

AP Connectivity q AP들이 switch에 연결되는 방법은 아래의 두 가지 방법이 존재 § Direct Attach The AP physically plugs into the Alcatel Switch. Power and Serial over Ethernet are available with this setup. § Indirect Attach The AP physically plugs into some other network device (switch or router) with L 2 or L 3 connectivity back to the Alcatel Switch. Power over Ethernet is available if the network device attached to the AP supports it. Serial over Ethernet is not supported. 98 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

AP Boot Sequence q AP는 booting시 아래의 정보가 필요 § IP Address, Netmask, Default Gateway § Location ID § IP Address of Alcatel WLAN Switch q AP 설정 방법은 아래의 2가지 방법이 존재 § Static All parameters manually configured § Dynamic AP only configured with a location ID (optional on first boot) 99 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

AP Static Boot Sequence 1. AP는 booting시 bootrom에서 저장된 설정값을 load 2. AP는 자신의 location ID를 OAW switch로 message 보냄 3. AP는 OAW switch로 TFTP request를 보내고 OS image download 4. AP의 Location ID를 기준으로 OAW switch에서 control 5. AP와 OAW siwtch간에 GRE tunnel이 생성 100 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

AP Dynamic Boot Sequence 1. AP는 booting시 bootrom에서 location ID를 loading 2. AP는 IP address에 대한 DHCP request를 보냄 3. 만약 vendor option 43 (masterip)이 포함된 DHCP response를 받으면 AP는 이것을 Master IP address로 사용 4. 만약 vendor option이 포함되지 않은 DHCP response를 받으면 AP는 “ADP” packet을 Multicast group 224. 0. 82. 11 주소로 보냄 5. 만약 보낸 Multicast ADP에 대해 response가 없다면 AP는 “ADP” packet을 L 2/L 3 broadcast (configure Master OAW Switch as a DHCP helper recipient)로 보냄 6. 만약 그래도 response가 없다면 AP는 설정된 DNS 서버(“alcatelmaster. domain. com”) 로 DNS query를 보내고 domain에서는 DHCP를 주면 AP는 이 것을 Master IP address로 사용 7. AP에 Master IP address가 결정되면 , Static config의 Step 2로부터 booting이 진행됨 101 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

AP Configuration q AP의 config는 Switch의 연결 전후에 따라 두 가지 방법이 필요 q AP가 Switch에 연결된 후, § GUI에서 설정 가능 q AP가 Switch에 연결되기 전, § AP가 직접 OAW switch에 연결되었다면 SOE (Serial over Ethernet)를 사용하여 설 정 가능 § SPOE adapter(AP console)을 이용하여 serial port를 통해 설정 가능 102 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Post-deployment Method q GUI “Re”provision q AP가 Configuration없이 Network에 연결되었다면 OAW switch에서 “Unprovisioned Alcatel AP” 부분에 표시되며 해당 AP를 선택하면 Reprovision 메뉴로 이동하며 Config 수정이 가능함 104 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Pre-deployment Configuration q SOE configuration q OAW switch CLI에서 SOE를 Enable (Alcatel 4234) # configure terminal (Alcatel 4234) (config)# telnet soe Switch IP로 Telnet을 port 2300을 이용해 접속 후 Swithc에 1/0 port에 AP가 연결되었 다면 connect 1/0을 입력 telnet x. x 2300 107 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

AP CLI q AP CLI 접속한 후에 AP를 다시 booting 시키고 stop autoboot 화면에서 enter 를 입력 해 bootrom mode booting q Commands: printenv – 현재 설정을 Display setenv variable – Setenv로 특정 value값들을 설정 (ex. ip, netmask etc. . ) save – AP flash에 configuration을 저장 boot – AP를 booting 108 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

AP CLI q Dynamic AP configuration에서는 location 설정만 필요 setenv location x. x. x save q Static AP configuration: q AP configuration 최기화 : AP boot mode setenv ipaddr x. x Purge setenv netmask x. x Save setenv gatewayip x. x reset setenv serverip x. x setenv master x. x setenv name xxxxxxx setenv group xxxxxxx Save 109 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Verifying AP/AP Configuration q From the CLI: q From the GUI: § Monitoring/Network/All Access Points § Monitoring/Network/All Air Monitors 110 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

7. Managing System Images

System Backup q To backup the system: § Config file (Alcatel 4324) #copy running-config tftp: x. x filename § WMS database (Alcatel 4324) #wms export-db wms. db (Alcatel 4324) #copy flash: wms. db tftp: x. x filename (Alcatel 4324) #local-userdb export-db user. db (Alcatel 4324) #copy flash: user. db tftp: x. x filename § RF Plan/Building List/Export… 112 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

System Restore q To restore the system: § Databases (Alcatel 4324) #copy tftp: x. x filename flash: wms. db (Alcatel 4324) #wms import-db wms. db (Alcatel 4324) ) #copy tftp: x. x filename flash: user. db (Alcatel 4324) #local-userdb import-db user. db § Config file (Alcatel 4324) #copy tftp: x. x filename flash: default. bak (Alcatel 4324) #copy flash: default. bak flash: default. cfg § RF Plan/Building List/Import… § Reload 113 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Adding System Images q CLI를 통한 System image upgrade q TFTP server로 IP connectivity 필요 § VLAN에 IP interface 설정 필요 § TFTP server IP로 switch에 ping이 가능해야 함 q Running system의 impact를 최소화 하기 위해 switch는 2개의 system image partition을 사용 § Active § Backup 115 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Adding System Images q Step 2: Copy new image (Alcatel 4324) #copy tftp: 172. 16. 1. 50 image_file_name system: partition 0 Upgrading partition 0. . . . . . . . . . . . . . . . . Copied image successfully. The system will boot from partition 1 during the next reboot. q Step 3: Default Boot 변경 ([OAW 4308]) #boot system partition 0 q Step 4 : Reload 117 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

5. Basic Configuration Sample

Profile Configuration Sample q 인증 및 암호화를 하지 않는 All Open 구성 Sample q Step 1 : Configuration/Advanced Services/All Profile Management 119 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Profile Configuration Sample q Step 3 : 생성한 test-open을 선택하면 해당 Default Profile이 표시됨 q Step 4 : Initial role을 allow all role인 default-vpn-role을 선택 후 apply Click 121 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Profile Configuration Sample q Step 5 : SSID Profile -> 새로운 SSID profile name 설정 후 Add q Step 6 : 생성된 test-ssid를 선택 후 실제 사용할 SSID를 입력 후 apply click 122 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Profile Configuration Sample q Step 7 : Virtual AP Profile -> 새로운 Virtual AP profile name 설정 후 Add q Step 8 : 설정된 Virtual AP Profile을 선택하면 SSID & AAA Profile 설정이 나타남 123 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Profile Configuration Sample q Step 10 : Virtual AP Profile -> AAA Profile에서 기존에 생성한 AAA Profile을 지정 후 apply click q 이것으로 Profile 설정은 종료되었으나 실제 AP에 적용은 되지 않은 상태임 125 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Profile Configuration Sample q Step 11 : Configuration -> Wireless -> AP Configuration에서 New를 선택 후 새로운 AP Configuration name을 생성 후 Add q Step 12 : 생성한 AP Configuration의 Edit를 선택하면 아래와 같이 기존에 All Profiles에서 설정한 것과 같은 Menu가 표시됨 127 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Profile Configuration Sample q Step 13 : Wireless LAN -> Virtual AP 선택 후 기존에 생생한 Virtual AP Profile을 지정 & Add 선택 후 Apply q Step 14 : All Profiles에서 설정한 내용이 그대로 적용됨을 확인 128 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Profile Configuration Sample q Step 15 : 모든 AP들은 default AP-Group에 속해 있으므로 새로 생성한 AP-Group로 변경해 야함. Wireless -> AP Installation -> Provisioning q Step 16 : AP를 선택하고 Provision을 누른 후 AP-Group을 선택한다. 129 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Profile Configuration Sample [외부 인증 서버와 연동시 설정] - 앞장의 기본 설정에서 인증서버 부분의 수정이 필요하다. q Step 1 : Advanced Services > All Profile Management > Wireless LAN -> RADIUS Server에 서 Radius 이름을 입력하고 add를 선택한다. 132 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Profile Configuration Sample [외부 인증 서버와 연동시 설정] q Step 2 : 새로 생성된 이름을 선택후 자세한 인증서버 정보를 입력한다. 인증서버의 IP 그리고 인증 KEY값 그리고 인증 port number는 반드시 인증서버와 WLAN Switch간에 일치해야 한다. 133 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Profile Configuration Sample [외부 인증 서버와 연동시 설정] q Step 3 : Advanced Services > All Profile Management > Wireless LAN -> Server Group에서 새로운 이름을 입력하고 add를 선택한다. 생성된 Server Group을 선택해서 미리 지정한 Radius server를 지정 & Apply한다. 134 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Profile Configuration Sample [외부 인증 서버와 연동시 설정] q Step 4 : 802. 1 X Authentication Profile에서 Default 802. 1 x Profile을 확인한다. 기본값을 그대로 사용해도 됨. 135 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Profile Configuration Sample [외부 인증 서버와 연동시 설정] q Step 5 : AAA Profile로 이동후 새로운 Profile을 생성하고 그것을 선택한다. 해당 Profile에 서 인증후에 사용자가 받게될 Role을 802. 1 X Authentication Default Role에서 설정한다. 136 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Profile Configuration Sample [외부 인증 서버와 연동시 설정] q Step 6 : 기존에 정의한 아래의 항목을 차례로 선택한다. 802. 1 X Authentication Profile -> Default 802. 1 X Authentication Server Group -> Radius RADIUS Accounting Server Group -> Radius 137 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Profile Configuration Sample [외부 인증 서버와 연동시 설정] q Step 7 : SSID Profile로 이동하여 802. 1 x인증에서 사용할 SSID와 Encryption 방법을 설정한 다. 802. 1 x에서는 Open으로는 설정이 불가능하며 반드시 Encryption을 설정해야 한다. Encryption은 사용자의 Wilress 단말과 AP간의 설정이므로 사용자 단말에서 해당 방식을 지 원하는지 확인 필요. 138 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

Profile Configuration Sample [외부 인증 서버와 연동시 설정] q Step 8 : Virtual AP profile로 이동해서 SSID & AAA Profile에 기존에 생성한 Profile을 지정 한다. 나머지 설정은 기본 설정과 동일하게 진행한다. 139 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009

7. Lab Basic System Configuration

Lab Diagram - 1 q SSID : Test 10 AP 1 Backbone 10. 3 vlan 1 10. 10. 1/24 WLAN Switch Vlan 1 10. 10. 2/24 141 | Presentation Title | Month 2009 All Rights Reserved © Alcatel-Lucent 2009 별도의 인증 없이 Open 구성

Lab Diagram - 2 q SSID : Test 10 SSID : Test 20 AP 1 q Backbone과 WLAN switch간에는 802. 1 q 구성하여 vlan 10과 vlan 20 Backbone 사용 가능 해야 함 10. 3 vlan 10 10. 10. 1/24 q SSID는 2개를 생성하고 Test 10에는 vlan 10을 Test 20에는 vlan 20의 Network이 사용 가능 해야 함 q 각 AP에 연결된 단말간에 통신이 802. 1 q vlan 20 10. 20. 1/24 V 10, 20 WLAN Switch vlan 30 10. 30. 1/24 Vlan 10 10. 10. 2/24 vlan 20 10. 20. 2/24 AP 2 30. 3 별도의 인증 없이 Open 구성 OS 6600 -P 24 142 | Presentation Title | Month 2009 Vlan 30 10. 30. 2/24 All Rights Reserved © Alcatel-Lucent 2009 가능한지 확인

Lab Diagram -3 q q vlan 10 10. 10. 1/24 80 사 WLAN#2 10. 12 ssid test-2 WLAN#4 10. 14 ssid test-4 Po. E Vlan 20 10. 20. 2/24 AP 1 All Rights Reserved © Alcatel-Lucent 2009 SS vl Ne 각 10. 12 ssid test-3 vlan 20 10. 20. 1/24 APs q q WLAN#3 143 | Presentation Title | Month 2009 Ba WLAN#1 10. 11 ssid test-1 Backbone 20. x 별 가